Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W32.spybot.worm And (asappsrv.dll And Command Service Spyware?)


  • Please log in to reply
11 replies to this topic

#1 ladyxjay

ladyxjay

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 25 May 2006 - 06:31 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:27:40 PM, on 5/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\alg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\ZGFv\command.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1145600101\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\ms05753741836.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\program files\common files\aol\1145600101\ee\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
c:\program files\common files\aol\1145600101\ee\aexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\dao\My Documents\Unzipped\hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145600101\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [pbirpnzA] C:\WINDOWS\pbirpnzA.exe
O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [w0020342.dll] RUNDLL32.EXE w0020342.dll,I2 000dcfba00020342
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [ms05753741836] C:\WINDOWS\ms05753741836.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Waio] "C:\WINDOWS\DOBE~1\logonui.exe" -vt yazr
O4 - HKCU\..\Run: [Svp] C:\Documents and Settings\dao\Application Data\?racle\r?gedit.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - Winlogon Notify: OemStartMenuData - C:\WINDOWS\system32\k8lq0i35e8.dll (file missing)
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\o8pq0i75e8.dll (file missing)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Application Layer Gateway Manager (AppLayerGatewayMgr) - Unknown owner - C:\WINDOWS\alg.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\ZGFv\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

BC AdBot (Login to Remove)

 


#2 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:11:42 AM

Posted 26 May 2006 - 03:44 PM

1. Please download, install, and update the free version of Ewido Anti-Malware:
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main Ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes, the status bar at the bottom will display "Update successful"
  • Exit Ewido. DO NOT run a scan yet.
2. Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to, click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcan worm remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit Enter.

4. Once in Safe Mode, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Next to the scriptline to execute field click the folder icon Posted Image and select alcanshorty.bfu
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
5. Open Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.

* Reboot into normal Windows mode

* Please download Look2Me-Destroyer.exe to your desktop.

* Close all windows before continuing.
* Double-click Look2Me-Destroyer.exe to run it.
* Put a check next to Run this program as a task.
* You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
* When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
* Once it's done scanning, click the Remove L2M button.
* You will receive a Done Scanning message, click OK.
* When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
* Your computer will then shutdown.
* Turn your computer back on.
* Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log and the contents of the Ewido text

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
Greets Jürgenv

Donation: Click me.

#3 ladyxjay

ladyxjay
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 28 May 2006 - 10:03 AM

Hi i clicked the Brute force installer. but it just unzipped into my unzipped file place. There's an icon of a black thing with spikes. When i right click the icon it didn't give me any of the things that you mentioned to do so...I'm not sure what to do so asking for your help to make sure. And yes i did the first step by getting ewido. thanks.

Edited by ladyxjay, 28 May 2006 - 10:04 AM.


#4 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:11:42 AM

Posted 28 May 2006 - 10:26 AM

You MUST create a folder in your C: drive named BFU and move BFU into that folder :thumbsup:
Greets Jürgenv

Donation: Click me.

#5 ladyxjay

ladyxjay
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 28 May 2006 - 01:20 PM

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 5/28/2006 2:10:12 PM

Infected! C:\WINDOWS\system32\k8lq0i35e8.dll
Infected! C:\WINDOWS\system32\o8pq0i75e8.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001011.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001019.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001027.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001053.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001061.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001065.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001076.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001080.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001087.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001091.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001102.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001142.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001146.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001155.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001161.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0007555.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009557.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009566.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009570.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009588.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009629.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009635.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009659.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009665.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009675.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009679.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0009704.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0009705.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0009719.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0009800.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0009859.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0009872.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0009916.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0009920.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0010008.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010303.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010321.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010365.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010387.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010388.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010416.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010433.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010437.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010445.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011928.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011929.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011930.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011931.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011932.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011933.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011934.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011937.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011938.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP2\A0001182.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP2\A0001186.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP2\A0001195.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP2\A0001201.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP2\A0001214.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP2\A0001218.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP3\A0001236.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP4\A0001240.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP5\A0001277.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP5\A0001281.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP5\A0001290.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP5\A0001294.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP6\A0001319.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP6\A0001323.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0001348.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0001368.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0001372.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0002376.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0002380.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0003379.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0003400.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0003404.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0003440.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0004443.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0005443.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006446.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006447.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006451.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006452.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006453.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006454.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006477.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006482.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006483.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006484.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006533.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006546.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0007440.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP9\A0007483.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP9\A0007484.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP9\A0007485.dll
Infected! C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP9\A0007538.dll

Attempting to delete infected files...

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001011.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001011.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001019.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001019.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001027.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001027.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001053.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001053.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001061.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001061.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001065.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001065.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001076.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001076.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001080.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001080.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001087.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001087.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001091.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001091.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001102.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001102.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001142.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001142.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001146.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001146.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001155.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001155.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001161.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP1\A0001161.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0007555.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0007555.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009557.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009557.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009566.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009566.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009570.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009570.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009588.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009588.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009629.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009629.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009635.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009635.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009659.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009659.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009665.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009665.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009675.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009675.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009679.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP10\A0009679.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0009704.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0009704.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0009705.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0009705.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0009719.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0009719.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0009800.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0009800.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0009859.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0009859.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0009872.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0009872.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0009916.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0009916.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0009920.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0009920.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0010008.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP11\A0010008.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010303.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010303.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010321.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010321.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010365.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010365.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010387.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010387.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010388.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010388.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010416.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010416.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010433.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010433.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010437.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010437.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010445.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP12\A0010445.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011928.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011928.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011929.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011929.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011930.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011930.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011931.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011931.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011932.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011932.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011933.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011933.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011934.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011934.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011937.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011937.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011938.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP15\A0011938.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP2\A0001182.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP2\A0001182.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP2\A0001186.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP2\A0001186.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP2\A0001195.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP2\A0001195.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP2\A0001201.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP2\A0001201.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP2\A0001214.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP2\A0001214.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP2\A0001218.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP2\A0001218.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP3\A0001236.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP3\A0001236.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP4\A0001240.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP4\A0001240.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP5\A0001277.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP5\A0001277.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP5\A0001281.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP5\A0001281.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP5\A0001290.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP5\A0001290.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP5\A0001294.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP5\A0001294.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP6\A0001319.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP6\A0001319.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP6\A0001323.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP6\A0001323.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0001348.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0001348.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0001368.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0001368.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0001372.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0001372.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0002376.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0002376.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0002380.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0002380.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0003379.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0003379.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0003400.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0003400.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0003404.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0003404.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0003440.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0003440.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0004443.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0004443.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0005443.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP7\A0005443.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006446.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006446.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006447.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006447.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006451.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006451.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006452.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006452.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006453.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006453.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006454.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006454.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006477.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006477.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006482.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006482.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006483.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006483.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006484.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006484.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006533.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006533.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006546.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0006546.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0007440.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP8\A0007440.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP9\A0007483.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP9\A0007483.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP9\A0007484.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP9\A0007484.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP9\A0007485.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP9\A0007485.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP9\A0007538.dll
C:\System Volume Information\_restore{A0FFEBA5-6D9B-47C7-9203-1799DD89D102}\RP9\A0007538.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OemStartMenuData
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OptimalLayout

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F34FCBBD-5D51-4A82-94BE-080482839B6F}"
HKCR\Clsid\{F34FCBBD-5D51-4A82-94BE-080482839B6F}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D831487D-CB9F-4187-A2AD-97A9AEF6F3BB}"
HKCR\Clsid\{D831487D-CB9F-4187-A2AD-97A9AEF6F3BB}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0CD67CB1-BAD1-468B-AE1F-F74783BEF2CC}"
HKCR\Clsid\{0CD67CB1-BAD1-468B-AE1F-F74783BEF2CC}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{04A997B6-7A40-44B8-82F7-E6E8FC9EACBE}"
HKCR\Clsid\{04A997B6-7A40-44B8-82F7-E6E8FC9EACBE}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4156AEFF-2927-4C3E-AD22-D017874CAE96}"
HKCR\Clsid\{4156AEFF-2927-4C3E-AD22-D017874CAE96}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{EBF418B8-773F-4C8E-852F-3031300AC04A}"
HKCR\Clsid\{EBF418B8-773F-4C8E-852F-3031300AC04A}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{92B0132A-ED94-4330-B298-EDCE6168720B}"
HKCR\Clsid\{92B0132A-ED94-4330-B298-EDCE6168720B}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{BFDD920F-1329-4DE7-A235-7A247464A7B1}"
HKCR\Clsid\{BFDD920F-1329-4DE7-A235-7A247464A7B1}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{CCAD8E58-46ED-4729-9181-799DC7AD4475}"
HKCR\Clsid\{CCAD8E58-46ED-4729-9181-799DC7AD4475}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{64D2ADD3-FEA4-4AB8-8019-E7968587D2E4}"
HKCR\Clsid\{64D2ADD3-FEA4-4AB8-8019-E7968587D2E4}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E0CBD812-C14D-4E84-AE08-8C87271274F3}"
HKCR\Clsid\{E0CBD812-C14D-4E84-AE08-8C87271274F3}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F1810260-8144-4869-A6A7-44C399C413CD}"
HKCR\Clsid\{F1810260-8144-4869-A6A7-44C399C413CD}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E8F88700-A9EC-4CEF-9BC9-223F02CBD9CE}"
HKCR\Clsid\{E8F88700-A9EC-4CEF-9BC9-223F02CBD9CE}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{229A46E4-A52E-47D9-91F4-97F98E9C19CF}"
HKCR\Clsid\{229A46E4-A52E-47D9-91F4-97F98E9C19CF}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{EE41FFD7-FB98-42D9-8859-031A3A08B146}"
HKCR\Clsid\{EE41FFD7-FB98-42D9-8859-031A3A08B146}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1AC23185-C027-4F98-A80E-8A5A244B0F33}"
HKCR\Clsid\{1AC23185-C027-4F98-A80E-8A5A244B0F33}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 2:06:02 PM, 5/28/2006
+ Report-Checksum: BE5FEDF5

+ Scan result:

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup
C:\bootdll.pif -> Downloader.Adload.bo : Cleaned with backup
C:\configdll.pif -> Downloader.Adload.bq : Cleaned with backup
C:\dllboot.pif -> Downloader.Adload.bo : Cleaned with backup
C:\dllfix.pif -> Downloader.Adload.bo : Cleaned with backup
C:\dllload.pif -> Downloader.Adload.bo : Cleaned with backup
C:\Documents and Settings\colin and ryan\Cookies\colin and ryan@a.tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\colin and ryan\Cookies\colin and ryan@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\colin and ryan\Cookies\colin and ryan@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\colin and ryan\Cookies\colin and ryan@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\colin and ryan\Cookies\colin and ryan@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\colin and ryan\Cookies\colin and ryan@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\colin and ryan\Cookies\colin and ryan@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\colin and ryan\Cookies\colin and ryan@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\colin and ryan\Cookies\colin and ryan@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\colin and ryan\Cookies\colin and ryan@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\colin and ryan\Cookies\colin and ryan@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\colin and ryan\Cookies\colin and ryan@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\colin and ryan\Cookies\colin and ryan@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\dao\Application Data\Оracle\rеgedit.exe -> Adware.PurityScan : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@e-2dj6wjlicpazglo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@e-2dj6wjliokc5oeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@e-2dj6wjnywjc5aep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@www.adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\dao\Cookies\dao@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0AHNWPXA\drsmartload46a[1].exe -> Downloader.Adload.bq : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0AHNWPXA\drsmartload[1].exe -> Downloader.Adload.bt : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0AHNWPXA\iload[1].exe -> Downloader.Adload.bq : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GLA5KJ6F\keyboard22[1].exe -> Backdoor.VB.ary : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GLA5KJ6F\newname22[1].exe -> Hijacker.VB.no : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GLA5KJ6F\pload[1].exe -> Downloader.Adload.bq : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KK9PZMKZ\drsmartload45a[1].exe -> Downloader.Adload.bq : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QBMT1V80\ac2[1].txt -> Downloader.Agent.ahv : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QBMT1V80\drsmartload44a[1].exe -> Downloader.Adload.bq : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QBMT1V80\installerwnus[1].exe -> Downloader.Qoologic.at : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QBMT1V80\Installer[1].exe -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QBMT1V80\msninstaller[1].zip -> Downloader.Adload.bq : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QBMT1V80\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup
C:\Documents and Settings\Ryan\Cookies\ryan@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Ryan\Cookies\ryan@cartoonnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ryan\Cookies\ryan@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ryan\Cookies\ryan@pch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\loadbdll.pif -> Downloader.Adload.bo : Cleaned with backup
C:\lsass.exe -> Downloader.Adload.bq : Cleaned with backup
C:\mfix.bat -> Downloader.Adload.bo : Cleaned with backup
C:\Program Files\Common Files\Fοnts\smss.exe -> Downloader.PurityScan.cl : Cleaned with backup
C:\Program Files\Common Files\misc001\webhc1.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\svchost.exe -> Downloader.Adload.bq : Cleaned with backup
C:\sysconf.pif -> Downloader.Adload.bo : Cleaned with backup
C:\sysconfig.pif -> Downloader.Adload.bo : Cleaned with backup
C:\sysinfo.bat -> Downloader.Adload.bo : Cleaned with backup
C:\sysinfo.pif -> Downloader.Adload.bo : Cleaned with backup
C:\sysini.bat -> Downloader.Adload.bo : Cleaned with backup
C:\warebundle.exe -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\alg.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\drsmartload45a.exe -> Downloader.Adload.bq : Cleaned with backup
C:\WINDOWS\drsmartload46a.exe -> Downloader.Adload.bq : Cleaned with backup
C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup
C:\WINDOWS\ms05753741836.exe -> Backdoor.Small : Cleaned with backup
C:\WINDOWS\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\OEM.exe.bak -> Proxy.Agent.jw : Cleaned with backup
C:\WINDOWS\system32\clmmdlg.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\g4jole131h.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ir8ml5l11.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\metime.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mjhgrcoi.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mjrui.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ohbc32gt.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\pexrc.dll -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\qict.dll -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\r88s0il7e8q.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\veicd.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\Таsks\сhkntfs.exe -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\unwn.exe -> Trojan.Qoologic : Cleaned with backup
C:\WINDOWS\wnu_227.exe -> Trojan.Qoologic : Cleaned with backup
C:\WINDOWS\ZGFv\asappsrv.dll -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\ZGFv\command.exe -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\Аdobe\logonui.exe -> Downloader.PurityScan.cl : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 2:17:55 PM, on 5/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1145600101\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\common files\aol\1145600101\ee\aexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\dao\My Documents\Unzipped\hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145600101\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [pbirpnzA] C:\WINDOWS\pbirpnzA.exe
O4 - HKLM\..\Run: [w0020342.dll] RUNDLL32.EXE w0020342.dll,I2 000dcfba00020342
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Svp] C:\Documents and Settings\dao\Application Data\?racle\r?gedit.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Globa

#6 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:11:42 AM

Posted 28 May 2006 - 01:22 PM

Your hijackthis log is not complete :thumbsup:
Greets Jürgenv

Donation: Click me.

#7 ladyxjay

ladyxjay
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 28 May 2006 - 01:27 PM

Logfile of HijackThis v1.99.1
Scan saved at 2:24:41 PM, on 5/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1145600101\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
c:\program files\common files\aol\1145600101\ee\aexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\dao\My Documents\Unzipped\hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145600101\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [pbirpnzA] C:\WINDOWS\pbirpnzA.exe
O4 - HKLM\..\Run: [w0020342.dll] RUNDLL32.EXE w0020342.dll,I2 000dcfba00020342
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Svp] C:\Documents and Settings\dao\Application Data\?racle\r?gedit.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1148628912281
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Application Layer Gateway Manager (AppLayerGatewayMgr) - Unknown owner - C:\WINDOWS\alg.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe


is it complete now?? thanksss.

#8 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:11:42 AM

Posted 28 May 2006 - 01:30 PM

* Please open hijackthis and put a check next to the following:

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [pbirpnzA] C:\WINDOWS\pbirpnzA.exe
O4 - HKLM\..\Run: [w0020342.dll] RUNDLL32.EXE w0020342.dll,I2 000dcfba00020342
O4 - HKCU\..\Run: [Svp] C:\Documents and Settings\dao\Application Data\?racle\r?gedit.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)


* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

* After that, reboot and post a new hijackthis log here
Greets Jürgenv

Donation: Click me.

#9 ladyxjay

ladyxjay
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 28 May 2006 - 01:38 PM

Logfile of HijackThis v1.99.1
Scan saved at 2:35:38 PM, on 5/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1145600101\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\dao\My Documents\Unzipped\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145600101\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1148628912281
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Application Layer Gateway Manager (AppLayerGatewayMgr) - Unknown owner - C:\WINDOWS\alg.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

#10 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:11:42 AM

Posted 28 May 2006 - 01:40 PM

looking good, how is everything working?
Greets Jürgenv

Donation: Click me.

#11 ladyxjay

ladyxjay
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 28 May 2006 - 01:44 PM

um i guess good. I'm doing a usual ad-aware and all that scan. Norton hasn't said anything about a virus so... yep i guess we're good THANKS MUCH you're awesome!!! =)

#12 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:11:42 AM

Posted 28 May 2006 - 01:51 PM

You're welcome :thumbsup:

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we at SWI are to help you, for your sake we would rather not have repeat customers. :flowers:

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck. :D
Greets Jürgenv

Donation: Click me.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users