Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log..help Please!


  • This topic is locked This topic is locked
17 replies to this topic

#1 mjr11

mjr11

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 13 March 2006 - 10:21 PM

i really need help!!!..nothing seems to work i think i've tried everything...xoftspy,spyware doctor, Spybot SD,noAdware, registry mechanic,fixware out...everything!!! :thumbsup: okay i ran safe mode and heres my log...and i was also wondering...if i would have to run hijackthis on all of the users for this computer?or is just on my account going to work for everything? theres my moms account,sister,guest,and mine...in safe mode there is also an administor.please helpp!!!!


Logfile of HijackThis v1.99.1
Scan saved at 9:11:54 PM, on 3/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\MIKE\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [qvzyrhfA] C:\WINDOWS\qvzyrhfA.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\nwinkrag.exe CORN001
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [{AD-D4-48-85-ZN}] C:\windows\system32\qjdsregr.exe CORN001
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\nwinkrag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: SnapDetect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\gpr0l39m1.dll
O21 - SSODL: rdrVR2 - {50D4BF8E-D6E9-4B3C-985F-2AC50E518974} - C:\WINDOWS\system32\rdrVR2.dll
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\qvzyrhf.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:55 AM

Posted 14 March 2006 - 01:43 AM

Hello,

I really need a log made in Normal mode.
Also, you don't have an antivirus present, This is somewhat suicidal in today's digital world.
So as long as there is NO protection present on your system, we are waisting our time.


But first perform next.. in normal mode otherwise this won't work:

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

Install an antivirus and firewall:

AVG, Avira OR Avast are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Zonealarm, Agnitum Outpost Free OR Kerio are FREE firewalls.

Understanding and using firewalls

Let your antivirus perform a full scan and let it delete everything it is finding.

REBOOT!

Please post the contents of Look2Me-Destroyer.txt present on your desktop and a new HiJackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 mjr11

mjr11
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 14 March 2006 - 03:52 AM

{{{{{{{{{{{{{HIJACKTHIS IN NORMAL MODE!!!!}}}}}}}}}}}}}}}}}}}


Logfile of HijackThis v1.99.1
Scan saved at 2:49:38 AM, on 3/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\qvzyrhfA.exe
C:\windows\system32\qjdsregr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\qvzyrhf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\MIKE\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [qvzyrhfA] C:\WINDOWS\qvzyrhfA.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [{AD-D4-48-85-ZN}] C:\windows\system32\qjdsregr.exe CORN001
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\nwinkrag.exe CORN001
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\nwinkrag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: SnapDetect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: rdrVR2 - {50D4BF8E-D6E9-4B3C-985F-2AC50E518974} - C:\WINDOWS\system32\rdrVR2.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\qvzyrhf.exe



{{{{{{{{{{{{{{{{{Look2Me-Destroyer}}}}}}}}}}}}}}}}}}}}}



Look2Me-Destroyer V1.0.10

Scanning for infected files.....
Scan started at 3/14/2006 2:03:20 AM

Infected! C:\WINDOWS\system32\k6440ghqe64e0.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001004.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001013.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001017.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001064.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001068.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001082.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001086.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001092.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP10\A0014668.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP10\A0014672.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP10\A0014677.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP10\A0014691.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP10\A0014694.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP10\A0014698.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0015697.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0016696.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0016700.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0017699.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0017704.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0017707.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0018710.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0019710.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0020734.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0020738.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0021737.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0022737.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0023738.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001273.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001289.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0002864.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP5\A0002871.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP5\A0002872.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP5\A0002878.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP5\A0002879.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP5\A0003358.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP5\A0003361.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP5\A0003425.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP5\A0003452.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP6\A0004448.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP6\A0004449.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP6\A0004453.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0005480.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0005533.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006533.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006547.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006551.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006563.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006567.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006575.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006582.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006586.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0007585.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0007601.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0007605.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0009621.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0009625.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0009631.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0009635.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0009640.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0010638.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0010647.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0012668.dll
Infected! C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0012675.dll
Infected! C:\WINDOWS\system32\dnl0013me.dll
Infected! C:\WINDOWS\system32\dnp8017ue.dll
Infected! C:\WINDOWS\system32\DsvX.dll
Infected! C:\WINDOWS\system32\fp4s03h7e.dll
Infected! C:\WINDOWS\system32\g040lahm1d4a.dll
Infected! C:\WINDOWS\system32\g6lm0g31e6.dll
Infected! C:\WINDOWS\system32\h22olcf31f2.dll
Infected! C:\WINDOWS\system32\hr0o05d3e.dll
Infected! C:\WINDOWS\system32\hrpq0575e.dll
Infected! C:\WINDOWS\system32\i2lolc331f.dll
Infected! C:\WINDOWS\system32\i4420ehoeh4c0.dll
Infected! C:\WINDOWS\system32\i8nmli5118.dll
Infected! C:\WINDOWS\system32\ir4sl5h71.dll
Infected! C:\WINDOWS\system32\irjml5111.dll
Infected! C:\WINDOWS\system32\irpml5711.dll
Infected! C:\WINDOWS\system32\iv41_qcx.dll
Infected! C:\WINDOWS\system32\jt2s07f7e.dll
Infected! C:\WINDOWS\system32\k6440ghqe64e0.dll
Infected! C:\WINDOWS\system32\ktjul7191.dll
Infected! C:\WINDOWS\system32\l6n40g5qe6.dll
Infected! C:\WINDOWS\system32\lv2s09f7e.dll
Infected! C:\WINDOWS\system32\m8820iloe8qc0.dll
Infected! C:\WINDOWS\system32\mgdadiag.dll
Infected! C:\WINDOWS\system32\mgvidc32.dll
Infected! C:\WINDOWS\system32\mvjml9111.dll
Infected! C:\WINDOWS\system32\n02ulaf91d2.dll
Infected! C:\WINDOWS\system32\p2n80c5uef.dll
Infected! C:\WINDOWS\system32\p66slgj716o.dll
Infected! C:\WINDOWS\system32\pYpsvc.dll
Infected! C:\WINDOWS\system32\q8ps0i77e8.dll
Infected! C:\WINDOWS\system32\umicows.dll
Infected! C:\WINDOWS\system32\we2_32.dll
Infected! C:\WINDOWS\system32\wnhnetbs.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\k6440ghqe64e0.dll
C:\WINDOWS\system32\k6440ghqe64e0.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001004.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001004.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001013.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001013.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001017.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001017.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001064.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001064.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001068.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001068.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001082.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001082.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001086.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001086.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001092.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001092.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP10\A0014668.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP10\A0014668.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP10\A0014672.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP10\A0014672.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP10\A0014677.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP10\A0014677.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP10\A0014691.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP10\A0014691.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP10\A0014694.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP10\A0014694.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP10\A0014698.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP10\A0014698.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0015697.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0015697.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0016696.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0016696.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0016700.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0016700.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0017699.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0017699.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0017704.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0017704.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0017707.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0017707.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0018710.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0018710.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0019710.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0019710.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0020734.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0020734.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0020738.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0020738.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0021737.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0021737.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0022737.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0022737.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0023738.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP11\A0023738.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001273.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001273.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001289.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001289.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0002864.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0002864.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP5\A0002871.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP5\A0002871.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP5\A0002872.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP5\A0002872.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP5\A0002878.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP5\A0002878.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP5\A0002879.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP5\A0002879.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP5\A0003358.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP5\A0003358.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP5\A0003361.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP5\A0003361.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP5\A0003425.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP5\A0003425.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP5\A0003452.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP5\A0003452.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP6\A0004448.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP6\A0004448.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP6\A0004449.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP6\A0004449.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP6\A0004453.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP6\A0004453.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0005480.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0005480.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0005533.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0005533.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006533.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006533.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006547.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006547.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006551.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006551.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006563.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006563.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006567.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006567.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006575.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006575.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006582.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006582.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006586.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006586.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0007585.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0007585.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0007601.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0007601.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0007605.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0007605.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0009621.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0009621.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0009625.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0009625.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0009631.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0009631.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0009635.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0009635.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0009640.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0009640.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0010638.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0010638.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0010647.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0010647.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0012668.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0012668.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0012675.dll
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0012675.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dnl0013me.dll
C:\WINDOWS\system32\dnl0013me.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dnp8017ue.dll
C:\WINDOWS\system32\dnp8017ue.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\DsvX.dll
C:\WINDOWS\system32\DsvX.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\fp4s03h7e.dll
C:\WINDOWS\system32\fp4s03h7e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\g040lahm1d4a.dll
C:\WINDOWS\system32\g040lahm1d4a.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\g6lm0g31e6.dll
C:\WINDOWS\system32\g6lm0g31e6.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\h22olcf31f2.dll
C:\WINDOWS\system32\h22olcf31f2.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\hr0o05d3e.dll
C:\WINDOWS\system32\hr0o05d3e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\hrpq0575e.dll
C:\WINDOWS\system32\hrpq0575e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\i2lolc331f.dll
C:\WINDOWS\system32\i2lolc331f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\i4420ehoeh4c0.dll
C:\WINDOWS\system32\i4420ehoeh4c0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\i8nmli5118.dll
C:\WINDOWS\system32\i8nmli5118.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ir4sl5h71.dll
C:\WINDOWS\system32\ir4sl5h71.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\irjml5111.dll
C:\WINDOWS\system32\irjml5111.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\irpml5711.dll
C:\WINDOWS\system32\irpml5711.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\iv41_qcx.dll
C:\WINDOWS\system32\iv41_qcx.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\jt2s07f7e.dll
C:\WINDOWS\system32\jt2s07f7e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\k6440ghqe64e0.dll
C:\WINDOWS\system32\k6440ghqe64e0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ktjul7191.dll
C:\WINDOWS\system32\ktjul7191.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\l6n40g5qe6.dll
C:\WINDOWS\system32\l6n40g5qe6.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\lv2s09f7e.dll
C:\WINDOWS\system32\lv2s09f7e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\m8820iloe8qc0.dll
C:\WINDOWS\system32\m8820iloe8qc0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mgdadiag.dll
C:\WINDOWS\system32\mgdadiag.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mgvidc32.dll
C:\WINDOWS\system32\mgvidc32.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mvjml9111.dll
C:\WINDOWS\system32\mvjml9111.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\n02ulaf91d2.dll
C:\WINDOWS\system32\n02ulaf91d2.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\p2n80c5uef.dll
C:\WINDOWS\system32\p2n80c5uef.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\p66slgj716o.dll
C:\WINDOWS\system32\p66slgj716o.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\pYpsvc.dll
C:\WINDOWS\system32\pYpsvc.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\q8ps0i77e8.dll
C:\WINDOWS\system32\q8ps0i77e8.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\umicows.dll
C:\WINDOWS\system32\umicows.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\we2_32.dll
C:\WINDOWS\system32\we2_32.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\wnhnetbs.dll
C:\WINDOWS\system32\wnhnetbs.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Setup

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{499CB86F-026F-4FDB-90ED-32494C7E79DC}"
HKCR\Clsid\{499CB86F-026F-4FDB-90ED-32494C7E79DC}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{AD9985CB-1E54-42BB-B9C8-20EBD3735B4D}"
HKCR\Clsid\{AD9985CB-1E54-42BB-B9C8-20EBD3735B4D}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{22A9A2E1-9BE7-4B82-8A88-8E9CF77EAA99}"
HKCR\Clsid\{22A9A2E1-9BE7-4B82-8A88-8E9CF77EAA99}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{011200E3-0B22-45E8-AD15-0B81F81A955E}"
HKCR\Clsid\{011200E3-0B22-45E8-AD15-0B81F81A955E}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1F900B71-D8BC-47EA-A629-CAE8ACE7FDE1}"
HKCR\Clsid\{1F900B71-D8BC-47EA-A629-CAE8ACE7FDE1}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7F12A0E8-37FC-4A8D-B32A-7FB1FAEC803C}"
HKCR\Clsid\{7F12A0E8-37FC-4A8D-B32A-7FB1FAEC803C}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

#4 mjr11

mjr11
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 14 March 2006 - 03:56 AM

oh yea and i got Zone Alarm and Spy Sweeper. is that okay?..i deleted the others that i had downloaded before because you said never have two anti-virus programs...or 2 firewalls right? okay thx..oh what about the firewall that i think comes with windows..Windows Firewall..when i try to open it a message says "Due to an unidentified problem, Windows cannot display Windows Firewall settings." though it worked fine before. okay thanks for your time and help so far!!!

-mike

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:55 AM

Posted 14 March 2006 - 07:38 AM

Hello,

We'll deal with your Windows Firewall afterwards, because most probably there are policies set.
First we have to deal with the rest of the malware present now.

Also, Spysweeper is an antispywarescanner and no Antivirus. So you still don't have an antivirus installed.
Next are antivirus:

AVG, Avira OR Avast

So install one of the three.

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

Please disable SpySweeper's real-time protection, so it will not interfere with the fix:

Open SpySweeper and click Options | Program Options.
Uncheck Load at windows startup.
Over to the left click Shields.
Uncheck Home page shield and Automatically restore default without notification.

Then go to start > controlpanel > software > add/remove Programs and uninstall next Programs if present:

Windows Overlay Components
ZenoSearch
Spybrowser or Spyware Browser
<== this is most probably a so called Spyware Remover with a bad reputation... Since it is unknown

* Please set your system to show all files; please see here if you're unsure how to do this.

* Please download ATF Cleaner by Atribune to your desktop.
Do not use it yet.

Please download Ewido anti-malware ; it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido by double-clicking on the icon on your desktop.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Don't run it yet.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKLM\..\Run: [qvzyrhfA] C:\WINDOWS\qvzyrhfA.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [{AD-D4-48-85-ZN}] C:\windows\system32\qjdsregr.exe CORN001
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\nwinkrag.exe CORN001
O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\nwinkrag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O21 - SSODL: rdrVR2 - {50D4BF8E-D6E9-4B3C-985F-2AC50E518974} - C:\WINDOWS\system32\rdrVR2.dll
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\qvzyrhf.exe


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\WINDOWS\qvzyrhfA.exe
C:\windows\system32\qjdsregr.exe
C:\WINDOWS\qvzyrhf.exe
C:\Program Files\SpyBro <== folder
C:\WINDOWS\system32\nwinkrag.exe
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\rdrVR2.dll
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll <== also look in this folder if there are any other files present in there starting with ibm0000... and delete them. Don't delete anything else from that folder!!

* Still in safe mode Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

* Open Ewido anti-malware
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

Close Ewido

* Reboot your system back to normal mode.

* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report in your next reply
together a fresh HijackThis log and the ewido-log so I can take another look.

Please remind me in your next post as well about the windows Firewall disabled in case I forget it. :thumbsup:

Extra addition,

Also perform next:

Download and Save blacklight to your desktop.
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
Double-click blbeta.exe then accept the agreement.
click > scan then > next,
You'll see a list of all items found.
Don't choose for rename yet! I want to see the log first, because legit items can also be present there...
There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
Post the contents of the log also in your next reply.

So I need 4 logs in your next reply/replies (use more posts if you can't fit them all in once):
  • Ewido Log
  • Panda Log
  • New Hijackthis Log
  • Blacklight Log

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 mjr11

mjr11
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 14 March 2006 - 07:21 PM

okay i've done everything you said except the panda online...which i sent you a message about...

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:55 AM

Posted 14 March 2006 - 07:25 PM

Hi, no need to send me a PM for that. You can just post it in this thread:

when i click "scan your PC" ..a msg says "We're sorry. ActiveScan requires the browser Microsoft Internet Explorer 5.0 or later version." what should i do?


Most probably you tried this with Firefox. You need to do this with Internet Explorer, because Panda online won't work in firefox. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 mjr11

mjr11
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 14 March 2006 - 08:40 PM

ughhhh okay now it says \

"An error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try againPossible causes of this error are:

Not allowing the application's ActiveX control to be downloaded.

Problems with the Internet connection.

The error could be due to a download error or an installation error due to lack of hard disk space, privileges etc.,... "

i tried turning off the firewall but that didnt work only allowed the green bar to go farther...but right after it says it has 1% left that msg pops up.

oh yeah i saw your site with the dogs on it.they are beautiful...my fav dogs are pitbulls. i couldnt understand the words on your site though :S. okay thanks...again!!!

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:55 AM

Posted 15 March 2006 - 02:17 AM

Looks like there are more problems lately with the Panda Online scan.
So let's find out if this is only Panda related or not.

So try this online scanner instead:

Please perform this online scan: Kaspersky Webscan
1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
3. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. When the download is complete it will say ready, click "Next"
6. Click "Scan Settings" and check the option to use the EXTENDED DATABASE, then click "OK"
7. Select a target to scan: Click on "My Computer"
8. When the scan is complete choose to save the results as "Save as Text"
9. Post the Kaspersky scan results in your next reply.

If this online scan doesn't work as well, just post the other logs as I asked you.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 mjr11

mjr11
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 15 March 2006 - 02:23 AM

alright

#11 mjr11

mjr11
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 15 March 2006 - 04:32 AM

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, March 15, 2006 03:31:01
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 14/03/2006
Kaspersky Anti-Virus database records: 182422
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 102501
Number of viruses found: 39
Number of infected objects: 132
Number of suspicious objects: 2
Duration of the scan process: 7303 sec

Infected Object Name - Virus Name
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/MTE3NDI6ODoxNg.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\85IBKHMZ\BSINSTALL[1].exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo
C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\85IBKHMZ\BSINSTALL[1].exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo
C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\G94DEBSP\adp8036f[1].exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\G94DEBSP\adp8036f[1].exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\G94DEBSP\adp8036f[1].exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\G94DEBSP\adp8036f[1].exe/stream/data0005/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\G94DEBSP\adp8036f[1].exe/stream/data0005/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\G94DEBSP\adp8036f[1].exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\G94DEBSP\adp8036f[1].exe/stream/data0006/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y
C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\G94DEBSP\adp8036f[1].exe/stream/data0006/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\G94DEBSP\adp8036f[1].exe/stream/data0006/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\G94DEBSP\adp8036f[1].exe/stream/data0006/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\G94DEBSP\adp8036f[1].exe/stream/data0006/stream/data0008 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\G94DEBSP\adp8036f[1].exe/stream/data0006/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\G94DEBSP\adp8036f[1].exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\G94DEBSP\adp8036f[1].exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\G94DEBSP\adp8036f[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\MIKE\Desktop\misc\Ares\My Shared Folder\norton antivirus 2005 professional full(2).exe/Norton AntiVirus 2003 Professional.exe/mail.exe Infected: Trojan.Win32.VB.sr
C:\Documents and Settings\MIKE\Desktop\misc\Ares\My Shared Folder\norton antivirus 2005 professional full(2).exe/Norton AntiVirus 2003 Professional.exe Infected: Trojan.Win32.VB.sr
C:\Documents and Settings\MIKE\Desktop\misc\Ares\My Shared Folder\norton antivirus 2005 professional full(2).exe Infected: Trojan.Win32.VB.sr
C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for setup_ares.zip\setup_ares.exe/data0037/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d
C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for setup_ares.zip\setup_ares.exe/data0037/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g
C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for setup_ares.zip\setup_ares.exe/data0037/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel
C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for setup_ares.zip\setup_ares.exe/data0037/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b
C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for setup_ares.zip\setup_ares.exe/data0037/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b
C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for setup_ares.zip\setup_ares.exe/data0037 Infected: not-a-virus:AdWare.Win32.NavExcel.b
C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for setup_ares.zip\setup_ares.exe/data0038 Infected: not-a-virus:AdWare.Win32.NavExcel.i
C:\Documents and Settings\MIKE\Local Settings\Temp\Temporary Directory 1 for setup_ares.zip\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.i
C:\Documents and Settings\MIKE\My Documents\My Received Files\Stinger247setup.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.Webdir.a
C:\Documents and Settings\MIKE\My Documents\My Received Files\Stinger247setup.exe/stream Infected: not-a-virus:AdWare.Win32.Webdir.a
C:\Documents and Settings\MIKE\My Documents\My Received Files\Stinger247setup.exe Infected: not-a-virus:AdWare.Win32.Webdir.a
C:\Program Files\Shareaza\Downloads\++++ propellerhead recycle 2.1 full .zip/YSB_toolBar.exe/stream Infected: Trojan-Downloader.Win32.IstBar.no
C:\Program Files\Shareaza\Downloads\++++ propellerhead recycle 2.1 full .zip/YSB_toolBar.exe Infected: Trojan-Downloader.Win32.IstBar.no
C:\Program Files\Shareaza\Downloads\++++ propellerhead recycle 2.1 full .zip Infected: Trojan-Downloader.Win32.IstBar.no
C:\RECYCLER\S-1-5-21-220523388-1220945662-725345543-1006\Dc16.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\RECYCLER\S-1-5-21-220523388-1220945662-725345543-500\Dc1.exe/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e
C:\RECYCLER\S-1-5-21-220523388-1220945662-725345543-500\Dc1.exe Infected: not-a-virus:AdWare.Win32.Ucmore.e
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001027.exe Infected: Trojan-Downloader.Win32.VB.nw
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001040.exe Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001041.exe Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001042.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001050.exe Infected: not-virus:Hoax.Win32.Renos.bw
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001052.exe Infected: not-virus:Hoax.Win32.Renos.bw
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001053.exe Infected: Trojan-Downloader.Win32.VB.ya
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001055.exe Infected: Trojan-Downloader.Win32.Tiny.al
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001056.exe Infected: Trojan-Spy.Win32.Small.dg
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001057.exe/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001057.exe Infected: not-a-virus:AdWare.Win32.Ucmore.e
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001059.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001062.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001072.exe Infected: not-a-virus:AdWare.Win32.AdURL.c
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP1\A0001073.exe Infected: Trojan-Downloader.Win32.Adload.w
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0024831.exe Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0024864.exe/run.exe Infected: Trojan-Downloader.Win32.Small.ckj
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0024864.exe Infected: Trojan-Downloader.Win32.Small.ckj
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0024866.exe/run.exe Infected: Trojan-Downloader.Win32.Small.ckj
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0024866.exe Infected: Trojan-Downloader.Win32.Small.ckj
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0024892.dll/{02391F80-CCEF-4DE8-B7FB-D758ED344547}.dll Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0024892.dll Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0024895.exe/{0585D126-F368-4EFE-90CA-959F506ADF63}.exe Infected: not-a-virus:AdWare.Win32.Altnet.b
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0024895.exe Infected: not-a-virus:AdWare.Win32.Altnet.b
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0024899.dll/{336D610D-EB90-401F-9E0E-EECEF75D0621}.dll Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0024899.dll Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0024901.exe/{3FBF1489-53F2-450B-9534-03B6F7654DE4}.exe Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0024901.exe Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0024908.dll/{89188CFD-FED7-45F0-9BC9-E4C7344CC282}.dll Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0024908.dll Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0024910.dll/{9A62CEDB-5C6D-4312-9C76-4023D6971042}.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0024910.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0024913.dll/{A95DAA4E-9CBE-4D0A-8C9F-2F4C22B795EB}.dll Infected: not-a-virus:AdWare.Win32.Altnet.j
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0024913.dll Infected: not-a-virus:AdWare.Win32.Altnet.j
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0027548.dll Infected: Trojan-Downloader.Win32.Agent.aav
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0027549.dll Infected: Trojan-Proxy.Win32.Agent.hs
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0027550.dll Infected: Trojan-Downloader.Win32.Agent.aav
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0027551.dll Infected: Trojan-Proxy.Win32.Agent.hs
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0027552.exe Infected: Trojan-Spy.Win32.Small.dg
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0027553.dll Infected: Trojan-Spy.Win32.Small.dg
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0027555.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0027556.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0027558.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0027562.exe Infected: Trojan-Downloader.Win32.Small.ckj
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0027563.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0027565.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ao
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0027566.exe Infected: Trojan-Spy.Win32.Small.dg
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0027567.exe Infected: Trojan-Downloader.Win32.Tiny.al
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0027568.exe Infected: Trojan.Win32.Runner.h
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0027569.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ao
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP12\A0027570.exe Infected: not-virus:Hoax.Win32.Renos.bw
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001224.exe/data0010 Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001224.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001232.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001233.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001234.exe Infected: Trojan.Win32.VB.tg
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001235.exe Infected: Trojan.Win32.VB.tg
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001236.exe Infected: Trojan.Win32.VB.tg
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001240.exe Infected: not-a-virus:Monitor.Win32.NetMon.a
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001272.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.i
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001281.exe Infected: not-a-virus:AdWare.Win32.NavExcel.i
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001282.dll Infected: not-a-virus:AdWare.Win32.NavExcel.i
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001302.exe/run.exe Infected: Trojan-Downloader.Win32.Small.ckj
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001302.exe Infected: Trojan-Downloader.Win32.Small.ckj
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001314.dll/{02391F80-CCEF-4DE8-B7FB-D758ED344547}.dll Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001314.dll Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001317.exe/{0585D126-F368-4EFE-90CA-959F506ADF63}.exe Infected: not-a-virus:AdWare.Win32.Altnet.b
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001317.exe Infected: not-a-virus:AdWare.Win32.Altnet.b
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001321.dll/{336D610D-EB90-401F-9E0E-EECEF75D0621}.dll Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001321.dll Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001323.exe/{3FBF1489-53F2-450B-9534-03B6F7654DE4}.exe Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001323.exe Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001330.dll/{89188CFD-FED7-45F0-9BC9-E4C7344CC282}.dll Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001330.dll Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001332.dll/{9A62CEDB-5C6D-4312-9C76-4023D6971042}.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001332.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001335.dll/{A95DAA4E-9CBE-4D0A-8C9F-2F4C22B795EB}.dll Infected: not-a-virus:AdWare.Win32.Altnet.j
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP4\A0001335.dll Infected: not-a-virus:AdWare.Win32.Altnet.j
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP6\A0004433.exe Infected: not-virus:Hoax.Win32.Renos.bw
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP6\A0004434.exe Infected: Trojan-Downloader.Win32.Adload.w
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0005495.exe/data0010 Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0005495.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0005502.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0005503.exe Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0005504.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0005505.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0005507.exe Infected: Trojan.Win32.VB.tg
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0005508.exe Infected: Trojan.Win32.VB.tg
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0005511.exe Infected: Trojan-Downloader.Win32.VB.nw
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0005522.exe Infected: Trojan.Win32.VB.tg
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0005525.exe Infected: not-a-virus:AdWare.Win32.NavExcel.i
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0005526.dll Infected: not-a-virus:AdWare.Win32.NavExcel.i
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006544.exe Infected: not-a-virus:Monitor.Win32.NetMon.a
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP8\A0006545.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.i
C:\System Volume Information\_restore{61A969F3-777E-46CD-A499-3A444DECFE8C}\RP9\A0012653.exe Infected: Trojan-Downloader.Win32.VB.ya

Scan process completed.

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:55 AM

Posted 15 March 2006 - 04:39 AM

Ok, most are present in your Temp folder, quarantaine folder from Spybot S&D and System Restore Points.
So, open Spybot S&D, choose the Recovery/quarantaine option and choose to delete everything in there.

Also delete next file you downloaded, because it's infected:

C:\Program Files\Shareaza\Downloads\++++ propellerhead recycle 2.1 full .zip

Then Run ATF Cleaner again and reboot.

Then flush your system restore points... (note: this will delete all your system restore points and malware that were present in it).
How to disable system restore in XP
Reboot.. and after rebooting, enable it again, so a new systemrestorepoint will be made. A clean one now! :thumbsup:

Can you also post the Blacklight log, ewido log and new hijackthislog as I asked you before?

Edited by miekiemoes, 15 March 2006 - 04:40 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 mjr11

mjr11
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 15 March 2006 - 05:06 AM

Logfile of HijackThis v1.99.1
Scan saved at 2:59:18 PM, on 3/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Documents and Settings\MIKE\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: SnapDetect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:40:13 PM, 3/14/2006
+ Report-Checksum: D8B0669D

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows SR 3.0 -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows SR 3.0\- -> Adware.BlazeFind : Cleaned with backup
HKU\.DEFAULT\Software\aurora -> Adware.BetterInternet : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} -> Adware.ZangoSearch : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-18\Software\aurora -> Adware.BetterInternet : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} -> Adware.ZangoSearch : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB} -> Adware.Generic : Cleaned with backup
C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\ORD3QINH\default[1].cab/games.exe -> Trojan.Dialer.fy : Cleaned with backup
C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\S1MJS5I7\booty[1].htm -> Trojan.KarmaHotel.e : Cleaned with backup
:mozilla.14:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.16:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.17:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.18:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.19:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.20:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.21:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.44:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.57:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.58:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.59:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.60:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.61:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.63:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.69:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.72:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.77:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.79:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.80:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.81:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.82:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.83:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.84:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.85:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.86:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.89:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.90:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.94:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.98:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.99:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.100:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.101:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.102:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.104:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.108:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.109:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.125:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.126:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.127:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.128:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.129:C:\Documents and Settings\JAZMYN\Application Data\Mozilla\Firefox\Profiles\vvxxym3p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.10:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\8hswbjbw.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.65:C:\Documents and Settings\MIKE\Application Data\Netscape\NSB\Profiles\0xle7tbm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.66:C:\Documents and Settings\MIKE\Application Data\Netscape\NSB\Profiles\0xle7tbm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.67:C:\Documents and Settings\MIKE\Application Data\Netscape\NSB\Profiles\0xle7tbm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.68:C:\Documents and Settings\MIKE\Application Data\Netscape\NSB\Profiles\0xle7tbm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.70:C:\Documents and Settings\MIKE\Application Data\Netscape\NSB\Profiles\0xle7tbm.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.118:C:\Documents and Settings\MIKE\Application Data\Netscape\NSB\Profiles\0xle7tbm.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.119:C:\Documents and Settings\MIKE\Application Data\Netscape\NSB\Profiles\0xle7tbm.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.120:C:\Documents and Settings\MIKE\Application Data\Netscape\NSB\Profiles\0xle7tbm.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.127:C:\Documents and Settings\MIKE\Application Data\Netscape\NSB\Profiles\0xle7tbm.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\MIKE\Local Settings\Temp\Cookies\mike@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\MIKE\Local Settings\Temp\ddl19.tmp.exe -> Dialer.Agent.z : Cleaned with backup
C:\Documents and Settings\MIKE\Local Settings\Temp\~dfte14.tmp -> Dropper.Agent.abu : Cleaned with backup
C:\Documents and Settings\MIKE\run.exe -> Downloader.Small.ckj : Cleaned with backup
C:\RECYCLER\S-1-5-21-220523388-1220945662-725345543-500\Dc5.exe -> Adware.ZenoSearch : Cleaned with backup
C:\RECYCLER\S-1-5-21-220523388-1220945662-725345543-500\Dc8.exe -> Downloader.Agent.afi : Cleaned with backup
C:\WINDOWS\avalon_6.txt -> Trojan.Agent.fs : Cleaned with backup
C:\WINDOWS\dhhoobobfa.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\kl1.exe -> Logger.Small.dg : Cleaned with backup
C:\WINDOWS\ms1.exe -> Downloader.Tiny.al : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0DEJK5YZ\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup
C:\WINDOWS\system32\faotvpap7.exe -> Trojan.Runner.h : Cleaned with backup
C:\WINDOWS\thpklve.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\tool2.exe -> Not-A-Virus.Hoax.Win32.Renos.bw : Cleaned with backup


::Report End


03/15/06 03:37:38 [Info]: BlackLight Engine 1.0.33 initialized
03/15/06 03:37:38 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/15/06 03:37:39 [Note]: 7019 4
03/15/06 03:37:39 [Note]: 7005 0
03/15/06 03:37:46 [Note]: 7006 0
03/15/06 03:37:52 [Note]: 7011 536
03/15/06 03:37:52 [Note]: FSRAW library version 1.7.1015
03/15/06 03:47:02 [Note]: 7007 0

^^said it didnt find anything

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:55 AM

Posted 15 March 2006 - 05:30 AM

Looks clean. :thumbsup:

How are things running now?

Edited by miekiemoes, 15 March 2006 - 05:30 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 mjr11

mjr11
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 15 March 2006 - 05:38 AM

better..no more random shut downs....and no pop ups but i was wondering could i use windows firewall instead of the zonealarm because it makes my computer kinda slow...well i think thats what it is...or how about prevx home..i had that one before but i deleted it..which should i use?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users