[jeffige & Central]pop ups and trojans, oh my!

[Central]

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Gateway1\Local Settings\Temp\b2s_iris.exe/data0009 Infected: not-a-virus:AdWare.Win32.EZula.bn skipped

C:\Documents and Settings\Gateway1\Local Settings\Temp\b2s_iris.exe NSIS: infected - 1 skipped

C:\Documents and Settings\valery\Local Settings\Temp\adwsetup_upd.exe Infected: Trojan-Dropper.Win32.Agent.abb skipped

C:\Documents and Settings\valery\Local Settings\Temporary Internet Files\Content.IE5\65OHQD89\adsetup_silent.1.46[1].exe Infected: Trojan-Dropper.Win32.Agent.abb skipped

C:\Program Files\Common Files\EliteMediaGroupOinUninstaller.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped

C:\Program Files\Common Files\EliteMediaGroupOinUninstaller.exe NSIS: infected - 1 skipped

C:\Program Files\SpamBlockerUtility\bin\4.7.1.0\SbShprRprt.exe/data0004 Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\Program Files\SpamBlockerUtility\bin\4.7.1.0\SbShprRprt.exe NSIS: infected - 1 skipped

C:\Program Files\SpamBlockerUtility\bin\4.7.1.0\SpamBlockerUtility.exe/data0012/data0004 Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\Program Files\SpamBlockerUtility\bin\4.7.1.0\SpamBlockerUtility.exe/data0012 Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\Program Files\SpamBlockerUtility\bin\4.7.1.0\SpamBlockerUtility.exe NSIS: infected - 2 skipped

C:\RECYCLER\S-1-5-21-1606980848-179605362-1801674531-1004\Dc112.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped

C:\RECYCLER\S-1-5-21-1606980848-179605362-1801674531-1004\Dc112.exe WiseSFX: infected - 1 skipped

C:\RECYCLER\S-1-5-21-1606980848-179605362-1801674531-1004\Dc112.exe WiseSFX Dropper: infected - 1 skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP692\A0072151.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP692\A0072151.exe WiseSFX: infected - 1 skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP692\A0072151.exe WiseSFX Dropper: infected - 1 skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP692\A0072165.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bv skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP694\A0072395.EXE/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP694\A0072395.EXE WiseSFX: infected - 1 skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP694\A0072395.EXE WiseSFX Dropper: infected - 1 skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP695\A0072451.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP696\A0072504.EXE Infected: not-a-virus:AdWare.Win32.SaveNow.bt skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP699\A0072746.exe Infected: not-a-virus:AdWare.Win32.SurfAccuracy.d skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP736\A0078137.EXE/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP736\A0078137.EXE WiseSFX: infected - 1 skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP736\A0078137.EXE WiseSFX Dropper: infected - 1 skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP763\A0080243.exe Infected: not-a-virus:AdWare.Win32.MDH.e skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP765\A0080343.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ac skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP765\A0080351.DLL Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP765\A0080352.DLL Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP765\A0080353.DLL Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP765\A0080951.exe Infected: Trojan-Downloader.Win32.Qoologic.al skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP765\A0082550.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP767\A0082591.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP767\A0082592.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ac skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP767\A0082675.DLL Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP767\A0082676.DLL Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP770\A0082883.DLL Infected: not-a-virus:AdWare.Win32.Comet.c skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP770\A0082884.dll Infected: not-a-virus:AdWare.Win32.Mirar.a skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP770\A0082885.DLL Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP770\A0082887.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ac skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086768.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086794.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086795.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086796.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.af skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086797.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086798.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086800.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086801.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086802.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086803.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086804.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086806.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.f skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086807.DLL Infected: not-a-virus:AdWare.Win32.IWon.a skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086808.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086809.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086810.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ad skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086812.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086813.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086814.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086815.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086816.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086817.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ai skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086823.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP790\A0087012.exe Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP791\A0087080.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087253.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087254.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087255.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.af skipped

[Central]

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087256.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087257.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087259.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087260.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087261.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087262.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087263.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087264.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.f skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087265.DLL Infected: not-a-virus:AdWare.Win32.IWon.a skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087266.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087267.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087268.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ad skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087274.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087275.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087332.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087333.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087334.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ai skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP803\A0088961.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP803\A0088962.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP811\A0090257.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.i skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP814\A0090450.dll Infected: not-a-virus:AdWare.Win32.EZula.cc skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP817\A0091534.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP817\A0091631.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP866\A0095434.dll Infected: not-a-virus:AdWare.Win32.Sahat.w skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP866\A0095673.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095836.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095837.exe Infected: not-a-virus:AdWare.Win32.HotBar.bd skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095838.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095839.dll Infected: not-a-virus:AdWare.Win32.HotBar.bk skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095840.exe Infected: not-a-virus:AdWare.Win32.HotBar.bh skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095841.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095843.dll Infected: not-a-virus:AdWare.Win32.HotBar.av skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095844.exe Infected: not-a-virus:AdWare.Win32.Hotbar.ar skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095845.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095846.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095847.exe Infected: not-a-virus:AdWare.Win32.Hotbar.an skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095849.EXE Infected: not-a-virus:AdWare.Win32.PurityScan.ee skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095850.exe Infected: not-a-virus:AdWare.Win32.Mirar.d skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095853.exe/instbb.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.ai skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095853.exe/instbb.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.ai skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095853.exe/instbb.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.ai skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095853.exe/inviteexact.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.al skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095853.exe CAB: infected - 4 skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095853.exe MimarSinan: infected - 4 skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095853.exe UPX: infected - 4 skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095854.exe Infected: not-a-virus:AdWare.Win32.EZula.bn skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095855.exe/invnexus.exe Infected: not-a-virus:AdWare.Win32.SurfSide.s skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095855.exe CAB: infected - 1 skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095855.exe MimarSinan: infected - 1 skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095855.exe UPX: infected - 1 skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095856.exe/invnexus.exe Infected: not-a-virus:AdWare.Win32.SurfSide.s skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095856.exe CAB: infected - 1 skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095856.exe MimarSinan: infected - 1 skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095856.exe UPX: infected - 1 skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095857.exe Infected: not-a-virus:AdWare.Win32.EZula.bn skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095858.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095859.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095860.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095862.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095863.dll Infected: not-a-virus:AdWare.Win32.SafeSurfing.a skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095864.exe Infected: not-a-virus:AdWare.Win32.SafeSurfing.y skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095865.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095866.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095867.dll Infected: not-a-virus:AdWare.Win32.EZula.cc skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095868.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095869.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095870.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095871.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.l skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095872.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095873.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095874.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095875.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095876.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095877.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095878.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095879.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.l skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095880.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095881.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095882.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095883.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095884.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.l skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095885.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095886.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095887.dll Infected: not-a-virus:AdWare.Win32.Mirar.e skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095888.dll Infected: not-a-virus:AdWare.Win32.Mirar.b skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095889.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095889.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095889.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095889.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095889.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095889.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095889.exe RarSFX: infected - 6 skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095890.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped

C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP871\A0096064.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\WINNT\invnexus.exe Infected: not-a-virus:AdWare.Win32.SurfSide.s skipped

C:\WINNT\nexus.exe/invnexus.exe Infected: not-a-virus:AdWare.Win32.SurfSide.s skipped

C:\WINNT\nexus.exe/nexusexe.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\WINNT\nexus.exe CAB: infected - 2 skipped

C:\WINNT\nexus.exe MimarSinan: infected - 2 skipped

C:\WINNT\nexus.exe UPX: infected - 2 skipped

C:\WINNT\nexusexe.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\WINNT\system32\f3PSSavr.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\WINNT\system32\gu13927q.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped

C:\WINNT\YOINSI.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped

C:\WINNT\YOINSI.exe NSIS: infected - 1 skipped

Scan process completed.

[Central]

Incident
Status
Location

Potentially unwanted tool:application/funweb Not disinfected C:\WINNT\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.15.inf

Potentially unwanted tool:application/mywebsearch Not disinfected C:\WINNT\SYSTEM32\f3PSSavr.scr

Adware:adware/pacimedia Not disinfected C:\Documents and Settings\Gateway1\Desktop\Click to Find and Fix Errors.url

Adware:adware/dropspam Not disinfected C:\PROGRAM FILES\DropSpam

Adware:adware/wupd Not disinfected C:\PROGRAM FILES\MediaGateway

Potentially unwanted tool:application/zango Not disinfected C:\PROGRAM FILES\Zango Programs

Adware:adware/zenosearch Not disinfected Windows Registry

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@ad.yieldmanager[2].txt

Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@adopt.hbmediapro[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@adultfriendfinder[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@azjmp[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@com[1].txt

Spyware:Cookie/Errorguard Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@errorguard[2].txt

Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@errorsafe[2].txt

Spyware:Cookie/Media-motor Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@mmm.media-motor[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@realmedia[2].txt
Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@research-int[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@searchportal.information[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@statcounter[1].txt

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@stats1.reliablestats[1].txt

Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@target[2].txt

Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@winfixer[2].txt

Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@www.advnt01[1].txt

Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@www.errorsafe[2].txt

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@ad.yieldmanager[2].txt

Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@adopt.hbmediapro[2].txt

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@adultfriendfinder[2].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@atwola[1].txt

Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@azjmp[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@com[1].txt
Spyware:Cookie/Errorguard Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@errorguard[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@errorsafe[2].txt
Spyware:Cookie/Media-motor Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@mmm.media-motor[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@realmedia[2].txt
Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@research-int[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@searchportal.information[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@stats1.reliablestats[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@target[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@winfixer[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@www.advnt01[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@www.errorsafe[2].txt
Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Gateway1\Local Settings\Temp\temp.fr7A6C\ACM.dll
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\valery\Cookies\valery@adopt.hbmediapro[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\valery\Cookies\valery@adultfriendfinder[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\valery\Cookies\valery@ath.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\valery\Cookies\valery@atwola[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\valery\Cookies\valery@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\valery\Cookies\valery@belnk[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\valery\Cookies\valery@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\valery\Cookies\valery@dist.belnk[2].txt
Spyware:Cookie/Errorguard Not disinfected C:\Documents and Settings\valery\Cookies\valery@errorguard[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\valery\Cookies\valery@go[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\valery\Cookies\valery@i.screensavers[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\valery\Cookies\valery@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\valery\Cookies\valery@searchportal.information[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\valery\Cookies\valery@tucows[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\valery\Cookies\valery@uol.com[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\valery\Cookies\valery@winfixer[2].txt
Adware:Adware/DropSpam Not disinfected C:\Program Files\dslifestyle\dslifestyle.exe
Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINNT\Downloaded Program Files\f3initialsetup1.0.0.15.inf
Adware:Adware/Qoologic Not disinfected C:\WINNT\nexusexe.exe

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\WINNT\system32\f3PSSavr.scr

[LonnyRJones]

Manualy delete these files/folders
C:\Program Files\Common Files\EliteMediaGroupOinUninstaller.exe
C:\WINNT\SYSTEM32\f3PSSavr.scr
C:\Documents and Settings\Gateway1\Desktop\Click to Find and Fix Errors.url
C:\PROGRAM FILES\DropSpam
C:\PROGRAM FILES\MediaGateway
C:\PROGRAM FILES\Zango Programs
C:\Program Files\dslifestyle
C:\WINNT\nexusexe.exe
C:\Program Files\SpamBlockerUtility
C:\WINNT\System32\swinqraf.exe
C:\Program Files\nuro
C:\Program Files\Jalmp
C:\WINNT\inkd.exe
C:\WINNT\System32\behmcdjl.exe
C:\Program Files\ProSiteFinder

Clear temps with a program such as System Security Suite.
http://www.igorshpak.net/
Extract it from the zip file and run setup.exe
after the install you can delete setup.exe and the downloaded zip file
Start the program Check all the boxes under the 'Items to Clear' (except perhaps cookies) tab and click
'Clear Selected Items'. You will be prompted to reboot, do so.

Purge System Restore
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Then Reboot. < Dont skip that step.
Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
=======================================
Let us know of any problems

[Central]

Will have the results for you soon lonny, still trying to make it over to his house.

[Central]

this is after the last step above and then last ewido scan. Does this make it all clean or any other steps needed?

thanks lonny




---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:17:10 AM, 4/9/2006
+ Report-Checksum: 162E309C

+ Scan result:

C:\Documents and Settings\Gateway1\Cookies\gateway1@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\WINNT\nexus.exe -> Trojan.Imiserv.c : Cleaned with backup


::Report End

[Central]

sorry no edit option.. but finishing off from up top... the nexus file i some how couldnt find it to delete it.

[Central]

edit top post:

ok i was looking up "nexusexe.exe" I did a search under "nexus" now and found 4, should i delete all? 3 in c:\\winnt\nexus...

One in a user profile.

[LonnyRJones]

Ewido removed it

Post one more Hiajckthis log, then you should be good to go.

[LonnyRJones]

Post the exact location and name of suspicious files,

I think you'l find the nexus in WINNT\system32 is a lagitamate file.