Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Guard.tmp Issue (i Think)


  • This topic is locked This topic is locked
8 replies to this topic

#1 Marty401

Marty401

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 16 May 2006 - 08:31 PM

I think I have a case of Guard.tmp. Can someone please help? Here's my Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:15:32 PM, on 5/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
C:\Program Files\Common Files\AOL\1147222222\ee\AOLSoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aimtoday.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1147222222\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_22.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127798161158
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139264329120
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqaio/downloads/msxml4.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_02) - http://kronosweb.nai.com/WFC/plugins/j2re-1_3_1_02-win.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE3A9008-81F9-4A9D-9DCE-4CC84F041E4A}: NameServer = 192.168.0.1
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:12 PM

Posted 17 May 2006 - 06:20 AM

Hello,

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
    (If Look2Me-Destroyer does not reopen automatically, reboot and try again.)
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of Look2Me-Destroyer.txt present on your desktop and a new HiJackThis log.
If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Marty401

Marty401
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 17 May 2006 - 06:30 PM

Thanks for the response! Seems much better already!

Here's the Look2Me-Destroyer.txt file:


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 5/17/2006 7:17:09 PM

Infected! C:\WINDOWS\system32\irj0l51m1.dll
Infected! C:\RECYCLER\S-1-5-21-1957994488-920026266-1343024091-500\Dc96.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP11\A0000335.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP11\A0000339.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP12\A0000341.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP12\A0000345.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP14\A0000347.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP14\A0000351.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP15\A0000353.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP15\A0000357.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP16\A0000359.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP16\A0000360.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP17\A0000365.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP18\A0000370.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP18\A0000375.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP19\A0000380.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP2\A0000002.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000390.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000391.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000392.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000395.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000396.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000397.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000398.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000399.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000400.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000401.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000402.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000403.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000404.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000405.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000406.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000407.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000408.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000409.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000410.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000411.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000412.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000413.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000414.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000415.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000416.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000417.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000418.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000419.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000420.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000421.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000422.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000423.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000424.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000425.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000426.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000427.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000429.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000433.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000437.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP21\A0000439.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP21\A0000443.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP22\A0000445.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP23\A0000451.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP23\A0000455.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP24\A0000457.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP24\A0000461.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP25\A0000463.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP25\A0000467.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP26\A0000469.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP26\A0000473.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP28\A0000539.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP28\A0000545.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP29\A0000549.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP36\A0000575.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP36\A0000581.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP37\A0000585.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP38\A0000589.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP4\A0000055.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP4\A0000060.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP46\A0000684.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP46\A0000688.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP5\A0000065.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP9\A0000269.dll
Infected! C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP9\A0000301.dll
Infected! C:\WINDOWS\system32\avmon.dll
Infected! C:\WINDOWS\system32\irj0l51m1.dll
Infected! C:\WINDOWS\system32\j00s0ad7ed0.dll
Infected! C:\WINDOWS\system32\k4620ejoehoc0.dll
Infected! C:\WINDOWS\system32\l6j8lg1u16.dll
Infected! C:\WINDOWS\system32\u2rulc991f.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\irj0l51m1.dll
C:\WINDOWS\system32\irj0l51m1.dll Deleted successfully!

Attempting to delete: C:\RECYCLER\S-1-5-21-1957994488-920026266-1343024091-500\Dc96.dll
C:\RECYCLER\S-1-5-21-1957994488-920026266-1343024091-500\Dc96.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP11\A0000335.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP11\A0000335.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP11\A0000339.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP11\A0000339.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP12\A0000341.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP12\A0000341.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP12\A0000345.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP12\A0000345.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP14\A0000347.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP14\A0000347.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP14\A0000351.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP14\A0000351.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP15\A0000353.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP15\A0000353.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP15\A0000357.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP15\A0000357.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP16\A0000359.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP16\A0000359.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP16\A0000360.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP16\A0000360.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP17\A0000365.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP17\A0000365.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP18\A0000370.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP18\A0000370.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP18\A0000375.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP18\A0000375.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP19\A0000380.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP19\A0000380.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP2\A0000002.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP2\A0000002.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000390.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000390.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000391.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000391.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000392.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000392.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000395.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000395.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000396.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000396.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000397.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000397.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000398.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000398.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000399.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000399.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000400.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000400.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000401.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000401.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000402.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000402.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000403.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000403.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000404.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000404.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000405.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000405.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000406.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000406.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000407.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000407.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000408.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000408.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000409.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000409.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000410.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000410.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000411.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000411.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000412.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000412.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000413.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000413.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000414.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000414.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000415.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000415.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000416.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000416.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000417.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000417.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000418.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000418.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000419.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000419.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000420.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000420.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000421.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000421.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000422.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000422.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000423.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000423.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000424.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000424.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000425.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000425.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000426.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000426.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000427.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000427.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000429.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000429.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000433.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000433.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000437.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP20\A0000437.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP21\A0000439.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP21\A0000439.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP21\A0000443.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP21\A0000443.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP22\A0000445.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP22\A0000445.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP23\A0000451.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP23\A0000451.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP23\A0000455.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP23\A0000455.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP24\A0000457.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP24\A0000457.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP24\A0000461.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP24\A0000461.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP25\A0000463.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP25\A0000463.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP25\A0000467.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP25\A0000467.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP26\A0000469.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP26\A0000469.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP26\A0000473.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP26\A0000473.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP28\A0000539.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP28\A0000539.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP28\A0000545.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP28\A0000545.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP29\A0000549.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP29\A0000549.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP36\A0000575.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP36\A0000575.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP36\A0000581.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP36\A0000581.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP37\A0000585.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP37\A0000585.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP38\A0000589.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP38\A0000589.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP4\A0000055.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP4\A0000055.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP4\A0000060.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP4\A0000060.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP46\A0000684.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP46\A0000684.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP46\A0000688.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP46\A0000688.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP5\A0000065.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP5\A0000065.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP9\A0000269.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP9\A0000269.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP9\A0000301.dll
C:\System Volume Information\_restore{42AE53DD-44BC-4A43-A8F1-32877927B73C}\RP9\A0000301.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\avmon.dll
C:\WINDOWS\system32\avmon.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\irj0l51m1.dll
C:\WINDOWS\system32\irj0l51m1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\j00s0ad7ed0.dll
C:\WINDOWS\system32\j00s0ad7ed0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\k4620ejoehoc0.dll
C:\WINDOWS\system32\k4620ejoehoc0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\l6j8lg1u16.dll
C:\WINDOWS\system32\l6j8lg1u16.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\u2rulc991f.dll
C:\WINDOWS\system32\u2rulc991f.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Explorer

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{DC62BB22-0A5C-4DBE-B372-23CC87B66BBC}"
HKCR\Clsid\{DC62BB22-0A5C-4DBE-B372-23CC87B66BBC}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B6C13304-B661-4AF8-A44D-3918A2F95C95}"
HKCR\Clsid\{B6C13304-B661-4AF8-A44D-3918A2F95C95}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{26DB2349-C291-4D1D-A29D-61C160022E08}"
HKCR\Clsid\{26DB2349-C291-4D1D-A29D-61C160022E08}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E91376A3-5804-43B5-83CF-9BE745408D73}"
HKCR\Clsid\{E91376A3-5804-43B5-83CF-9BE745408D73}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded


_________________________________________________

And here's the Hijackthis.log:

Logfile of HijackThis v1.99.1
Scan saved at 7:26:09 PM, on 5/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aimtoday.com/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\RunOnce: [AOLRebootNeeded] regsvr32.exe /s
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_22.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127798161158
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139264329120
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqaio/downloads/msxml4.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_02) - http://kronosweb.nai.com/WFC/plugins/j2re-1_3_1_02-win.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE3A9008-81F9-4A9D-9DCE-4CC84F041E4A}: NameServer = 192.168.0.1
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:12 PM

Posted 18 May 2006 - 12:04 AM

Almost there. :thumbsup:

I see Viewpoint installed.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
Please download LSPfix and save it to the Desktop and unzip it.
* Run LSPfix and place a check against the I know what I am doing checkbox.

Highlight newdotnet7_22.dll and move it from the Keep(left panel) to the Remove (right panel) panel (if not already there). Be sure to move nothing other than newdotnet7_22.dll, or you will loose your internet connection.

When done, click on Finish to exit the program; do not use the X in the top right-hand corner as nothing will happen!

Reboot and post a new hijackthislog as a final check. :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Marty401

Marty401
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 18 May 2006 - 06:53 PM

Thanks so much! You've saved me a TON of time, and I greatly appreciate it. Here's my new Hijackthis.log:

Logfile of HijackThis v1.99.1
Scan saved at 7:48:28 PM, on 5/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127798161158
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139264329120
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqaio/downloads/msxml4.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_02) - http://kronosweb.nai.com/WFC/plugins/j2re-1_3_1_02-win.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE3A9008-81F9-4A9D-9DCE-4CC84F041E4A}: NameServer = 192.168.0.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:12 PM

Posted 18 May 2006 - 06:55 PM

I see a clean log here. How are things running now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Marty401

Marty401
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 18 May 2006 - 08:08 PM

Running beautifully! Thanks again!

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:12 PM

Posted 18 May 2006 - 08:37 PM

Glad I could help. :thumbsup:

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates: http://windowsupdate.microsoft.com/

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

Also visit this Free Online Scanner for PC Health and Safety and Microsoft Security At Home for tips to Protect your Pc, Protect yourself and Protect your Family.

More info on how to prevent malware you can also find here (By Tony Klein)
and here: http://wiki.castlecops.com/Malware_Prevent...nt_Re-infection

If you want to fight back the Malware Writers that have made your life a misery, please take a look here.

Happy surfing again! :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:12 PM

Posted 19 May 2006 - 03:52 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users