Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT log - tpl


  • This topic is locked This topic is locked
4 replies to this topic

#1 tpl

tpl

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 05 September 2005 - 05:15 AM

Hello there!

I seem to have a couple of problems that just won't go away. I've run Spybot and AdAware (I had to delete some registry key things manually from safe mode with Autoruns before I could get Adaware to run without the computer rebooting in the middle of running AdAware.. spybot's always run ok though).
Spybot continues to show "LSA" and sometimes "ABetterInternet" and ABetterInternet.Aurora" when it runs on startup, and I just can't find anything in Autoruns to turn off.
I keep getting popups where the bar says "Free Fast Food vouchers" or some such nonsense, where the content of the window bangs on about how someone's detected I'm infected with spyware. No kidding I'm infected with spyware!
I'm sory about my rant.. I feel like such a noob. Please help me! Below is my HJT log...

Logfile of HijackThis v1.99.1
Scan saved at 10:04:33 p.m., on 5/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\yupwztl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\etb\pokapoka65.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.971searchbox.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.971searchbox.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.971searchbox.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [lsass] C:\windows\system32\elitewgf32.exe
O4 - HKLM\..\Run: [dulurju] C:\WINDOWS\System32\yupwztl.exe r
O4 - HKLM\..\Run: [System service65] C:\WINDOWS\etb\pokapoka65.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoma Center] tellcoma.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37240.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA22D613-5D0C-4948-BFF3-EC4EFEDC31B5}: NameServer = 203.96.152.4,203.96.152.12
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Edited by tpl, 05 September 2005 - 05:16 AM.


BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:49 PM

Posted 05 September 2005 - 07:50 AM

Hello,

Please perform my next steps in exactly the same order as described below. Otherwise it will fail. It is also really important you don't miss any step!!

Download LQfix.exe and place it on your desktop.
Doubleclick LQfix.exe and click install.
This will create a new folder called LQfix on your desktop.
Open the folder and doubleclick ClickThis.bat
Follow the prompts on the screen.
Your system will reboot afterwards.
Please be patient after reboot, because there is a script running in the background.

After reboot..

Download Ewido Security Suite.

Next, download the new version of Lavasoft's Ad-Aware and the VX2 Cleaner Plug-in. Install Ad-Aware using the default options, then install vx2cleaner_inst.exe, taking all the defaults there as well.

Run Ad-Aware, update to the latest definitions, then click on Add-ons in the lefthand column.
Select VX2 Cleaner V2.0 and click Run Tool.
Click "OK", then, if something is found, click "Clean" as in the directions given.
Click "Close", and exit Ad-Aware.

Reboot your PC and run Ad-Aware again.
This time, click on the Start button in Ad-Aware, select "Perform smart system scan" and click Next.
Once the scan finishes, click "Next" again.
Select all objects found (right click anywhere in the list of found objects and click "Select All Objects").
Click "Next" one more time, then "OK" to confirm the removal.

You will be prompted to set Ad-Aware to run on reboot, click "OK". Exit Ad-Aware and restart your PC once again.

When Ad-Aware starts up, click on "Start", then "Next".
Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.

For a final cleanup, please install and run Ewido.
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful"
  • Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop.
  • Close Ewido.
Please finish up by rebooting your system once more, and posting a new HijackThis log and the log from the Ewido scan.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 tpl

tpl
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 06 September 2005 - 02:57 AM

Phew! Okay!
I have one small concern... AdAware didn't prompt me to run on restart. Everything else went as above. :thumbsup:

Here are my logs.. first the HTJ and then the Ewido one. I hope it's all good now :flowers:


Logfile of HijackThis v1.99.1
Scan saved at 7:52:55 p.m., on 6/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.971searchbox.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.971searchbox.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.971searchbox.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37240.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA22D613-5D0C-4948-BFF3-EC4EFEDC31B5}: NameServer = 203.96.152.4,203.96.152.12
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe









---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:47:41 p.m., 6/09/2005
+ Report-Checksum: 843C365E

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Cleaned with backup
C:\WINDOWS\system32\3.tmp -> TrojanProxy.Ranky.cb : Cleaned with backup
C:\WINDOWS\system32\4.tmp -> TrojanProxy.Ranky.cb : Cleaned with backup
C:\WINDOWS\system32\5.tmp -> TrojanProxy.Ranky.cb : Cleaned with backup
C:\WINDOWS\system32\8.tmp -> TrojanProxy.Ranky.cb : Cleaned with backup
C:\WINDOWS\system32\B.tmp -> TrojanProxy.Ranky.cb : Cleaned with backup
C:\WINDOWS\system32\D.tmp -> TrojanProxy.Ranky.cb : Cleaned with backup
C:\WINDOWS\system32\tellcoma.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\v3.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\876029.exe -> Adware.SaveNow : Cleaned with backup
C:\WINDOWS\iLookup -> Adware.eZula : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NewZealand.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NSJGX2T9\socks9[1].exe -> TrojanProxy.Ranky.cb : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NSJGX2T9\socks9[2].exe -> TrojanProxy.Ranky.cb : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NSJGX2T9\socks9[3].exe -> TrojanProxy.Ranky.cb : Cleaned with backup
C:\Documents and Settings\tpl\Local Settings\Temporary Internet Files\Content.IE5\K94H8P4F\protector[1].exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\tpl\Cookies\tpl@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\tpl\Cookies\tpl@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\tpl\Cookies\tpl@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\tpl\Cookies\tpl@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\tpl\Cookies\tpl@com[3].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP158\A0029692.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP158\A0030669.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP159\A0030676.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP159\A0031669.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP160\A0031676.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP160\A0031678.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP160\A0031681.exe -> Trojan.Stervis.d : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP160\A0031682.dll -> Trojan.Agent.db : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP160\A0031683.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP161\A0031694.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP161\A0031695.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP161\A0031699.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP161\A0031707.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP162\A0031714.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP162\A0031715.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP162\A0031717.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP162\A0031720.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP163\A0032710.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP163\A0032714.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP163\A0032716.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP163\A0032717.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP164\A0032730.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP164\A0032734.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP164\A0032736.exe -> Trojan.Stervis.d : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP164\A0032737.dll -> Trojan.Agent.db : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP164\A0032738.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP164\A0032739.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP164\A0033727.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP165\A0033734.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP165\A0033737.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP165\A0033738.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP165\A0033740.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP165\A0033747.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP166\A0033754.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP166\A0033756.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP166\A0033757.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP166\A0033759.exe -> Trojan.Stervis.d : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP166\A0033760.dll -> Trojan.Agent.db : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP166\A0033761.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP166\A0033762.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP167\A0034750.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP167\A0034754.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP167\A0034756.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP167\A0034758.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP167\A0035747.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP168\A0035754.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP169\A0036750.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP169\A0036754.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP169\A0036756.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP169\A0036758.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0036768.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0036772.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0036774.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0036775.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0036777.exe -> Trojan.Stervis.d : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0036778.dll -> Trojan.Agent.db : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0036779.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0036785.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0037785.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0037789.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0037792.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0037793.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0037800.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0037804.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0037806.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0037808.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0037809.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0038799.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0038800.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0038806.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0038807.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0039800.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0039804.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0039806.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0039808.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0039816.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0039817.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0039823.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0039824.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0040816.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0040817.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0040822.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0040823.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0040825.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0041816.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0041820.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0041821.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0041823.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0041830.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0041832.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0041837.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP170\A0041839.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP171\A0042831.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP171\A0042832.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP171\A0042837.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP171\A0042838.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP171\A0042840.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP171\A0042847.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP171\A0042848.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP171\A0042854.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP171\A0042855.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0042857.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0042863.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0042864.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0042871.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0042872.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0042874.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0042880.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0043879.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0043884.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0043885.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0043886.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0043894.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0043895.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0043901.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0043902.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0044893.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0044894.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0044901.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0044902.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0044910.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0044911.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0044916.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0044918.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0045910.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0045914.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0045916.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0045917.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0045924.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0045925.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0045930.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP172\A0045932.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0046924.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0046928.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0046931.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0046932.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0046934.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0046941.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0046942.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0046947.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0046948.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0047941.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0047945.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0047948.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0047949.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0048941.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0048942.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0048947.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0048949.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0049941.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0049945.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0049946.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0049948.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0049950.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0050941.EXE -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0050942.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0050948.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0050949.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0051941.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0051945.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0051947.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0051948.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0051953.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0051956.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0051957.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0051962.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0051963.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0052952.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0052956.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0052957.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0052961.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0052964.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0052969.SYS -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0052973.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0052974.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0052979.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0053967.exe -> Adware.Saha : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0053970.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0053974.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0053978.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0053981.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0053982.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0053986.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0054969.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0054973.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0054977.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0054980.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0054981.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0055970.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0055973.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0055977.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0055980.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0055981.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP173\A0055986.exe -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP174\A0055989.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP174\A0055990.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP174\A0056969.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP174\A0056973.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0056980.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0056983.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0056985.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0056992.SYS -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0057991.SYS -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0057995.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0057997.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0058001.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0058004.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0058011.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0058014.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0058015.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0058017.SYS -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0058020.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0058026.exe -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0059009.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0059013.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0059017.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0059020.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0059021.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0059023.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0059026.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0059029.EXE -> TrojanDownloader.PurityScan.ah : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0059030.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0059031.exe -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0060011.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0060012.SYS -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0060014.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0060019.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0060022.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0060025.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0060027.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0060029.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0060030.exe -> Trojan.Stervis.d : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0060031.dll -> Trojan.Agent.db : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0060032.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0061010.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0061013.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0061017.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0061020.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0061021.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0061022.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0061026.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0061029.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0062009.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0062013.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0062017.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0062020.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0062021.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0062024.exe -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0062026.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0062029.SYS -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0062033.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0062035.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0062038.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0062044.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0062045.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0062047.EXE -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0062050.EXE -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0062054.dll -> Spyware.Quick : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP175\A0062060.exe -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP176\A0063029.exe -> Spyware.Quick : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP176\A0063030.dll -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP176\A0063033.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP177\A0063040.EXE -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP177\A0063044.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP177\A0063046.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP177\A0063048.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP177\A0063049.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP177\A0063051.exe -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP177\A0063052.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP177\A0063057.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP177\A0063061.SYS -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP178\A0063065.EXE -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP178\A0063079.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP178\A0063080.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP178\A0063084.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP178\A0063086.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP178\A0063092.SYS -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP181\A0063099.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP181\A0063100.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP181\A0063104.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP181\A0063106.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP181\A0063112.SYS -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP182\A0063118.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP182\A0063119.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP182\A0063121.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP182\A0063125.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP182\A0063183.SYS -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP183\A0063189.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP183\A0063191.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP183\A0063192.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP183\A0063196.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP183\A0063199.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP183\A0063201.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP183\A0063202.exe -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP183\A0063204.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP183\A0063205.exe -> Trojan.Stervis.f : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP183\A0063207.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP183\A0064182.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP183\A0064188.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP184\A0064196.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP184\A0064198.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP184\A0064199.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP186\A0064206.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP186\A0064211.SYS -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP187\A0064219.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP187\A0064223.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP187\A0064226.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP187\A0064228.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP187\A0064230.exe -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP187\A0064233.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP187\A0064239.SYS -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP187\A0064245.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP188\A0064252.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP188\A0064255.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP188\A0064256.DLL -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP188\A0064257.exe -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP188\A0064259.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_rest

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:49 PM

Posted 06 September 2005 - 06:32 AM

Let's deal with the leftovers now..

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.971searchbox.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.971searchbox.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.971searchbox.com/sp2.php
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)


* Click on Fix Checked when finished and exit HijackThis.

Reboot and post a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:49 PM

Posted 27 September 2005 - 11:36 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users