Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Incessant Pop-ups, "The Best Offers," etc.

Started by makelej , Nov 21 2005 01:21 PM

  • Please log in to reply

#1
makelej
Posted 21 November 2005 - 01:21 PM

makelej

    New Member

  • Member
  • Pip
  • 3 posts
I inherited a computer at work that is always displaying pop-up windows. This problem occurs whether I'm using IE or Firefox. The most common pop-up seems to be from "The Best Offers."

Prior to using your service, I tried a lot of other tricks that I read about online, including blocking the offending domains via IE's security, privacy and content settings. This didn't help too much.

Today, I registered with GeeksToGo, and I ran the prep, scans and Windows updates -- as instructed in your forum -- but the problem remains. I was unable to update to SP1a, and didn't trust updating to SP2. My HijackThis log pasted below. Thanks in advance for any help you can offer.

Eric

____________

Logfile of HijackThis v1.99.1
Scan saved at 1:01:57 PM, on 11/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Centenn.ial\Audit\CAgent32.exe
C:\Centenn.ial\Audit\xferwan.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\dbsawx.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Actual Window Minimizer\ActualWindowMinimizerCenter.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://express.ecolab.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Ecolab
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ecolab.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ecolab.com;207-87-18-203.wsmg.digex.net Garden.ngadcenter.net Ogilvy.ngadcenter.net ResponseMedia-ad.flycast.com Suissa-ad.flycast.com UGO.eu-adcenter.net VNU.eu-adcenter.net a32.g.a.yimg.com ad-adex3.flycast.com ad.adsmart.net ad.ca.doubleclick.net ad.de.doubleclick.net ad.doubleclick.net ad.fr.doubleclick.net ad.jp.doubleclick.net ad.linkexchange.com ad.linksynergy.com ad.nl.doubleclick.net ad.no.doubleclick.net ad.preferences.com ad.sma.punto.net ad.uk.doubleclick.net ad.webprovider.com ad08.focalink.com adcontroller.unicast.com adcreatives.imaginemedia.com adex3.flycast.com adforce.ads.imgis.com adforce.imgis.com adfu.blockstackers.com adimage.blm.net adimages.earthweb.com adimg.egroups.com admedia.xoom.com adpick.switchboard.com adremote.pathfinder.com ads.admaximize.com ads.bfast.com ads.clickhouse.com ads.enliven.com ads.fairfax.com.au ads.fool.com ads.freshmeat.net ads.hollywood.com ads.i33.com ads.infi.net ads.jwt
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\qkoqpw.exe reg_run
O4 - HKLM\..\Run: [Discovery User Input] C:\Discovery\User Input\userin32.exe
O4 - HKLM\..\Run: [pwqbmi] C:\WINDOWS\System32\dbsawx.exe r
O4 - HKCU\..\Run: [Actual Window Minimizer] C:\Program Files\Actual Window Minimizer\ActualWindowMinimizerCenter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Ad-Aware SE Personal.lnk = C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
O4 - Global Startup: officejet 6100.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O12 - Plugin for .NPSSView: C:\Program Files\Common Files\Crystal Decisions\2.0\crystalreportviewers\Viewers\ActiveXViewer\NPssView.dll
O14 - IERESET.INF: START_PAGE_URL=http://express.ecolab.com/
O15 - Trusted Zone: *.ecolab.com
O15 - Trusted Zone: *.iphouse.com
O15 - Trusted Zone: *.ecolab.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1132597039117
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132598411863
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GLOBAL.ECOLAB.CORP
O17 - HKLM\Software\..\Telephony: DomainName = global.ecolab.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = GLOBAL.ECOLAB.CORP
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CentennialClientAgent - Centennial Software Limited - C:\Centenn.ial\Audit\CAgent32.exe
O23 - Service: CentennialIPTransferAgent - Centennial Software Limited - C:\Centenn.ial\Audit\xferwan.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - C:\SQLLIB\BIN\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\SQLLIB\BIN\db2sec.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • 0

Advertisements

#2
Buckeye_Sam
Posted 23 November 2005 - 09:35 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.
  • 0

#3
makelej
Posted 23 November 2005 - 09:51 AM

makelej

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Great, Sam. Here you go.

Eric
___________

Logfile of HijackThis v1.99.1
Scan saved at 9:49:45 AM, on 11/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Centenn.ial\Audit\CAgent32.exe
C:\Centenn.ial\Audit\xferwan.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\1E\SMSWakeup40\minislv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Actual Window Minimizer\ActualWindowMinimizerCenter.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\pzwsuun.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://express.ecolab.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Ecolab
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ecolab.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ecolab.com;207-87-18-203.wsmg.digex.net Garden.ngadcenter.net Ogilvy.ngadcenter.net ResponseMedia-ad.flycast.com Suissa-ad.flycast.com UGO.eu-adcenter.net VNU.eu-adcenter.net a32.g.a.yimg.com ad-adex3.flycast.com ad.adsmart.net ad.ca.doubleclick.net ad.de.doubleclick.net ad.doubleclick.net ad.fr.doubleclick.net ad.jp.doubleclick.net ad.linkexchange.com ad.linksynergy.com ad.nl.doubleclick.net ad.no.doubleclick.net ad.preferences.com ad.sma.punto.net ad.uk.doubleclick.net ad.webprovider.com ad08.focalink.com adcontroller.unicast.com adcreatives.imaginemedia.com adex3.flycast.com adforce.ads.imgis.com adforce.imgis.com adfu.blockstackers.com adimage.blm.net adimages.earthweb.com adimg.egroups.com admedia.xoom.com adpick.switchboard.com adremote.pathfinder.com ads.admaximize.com ads.bfast.com ads.clickhouse.com ads.enliven.com ads.fairfax.com.au ads.fool.com ads.freshmeat.net ads.hollywood.com ads.i33.com ads.infi.net ads.jwt
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\qkoqpw.exe reg_run
O4 - HKLM\..\Run: [Discovery User Input] C:\Discovery\User Input\userin32.exe
O4 - HKLM\..\Run: [qbpdds] C:\WINDOWS\System32\pzwsuun.exe r
O4 - HKCU\..\Run: [Actual Window Minimizer] C:\Program Files\Actual Window Minimizer\ActualWindowMinimizerCenter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: officejet 6100.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O12 - Plugin for .NPSSView: C:\Program Files\Common Files\Crystal Decisions\2.0\crystalreportviewers\Viewers\ActiveXViewer\NPssView.dll
O14 - IERESET.INF: START_PAGE_URL=http://express.ecolab.com/
O15 - Trusted Zone: *.ecolab.com
O15 - Trusted Zone: *.iphouse.com
O15 - Trusted Zone: *.ecolab.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1132597039117
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132598411863
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GLOBAL.ECOLAB.CORP
O17 - HKLM\Software\..\Telephony: DomainName = global.ecolab.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = GLOBAL.ECOLAB.CORP
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CentennialClientAgent - Centennial Software Limited - C:\Centenn.ial\Audit\CAgent32.exe
O23 - Service: CentennialIPTransferAgent - Centennial Software Limited - C:\Centenn.ial\Audit\xferwan.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - C:\SQLLIB\BIN\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\SQLLIB\BIN\db2sec.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: minislv - 1E Ltd - C:\Program Files\1E\SMSWakeup40\minislv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • 0

#4
Buckeye_Sam
Posted 23 November 2005 - 09:55 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
First I need you to download and prepare some tools that we will need to remove the infection that you have.
  • Please download Ewido Security Suite
    • Install ewido security suite
    • When installing, under "Additional Options" uncheck..
      • Install background guard
      • Install scan via context menu
    • Launch ewido, there should be an icon on your desktop, double-click it.
    • You will need to update ewido to the latest definition files.
      • On the left hand side of the main screen click update.
      • Then click on Start Update.
    • The update will start and a progress bar will show the updates being installed.
      (the status bar at the bottom will display "Update successful")
    • Exit ewido. DO NOT scan yet.
    If you are having problems with the updater, you can use this link to manually update ewido.
    Ewido Manual Updates


  • Please download Lavasoft's Ad-Aware
    • Follow the default settings for installation, but don't run a scan yet.
    • Double-click the Ad-Aware SE Personal icon on your desktop.
    • Click "Check for updates now" then click "Connect".
    • It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
  • Please download the VX2 Cleaner Plug-in
    • Install using default settings.


Now that you have the right tools we can start fixing your problem.
  • Open up Adaware to the main screen.
    • Select VX2 Cleaner V2.0 and click Run Tool.
    • Click "OK", then, if something is found, click "Clean" as in the directions given.
    • Click "Close", and exit Ad-Aware.
  • Reboot your computer

  • Open up Adaware again.
    • Click on the Start button in Ad-Aware, select "Perform smart system scan" and click Next.
    • Once the scan finishes, click "Next" again.
    • Select all objects found (right click anywhere in the list of found objects and click "Select All Objects").
    • Click "Next" one more time, then "OK" to confirm the removal.
    • You will be prompted to set Ad-Aware to run on reboot, click "OK".
  • Reboot your computer

  • When Ad-Aware starts up, click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.

  • Now open ewido and do a scan of your system.
    • Click on scanner
    • Click on Complete System Scan and the scan will begin.
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now as the action.
    • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    • Click Save report.
    • Save the report .txt file to your desktop or a location where you can find it easily.

Finally, restart your computer in normal mode and please post a new HijackThis log, as well as the report log from the Ewido scan by using Add Reply
  • 0

#5
makelej
Posted 23 November 2005 - 12:24 PM

makelej

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Here are the updated logs. Thanks again for your help. I look forward to your next reply!

Eric
___________

Logfile of HijackThis v1.99.1
Scan saved at 12:21:57 PM, on 11/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Centenn.ial\Audit\CAgent32.exe
C:\Centenn.ial\Audit\xferwan.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\1E\SMSWakeup40\minislv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\CCM\CcmExec.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Actual Window Minimizer\ActualWindowMinimizerCenter.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://express.ecolab.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Ecolab
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ecolab.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ecolab.com;207-87-18-203.wsmg.digex.net Garden.ngadcenter.net Ogilvy.ngadcenter.net ResponseMedia-ad.flycast.com Suissa-ad.flycast.com UGO.eu-adcenter.net VNU.eu-adcenter.net a32.g.a.yimg.com ad-adex3.flycast.com ad.adsmart.net ad.ca.doubleclick.net ad.de.doubleclick.net ad.doubleclick.net ad.fr.doubleclick.net ad.jp.doubleclick.net ad.linkexchange.com ad.linksynergy.com ad.nl.doubleclick.net ad.no.doubleclick.net ad.preferences.com ad.sma.punto.net ad.uk.doubleclick.net ad.webprovider.com ad08.focalink.com adcontroller.unicast.com adcreatives.imaginemedia.com adex3.flycast.com adforce.ads.imgis.com adforce.imgis.com adfu.blockstackers.com adimage.blm.net adimages.earthweb.com adimg.egroups.com admedia.xoom.com adpick.switchboard.com adremote.pathfinder.com ads.admaximize.com ads.bfast.com ads.clickhouse.com ads.enliven.com ads.fairfax.com.au ads.fool.com ads.freshmeat.net ads.hollywood.com ads.i33.com ads.infi.net ads.jwt
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Discovery User Input] C:\Discovery\User Input\userin32.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\qkoqpw.exe reg_run
O4 - HKCU\..\Run: [Actual Window Minimizer] C:\Program Files\Actual Window Minimizer\ActualWindowMinimizerCenter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: officejet 6100.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O12 - Plugin for .NPSSView: C:\Program Files\Common Files\Crystal Decisions\2.0\crystalreportviewers\Viewers\ActiveXViewer\NPssView.dll
O14 - IERESET.INF: START_PAGE_URL=http://express.ecolab.com/
O15 - Trusted Zone: *.ecolab.com
O15 - Trusted Zone: *.iphouse.com
O15 - Trusted Zone: *.ecolab.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1132597039117
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132598411863
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GLOBAL.ECOLAB.CORP
O17 - HKLM\Software\..\Telephony: DomainName = global.ecolab.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = GLOBAL.ECOLAB.CORP
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CentennialClientAgent - Centennial Software Limited - C:\Centenn.ial\Audit\CAgent32.exe
O23 - Service: CentennialIPTransferAgent - Centennial Software Limited - C:\Centenn.ial\Audit\xferwan.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - C:\SQLLIB\BIN\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\SQLLIB\BIN\db2sec.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: minislv - 1E Ltd - C:\Program Files\1E\SMSWakeup40\minislv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:09:05 PM, 11/23/2005
+ Report-Checksum: BB863D61

+ Scan result:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}\\CLSID -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
[3336] C:\WINDOWS\System32\iutzyws.exe -> Trojan.Agent.cp : Cleaned with backup
C:\Documents and Settings\makelej\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\makelej\Cookies\makelej@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\makelej\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\makelej\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\makelej\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\makelej\Local Settings\Temporary Internet Files\Content.IE5\Y70161U7\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1DCF45F3-CE43-4BED-9494-E77A40\57C4070F-8263-4297-B87C-CE2C29 -> TrojanDownloader.Intexp.c : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\5CEBCD87-A009-4E01-8D82-A0B399\99F1C4BB-774D-4F80-8483-7E8DE4 -> Trojan.Agent.db : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\91EF0CE6-7C75-4795-858E-216566\493749F7-2BAF-4DDD-A49B-0586AF -> Trojan.Agent.db : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\9292E890-B55C-4F70-9DCA-7CD563\4AE4060E-0CD1-4D2B-96AE-6863FB -> Trojan.Agent.db : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B82111A7-D924-4545-AB11-88A03D\67EA7A4C-A5D9-4DFB-BE26-741B10 -> TrojanDownloader.Intexp.c : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C50AC64F-B996-4CD8-AA1A-E37BDF\9A23D1F1-93D8-4DAB-92A4-D35EE2 -> TrojanDownloader.Intexp.c : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\DC333905-AB60-4269-BA1C-3933DF\44D617DB-1FE4-4EBB-BF68-0C8B4D -> TrojanDownloader.Intexp.c : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E0592685-C92A-4E1E-AC92-F59813\451922B6-A4A9-461C-8CBC-42CD8D -> TrojanDownloader.Intexp.c : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F6298812-4A80-495D-A657-117F71\293CB4C3-008A-4D0B-B4B8-FCFDF7 -> TrojanDownloader.Intexp.c : Cleaned with backup
C:\Program Files\TBONAS\TBONlchr.dll -> Spyware.ActivShopper : Cleaned with backup
C:\Program Files\WinFixer 2005 -> Spyware.WinFixer : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP176\A0041405.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP176\A0041467.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP176\A0041468.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP176\A0041469.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP176\A0041470.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP176\A0041485.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP176\A0041486.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP177\A0041552.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP178\A0041559.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP178\A0041583.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP178\A0041644.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP178\A0041645.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP178\A0041646.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP178\A0041647.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP178\A0041717.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP178\A0041756.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP179\A0041788.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP179\A0041797.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP179\A0041837.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP179\A0041838.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP179\A0041839.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP179\A0041840.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP179\A0041918.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP180\A0041947.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP180\A0042017.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP180\A0042018.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP180\A0042019.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP180\A0042020.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP180\A0042028.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP184\A0042156.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP184\A0042218.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP184\A0042220.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP184\A0042221.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP184\A0042222.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP184\A0042232.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP185\A0042265.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP185\A0042267.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP185\A0043208.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP185\A0043209.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP185\A0043210.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP185\A0043211.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP185\A0043217.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP186\A0043245.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP186\A0043259.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP186\A0043338.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP186\A0043339.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP186\A0043340.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP186\A0043341.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP186\A0043347.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP187\A0043392.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP187\A0043393.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP187\A0043395.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP187\A0043397.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP187\A0043499.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP187\A0043500.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP187\A0043501.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP187\A0043663.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP187\A0043664.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP187\A0043665.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP188\A0043780.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP188\A0043781.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP188\A0043782.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP188\A0043949.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP188\A0043950.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP188\A0043951.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP189\A0044031.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP189\A0044032.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP189\A0044033.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP189\A0044195.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP189\A0044196.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP189\A0044197.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP190\A0044232.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP190\A0044234.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP190\A0044315.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP190\A0044316.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP190\A0044317.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP190\A0044481.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP190\A0044482.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP190\A0044483.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP190\A0045303.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP190\A0045304.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP190\A0045305.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP190\A0045473.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP191\A0045486.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP191\A0045487.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP191\A0045489.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP191\A0045566.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP191\A0045567.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP191\A0045568.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP191\A0045736.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP191\A0045737.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP191\A0045738.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP192\A0045830.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP192\A0045831.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP192\A0045837.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP192\A0046009.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP192\A0046010.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP192\A0046011.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP193\A0046047.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP193\A0046048.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP193\A0046050.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP193\A0046134.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP193\A0046135.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP193\A0046136.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP193\A0046299.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP193\A0046300.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP194\A0046371.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP194\A0046434.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP194\A0046435.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP194\A0046436.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP194\A0046603.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP194\A0046700.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP194\A0046701.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP194\A0046702.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP194\A0046867.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP195\A0046973.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP195\A0046974.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP195\A0046975.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP195\A0047138.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP195\A0047139.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP196\A0047268.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP196\A0047269.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP196\A0047270.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP196\A0047431.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP196\A0047432.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP196\A0047433.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP197\A0047485.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP197\A0047486.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP197\A0047488.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP197\A0047582.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP197\A0047583.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP197\A0047584.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP197\A0047585.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP197\A0047590.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP197\A0047591.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP198\A0047630.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP198\A0047632.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP199\A0047793.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP199\A0047794.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP199\A0047795.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP199\A0047807.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP199\A0047809.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP199\A0048793.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP199\A0048794.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP199\A0048795.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP199\A0048805.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP199\A0048806.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP199\A0048807.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP200\A0048841.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP200\A0048842.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP200\A0048844.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP201\A0049796.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP201\A0049797.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP201\A0049798.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP201\A0049801.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP201\A0049802.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP201\A0049831.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP202\A0049943.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP202\A0049944.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP202\A0049945.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP202\A0049948.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP202\A0049949.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP202\A0049950.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP202\A0051017.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP202\A0051018.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP202\A0051020.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP202\A0051022.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP202\A0051063.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP202\A0051064.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP202\A0051065.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP202\A0051071.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP202\A0051073.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP202\A0051078.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP202\A0051116.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP202\A0051117.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP202\A0051118.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP202\A0051119.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP202\A0051120.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP202\A0051127.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051158.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051196.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051198.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051199.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051200.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051245.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051246.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051248.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051249.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051250.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051256.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051294.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051295.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051297.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051298.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051299.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051300.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051306.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051353.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051354.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051356.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051357.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051358.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051412.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051414.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051415.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP203\A0051416.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP204\A0051460.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP204\A0051464.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP204\A0051502.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP204\A0051504.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP204\A0051505.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP204\A0051506.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP204\A0051512.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP205\A0051584.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP205\A0051585.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP205\A0051587.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP205\A0051588.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP205\A0051589.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP206\A0051610.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP206\A0051660.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP206\A0051662.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP206\A0051663.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP206\A0051664.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP206\A0051706.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP206\A0051707.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP206\A0051708.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP206\A0051709.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP206\A0051790.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP206\A0051791.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP206\A0051792.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP206\A0051793.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP207\A0051905.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP207\A0051907.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP207\A0051908.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP207\A0051909.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP207\A0051938.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP208\A0051941.dll -> Trojan.Agent.db : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP208\A0051978.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP208\A0051979.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP208\A0051981.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP208\A0051982.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP208\A0051983.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP208\A0052028.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP208\A0052030.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP208\A0052031.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP208\A0052032.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP209\A0052127.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP209\A0052129.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP209\A0052130.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP209\A0052131.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP209\A0052169.exe -> Trojan.Stervis.k : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP209\A0052170.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP210\A0052236.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP210\A0052237.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP210\A0052239.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP210\A0052240.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP210\A0052241.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP210\A0052345.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP210\A0052347.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP210\A0052348.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP210\A0052349.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP211\A0052415.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP211\A0052417.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP211\A0052418.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP211\A0052419.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP211\A0052478.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP211\A0052479.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP211\A0052481.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP211\A0052482.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP211\A0052483.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP212\A0052578.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP212\A0052580.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP212\A0052581.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP212\A0052582.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP213\A0052682.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP213\A0052683.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP213\A0052685.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP213\A0052686.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP213\A0052687.dll -> TrojanDownloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP213\A0052793.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP213\A0052794.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP213\A0052796.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP213\A0052797.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\System Volume Information\_restor
  • 0

#6
Buckeye_Sam
Posted 23 November 2005 - 06:44 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Flush your system restore, this will delete any restore points that you have but it will also make sure that any malware hiding in system restore will be booted off.

Turn off System Restore:
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.

Download WindPFind

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
* if you have trouble getting into Safe mode go here for more info.


Then open c:\WinPFind and double-click on WinPFind.exe.
When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.
When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP