Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Just another Hijack moment


  • Please log in to reply
3 replies to this topic

#1 Chiaroscurok

Chiaroscurok

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 05 July 2005 - 08:38 PM

Here is my Hijack This log. Those of you out there helping all of us out there with this problem are here by annointed saint!

Logfile of HijackThis v1.99.1
Scan saved at 8:48:50 PM, on 11/01/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\kara opheikens\Start Menu\Programs\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.creative.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: UB Class - {00000000-15D9-4736-AB29-131578A45F2B} - C:\WINDOWS\system32\wsrchc3.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TempLoader] C:\DOCUME~1\KARAOP~1\LOCALS~1\Temp\Loader.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitelsh32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://tank.wizards.com/chat/data/html/user/msie/msichat.ocx
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tri...uginstaller.cab?
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab

Thank you so very much,
Chiaroscurok

BC AdBot (Login to Remove)

 


#2 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:37 PM

Posted 07 July 2005 - 01:48 AM

Welcome Chiaroscurok to Bleeping Computer.

Download LQfiz by Miekemoes.
Unzip it to your desktop.
Don't use it yet.

***

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

***

Download CleanUp!.
If that doesn’t work, use this link.
Here is a tutorial which describes its usage:
http://www.bleepingcomputer.com/tutorials/how-to-use-cleanup/

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Scan local drives for temporary files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

Once it's done, press Close. Reboot the system to safe mode. This will remove files that were in use during the scan.

***

Reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml

***

Run LQfix.


***

Reboot the computer back to normal mode.

***

Open HijackThis
Go to ‘config’
Go to ‘misc tools’
Press the button ‘open uninstall manager’
In the list find:
Elite Toolbar
Weatherbug

Press ‘delete this entry’.
Press ‘back’
Than press ‘scan’

***

Place a check against each of the following, making sure you get them all and not any others by mistake:

R3 - URLSearchHook: UB Class - {00000000-15D9-4736-AB29-131578A45F2B} - C:\WINDOWS\system32\wsrchc3.dll (file missing)

O4 - HKLM\..\Run: [TempLoader] C:\DOCUME~1\KARAOP~1\LOCALS~1\Temp\Loader.EXE

O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitelsh32.exe
[i] this entries could be missing due to previously taken steps[/b]

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tri...uginstaller.cab?

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab

Close all programs leaving only HijackThis running.
Click on Fix Checked when finished and exit HijackThis.

***

Reboot back to safe mode.

***

Use Windows Explorer to remove:

C:\DOCUMENTS AND SETTINGS\KARAOP~1\LOCAL SETTINGS\Temp\Loader.EXE <= please correct the username as this is an abbreviation.

C:\PROGRAM FILES\AWS\ <= remove the whole folder.

***

Run a scan using Ewido, save the log.

***

Reboot back to normal mode.

Post back in this topic using the button 'add reply'. Post me a fresh log using HijackThis and the log made with Ewido.


Posted Image
Life is what happens while you're making other plans

#3 Chiaroscurok

Chiaroscurok
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 18 July 2005 - 07:54 PM

Thank you so much for your help! I followed your instructions and here are the new logs.

Logfile of HijackThis v1.99.1
Scan saved at 6:45:50 PM, on 07/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\kara opheikens\Start Menu\Programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.creative.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://tank.wizards.com/chat/data/html/user/msie/msichat.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:40:38 PM, 07/18/2005
+ Report-Checksum: 770AFDB9

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9} -> Spyware.eZula : Cleaned with backup
HKU\S-1-5-21-725345543-764733703-1343024091-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{BE8D0059-D24D-4919-B76F-99F4A2203647} -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP37\A0008206.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP37\A0008207.exe -> TrojanDropper.Small.sc : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP37\A0008210.exe -> Spyware.iSearch : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP37\A0008235.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP37\A0008247.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP37\A0008248.exe -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP37\A0008250.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP37\A0008251.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP37\A0008286.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP37\A0008287.exe -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP37\A0008289.DLL -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP37\A0008290.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP37\A0008294.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP37\A0008303.exe -> Spyware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP37\A0008336.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP37\A0008339.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP37\A0008340.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP37\A0008354.DLL -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP37\A0008376.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP37\A0008377.exe -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP37\A0008379.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP37\A0008380.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP37\A0008384.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP38\A0008392.EXE -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP38\A0008399.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP38\A0008400.exe -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP38\A0008402.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP38\A0008403.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP39\A0008415.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP42\A0009290.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP42\A0009291.exe -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP42\A0009293.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP42\A0009294.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP42\A0009298.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP42\A0009301.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP42\A0010290.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP42\A0010291.exe -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP42\A0010293.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP42\A0010294.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP42\A0010298.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP42\A0010301.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP42\A0011290.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP42\A0011291.exe -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP42\A0011293.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP42\A0011294.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP42\A0011298.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP42\A0011301.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP42\A0011309.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP42\A0011310.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP43\A0011324.EXE -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP43\A0011326.exe -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP43\A0011330.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP43\A0011331.exe -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP43\A0011333.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP43\A0011334.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP43\A0011338.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP43\A0011341.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP43\A0011342.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP43\A0011349.exe -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP43\A0011365.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP43\A0011366.exe -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP43\A0011368.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP43\A0011369.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP43\A0011374.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP43\A0011377.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP43\A0011382.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP43\A0011396.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP43\A0011397.exe -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP43\A0011399.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP43\A0011400.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP43\A0011404.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP43\A0011406.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP43\A0011408.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP44\A0011434.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP44\A0011435.exe -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP44\A0011437.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP44\A0011438.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP49\A0011504.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP49\A0011505.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP49\A0012145.exe -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP49\A0012147.dll -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP50\A0012176.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP50\A0012179.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP50\A0012186.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP50\A0012187.exe -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP50\A0012189.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP50\A0012190.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP50\A0012194.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP50\A0012197.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP50\A0012198.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP50\A0012209.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP50\A0012218.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP50\A0012219.exe -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP50\A0012221.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP50\A0012222.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP50\A0012226.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP50\A0012229.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP50\A0012230.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP52\A0015304.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP52\A0015305.exe -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP52\A0015307.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP52\A0015308.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP52\A0015312.DLL -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP52\A0015315.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP52\A0015350.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP52\A0015351.exe -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP52\A0015353.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP52\A0015354.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP52\A0015358.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP52\A0015378.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP52\A0015397.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP52\A0015406.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP52\A0015407.exe -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP52\A0015409.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP52\A0015410.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP52\A0015414.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP52\A0015426.exe -> Spyware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP52\A0016397.dll -> TrojanDownloader.Rameh.c : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP53\A0016526.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP53\A0016527.exe -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP53\A0016529.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP53\A0016530.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP53\A0016534.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP53\A0016537.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP54\A0016593.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP54\A0016614.exe -> Backdoor.Ruledor.g : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP54\A0016619.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP54\A0016624.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP54\A0016625.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP54\A0016626.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP54\A0016634.DLL -> Spyware.MyWay : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP54\A0016636.DLL -> Spyware.MyWay : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP57\A0016756.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP58\A0016772.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP58\A0016773.exe -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP58\A0016775.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP58\A0016776.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP58\A0016778.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP58\A0016779.exe -> TrojanDropper.Small.sc : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP58\A0016780.exe -> TrojanDropper.Small.sc : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP63\A0022056.exe -> Spyware.iSearch : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP63\A0022057.exe -> Spyware.iSearch : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP63\A0022058.dll -> Spyware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0023764.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024821.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024822.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024823.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024824.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024825.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024826.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024827.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024828.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024829.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024830.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024831.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024832.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024833.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024834.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024835.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024836.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024837.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024838.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024839.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024840.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024841.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024842.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024843.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024844.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024845.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024846.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024847.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024848.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024849.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024850.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024851.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024852.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024853.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024854.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024855.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024856.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024857.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024858.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024859.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024860.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024861.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024862.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024863.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024864.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024865.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024866.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024867.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024868.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024869.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024870.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024871.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024872.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024873.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024874.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024875.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024876.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024877.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024878.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024879.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024880.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024881.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024882.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024883.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024884.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024885.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024886.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024887.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024888.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024889.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024890.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024891.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024892.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024893.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024894.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024895.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024896.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024897.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024898.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024899.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024900.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024901.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024902.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024903.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024904.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024905.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024906.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024907.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024908.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024909.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024910.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024911.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024912.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024913.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024914.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024915.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024916.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP70\A0024942.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OJ8ZEBQL\protector_update[1].exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\34yf28fg.exe -> Spyware.F1Organizer : Cleaned with backup
C:\WINDOWS\SYSTEM32\shawn_1.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\PreInstaller_p1.exe -> TrojanDownloader.Keenval.o : Cleaned with backup
C:\WINDOWS\SYSTEM32\HyperLinker1.exe -> Spyware.iSearch : Cleaned with backup
C:\WINDOWS\protector.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\iGator\Trickler3103_PIC_fs_DMPT.exe -> Adware.Gator : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\HLInstaller1.exe -> Spyware.iSearch : Cleaned with backup
C:\Program Files\Yahoo!\Companion\ycomp5_0_2_7.dll -> Spyware.Yahoo : Cleaned with backup
C:\Program Files\support.com\backup\ne\newdotnet6_38.dll\229376_51a9f736b_/newdotnet6_38.dll -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\s-t-i-n-g-e-r.exe -> Worm.Hantaner.A : Cleaned with backup
C:\Documents and Settings\kara opheikens\Start Menu\Programs\backups\backup-20050718-180057-291.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\Documents and Settings\kara opheikens\Application Data\Yahoo!\Mail\attach\MSCDEX.EXE -> Worm.Hantaner.A : Cleaned with backup
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\G80OJ30P\EliteSideBar8[1].dll -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\0V3J8A84\EliteBar60[1].dll -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Brooklynn\Local Settings\Temporary Internet Files\Content.IE5\DBWI9XCT\EliteBar60[1].dll -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Brooklynn\Local Settings\Temporary Internet Files\Content.IE5\OGZISKU4\EliteSideBar8[1].dll -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Johnathan\Local Settings\Temporary Internet Files\Content.IE5\G80OJ30P\EliteSideBar8[1].dll -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Johnathan\Local Settings\Temporary Internet Files\Content.IE5\G80OJ30P\EliteBar60[1].dll -> Spyware.EliteBar : Cleaned with backup
C:\EliteSideBar version 8.dll -> Spyware.EliteBar : Cleaned with backup
C:\EliteToolBar version 60.dll -> Spyware.EliteBar : Cleaned with backup
D:\WINDOWS\SYSTEM\chktrust.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\WINDOWS\newdotnet3_36.dll -> Spyware.NewDotNet : Cleaned with backup
D:\WINDOWS\NDNuninstall4_50.exe -> Spyware.NewDotNet : Cleaned with backup
D:\WINDOWS\scrsvr.exe -> Worm.Opasoft.a : Cleaned with backup
D:\WINDOWS\Brasil.pif -> Worm.Opasoft.a : Cleaned with backup
D:\WINDOWS\alevir.exe -> Worm.Opasoft.a : Cleaned with backup
D:\WINDOWS\Brasil.exe -> Worm.Opasoft.a : Cleaned with backup
D:\WINDOWS\marco!.scr -> Worm.Opasoft.a : Cleaned with backup
D:\WINDOWS\MSVXD.EXE -> Worm.Datom : Cleaned with backup
D:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP58\A0016804.exe -> Worm.Hantaner.A : Cleaned with backup
D:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP64\A0022302.exe -> Worm.Hantaner.A : Cleaned with backup
D:\System Volume Information\_restore{89712904-03AB-4595-ABDC-8A0C41C871E7}\RP65\A0022527.EXE -> Worm.Hantaner.A : Cleaned with backup
D:\Documents and Settings\Johnathan\Local Settings\Temporary Internet Files\Content.IE5\49EN8XMF\protector[1].exe -> Spyware.Hijacker.Generic : Cleaned with backup
D:\Documents and Settings\Brooklynn\Cookies\brooklynn@ehg-dig.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
D:\Documents and Settings\Brooklynn\Local Settings\Temporary Internet Files\Content.IE5\DBWI9XCT\protector[1].exe -> Spyware.Hijacker.Generic : Cleaned with backup
D:\Documents and Settings\Brooklynn\Local Settings\Temp\Loader.EXE -> Backdoor.Ruledor.g : Cleaned with backup
D:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\49EN8XMF\protector[1].exe -> Spyware.Hijacker.Generic : Cleaned with backup


::Report End

[FONT=Geneva]Again, thank you so much. Sorry it took so long to get this done![/FONT]

#4 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:37 PM

Posted 19 July 2005 - 08:15 AM

It didn't take that long. You did just fine. The logs looks clean.

Is your computer running ok now?


Posted Image
Life is what happens while you're making other plans




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users