In a feable attempt to help a friend out I received a laptop today with some serious issues. The only place I can really turn is to the Jedi Knights of Security Forums. I ran ewido a couple of times and there is a serious trojan patroling this system. I am going to post the ewido log as well as the Hijack This log. Any help from the security peeps would be greatly appreciated. Thanks
Bryan G


Logfile of HijackThis v1.99.1
Scan saved at 11:46:19 PM, on 9/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\rdso\eetu.exe
C:\Program Files\FCEngine\FCEngine.exe
C:\Program Files\AdSubtract\adsub.exe
C:\PROGRA~1\Webshots\webshots.scr
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\SYSTEM32\w?auclt.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.assumption.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{786AF221-C3C0-6369-F048-C4B552505DA8} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: (no name) - {084AB1C4-7A72-23AF-2E87-2487E3F1E99B} - C:\WINDOWS\system32\mzlcx.dll (file missing)
O2 - BHO: (no name) - {084AB1C5-7A73-54AE-2E8B-54879B83E9E8} - C:\WINDOWS\system32\mzlcx.dll (file missing)
O2 - BHO: (no name) - {15EC9A38-0FD9-2653-8081-2140379AAFBD} - C:\WINDOWS\system32\cmvc.dll
O2 - BHO: (no name) - {15EC9A39-0FD8-5152-808D-51404FE8AFCE} - C:\WINDOWS\system32\cmvc.dll
O2 - BHO: (no name) - {15EC9A3C-0FD8-5152-808D-51404FE9AFC3} - C:\WINDOWS\system32\cmvc.dll
O2 - BHO: (no name) - {296268B5-A30A-83DB-594E-8DCABEA59EEE} - C:\WINDOWS\system32\xga.dll (file missing)
O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\system32\bho.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B8DE4368-3496-12FF-250C-EE108440EE3A} - C:\WINDOWS\qefahwww.dll
O2 - BHO: (no name) - {C003493D-D7D0-8D05-D138-8A4DFEA773C6} - C:\WINDOWS\system32\ygqz.dll (file missing)
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Search - {ADCEBD86-1700-57E7-5B2A-D080C9E80D49} - C:\WINDOWS\qefahwww.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SLOD] C:\documents and settings\allie pelland.allie\local settings\temp\SLOD.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [Uninstall_TBPS] C:\WINDOWS\Temp\TBuninst.exe /remove
O4 - HKLM\..\Run: [Tcwgwdxq] C:\Program Files\Kybwi\Hwnvqlq.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\RunOnce: [NSIS.Library.RegTool.v2] "C:\WINDOWS\system32\NSIS.Library.RegTool.v2.exe" /S
O4 - HKCU\..\Run: [System DMI] sysdmi.exe
O4 - HKCU\..\Run: [Enezsbg] C:\WINDOWS\system32\w?auclt.exe
O4 - HKCU\..\Run: [g07FRXY6V] ckcview.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe
O4 - HKCU\..\Run: [FCEngine] "C:\Program Files\FCEngine\FCEngine.exe"
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: AdSubtract.lnk = C:\Program Files\AdSubtract\adsub.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA...bridge-c356.cab
O16 - DPF: {2F5B39C5-C6F5-447A-A946-48B382C53985} - http://www.pacimedia.com/install/pcs_0006.exe
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0032.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://65.175.132.78/activex/AxisCamControl.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0012.exe
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\CMSystem\plugin.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ljnnlhz.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:35:10 PM, 9/29/2005
+ Report-Checksum: 3799168A

+ Scan result:

HKLM\SOFTWARE\AutoLoader -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\xw7z1JJSORLZ -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID\\ -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension.5 -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension.5\CLSID\\ -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\\ -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}\\AppID -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}\TypeLib\\ -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D}\TypeLib\\ -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{978C4EC7-60D1-4005-8CE0-D6A7169E36EA} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{978C4EC7-60D1-4005-8CE0-D6A7169E36EA}\ShellEx\PropertySheetHandlers\{978C4EC7-60D1-4005-8CE0-D6A7169E36EA} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}\TypeLib\\ -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{57CB9B97-9FF9-4C87-88A4-56A867FFC95E} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{57CB9B97-9FF9-4C87-88A4-56A867FFC95E}\TypeLib\\ -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6F59D850-A155-4930-98AE-689A2BC7B8E8}\TypeLib\\ -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{930A2B79-855E-4A18-80BB-4C0595B40798} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{930A2B79-855E-4A18-80BB-4C0595B40798}\TypeLib\\ -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10}\ProxyStubClsid32\\ -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B99A727F-0782-4A71-BCC2-6E1E66414904} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B99A727F-0782-4A71-BCC2-6E1E66414904}\ProxyStubClsid32\\ -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\ProxyStubClsid32\\ -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C380566D-F343-42AB-987B-6B38A1A35747} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C380566D-F343-42AB-987B-6B38A1A35747}\TypeLib\\ -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{E318D698-27B3-44D5-8998-C35EAFB9C034} -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{E318D698-27B3-44D5-8998-C35EAFB9C034}\TypeLib\\ -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{E61A0304-C605-441F-BD57-2833B65A69F1} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{E61A0304-C605-441F-BD57-2833B65A69F1}\TypeLib\\ -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{227D1E33-EAD4-4ACE-BE32-4ACFAAD072DD} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Var3.RsyncHlpr -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Var3.RsyncHlpr\CLSID -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Var3.RsyncHlpr\CLSID\\ -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Var3.RsyncHlpr\CurVer -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Var3.RsyncHlpr.1 -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Var3.RsyncHlpr.1\CLSID\\ -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\WinadX.Installer -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WinadX.Installer\CLSID -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WinadX.Installer\CLSID\\ -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Classes\WinCommX.Installer -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WinCommX.Installer\CLSID -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WinCommX.Installer\CLSID\\ -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Desktop\LicenseStores -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Envolo -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Envolo\AutoUpdate -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Envolo\AutoUpdate\State -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Envolo\AutoUpdate\Tasks -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\MaxSpeed -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{120E090D-9136-4b78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{978C4EC7-60D1-4005-8CE0-D6A7169E36EA} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx\\.Owner -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinadX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinadX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoUpdate -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\midADdle -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\midADdle -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\msbb -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\WildMedia -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\WildMedia\LicenseStores -> Spyware.MidAddle : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Spyware.BetterInternet : Cleaned with backup
HKU\.DEFAULT\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\LocalNRD -> Spyware.BetterInternet : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FE6BC4EF-5676-484B-88AE-883323913256} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-1712612872-1086053792-435975448-1007\Software\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-1712612872-1086053792-435975448-1007\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{120E090D-9136-4b78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Cleaned with backup
HKU\S-1-5-21-1712612872-1086053792-435975448-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKU\S-1-5-21-1712612872-1086053792-435975448-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1712612872-1086053792-435975448-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{120E090D-9136-4B78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Cleaned with backup
HKU\S-1-5-21-1712612872-1086053792-435975448-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-1712612872-1086053792-435975448-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-1712612872-1086053792-435975448-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup
HKU\S-1-5-21-1712612872-1086053792-435975448-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
HKU\S-1-5-21-1712612872-1086053792-435975448-1007\Software\msbb -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-18\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-18\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-18\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-18\Software\LocalNRD -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FE6BC4EF-5676-484B-88AE-883323913256} -> Spyware.CometCursor : Error during cleaning
[1420] C:\Program Files\Aprps\cxtpls.dll -> TrojanDownloader.Apropo.w : Error during cleaning
[1448] C:\WINDOWS\system32\DrPMon.dll -> Adware.BetterInternet : Cleaned with backup
[188] C:\Program Files\CMSystem\plugin.dll -> Spyware.CASClient : Error during cleaning
C:\Documents and Settings\Allie Pelland.ALLIE\Application Data\ttuh.exe -> Spyware.PurityScan : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Cookies\allie pelland@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Cookies\allie pelland@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\AGE\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\apbldlld.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\AutoUpdate0\auto_update_install.exe -> Spyware.AproposMedia : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Cookies\allie pelland@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Cookies\allie pelland@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Cookies\allie pelland@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Cookies\allie pelland@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Cookies\allie pelland@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Cookies\allie pelland@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Cookies\allie pelland@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Cookies\allie pelland@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Cookies\allie pelland@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Cookies\allie pelland@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Cookies\allie pelland@valuead[2].txt -> Spyware.Cookie.Valuead : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Cookies\allie pelland@www.shopathomeselect[1].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Cookies\allie pelland@www.sidefind[2].txt -> Spyware.Cookie.Sidefind : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Cookies\allie pelland@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\EAE\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\ENH\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\FNS\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\hcogclld.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\i12.tmp -> TrojanDownloader.Totavel.a : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\iinstall.exe -> TrojanDownloader.IstBar.jj : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\IUP\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\NSD\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\nsf5C.tmp -> Spyware.SafeSurfing : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\nsq5A.tmp -> Spyware.SafeSurfing : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\res31E.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Stb.exe -> TrojanDownloader.Agent.tf : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZORG1QN\cxtpls_loader[1].exe -> TrojanDownloader.Apropo.ab : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZORG1QN\istrecover[1].exe -> TrojanDownloader.IstBar.ij : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZORG1QN\newmajorse2[1].cab/newmajorse2.txt -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZORG1QN\sidefind13[1].dll -> Spyware.SideFind : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Temporary Internet Files\Content.IE5\AZORG1QN\tb3[1].cab/toolbar.dll -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Temporary Internet Files\Content.IE5\EJ0NQVAJ\AM_1.0.194[1].exe -> Trojan.Pakes : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Temporary Internet Files\Content.IE5\EJ0NQVAJ\AutoUpdaterInstaller[1].exe -> TrojanDownloader.Apropo.g : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Temporary Internet Files\Content.IE5\EJ0NQVAJ\istsvc[1].exe -> TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Temporary Internet Files\Content.IE5\EJ0NQVAJ\power_remove[1].exe -> TrojanDownloader.IstBar.gi : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Temporary Internet Files\Content.IE5\STAVWPQJ\AproposClientInstaller[1].exe -> Trojan.Pakes : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Temporary Internet Files\Content.IE5\STAVWPQJ\istdownload[1].exe -> TrojanDownloader.IstBar.jj : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Temporary Internet Files\Content.IE5\STAVWPQJ\TBPS[1].cab/TBPS.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Temporary Internet Files\Content.IE5\STAVWPQJ\thin-94-1-x-x-2[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Temporary Internet Files\Content.IE5\STAVWPQJ\ysb[1].dll -> Spyware.YourSiteBar : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Temporary Internet Files\Content.IE5\W7CTK389\bb[1].exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Temporary Internet Files\Content.IE5\W7CTK389\sfbho13[1].dll -> Spyware.SideFind : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Temporary Internet Files\Content.IE5\W7CTK389\sidefind[1].exe -> TrojanDownloader.IstBar.jd : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Temporary Internet Files\Content.IE5\W7CTK389\TBPSSvc[2].cab/TBPSSvc.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\Temporary Internet Files\Content.IE5\W7CTK389\ysb_1002245[1].cab/YSBactivex.dll -> TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\TUN\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temp\WXB\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Allie Pelland.ALLIE\Local Settings\Temporary Internet Files\Content.IE5\KPYNSH2B\AutoUpdaterInstaller[1].exe -> TrojanDownloader.Apropo.g : Cleaned with backup
C:\ezStub.exe -> Adware.eZula : Cleaned with backup
C:\Overpro323.exe -> TrojanDownloader.Agent.ac : Cleaned with backup
C:\Program Files\Aprps\__delete_on_reboot__cxtpls.dll -> TrojanDownloader.Apropo.ag : Cleaned with backup
C:\Program Files\Aprps\__delete_on_reboot__CxtPls.exe -> TrojanDownloader.Apropo.ag : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\CMAPP\Client\cmappclient.exe -> Spyware.CASClient : Cleaned with backup
C:\Program Files\CMAPP\Client\cmappmf.dll -> Spyware.CASClient : Cleaned with backup
C:\Program Files\CMAPP\cmappstub.exe -> TrojanDownloader.Agent.tf : Cleaned with backup
C:\Program Files\CMSystem\__delete_on_reboot__CMSystem.exe -> Spyware.CASClient : Cleaned with backup
C:\Program Files\CMSystem\__delete_on_reboot__plugin.dll -> Spyware.CASClient : Cleaned with backup
C:\Program Files\FwBarTemp\searchbar.exe -> TrojanDownloader.VB.eu : Cleaned with backup
C:\Program Files\Kybwi\__delete_on_reboot__Hwnvqlq.exe -> Trojan.Small.cy : Cleaned with backup
C:\Program Files\Winad Client\Winad.exe -> Trojan.Winad.a : Cleaned with backup
C:\quarantine\A0044060.exe.Vir -> TrojanSpy.Agent.dq : Error during cleaning
C:\quarantine\A0054301.exe.Vir -> TrojanDownloader.Agent.ed : Error during cleaning
C:\quarantine\A0059160.exe.Vir -> TrojanDownloader.PurityScan.y : Error during cleaning
C:\quarantine\eetu.exe.Vir -> TrojanDownloader.PurityScan.y : Error during cleaning
C:\quarantine\hosts.bho.Vir -> Trojan.Qhost.f : Error during cleaning
C:\quarantine\svchost.exe.Vir -> TrojanSpy.Agent.dq : Error during cleaning
C:\quarantine\svcproc.exe.Vir -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.0 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.1 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.10 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.100 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.101 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.102 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.103 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.104 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.105 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.106 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.107 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.11 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.12 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.13 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.14 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.15 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.156 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.157 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.158 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.159 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.16 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.160 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.161 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.162 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.163 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.164 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.165 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.166 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.167 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.168 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.169 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.17 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.170 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.171 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.172 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.173 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.174 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.175 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.176 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.177 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.178 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.179 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.18 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.180 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.181 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.182 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.183 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.184 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.185 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.186 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.187 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.188 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.189 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.19 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.190 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.191 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.192 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.193 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.194 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.195 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.196 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.197 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.198 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.199 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.2 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.20 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.200 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.201 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.202 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.203 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.204 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.205 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.206 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.207 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.208 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.209 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.21 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.210 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.211 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.212 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.213 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.214 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.215 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.216 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.217 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.218 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.219 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.22 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.220 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.221 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.222 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.223 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.224 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.225 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.226 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.227 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.228 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.229 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.23 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.230 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.231 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.232 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.233 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.234 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.235 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.236 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.237 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.238 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.239 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.24 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.240 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.241 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.242 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.243 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.244 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.245 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.246 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.247 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.248 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.249 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.25 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.250 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.251 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.252 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.253 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.254 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.255 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.256 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.257 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.258 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.259 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.26 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.260 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.261 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.262 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.263 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.264 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.265 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.266 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.267 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.268 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.269 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.27 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.270 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.271 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.272 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.273 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.274 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.275 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.276 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.277 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.278 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.279 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.28 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.280 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.281 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.282 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.283 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.284 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.285 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.286 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.287 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.288 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.289 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.29 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.290 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.291 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.292 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.293 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.294 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.295 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.296 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.297 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.298 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.299 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.3 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.30 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.300 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.301 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.302 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.303 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.304 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.305 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.306 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.307 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.308 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.309 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.31 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.310 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.311 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.312 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.313 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.314 -> Trojan.Stervis.d : Error during cleaning
C:

Hi btown3,

Many different infections there, so this will take a few tries.
Take your time doing this. It may help to print this out, as you won't be able to see it in Safe mode.


Set Windows to view hidden and system files:
Open the Windows Explorer | Tools | Folder Options - View [tab]:

Scroll down to the "Files and Folders" section.
Select: "Display the contents of system folders".

Scroll down to the "Hidden Files and Folders" section.
Select: "Show hidden files and folders", Ok the prompt
Uncheck: "Hide file extensions for known file types"
Uncheck: "Hide protected operating system files" Ok the Prompt, click Apply

Click the "Apply to all Folders" button. Close Windows Explorer.

After you're cleaned, please "rehide" them again.
_ _ _ _

Symantec Security Response has developed a removal tool for Adware.IEPlugin. Use this removal tool first, as it is the easiest way to remove this threat.

The tool can be found here: http://securityresponse.symantec.com/avcenter/FxIeplgn.exe

Download then run the tool.

http://securityresponse.symantec.com/avcen...e.ieplugin.html
____________________


Then we need to get some more free tools, but they have to be run in Safe mode so for now, just download them.


Please update ewido, but don't run it yet.

_ _ _ _

Then please download Nailfix from here:
http://www.noidea.us/easyfile/file.php?dow...050711214630636

Unzip it to the desktop but again, please don't run it yet.
_ _ _ _

To clean your temp folder, recycle bin, etc..please download this free tool:
CCleaner It will put a shortcut on your Desktop, but don't run it yet.
_ _ _ _

Finally, please get AdAware SE
Install The Program.
Make sure that you update it, but we will use it later, so just close Ad-aware after it's set up and updated.

_________

Then, reboot to Safe mode (tap F8 while restarting).


Open (double click) on the Nailfix folder (that you downloaded earlier), then double-click on Nailfix.cmd.
Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.
_ _ _

Then open CCleaner. Click on CCleaner to start it. Then click "Run Cleaner".

Uncheck "Cookies" under "Internet Explorer".
If running Firefox: click on the "Applications" tab and uncheck "Cookies" under "Firefox".
Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
_ _ _


Then run Ad-aware, and fix all that it finds.

_ _ _

Open Hijackthis, click Scan, then put a check next to the following entries:
(Some may be removed after doing steps above)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - _{786AF221-C3C0-6369-F048-C4B552505DA8} - (no file)

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: (no name) - {084AB1C4-7A72-23AF-2E87-2487E3F1E99B} - C:\WINDOWS\system32\mzlcx.dll (file missing)
O2 - BHO: (no name) - {084AB1C5-7A73-54AE-2E8B-54879B83E9E8} - C:\WINDOWS\system32\mzlcx.dll (file missing)
O2 - BHO: (no name) - {15EC9A38-0FD9-2653-8081-2140379AAFBD} - C:\WINDOWS\system32\cmvc.dll
O2 - BHO: (no name) - {15EC9A39-0FD8-5152-808D-51404FE8AFCE} - C:\WINDOWS\system32\cmvc.dll
O2 - BHO: (no name) - {15EC9A3C-0FD8-5152-808D-51404FE9AFC3} - C:\WINDOWS\system32\cmvc.dll
O2 - BHO: (no name) - {296268B5-A30A-83DB-594E-8DCABEA59EEE} - C:\WINDOWS\system32\xga.dll (file missing)
O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\system32\bho.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {B8DE4368-3496-12FF-250C-EE108440EE3A} - C:\WINDOWS\qefahwww.dll
O2 - BHO: (no name) - {C003493D-D7D0-8D05-D138-8A4DFEA773C6} - C:\WINDOWS\system32\ygqz.dll (file missing)

O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: Search - {ADCEBD86-1700-57E7-5B2A-D080C9E80D49} - C:\WINDOWS\qefahwww.dll

O4 - HKLM\..\Run: [SLOD] C:\documents and settings\allie pelland.allie\local settings\temp\SLOD.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [Uninstall_TBPS] C:\WINDOWS\Temp\TBuninst.exe /remove
O4 - HKLM\..\Run: [Tcwgwdxq] C:\Program Files\Kybwi\Hwnvqlq.exe
O4 - HKLM\..\RunOnce: [NSIS.Library.RegTool.v2] "C:\WINDOWS\system32\NSIS.Library.RegTool.v2.exe" /S
O4 - HKCU\..\Run: [System DMI] sysdmi.exe
O4 - HKCU\..\Run: [Enezsbg] C:\WINDOWS\system32\w?auclt.exe
O4 - HKCU\..\Run: [g07FRXY6V] ckcview.exe
O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe
O4 - HKCU\..\Run: [FCEngine] "C:\Program Files\FCEngine\FCEngine.exe"
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYUS

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA...bridge-c356.cab
O16 - DPF: {2F5B39C5-C6F5-447A-A946-48B382C53985} - http://www.pacimedia.com/install/pcs_0006.exe
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0032.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://65.175.132.78/activex/AxisCamControl.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0012.exe

O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\CMSystem\plugin.dll

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ljnnlhz.exe


Now Close all open Windows (have only HJT open) and click "Fix Checked".


Then delete these folders in bold:

C:\Program Files\AWS\
C:\Program Files\CMSystem\
C:\Program Files\FCEngine\
C:\Program Files\Kybwi\
C:\Program Files\rdso\


When that's done, run Ewido trojan scanner.
Click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run.

If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to you next reply.
And please post a new HJT log also....

Also post a different log from HJT:
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

We'll see what shows up again. More work will be needed....

Still got some serious trojan problems but it seems as though I knocked out a few of the problems. Here are the new logs. Thanks
Bryan G
uninstall_list.txt
Ad-aware 6 Personal
AdSubtract
AOL Instant Messenger
Broadcom Advanced Control Suite
CCleaner (remove only)
Conexant D480 MDC V.92 Modem
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support 5.0.0 (734)
Easy CD Creator 5 Basic
ewido security suite
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Intel® Extreme Graphics Driver
McAfee SecurityCenter
McAfee VirusScan
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Word 2002
Modem Helper
MUSICMATCH Jukebox
OIN
Paint Shop Pro 7
Quicken 2002 New User Edition
QuickTime
RealOne Player
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Sony USB Driver
Spybot - Search & Destroy 1.3
The Best Offers
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Webshots Desktop
Windows Installer 3.1 (KB893803)

Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WordPerfect Office 11

Logfile of HijackThis v1.99.1
Scan saved at 2:05:51 AM, on 10/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\akiohcb.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AdSubtract\adsub.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.assumption.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [akiohcb] C:\WINDOWS\akiohcb.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: AdSubtract.lnk = C:\Program Files\AdSubtract\adsub.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:57:11 AM, 10/4/2005
+ Report-Checksum: 3E2F831B

+ Scan result:

C:\quarantine\A0044060.exe.Vir -> TrojanSpy.Agent.dq : Error during cleaning
C:\quarantine\A0054301.exe.Vir -> TrojanDownloader.Agent.ed : Error during cleaning
C:\quarantine\A0059160.exe.Vir -> TrojanDownloader.PurityScan.y : Error during cleaning
C:\quarantine\eetu.exe.Vir -> TrojanDownloader.PurityScan.y : Error during cleaning
C:\quarantine\hosts.bho.Vir -> Trojan.Qhost.f : Error during cleaning
C:\quarantine\svchost.exe.Vir -> TrojanSpy.Agent.dq : Error during cleaning
C:\quarantine\svcproc.exe.Vir -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.0 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.1 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.10 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.100 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.101 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.102 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.103 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.104 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.105 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.106 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.107 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.11 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.12 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.13 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.14 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.15 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.156 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.157 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.158 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.159 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.16 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.160 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.161 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.162 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.163 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.164 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.165 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.166 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.167 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.168 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.169 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.17 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.170 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.171 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.172 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.173 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.174 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.175 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.176 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.177 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.178 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.179 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.18 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.180 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.181 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.182 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.183 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.184 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.185 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.186 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.187 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.188 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.189 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.19 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.190 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.191 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.192 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.193 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.194 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.195 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.196 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.197 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.198 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.199 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.2 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.20 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.200 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.201 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.202 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.203 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.204 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.205 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.206 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.207 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.208 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.209 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.21 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.210 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.211 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.212 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.213 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.214 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.215 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.216 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.217 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.218 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.219 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.22 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.220 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.221 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.222 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.223 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.224 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.225 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.226 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.227 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.228 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.229 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.23 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.230 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.231 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.232 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.233 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.234 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.235 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.236 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.237 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.238 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.239 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.24 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.240 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.241 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.242 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.243 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.244 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.245 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.246 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.247 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.248 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.249 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.25 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.250 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.251 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.252 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.253 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.254 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.255 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.256 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.257 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.258 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.259 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.26 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.260 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.261 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.262 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.263 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.264 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.265 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.266 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.267 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.268 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.269 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.27 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.270 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.271 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.272 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.273 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.274 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.275 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.276 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.277 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.278 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.279 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.28 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.280 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.281 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.282 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.283 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.284 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.285 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.286 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.287 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.288 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.289 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.29 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.290 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.291 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.292 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.293 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.294 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.295 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.296 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.297 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.298 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.299 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.3 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.30 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.300 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.301 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.302 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.303 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.304 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.305 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.306 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.307 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.308 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.309 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.31 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.310 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.311 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.312 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.313 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.314 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.315 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.316 -> Trojan.Stervis.d : Error during cleaning
C:\quarantine\svcproc.exe.Vir.317 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.318 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.319 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.32 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.320 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.321 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.322 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.323 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.324 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.325 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.326 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.327 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.328 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.329 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.33 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.330 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.331 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.332 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.333 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.334 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.335 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.336 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.337 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.338 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.339 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.34 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.340 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.341 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.342 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.343 -> Trojan.Stervis.f : Error during cleaning
C:\quarantine\svcproc.exe.Vir.344 -> Trojan.Stervis.g : Error during cleaning
C:\quarantine\svcproc.exe.Vir.345 -> Trojan.Stervis.g : Error during cleaning
C:\quarantine\svcproc.exe.Vir.346 -> Trojan.Stervis.g : Error during cleaning
C:\quarantine\svcproc.exe.Vir.347 -> Trojan.Stervis.i : Error during cleaning
C:\quarantine\svcproc.exe.Vir.348 -> Trojan.Stervis.i : Error during cleaning
C:\quarantine\svcproc.exe.Vir.349 -> Trojan.Stervis.i : Error during cleaning
C:\quarantine\svcproc.exe.Vir.35 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.350 -> Trojan.Stervis.i : Error during cleaning
C:\quarantine\svcproc.exe.Vir.351 -> Trojan.Stervis.i : Error during cleaning
C:\quarantine\svcproc.exe.Vir.352 -> Trojan.Stervis.i : Error during cleaning
C:\quarantine\svcproc.exe.Vir.353 -> Trojan.Stervis.i : Error during cleaning
C:\quarantine\svcproc.exe.Vir.354 -> Trojan.Stervis.i : Error during cleaning
C:\quarantine\svcproc.exe.Vir.355 -> Trojan.Stervis.i : Error during cleaning
C:\quarantine\svcproc.exe.Vir.36 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.37 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.38 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.39 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.4 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.40 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.41 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.42 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.43 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.44 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.45 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.46 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.47 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.48 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.49 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.5 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.50 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.51 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.52 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.53 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.54 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.55 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.56 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.57 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.58 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.59 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.6 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.60 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.61 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.62 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.63 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.64 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.65 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.66 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.67 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.68 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.69 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.7 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.70 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.71 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.72 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.73 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.74 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.75 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.76 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.77 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.78 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.79 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.8 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.80 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.81 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.82 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.83 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.84 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.85 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.86 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.87 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.88 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.89 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.9 -> Adware.BetterInternet : Error during cleaning
C:\quarantine\svcproc.exe.Vir.90 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.91 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.92 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.93 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.94 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.95 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.96 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.97 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.98 -> Spyware.Hijacker.Generic : Error during cleaning
C:\quarantine\svcproc.exe.Vir.99 -> Spyware.Hijacker.Generic : Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP504\A0067558.dll -> TrojanDownloader.Apropo.ag : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP504\A0067561.dll -> Spyware.CASClient : Cleaned with backup


::Report End

Hi btown3,

You can delete the contents of C:\quarantine\


Click Start, click Control Panel, and then double-click Add or Remove Programs "Change or Remove Programs"
and Remove this:

The Best Offers

Then close Control Panel and reboot.
__ _ _ _

Go to Task Manager (Ctrl + Alt + Delete) and click on "Processes" then "End Process" for these:

akiohcb.exe

_ _ _ _


Open Hijackthis, click Scan, then put a check next to the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm

O4 - HKLM\..\Run: [akiohcb] C:\WINDOWS\akiohcb.exe

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone


Now Close all open Windows and browsers (have only HJT open) and click "Fix Checked".


Then reboot.


Then please download DelDomains.inf , made by Winhelp2002.- Right-click and select: Save Target As
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

Note, if you use SpywareBlaster and or IESpyad, it will be necessary to re-install the protection both provide. For SpywareBlaster, run the program and 're-enable all protection'. For IESpyad, run the batch file and reinstall the protection.


Next, take a free Online Virus scan at HouseCall and Panda ActiveScan
If any infected files are found, delete them.
Then please post the log from them.

And post a new HJT log also.

That seemed to clean a majority of the problems but the system still seems to be dragging a bit and I'm thinking that it may have to do with Macafee. Not a big fan. Any suggestions? Thanks

Logs:

Logfile of HijackThis v1.99.1
Scan saved at 1:42:17 PM, on 10/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Webshots\webshots.scr
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.assumption.edu/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:40:16 PM, 10/4/2005
+ Report-Checksum: 9ACC80C

+ Scan result:

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP504\A0067574.exe -> Adware.BetterInternet : Cleaned with backup


::Report End