Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How Bad Is It?


  • Please log in to reply
2 replies to this topic

#1 princessdressup

princessdressup

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 10 July 2008 - 11:53 AM

Hi - Brand new to this but I am making a commitment to vigorously monitor and learn about my computer's health.

I have intermediate/novice skills in computers. Build my own desktop but by no means am I familiar as much as I would like to be with software and windows.

I would like to learn as much as possible - and thank you for reviewing my computer problems. I realized not to long ago that my computer was running extremely slow.

Computer Spec's:
dell laptop Inspiron 9300.
Intel Pentium M 1.6ghz CPU
2.0 GB of RAM
NVDIA GO 6800 Graphics Card
40 GB Hard Drive (8.0 GB free)

Ever since I was running low on Hard Drive (3 weeks ago) and my computer was sluggish at best, every day i would spend 1-2 hours of frustration having to fix it. Finally i deleted norton and zone alarm fully, downloaded Avira Premium and have been trying to learn as much as possible about making this right.

If I make any mistakes with this post please let me know I apologize.


Avira AntiVir Premium
Report file date: Thursday, July 10, 2008 11:40

Scanning for 1411247 virus strains and unwanted programs.

Licensed to: Daniel Setton
Serial number: 1102309546-PEPWE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DLSLAPTOP

Version information:
BUILD.DAT : 8.1.0.344 19214 Bytes 5/28/2008 17:00:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 15:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 14:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 14:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 14:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 16:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 14:54:23
ANTIVIR2.VDF : 7.0.5.86 547840 Bytes 7/9/2008 14:54:27
ANTIVIR3.VDF : 7.0.5.95 147968 Bytes 7/10/2008 14:54:29
Engineversion : 8.1.0.64
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 15:58:21
AESCRIPT.DLL : 8.1.0.46 283002 Bytes 7/10/2008 14:54:47
AESCN.DLL : 8.1.0.22 119157 Bytes 7/10/2008 14:54:46
AERDL.DLL : 8.1.0.20 418165 Bytes 7/10/2008 14:54:45
AEPACK.DLL : 8.1.1.6 364918 Bytes 7/10/2008 14:54:43
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 7/10/2008 14:54:41
AEHEUR.DLL : 8.1.0.35 1298806 Bytes 7/10/2008 14:54:39
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/10/2008 14:54:35
AEGEN.DLL : 8.1.0.29 307573 Bytes 7/10/2008 14:54:33
AEEMU.DLL : 8.1.0.6 430451 Bytes 7/10/2008 14:54:32
AECORE.DLL : 8.1.0.32 168311 Bytes 7/10/2008 14:54:30
AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/23/2008 23:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 16:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 19:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 1/23/2008 23:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 14:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/23/2008 23:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.31 2564353 Bytes 2/28/2008 15:19:50
RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 17:45:45

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition premium\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Thursday, July 10, 2008 11:40

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'TransferAgent.exe' - '1' Module(s) have been scanned
Scan process 'BrMfimon.exe' - '1' Module(s) have been scanned
Scan process 'hidfind.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'DSAgnt.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'quickset.exe' - '1' Module(s) have been scanned
Scan process 'BrMfcWnd.exe' - '1' Module(s) have been scanned
Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'avwebgrd.exe' - '1' Module(s) have been scanned
Scan process 'avmailc.exe' - '1' Module(s) have been scanned
Scan process '1XConfig.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'PD91Agent.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'NicConfigSvc.exe' - '1' Module(s) have been scanned
Scan process 'cisvc.exe' - '1' Module(s) have been scanned
Scan process 'avesvc.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WLKEEPER.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
49 processes with 49 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '39' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Daniel Setton\Desktop\New Folder\New Folder\Acc. picture\Shoe pic\desktop.ini
[DETECTION] Is the Trojan horse TR/Agent.BCF
[NOTE] The file was moved to '48e92f50.qua'!
C:\Documents and Settings\Daniel Setton\Desktop\New Folder\New Folder\Acc. picture\Tiara pic\desktop.ini
[DETECTION] Is the Trojan horse TR/Agent.BCF
[NOTE] The file was moved to '48e92f72.qua'!
C:\Documents and Settings\Daniel Setton\Desktop\New Folder\New Folder\Acc. picture\Tiara pic\Temp.Htt
[DETECTION] Is the Trojan horse TR/Jscript.Blackmal.F
[NOTE] The file was moved to '48e32f75.qua'!
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll
[DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/WBug.A
[NOTE] ADSPY/WBug.A:[HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\InprocServer32]:<@>=sz:MiniBugTransporter.dll
[NOTE] ADSPY/WBug.A:[HKEY_CLASSES_ROOT\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\0\win32]:<@>=sz:MiniBugTransporter.dll
[NOTE] The file was moved to '48e43271.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP815\A0215911.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48a8358c.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP815\A0215923.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48a8358d.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP816\A0216923.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48a8358f.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP816\A0217924.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '49294ee8.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP816\A0217929.EXE
[DETECTION] Contains detection pattern of the worm WORM/Winko.I.52
[NOTE] The file was moved to '48a83590.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP821\A0218193.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48a835b1.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP822\A0218242.EXE
[DETECTION] Contains detection pattern of the worm WORM/Winko.I.52
[NOTE] The file was moved to '48a835b9.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP822\A0218354.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48a835c3.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP822\A0219298.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48a835c9.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP822\A0219309.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48a835ca.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP825\A0219425.EXE
[DETECTION] Contains detection pattern of the worm WORM/Winko.I.52
[NOTE] The file was moved to '48a83607.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828\A0219654.EXE
[DETECTION] Contains detection pattern of the worm WORM/Winko.I.52
[NOTE] The file was moved to '48a8361e.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828\A0220310.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '49294d67.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828\A0220314.EXE
[DETECTION] Contains detection pattern of the worm WORM/Winko.I.52
[NOTE] The file was moved to '48a8361f.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828\A0223997.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48a836aa.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828\A0224001.EXE
[DETECTION] Contains detection pattern of the worm WORM/Winko.I.52
[NOTE] The file was moved to '48a836ab.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828\A0224461.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48a836b4.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828\A0224465.EXE
[DETECTION] Contains detection pattern of the worm WORM/Winko.I.52
[NOTE] The file was moved to '48a836b5.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP828\A0224494.EXE
[DETECTION] Contains detection pattern of the worm WORM/Winko.I.52
[NOTE] The file was moved to '48a836b8.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP830\A0225623.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48a836c1.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP830\A0225627.EXE
[DETECTION] Contains detection pattern of the worm WORM/Winko.I.52
[NOTE] The file was moved to '49294dba.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP831\A0225833.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48a836d2.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP832\A0225912.EXE
[DETECTION] Contains detection pattern of the worm WORM/Winko.I.52
[NOTE] The file was moved to '48a836d7.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP832\A0225938.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48a836d9.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP832\A0225949.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '49294da2.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP836\A0226949.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48a836e5.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP837\A0227949.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48a836ea.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP837\A0227959.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '49294d93.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP837\A0228022.EXE
[DETECTION] Contains detection pattern of the worm WORM/Winko.I.52
[NOTE] The file was moved to '48a836ed.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP838\A0228959.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48a836f2.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP840\A0229035.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48a836f8.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP841\A0229129.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48a836fe.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP841\A0229136.EXE
[DETECTION] Contains detection pattern of the worm WORM/Winko.I.52
[NOTE] The file was moved to '49294d87.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP842\A0229408.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48a8370e.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP843\A0229579.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48a83718.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP843\A0229584.exe
[DETECTION] Contains detection pattern of the worm WORM/Winko.I.52
[NOTE] The file was moved to '48a83719.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP843\A0229850.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48a83725.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP843\A0229855.ini
[DETECTION] Is the Trojan horse TR/Agent.BCF
[NOTE] The file was moved to '49294c5e.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP843\A0229856.ini
[DETECTION] Is the Trojan horse TR/Agent.BCF
[NOTE] The file was moved to '48a83727.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP843\A0230280.dll
[DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/WBug.A
[NOTE] The file was moved to '48a83734.qua'!
C:\WINDOWS\system32\CED92C42.EXE
[DETECTION] Contains detection pattern of the worm WORM/Winko.I.52
[NOTE] The file was moved to '48ba3a66.qua'!
C:\WINDOWS\system32\DD9E6ADA.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]


End of the scan: Thursday, July 10, 2008 12:38
Used time: 57:56 min

The scan has been done completely.

8111 Scanning directories
265606 Files were scanned
46 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
45 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
265560 Files not concerned
2436 Archives were scanned
3 Warnings
45 Notes

Should i post HIjackthis log as well?

Much Thanks,

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:06 AM

Posted 10 July 2008 - 05:06 PM

hello look in this post and use the malware tool "boopme" suggest it works great follow the instructions carefully.



http://www.bleepingcomputer.com/forums/t/156914/trojanwimad-infection/

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:06 AM

Posted 10 July 2008 - 06:22 PM

The majority of the files detected and removed were infected RP***\A00*****.exe file(s) in the System Volume Information Folder (SVI) which is a part of System Restore. This is the feature that allows you to set points in time to roll back your computer to a clean working state. The SVI folder is protected by permissions that only allow the system to have access and is hidden by default unless you have reconfigured Windows to show it.

System Restore will back up the good as well as the bad files so when malware is present on the system it gets included in any restore points as an A00***** file. When you scan your system with anti-virus or anti-malware tools, they may detect and place these files in quarantine. When a security program quarantines a file, that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat until you take action to delete it.

Download FileASSASSIN FA_Portable.zip and save to your desktop (this tool is compatible with Win 2000/NT/XP/Vista only).
  • Create a new folder on your C:\ drive called FileASSASSIN and extract (unzip) the file to that folder. (Click here for information on how to do this if not sure. Win 9x/2000 users click here.)
  • Open the folder and double-click on FileASSASSIN.exe.
    Note: If you downloaded the installable version instead, just double-click on fa-setup.exe to install and then launch FileASSASSIN from the program folder.
  • Select the following file(s) to delete by dragging it onto the text area or select it using the (...) browse button.
    • DD9E6ADA.DLL <-- C:\Windows\system32\ folder
  • Select a removal method. Start with "Attempt FileASSASSIN's method of file removal."
  • Click delete and the removal process will begin.
  • If that did not work, start the program again, select the file(s) the same way as before and this time check "Use delete on reboot function from windows."
Note: If you cannot find the file(s), you may have to Reconfigure Windows XP to show hidden files, folders. (We are doing this so we can look for and delete hidden files if necessary but don't delete anything other than what I ask you to delete. After your system is clean, follow the same procedure to hide these files and folders again to protect them from accidental deletion).

Rescan again with Avira AntiVir when done.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users