Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • This topic is locked This topic is locked
5 replies to this topic

#1 nohwal

nohwal

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 24 May 2006 - 06:47 AM

Hi, can someone help me on dignosing the scan results of HijackThis? The log file is copied below. Many thanks in advance. -- nohwal.

========================================================


Logfile of HijackThis v1.99.1
Scan saved at 5:10:43 PM, on 5/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Canon\VDC\AuVdc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TrapReceiver\trthread.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Documents and Settings\deepakn\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.29.33:3128
O1 - Hosts: 66.235.211.67 pop.nagarro.com
O1 - Hosts: 66.235.211.67 smtp.nagarro.com
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124385650425
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ggn.nagarro.com
O17 - HKLM\Software\..\Telephony: DomainName = ggn.nagarro.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD681014-7FBF-40F4-AEAE-4037326BB9BD}: NameServer = 172.16.0.4,172.16.0.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE913A16-3569-41BB-AC55-531996121E32}: NameServer = 172.16.0.4,172.16.0.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ggn.nagarro.com
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\h42o0ef3eh2.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Canon NetSpot Suite Service - CANON INC. - C:\Program Files\Canon\VDC\AuVdc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrapRcvr - Unknown owner - C:\Program Files\TrapReceiver\trthread.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Edited by nohwal, 24 May 2006 - 06:49 AM.


BC AdBot (Login to Remove)

 


#2 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:17 AM

Posted 25 May 2006 - 08:56 AM

Hi nohwal,

Welcome to BC. :thumbsup:



Click here to download Look2Me-Destroyer.exe and save it to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.

http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX[/QUOTE]

#3 nohwal

nohwal
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 26 May 2006 - 01:05 AM

Thanks Amateur... :thumbsup:

I have followed your steps and here are the logs that you asked me to post.

Look2Me-Destroyer Logs


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 5/26/2006 10:48:02 AM

Infected! C:\WINDOWS\system32\irpul5791.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP186\A0040891.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP186\A0040892.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP186\A0040906.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP186\A0040907.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP188\A0041049.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP188\A0041050.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP188\A0041058.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP188\A0041063.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041154.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041155.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041165.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041166.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041274.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041275.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041281.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041287.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041293.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041298.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041302.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041308.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041313.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP190\A0041471.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP190\A0041472.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP190\A0041478.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP191\A0041567.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP191\A0041568.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP191\A0041577.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP191\A0041578.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP192\A0041686.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP192\A0041695.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP192\A0041700.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP194\A0042138.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP194\A0042139.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP194\A0042154.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP194\A0042155.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP194\A0042244.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP194\A0042245.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP195\A0042261.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP195\A0042262.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP195\A0042270.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP195\A0042275.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP195\A0042277.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP195\A0042286.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP195\A0042291.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP197\A0042327.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP197\A0042328.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP197\A0042351.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP197\A0042352.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP197\A0042359.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP198\A0042491.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP198\A0042492.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP198\A0042501.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP198\A0042502.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP199\A0042549.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP199\A0042551.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP199\A0042560.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP199\A0042566.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP201\A0043251.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP201\A0043257.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP201\A0043268.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP201\A0043278.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP201\A0043279.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043351.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043352.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043365.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043366.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043371.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043384.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043385.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043413.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043440.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043449.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043464.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043481.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043488.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP203\A0043537.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP203\A0043538.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP203\A0043545.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP204\A0043581.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP204\A0043582.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP205\A0043632.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP205\A0043633.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP206\A0043657.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP206\A0043658.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP206\A0043665.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP206\A0043666.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043752.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043756.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043771.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043782.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043789.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043800.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043801.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043809.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043819.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043825.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043828.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043834.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP208\A0043928.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP208\A0043937.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP208\A0043943.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP209\A0043987.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP209\A0043997.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP209\A0044003.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP212\A0044087.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP212\A0044095.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP213\A0044104.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP214\A0044129.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP215\A0044140.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP215\A0044146.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP216\A0044178.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP216\A0044184.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP216\A0044231.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP217\A0044241.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP217\A0044247.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP219\A0044262.dll
Infected! C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP219\A0044268.dll
Infected! C:\WINDOWS\system32\bcpanui.dll
Infected! C:\WINDOWS\system32\BDnstDll.dll
Infected! C:\WINDOWS\system32\cgrtmgr.dll
Infected! C:\WINDOWS\system32\cuprops.dll
Infected! C:\WINDOWS\system32\dauGUI11.dll
Infected! C:\WINDOWS\system32\dhwsockx.dll
Infected! C:\WINDOWS\system32\dn2001fme.dll
Infected! C:\WINDOWS\system32\gp02l3do1.dll
Infected! C:\WINDOWS\system32\hqink.dll
Infected! C:\WINDOWS\system32\i224lcfq1f2e.dll
Infected! C:\WINDOWS\system32\iNlmgicd.dll
Infected! C:\WINDOWS\system32\iOlmrnt5.dll
Infected! C:\WINDOWS\system32\ir02l5do1.dll
Infected! C:\WINDOWS\system32\ir4ol5h31.dll
Infected! C:\WINDOWS\system32\irpul5791.dll
Infected! C:\WINDOWS\system32\k444lehq1h4e.dll
Infected! C:\WINDOWS\system32\kkdsmsno.dll
Infected! C:\WINDOWS\system32\kt8sl7l71.dll
Infected! C:\WINDOWS\system32\mficda.dll
Infected! C:\WINDOWS\system32\mhiole16.dll
Infected! C:\WINDOWS\system32\mlvcp50.dll
Infected! C:\WINDOWS\system32\mndtctm.dll
Infected! C:\WINDOWS\system32\mnrdim.dll
Infected! C:\WINDOWS\system32\mqnetobj.dll
Infected! C:\WINDOWS\system32\mrident.dll
Infected! C:\WINDOWS\system32\mrrt.dll
Infected! C:\WINDOWS\system32\mrxml3r.dll
Infected! C:\WINDOWS\system32\mucsubs.dll
Infected! C:\WINDOWS\system32\mwdtclog.dll
Infected! C:\WINDOWS\system32\nntapi32.dll
Infected! C:\WINDOWS\system32\NrlTools.dll
Infected! C:\WINDOWS\system32\p0n8la5u1d.dll
Infected! C:\WINDOWS\system32\prnppagn.dll
Infected! C:\WINDOWS\system32\pxpusd.dll
Infected! C:\WINDOWS\system32\r8r6li9s18.dll
Infected! C:\WINDOWS\system32\rHcpldlg.dll
Infected! C:\WINDOWS\system32\sqgtab.dll
Infected! C:\WINDOWS\system32\tvrmmgr.dll
Infected! C:\WINDOWS\system32\unrrtosa.dll
Infected! C:\WINDOWS\system32\urtheme.dll
Infected! C:\WINDOWS\system32\wfpdxm.dll
Infected! C:\WINDOWS\system32\wlashext.dll
Infected! C:\WINDOWS\system32\wncltui.dll
Infected! C:\WINDOWS\system32\wwtdecod.dll
Infected! C:\WINDOWS\system32\wystream.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\irpul5791.dll
C:\WINDOWS\system32\irpul5791.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP186\A0040891.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP186\A0040891.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP186\A0040892.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP186\A0040892.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP186\A0040906.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP186\A0040906.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP186\A0040907.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP186\A0040907.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP188\A0041049.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP188\A0041049.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP188\A0041050.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP188\A0041050.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP188\A0041058.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP188\A0041058.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP188\A0041063.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP188\A0041063.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041154.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041154.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041155.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041155.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041165.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041165.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041166.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041166.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041274.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041274.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041275.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041275.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041281.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041281.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041287.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041287.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041293.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041293.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041298.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041298.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041302.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041302.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041308.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041308.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041313.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP189\A0041313.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP190\A0041471.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP190\A0041471.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP190\A0041472.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP190\A0041472.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP190\A0041478.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP190\A0041478.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP191\A0041567.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP191\A0041567.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP191\A0041568.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP191\A0041568.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP191\A0041577.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP191\A0041577.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP191\A0041578.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP191\A0041578.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP192\A0041686.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP192\A0041686.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP192\A0041695.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP192\A0041695.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP192\A0041700.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP192\A0041700.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP194\A0042138.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP194\A0042138.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP194\A0042139.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP194\A0042139.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP194\A0042154.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP194\A0042154.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP194\A0042155.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP194\A0042155.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP194\A0042244.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP194\A0042244.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP194\A0042245.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP194\A0042245.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP195\A0042261.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP195\A0042261.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP195\A0042262.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP195\A0042262.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP195\A0042270.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP195\A0042270.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP195\A0042275.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP195\A0042275.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP195\A0042277.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP195\A0042277.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP195\A0042286.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP195\A0042286.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP195\A0042291.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP195\A0042291.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP197\A0042327.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP197\A0042327.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP197\A0042328.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP197\A0042328.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP197\A0042351.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP197\A0042351.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP197\A0042352.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP197\A0042352.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP197\A0042359.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP197\A0042359.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP198\A0042491.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP198\A0042491.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP198\A0042492.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP198\A0042492.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP198\A0042501.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP198\A0042501.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP198\A0042502.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP198\A0042502.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP199\A0042549.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP199\A0042549.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP199\A0042551.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP199\A0042551.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP199\A0042560.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP199\A0042560.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP199\A0042566.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP199\A0042566.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP201\A0043251.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP201\A0043251.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP201\A0043257.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP201\A0043257.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP201\A0043268.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP201\A0043268.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP201\A0043278.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP201\A0043278.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP201\A0043279.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP201\A0043279.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043351.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043351.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043352.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043352.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043365.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043365.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043366.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043366.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043371.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043371.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043384.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043384.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043385.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043385.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043413.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043413.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043440.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043440.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043449.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043449.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043464.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043464.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043481.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043481.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043488.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP202\A0043488.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP203\A0043537.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP203\A0043537.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP203\A0043538.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP203\A0043538.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP203\A0043545.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP203\A0043545.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP204\A0043581.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP204\A0043581.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP204\A0043582.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP204\A0043582.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP205\A0043632.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP205\A0043632.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP205\A0043633.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP205\A0043633.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP206\A0043657.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP206\A0043657.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP206\A0043658.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP206\A0043658.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP206\A0043665.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP206\A0043665.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP206\A0043666.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP206\A0043666.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043752.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043752.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043756.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043756.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043771.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043771.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043782.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043782.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043789.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043789.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043800.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043800.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043801.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043801.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043809.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043809.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043819.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043819.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043825.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043825.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043828.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043828.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043834.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP207\A0043834.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP208\A0043928.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP208\A0043928.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP208\A0043937.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP208\A0043937.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP208\A0043943.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP208\A0043943.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP209\A0043987.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP209\A0043987.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP209\A0043997.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP209\A0043997.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP209\A0044003.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP209\A0044003.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP212\A0044087.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP212\A0044087.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP212\A0044095.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP212\A0044095.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP213\A0044104.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP213\A0044104.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP214\A0044129.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP214\A0044129.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP215\A0044140.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP215\A0044140.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP215\A0044146.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP215\A0044146.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP216\A0044178.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP216\A0044178.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP216\A0044184.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP216\A0044184.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP216\A0044231.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP216\A0044231.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP217\A0044241.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP217\A0044241.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP217\A0044247.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP217\A0044247.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP219\A0044262.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP219\A0044262.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP219\A0044268.dll
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP219\A0044268.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\bcpanui.dll
C:\WINDOWS\system32\bcpanui.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\BDnstDll.dll
C:\WINDOWS\system32\BDnstDll.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\cgrtmgr.dll
C:\WINDOWS\system32\cgrtmgr.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\cuprops.dll
C:\WINDOWS\system32\cuprops.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dauGUI11.dll
C:\WINDOWS\system32\dauGUI11.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dhwsockx.dll
C:\WINDOWS\system32\dhwsockx.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dn2001fme.dll
C:\WINDOWS\system32\dn2001fme.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\gp02l3do1.dll
C:\WINDOWS\system32\gp02l3do1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\hqink.dll
C:\WINDOWS\system32\hqink.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\i224lcfq1f2e.dll
C:\WINDOWS\system32\i224lcfq1f2e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\iNlmgicd.dll
C:\WINDOWS\system32\iNlmgicd.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\iOlmrnt5.dll
C:\WINDOWS\system32\iOlmrnt5.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ir02l5do1.dll
C:\WINDOWS\system32\ir02l5do1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ir4ol5h31.dll
C:\WINDOWS\system32\ir4ol5h31.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\irpul5791.dll
C:\WINDOWS\system32\irpul5791.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\k444lehq1h4e.dll
C:\WINDOWS\system32\k444lehq1h4e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\kkdsmsno.dll
C:\WINDOWS\system32\kkdsmsno.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\kt8sl7l71.dll
C:\WINDOWS\system32\kt8sl7l71.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mficda.dll
C:\WINDOWS\system32\mficda.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mhiole16.dll
C:\WINDOWS\system32\mhiole16.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mlvcp50.dll
C:\WINDOWS\system32\mlvcp50.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mndtctm.dll
C:\WINDOWS\system32\mndtctm.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mnrdim.dll
C:\WINDOWS\system32\mnrdim.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mqnetobj.dll
C:\WINDOWS\system32\mqnetobj.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mrident.dll
C:\WINDOWS\system32\mrident.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mrrt.dll
C:\WINDOWS\system32\mrrt.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mrxml3r.dll
C:\WINDOWS\system32\mrxml3r.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mucsubs.dll
C:\WINDOWS\system32\mucsubs.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mwdtclog.dll
C:\WINDOWS\system32\mwdtclog.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\nntapi32.dll
C:\WINDOWS\system32\nntapi32.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\NrlTools.dll
C:\WINDOWS\system32\NrlTools.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\p0n8la5u1d.dll
C:\WINDOWS\system32\p0n8la5u1d.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\prnppagn.dll
C:\WINDOWS\system32\prnppagn.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\pxpusd.dll
C:\WINDOWS\system32\pxpusd.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\r8r6li9s18.dll
C:\WINDOWS\system32\r8r6li9s18.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\rHcpldlg.dll
C:\WINDOWS\system32\rHcpldlg.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\sqgtab.dll
C:\WINDOWS\system32\sqgtab.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\tvrmmgr.dll
C:\WINDOWS\system32\tvrmmgr.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\unrrtosa.dll
C:\WINDOWS\system32\unrrtosa.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\urtheme.dll
C:\WINDOWS\system32\urtheme.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\wfpdxm.dll
C:\WINDOWS\system32\wfpdxm.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\wlashext.dll
C:\WINDOWS\system32\wlashext.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\wncltui.dll
C:\WINDOWS\system32\wncltui.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\wwtdecod.dll
C:\WINDOWS\system32\wwtdecod.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\wystream.dll
C:\WINDOWS\system32\wystream.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Run

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{159E9834-B2C9-444B-95BF-4613477E93F0}"
HKCR\Clsid\{159E9834-B2C9-444B-95BF-4613477E93F0}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{15084714-A714-4B68-9D2C-712D7A7ABB89}"
HKCR\Clsid\{15084714-A714-4B68-9D2C-712D7A7ABB89}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2403D888-D244-4223-A93D-4A253675EC2B}"
HKCR\Clsid\{2403D888-D244-4223-A93D-4A253675EC2B}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded


====================================================================

HijackThis Logs after running Look2Me-Destroyer

Logfile of HijackThis v1.99.1
Scan saved at 11:24:40 AM, on 5/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Canon\VDC\AuVdc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TrapReceiver\trthread.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\deepakn\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\

#4 nohwal

nohwal
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 26 May 2006 - 01:07 AM

The last post was not complete...seems like it exceeded its characters limit....here is the rest of the HijackThis logs.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.29.33:3128
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124385650425
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ggn.nagarro.com
O17 - HKLM\Software\..\Telephony: DomainName = ggn.nagarro.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD681014-7FBF-40F4-AEAE-4037326BB9BD}: NameServer = 172.16.0.4,172.16.0.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE913A16-3569-41BB-AC55-531996121E32}: NameServer = 172.16.0.4,172.16.0.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ggn.nagarro.com
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Canon NetSpot Suite Service - CANON INC. - C:\Program Files\Canon\VDC\AuVdc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrapRcvr - Unknown owner - C:\Program Files\TrapReceiver\trthread.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


============

Please let me know what needs to be done next. Thanks a lot for helping me out.
nohwal.

#5 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:17 AM

Posted 26 May 2006 - 06:13 AM

Hi Nohwal, :thumbsup:

I am unable to see an antivirus running in your system :flowers: though I see a firewall which is good. Please download one of the following free antivirus programs, update it and run a full system scan. It's important that you do not have more than one antivirus running at the same time, as more will not be better but on the contrary will cause problems.

AVG Free here
AntiVir here
Avast here

==================================

Please disable Windows Defender Real Time Protection as it may interfere with the fix.

To disable Windows Defender:
  • Open Windows Defender
  • Click Tools
  • Click General Settings
  • Scroll down to Real Time Protection Options
  • Uncheck Turn on Real Time Protection (recommended)
  • After you uncheck this, click on the Save button
  • Close Windows Defender
Once your log is clean you can re-enable Windows Defender Real Time Protection.

=================================
  • Close all open Explorer windows and browsers/email, etc
  • Run HijackThis
  • Click on the Scan button and when complete
  • Put a check beside all of the items listed below
  • Click on the "Fix Checked" button
  • When completed, close the application.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank


=================================

Please download Ccleaner and save it to your desktop.

Tutorial for CCleaner

During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it

=================================

Download and install Ewido Anti-Malware

During the installation, uncheck the following under Additional Options:
Install background guard
Install scan via context menu


Check for updates but do not run it yet.

Note: If you have problems with the updater, you can manually update Ewido.
Download ewido-signatures-full-current.exe from here and save to your Desktop.
All you need to do then is to double-click it, click Install and then when it has finished, Close.

==================================

Reboot your computer in Safe Mode using the F8 method below.

a. If the computer is running, shut down Windows, and then turn off the power.
b. Wait 30 seconds, and then turn the computer on.
c. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
d. Ensure that the Safe Mode option is selected.
e. Press Enter. The computer then begins to start in Safe mode.

==================================

From Safe Mode run Ccleaner
  • Click on Options,
  • Select Advanced
  • Now UNCHECK "Only delete files in Windows Temp folders older than 48 hours"
  • Make sure the Cleaner block on the left is selected. (Do not use the "Issues" block) Choose the Windows tab.
  • Check everything EXCEPT Advanced part of the Menu.
  • Click on "Analyze". This process could take a while.
  • If you don't want to loose your login passwords to certain sites, click on Options
  • Select cookies and move the ones you want to keep to the "cookies to keep" section, by highlighting and using the arrows in the middle.
  • Choose Run Cleaner.
When CCleaner shows how much has been removed, cleaning is finished. Click Exit.
If you have more than one users, run Ccleaner for every user

=================================

Still in Safe Mode, run Ewido Security Suit

Click on the Scanner button in the left menu, then click on Settings, and under "What to scan?", select "Every file" then click ok.
Then click on Complete System Scan. This scan can take quite a while to run.

If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.

When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

If during your scan Ewido "crashes" or "hangs", please try scanning again. Before running the scan, click on 'Scanner' (the 3rd bar from the top on the left) and Choose 'Settings'. Uncheck 'Scan in NTFS Alternate Data Streams' as this can cause problems in overly infected systems. Click 'OK' and then follow the instructions

Warning: While the scan is in progress, DO NOT open any folders or the Windows Control Panel !!

=================================

Reboot in Normal Mode and

Run an online scan at Panda's ActiveScan
  • Please go here and perform a full system scan. (use Internet Explorer)
  • Once you are on the Panda site click the Scan your PC button.
  • A new window will open...click the big Check Now button.
  • Enter your Country.
  • Enter your State/Province.
  • Enter your Valid Email and click send.
  • Select either Home User or Company.
  • Click the big Scan Now button.
  • If it wants to install an ActiveX component allow it.
  • It will start downloading the files it requires for the scan.
  • Click on Local Disks to start the scan.
  • Once finished, click see report, then click Save report.
NOTE: Please ignore any entry it finds and the offer to buy the program to remove the entry.

Post back the results of Ewido and Panda and a fresh HijackThis log please. :huh:

#6 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:17 AM

Posted 02 June 2006 - 08:30 AM

Due to lack of response, this thread will now be closed. If you need this topic reopened, please PM me or a moderator with the address of the thread.and we will reopen it for you. This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users