Qoologic.bat does not seem to work. Dos window says "Just wait until a text opens please. Disregard the parameters message".
A popup window says:
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\SYSTEM32\AUTOEXEC.NT. The system file is not
suitable for running MS-DOS dadadada.. Choose "close to terminate the application.
NO hard drive activity at all... I'm begining to wonder if this would be better to just format @ reinstall, but I've already put a lot of effort into it. And time.
********************************************************
********************************************************
RKfile contents:
C:\Documents and Settings\Administrator\Desktop
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\pjtpql.exe: UPX!
C:\WINDOWS\system32\PSof1.exe: UPX!
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\tsc.exe: UPX!
C:\WINDOWS\vsapi32.dll: UPX!t4
Finished
bye
********************************************************
********************************************************
mwav contents:
File C:\Documents and Settings\Administrator\Desktop\Nailfix\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
File C:\Documents and Settings\Administrator\Desktop\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
Object "BrowserAid Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BrowserAid Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "DyFuCA Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "tsa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "180Solutions Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AdRotator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\DS3.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\DS3.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaAccX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ysbactivex.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\Install.wse.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\config.ini". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\templates.zip". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaAccX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ysbactivex.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\DS3.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\DS3.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{00000001-C003-4A2F-9142-7CB1D78DE6C1}" refers to invalid object "C:\WINDOWS\tct101.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{017C20C1-F86F-11D8-9B25-000ACD002AE3}" refers to invalid object "C:\WINDOWS\Helper101.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{12EE7A5E-0674-42f9-A76A-000000004D00}" refers to invalid object "C:\WINDOWS\system32\stlb2.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{12EE7A5E-0674-42f9-A76B-000000004D00}" refers to invalid object "C:\WINDOWS\system32\stlb2.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaAccX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2342DB04-08CE-4CF6-976D-BD9EFA960EFB}" refers to invalid object "c:\sysfwb\1658631355\iefwbar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{286DA624-B692-4D91-8D49-D57DCB1324E0}" refers to invalid object "C:\WINDOWS\system32\dzcdll.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}" refers to invalid object "C:\PROGRA~1\AWS\WEATHE~1\MINIBU~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{326BA862-D81C-46BD-9330-58EAC5DE7CDD}" refers to invalid object "C:\WINDOWS\system32\kudic.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{40D41A8B-D79B-43d7-99A7-9EE0F344C385}" refers to invalid object "C:\Program Files\AIM Toolbar\AIMBar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}" refers to invalid object "C:\WINDOWS\system32\PopOops2.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{42ced37a-abe2-4ed6-bf9d-f2f7219020ef}" refers to invalid object "C:\WINDOWS\system32\oqdmc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{46ba0734-7b06-4318-8732-5ea69dfdaea4}" refers to invalid object "C:\WINDOWS\system32\oqdmc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6a0f860d-92ac-494f-bc53-1f72d78ff43a}" refers to invalid object "C:\WINDOWS\system32\oqdmc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}" refers to invalid object "C:\WINDOWS\system32\supdate.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{84FFB063-3E69-463C-92A5-C995F8601EFE}" refers to invalid object "C:\WINDOWS\system32\ioetpp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{872ef9f5-ca6f-407c-88e1-843b7139cef8}" refers to invalid object "C:\WINDOWS\system32\oqdmc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9056A11F-5EA6-4A67-BDE9-8D3C7C453DAC}" refers to invalid object "c:\sysfwb\1658631355\iefwbar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{94457870-1992-40AC-A4F9-F1F854FF56F6}" refers to invalid object "C:\WINDOWS\system32\mac42u.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{99180163-DA16-101A-935C-444553540000}" refers to invalid object "recncl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WEBInstaller.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}" refers to invalid object "C:\WINDOWS\system32\SWLAD1.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ecbe2d8a-a832-4564-b015-e006a2800e59}" refers to invalid object "C:\WINDOWS\system32\oqdmc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{f879e021-1faf-4ffd-88da-bf4c62fbab7c}" refers to invalid object "C:\WINDOWS\system32\dqarn.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FB790DEE-BE79-BC8A-7C32-E9ECDA914DCA}" refers to invalid object "C:\WINDOWS\system32\aiqitg.dll". Action Taken: No Action Taken.
Entry "HKCR\ActMsg.Session" refers to invalid object "{3FA7DEB3-6438-101B-ACC1-00AA00423326}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\Main.MimeFilter" refers to invalid object "{8293D547-38DD-4325-B35A-F1817EDFA5FC}". Action Taken: No Action Taken.
Entry "HKCR\Main.MimeFilter.1" refers to invalid object "{8293D547-38DD-4325-B35A-F1817EDFA5FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKCR\trfdsk.amo.1" refers to invalid object "{356B2BD0-D206-4E21-8C85-C6F49409C6A9}". Action Taken: No Action Taken.
Entry "HKCR\trfdsk.iiittt.1" refers to invalid object "{0962DA67-DB64-465C-8CD7-CBB357CAF825}". Action Taken: No Action Taken.
Entry "HKCR\trfdsk.momo.1" refers to invalid object "{52ADD86D-9561-4C40-B561-4204DBC139D1}". Action Taken: No Action Taken.
Entry "HKCR\trfdsk.ohb.1" refers to invalid object "{999A06FF-10EF-4A29-8640-69E99882C26B}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
File C:\WINDOWS\_MSRSTRT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\system32\EDow_AS2.exe infected by "Trojan-Downloader.Win32.QDown.x" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\GSM3-0511.exe infected by "Trojan.Win32.Registrator.b" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\InstallerV3.exe tagged as "not-a-virus:AdWare.SafeSurfing.j". Action Taken: No Action Taken.
File C:\WINDOWS\system32\L90112201.Stub.exe infected by "Trojan-Downloader.Win32.Delmed.a" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\rtneg5_venturahot_246765.exe tagged as "not-a-virus:AdWare.ToolBar.HotSearchBar.e". Action Taken: No Action Taken.
File C:\WINDOWS\system32\weirdontheweb_ventura.exe tagged as "not-a-virus:AdWare.WeirWeb.b". Action Taken: No Action Taken.
File C:\WINDOWS\system32\WrapperOuter.exe tagged as "not-a-virus:AdWare.VirtualBouncer.c". Action Taken: No Action Taken.
File C:\Documents and Settings\Administrator\Desktop\Nailfix\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
File C:\Documents and Settings\Administrator\Desktop\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\1.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\GL_18.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\i1C.tmp tagged as "not-a-virus:AdWare.SurfSide.j". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\i9.tmp tagged as "not-a-virus:AdWare.SurfSide.j". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\iF.tmp tagged as "not-a-virus:AdWare.SurfSide.j". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\LVVVkG.exe infected by "Trojan-Downloader.Win32.IstBar.jl" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2JGLQZ\158[1].bin tagged as "not-a-virus:AdWare.WeirWeb.b". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\wrapperouter.exe tagged as "not-a-virus:AdWare.VirtualBouncer.j". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QID5XSZI\AppWrap[1].exe infected by "Trojan-Downloader.Win32.Small.ru" Virus! Action Taken: No Action Taken.
File C:\HJT\Nailfix\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
File C:\Program Files\Fla\Flacpy_inst.exe tagged as "not-a-virus:AdWare.FlashEnhancer.a ". Action Taken: No Action Taken.
File C:\Program Files\rdso\eetu.exe infected by "Trojan-Downloader.Win32.PurityScan.t" Virus! Action Taken: No Action Taken.
File C:\Program Files\USBToolbox\U2v2_03.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\system\QBTool.exe infected by "Trojan.Win32.Registrator.b" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\Cache\876004.exe infected by "Trojan-Dropper.Win32.VB.gg" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\Cache\pi1_60.exe infected by "Trojan-Downloader.Win32.Small.aal" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\Cache\weirdontheweb_ventura2.exe tagged as "not-a-virus:AdWare.WeirWeb.b". Action Taken: No Action Taken.
File C:\WINDOWS\system32\EDow_AS2.exe infected by "Trojan-Downloader.Win32.QDown.x" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\GSM3-0511.exe infected by "Trojan.Win32.Registrator.b" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\InstallerV3.exe tagged as "not-a-virus:AdWare.SafeSurfing.j". Action Taken: No Action Taken.
File C:\WINDOWS\system32\L90112201.Stub.exe infected by "Trojan-Downloader.Win32.Delmed.a" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\rtneg5_venturahot_246765.exe tagged as "not-a-virus:AdWare.ToolBar.HotSearchBar.e". Action Taken: No Action Taken.
File C:\WINDOWS\system32\weirdontheweb_ventura.exe tagged as "not-a-virus:AdWare.WeirWeb.b". Action Taken: No Action Taken.
File C:\WINDOWS\system32\WrapperOuter.exe tagged as "not-a-virus:AdWare.VirtualBouncer.c". Action Taken: No Action Taken.
File C:\WINDOWS\Temp\!update.exe infected by "Trojan-Downloader.Win32.PurityScan.t" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\_MSRSTRT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.