Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack this log...aurora [RESOLVED]


  • This topic is locked This topic is locked

#1
drewseff

drewseff

    New Member

  • Member
  • Pip
  • 3 posts
I ran ad aware, spyspot, and everything else listed. Here is my hijack this logfile and my ewido log. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 1:38:25 PM, on 8/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\uyxdsvc.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\DOCUME~1\default\LOCALS~1\Temp\sysnet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\system32\votklix.exe
C:\Documents and Settings\default\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - C:\WINDOWS\System32\wnipilmx.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [lanbrup] C:\WINDOWS\System32\lanbrup.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [46hbq5cg] C:\WINDOWS\System32\46hbq5cg.exe
O4 - HKLM\..\Run: [Sysnet] C:\DOCUME~1\default\LOCALS~1\Temp\sysnet.exe
O4 - HKLM\..\Run: [xazidll] C:\WINDOWS\xazidll.EXE
O4 - HKLM\..\Run: [bltvenc] C:\WINDOWS\bltvenc.EXE
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\aoonlr.exe reg_run
O4 - HKLM\..\Run: [r74g36l] pjlplat.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [bqcidll] C:\WINDOWS\bqcidll.exe
O4 - HKLM\..\Run: [bqcienc] C:\WINDOWS\bqcienc.exe
O4 - HKLM\..\Run: [uujqlqh] c:\windows\system32\votklix.exe r
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [ummw] C:\PROGRA~1\COMMON~1\ummw\ummwm.exe
O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122829277814
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\uyxdsvc.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)



Here is the ewido file:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:24:25 PM, 8/1/2005
+ Report-Checksum: 9DB68392

+ Scan result:

HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Spyware.SurfSide : Cleaned with backup
[480] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Cleaned with backup
[524] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[1044] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[1084] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[1240] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[1300] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[1392] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[1424] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[1420] VM_008F0000 -> Adware.BetterInternet : Error during cleaning
[1704] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[2032] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[168] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[1792] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[304] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[108] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[880] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[416] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[400] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[836] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[804] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[1512] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[1592] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[888] C:\WINDOWS\xazidll.EXE -> TrojanDownloader.VB.hj : Cleaned with backup
[2400] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[3916] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[3816] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[3884] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
C:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\AuroraHandler.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\slqxevc.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\dinst.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\dsr.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\lsi1bn94.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\visfxun.exe -> TrojanDownloader.VB.kd : Cleaned with backup
C:\WINDOWS\xazidll.exe -> TrojanDownloader.VB.hj : Cleaned with backup
C:\WINDOWS\qxwkhyic.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsq28.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\nst21.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsm20.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsg25.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\vtlmrsm.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM32\ftvapon.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM32\obbak.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\SYSTEM32\lizfjag.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM32\emkvkf.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM32\zrqjlm.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM32\__delete_on_reboot__46hbq5cg.exe -> Adware.Saha : Cleaned with backup
C:\WINDOWS\SYSTEM32\brhkto.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsf64.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\nss50.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsn50.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\pakdiz.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM32\lnvuum.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM32\hzzcit.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsu20.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsu6F.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\supdate.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\SYSTEM32\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\SYSTEM32\jllswgh.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\SYSTEM32\rooaqnm.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\SYSTEM32\VVSNInst.exe/VVSN.exe -> Adware.SaveNow : Cleaned with backup
C:\WINDOWS\SYSTEM32\DrPMon.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\TEMP\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\WINDOWS\__delete_on_reboot__bltvenc.EXE -> TrojanDownloader.VB.hj : Cleaned with backup
C:\Program Files\Common Files\ummw\ummwl.exe -> TrojanDownloader.TSUpdate.j : Cleaned with backup
C:\Program Files\Common Files\ummw\ummwp.exe -> Spyware.Xupiter : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskBho.dll -> Spyware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskCore.dll -> Spyware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\Ssk.exe -> Spyware.SurfSide : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ptta.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\ptf_0006.exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\nsh_115.exe -> Spyware.Downloadware : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\temp.fr9351\VirtualBouncer.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\temp.fr55EA\bin\cb.exe -> Spyware.CashBack : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\temp.fr55EA\bin\flash.exe -> Spyware.CashBack : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\ptf_0002.exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\Temporary Internet Files\Content.IE5\EVKJ8FO1\toolbar3[1].cab/IExploreSkins.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\Temporary Internet Files\Content.IE5\EVKJ8FO1\toolbar3[1].cab/TBPS.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\Temporary Internet Files\Content.IE5\EVKJ8FO1\toolbar3[1].cab/toolbar.dll -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\98.WUT\WUSave.cab/Save.exe -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@e-2dj6wfkyanc5eco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@e-2dj6wjlocjd5akp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@www.burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@e-2dj6wjmyehdjagp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@e-2dj6wflisld5sfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@e-2dj6wjkyggcpgho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@e-2dj6wjloaod5olo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@e-2dj6wfkiaic5acq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@e-2dj6wfk4cidpakq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@e-2dj6wjkygocjikq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Toshiko\Local Settings\Temporary Internet Files\Content.IE5\L0SN5DKD\display1[1].htm -> Spyware.BookedSpace : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0020458.exe -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0020468.exe -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021437.exe -> TrojanDownloader.Qoologic.v : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021444.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021451.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021457.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021476.dll -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021479.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021485.EXE -> Spyware.VirtualBouncer.j : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021486.EXE -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021487.EXE -> Spyware.VirtualBouncer.j : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021495.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021496.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021512.exe -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021513.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021514.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021515.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021517.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021518.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021519.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021520.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021521.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021546.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021551.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021557.exe -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021559.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021565.exe/VVSN.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021567.exe -> TrojanDownloader.QDown.z : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021570.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021573.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021579.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021580.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021596.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021597.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021599.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021600.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021601.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021602.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021603.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021605.exe -> TrojanDownloader.Qoologic.v : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021607.exe -> TrojanDownloader.QDown.z : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021618.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021623.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021636.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021638.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021639.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021655.dll -> Spyware.BookedSpace : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021656.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021657.exe -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021663.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021664.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021665.exe/VVSN.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021668.exe -> TrojanDownloader.Qoologic.v : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021670.exe -> TrojanDownloader.QDown.z : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021681.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021686.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021699.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021700.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021707.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021719.exe -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021720.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021721.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021733.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021734.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP338\A0021735.exe/VVSN.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP340\A0021739.exe/Save.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP342\A0021769.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP342\A0021771.exe -> TrojanDownloader.Qoologic.v : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP342\A0021775.exe -> TrojanDownloader.QDown.z : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP342\A0021798.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP342\A0021819.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP342\A0021820.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP342\A0021825.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP342\A0021826.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP342\A0021843.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP342\A0021844.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP342\A0021848.exe -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP342\A0021849.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP342\A0021850.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP344\A0021869.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP344\A0021893.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP344\A0021898.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP348\A0021983.exe/VVSN.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP351\A0022017.exe/Save.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022255.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022256.exe -> TrojanDownloader.Qoologic.v : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022278.exe -> TrojanDownloader.QDown.z : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022386.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022398.EXE -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022411.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022414.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022418.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022435.dll -> Spyware.BookedSpace : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022436.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022437.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022438.exe -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022439.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022440.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022441.exe -> TrojanDownloader.Qoologic.v : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022450.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022460.EXE -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022473.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022478.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022479.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022483.dll -> Spyware.BookedSpace : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022484.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022485.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022486.exe -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022487.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022488.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022492.exe/VVSN.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022500.exe -> TrojanDownloader.Qoologic.v : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022501.exe -> TrojanDownloader.QDown.z : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022519.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022528.EXE -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022542.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022545.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022546.exe/Save.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022548.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022561.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022562.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022563.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0022564.exe -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0023508.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0023530.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0023532.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0023559.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0023563.exe -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0023571.exe -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0023575.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0023576.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0023579.exe -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0023580.exe -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0023583.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0023584.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0023585.exe -> TrojanDownloader.Qoologic.v : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0023586.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0023587.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0023601.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0023606.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0023608.exe/VVSN.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0024500.exe -> TrojanDownloader.Qoologic.v : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0024502.exe -> TrojanDownloader.QDown.z : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0024503.exe -> TrojanDownloader.Qoologic.x : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025506.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025514.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025517.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025523.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025524.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025525.exe -> TrojanDownloader.Small.ayh : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025526.exe -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025527.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025528.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025529.exe -> TrojanDownloader.Apropo.ae : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025530.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025531.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025532.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025533.exe -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025534.exe -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025535.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025541.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025545.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025547.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025551.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025560.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025564.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025565.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025572.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025573.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025574.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025575.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025577.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025580.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025581.EXE -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025582.EXE -> Spyware.VirtualBouncer.j : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0025583.EXE -> Spyware.VirtualBouncer.j : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026552.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026562.EXE -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026570.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026575.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026580.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026585.EXE -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026586.exe -> TrojanDownloader.TSUpdate.k : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026587.exe -> TrojanDownloader.TSUpdate.l : Cleaned with backup


::Report End
  • 0

Advertisements


#2
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.

Click Start>Run, type services.msc into the Open: text box and click the Ok button.
  • In the Services window look for the Windows VisFx Components service and double-click on it.
  • Click on the Stop button
  • In the Startup type dropdown box select Disabled
  • Click Apply button and then the Ok button.
  • Please run HijackThis and click Config -> Misc Tools -> Delete an NT service.
  • In the Delete window, type Windows VisFx Components and press OK.
  • OK any prompts, close HijackThis, and restart your computer.
Please download, install, and update the free version of Ewido trojan scanner:
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Exit Ewido. DO NOT scan yet.
Download CCleaner and install, but do not run it yet.

Please download the Nail/Aurora Spyware Fix from NoIdea.US.

Unzip it to the desktop but do NOT run yet.


Please download miekiemoes' LQfix batch here:
http://users.pandora...atchy/LQfix.zip
Unzip it to the desktop but do NOT run it yet.


Make sure all hidden files and folders are visible (Instructions )

Reboot into Safe Mode. To do this with Windows XP, you can follow these steps from Microsoft:
  • Restart your computer and start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when you the Boot Menu appears.
  • Select an option when the Windows Advanced Options menu appears, and then press ENTER.
  • When the Boot menu appears again, and the words "Safe Mode" appear in blue at the bottom, select the installation that you want to start, and then press ENTER.
Once in Safe Mode, please run LQfix.bat.

Please double-click on nailfix.cmd that you unzipped earlier. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Next, run Ewido again.
  • Click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
  • If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
  • When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
Then run HijackThis, click Scan, and place a checkmark by the following item:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - C:\WINDOWS\System32\wnipilmx.dll
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [lanbrup] C:\WINDOWS\System32\lanbrup.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [46hbq5cg] C:\WINDOWS\System32\46hbq5cg.exe
O4 - HKLM\..\Run: [Sysnet] C:\DOCUME~1\default\LOCALS~1\Temp\sysnet.exe
O4 - HKLM\..\Run: [xazidll] C:\WINDOWS\xazidll.EXE
O4 - HKLM\..\Run: [bltvenc] C:\WINDOWS\bltvenc.EXE
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\aoonlr.exe reg_run
O4 - HKLM\..\Run: [r74g36l] pjlplat.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [bqcidll] C:\WINDOWS\bqcidll.exe
O4 - HKLM\..\Run: [bqcienc] C:\WINDOWS\bqcienc.exe
O4 - HKLM\..\Run: [uujqlqh] c:\windows\system32\votklix.exe r
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [ummw] C:\PROGRA~1\COMMON~1\ummw\ummwm.exe
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\uyxdsvc.exe

Close all open windows except for HijackThis and click Fix Checked.

Find and delete these files and folders (if they are still there):
Files:
c:\windows\system32\votklix.exe
C:\WINDOWS\uyxdsvc.exe
C:\DOCUME~1\default\LOCALS~1\Temp\sysnet.exe

Folder:
C:\Program Files\SurfSideKick 3


Now, run CCleaner.
  • Uncheck "Cookies" under "Internet Explorer".
  • helpers, if user is running Firefox: ,then click on the "Applications" tab and uncheck "Cookies" under "Firefox".
  • Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
Finally, restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
  • 0

#3
drewseff

drewseff

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Here is my new hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 12:40:26 PM, on 8/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\DIGStream\digstream.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\default\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tsmedll] C:\WINDOWS\tsmedll.EXE
O4 - HKLM\..\Run: [xugrenc] C:\WINDOWS\xugrenc.EXE
O4 - HKLM\..\Run: [jrbrkib] c:\windows\system32\ttgtuc.exe r
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [ummw] C:\PROGRA~1\COMMON~1\ummw\ummwm.exe
O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122829277814
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

and here is the ewido log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:11:54 PM, 8/5/2005
+ Report-Checksum: C6AB8C66

+ Scan result:

[816] c:\windows\system32\slnsjr.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\slqxevc.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\dinst.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\WINDOWS\dsr.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\xugrenc.exe -> TrojanDownloader.VB.hj : Cleaned with backup
C:\WINDOWS\SYSTEM32\slnsjr.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM32\bvvuy.dat -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\SYSTEM32\lanbrup.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\SYSTEM32\phoprn.exe -> TrojanDownloader.Agent.ro : Cleaned with backup
C:\WINDOWS\__delete_on_reboot__xazidll.EXE -> TrojanDownloader.VB.hj : Cleaned with backup
C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> Spyware.Pacer : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskBho.dll -> Spyware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskCore.dll -> Spyware.SurfSide : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\labpengs.tmp -> Spyware.SafeSurfing : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\328742_2180_3712_3532_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\393832_2008_3712_3192_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\temp.fr7B9D -> Spyware.VirtualBouncer : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\67342_3692_3712_3148_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\590644_2008_3712_1788_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\655930_4032_3544_3396_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\197866_2008_3712_3204_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\393936_1572_3544_3296_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\temp.fr0342 -> TrojanDropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\temp.fr198C -> Spyware.BargainBuddy : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\temp.fr7FD8 -> Spyware.BargainBuddy : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\132606_2008_3712_2764_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\temp.fr3B65 -> Spyware.VirtualBouncer : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\temp.fr290C -> Spyware.VirtualBouncer : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\temp.frAD4A -> Spyware.VirtualBouncer : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\temp.fr4537 -> Spyware.VirtualBouncer : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\459326_3352_428_208_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\459624_3352_428_2324_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\328600_3352_428_3956_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\590810_1296_1940_2732_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\328016_3916_1880_3984_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\590810_1296_1940_2732_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\66178_3916_1880_2144_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\66364_3916_1880_2708_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\131966_2692_2120_2480_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\132020_3916_1880_3836_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\132072_3916_1880_848_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\132190_3916_1880_2892_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@jcrew.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@www.shopathomeselect[2].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@ehg-ignitemedia.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@ehg-dig.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@a.shopathomeselect[1].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@shopathomeselect[2].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026588.dll -> Spyware.BookedSpace : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026589.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026590.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026591.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026592.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026593.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026594.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026595.exe -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026596.exe -> TrojanDownloader.VB.kd : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026597.exe -> Spyware.BookedSpace : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026598.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026599.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026600.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026601.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026602.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026603.exe -> Adware.Saha : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026604.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026605.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026606.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026607.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026608.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026609.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026610.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026611.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026612.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026614.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026615.EXE -> TrojanDownloader.VB.hj : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026616.exe -> TrojanDownloader.TSUpdate.j : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026617.exe -> Spyware.Xupiter : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026618.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026619.exe -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026620.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026621.exe -> Spyware.Downloadware : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026622.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026623.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026624.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026625.exe -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026638.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026654.exe -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026655.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026656.exe -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026660.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026661.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026663.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026664.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026666.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP365\A0026667.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027632.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027633.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027634.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027635.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027636.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027637.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027638.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027639.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027640.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027641.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027642.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027643.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027644.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027645.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027646.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027647.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027648.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027649.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027650.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027651.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027652.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027653.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027654.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027655.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027656.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027657.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027658.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027659.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027660.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027661.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027662.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027663.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027664.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027665.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027666.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027667.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027668.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027669.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027670.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027671.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027672.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027673.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027674.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027675.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027676.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027677.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027678.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027679.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027680.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027681.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027682.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027683.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027684.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027685.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027686.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027687.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027688.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027689.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027690.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027691.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027692.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027693.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027694.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027695.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027696.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027697.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027698.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027699.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027700.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027701.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027702.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027703.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027704.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027705.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027706.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027707.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027708.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027709.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027710.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027711.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027712.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027713.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027714.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027715.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027716.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027717.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027718.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027719.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027720.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027721.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027722.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027723.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027724.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027725.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027726.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027727.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027728.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027729.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027730.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027731.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027732.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027733.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027734.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027735.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027736.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027737.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027738.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027739.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027740.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027741.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027742.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027743.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027744.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027745.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027746.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027747.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027748.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027749.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027750.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027751.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027752.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027753.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027754.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027755.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027756.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027757.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027758.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027759.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027760.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027761.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027762.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027763.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027764.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027765.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027766.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027767.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027768.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027769.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027770.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027771.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027772.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027773.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027774.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027775.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027776.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027777.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027778.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027779.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027780.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027781.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027782.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027783.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027784.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027785.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027786.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027787.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027788.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027789.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027790.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027791.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027792.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027793.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027794.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027795.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027796.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027797.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027798.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027799.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027800.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027801.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027802.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027803.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027804.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027805.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027806.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP366\A0027807.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP367\A0029636.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP367\A0029645.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP369\A0029671.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP369\A0029677.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP369\A0029715.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP369\A0029716.EXE -> TrojanDownloader.VB.hj : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP369\A0029721.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP369\A0029765.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP369\A0029772.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP369\A0029776.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP369\A0030783.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP369\A0031789.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP369\A0031791.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP369\A0031792.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP369\A0031793.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP369\A0031795.dll -> Adware.BetterInternet : Cleaned with backup


::Report End

Thanks for your help
  • 0

#4
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
That looks much better, doesn't it?!

Click Start>Run, type services.msc into the Open: text box and click the Ok button.
  • In the Services window look for the System Startup Service (SvcProc) service and double-click on it.
  • Click on the Stop button
  • In the Startup type dropdown box select Disabled
  • Click Apply button and then the Ok button.
  • Please run HijackThis and click Config -> Misc Tools -> Delete an NT service.
  • In the Delete window, type SvcProc and press OK.
  • OK any prompts, close HijackThis, and restart your computer.
Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Make sure all hidden files and folders are visible (Instructions )

You will need nailfix.cmd again... so if you've deleted it please download it again:

Please download the Nail/Aurora Spyware Fix from NoIdea.US.


Reboot into Safe Mode. To do this with Windows XP, you can follow these steps from Microsoft:
  • Restart your computer and start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when you the Boot Menu appears.

  • Select an option when the Windows Advanced Options menu appears, and then press ENTER.

  • When the Boot menu appears again, and the words "Safe Mode" appear in blue at the bottom, select the installation that you want to start, and then press ENTER.
Once in Safe Mode, please double-click on nailfix.cmd that you downloaded earlier. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Then run HijackThis, click Scan, and place a checkmark by the following item:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O4 - HKLM\..\Run: [tsmedll] C:\WINDOWS\tsmedll.EXE
O4 - HKLM\..\Run: [xugrenc] C:\WINDOWS\xugrenc.EXE
O4 - HKLM\..\Run: [jrbrkib] c:\windows\system32\ttgtuc.exe r
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [ummw] C:\PROGRA~1\COMMON~1\ummw\ummwm.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe (file missing)



Find and delete these files and folders (if they are still there):
Files:
C:\WINDOWS\dsr.dll
c:\windows\SvcProc.exe

Folders:
C:\Program Files\SurfSideKick 3
C:\Program Files\Common Files\umm

Now, run CCleaner.
  • Uncheck "Cookies" under "Internet Explorer".
  • helpers, if user is running Firefox: ,then click on the "Applications" tab and uncheck "Cookies" under "Firefox".
  • Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
Finally, restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

Edited by didom, 05 August 2005 - 11:57 AM.

  • 0

#5
drewseff

drewseff

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
The new hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 5:00:47 PM, on 8/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\default\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\wuauclt.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122829277814
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

and the ewido log

--------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:46:11 PM, 8/5/2005
+ Report-Checksum: 92448861

+ Scan result:

C:\WINDOWS\SYSTEM32\kcsxns.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP369\A0031796.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP369\A0031797.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP369\A0031798.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP369\A0031799.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP369\A0031800.exe -> TrojanDownloader.VB.hj : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP369\A0031801.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP369\A0031802.exe -> TrojanDownloader.Agent.ro : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP369\A0031803.EXE -> TrojanDownloader.VB.hj : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP369\A0031804.dll -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{AF642EC9-AA83-426E-849C-850131D8A2EA}\RP369\A0031805.dll -> Spyware.SurfSide : Cleaned with backup


::Report End


Thanks again for your help
  • 0

#6
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
This log looks clean!
  • Don't forget to re-hide all files and folders. To re-hide all files and folders:
    • Open My Computer.
    • Select the Tools menu and click Folder Options.
    • Select the View Tab.
    • Under the Hidden files and folders heading deselect "Show hidden files and folders".
    • Check the Hide protected operating system files (recommended) option.
    • Click Yes to confirm.
    • Click OK.
  • This is a good time to set up protection against further attacks. Read the article behind this link "How did I get infected". If you don't already have them, you need an antivirus that is updated, a good firewall for example Kerio Personal Firewall or ZoneLabs Zone Alarm, a spyware blocker like SpywareBlaster and also IE-Spyads and spyware detection (Ad-aware SE and SpyBot S+D). All of these have good free versions available... be very cautious about any security software that advertises in popups or other intrusive ways, they are not only usually useless, but also often have malware in them....

    Instead of Internet Explorer, use a different browser like Opera, Mozilla or Firefox.

    Last, but not least, you need to keep Windows and Internet Explorer up to date by getting all the latest security patches that protects your computer.

    This can be accessed by going to http://windowsupdate.microsoft.com and following the prompts. You are running Windows XP so get updated to SP-2

    Please post back if you are still having any problems....

  • 0

#7
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP