Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Reinfected


  • This topic is locked This topic is locked
15 replies to this topic

#1 jamal56783

jamal56783

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 26 October 2006 - 09:21 PM

i am infeted [again] with someting called project1 and it seems to slow down my computer and i am seeing popups on my desktop and when i surf the internet. this is my hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 7:11:07 PM, on 10/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
c:\dfndrff_e38.exe
c:\kybrdff_e38.exe
c:\nwnmff_e38.exe
C:\WINDOWS\SmFtYWwgTWFra291aw\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\DOCUME~1\JAMALX~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O4 - HKLM\..\Run: [defender] c:\\dfndrff_e38.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e38.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmff_e38.exe
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\mkorcl32.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SmFtYWwgTWFra291aw\command.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
Jamal

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 27 October 2006 - 05:29 AM

Hello jamal56783, and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.

Please take note of the following:
  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
Please give me some time to look over your log and I will get back to you as soon as possible.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 27 October 2006 - 07:09 AM

Hello jamal56783, sorry for the delay in getting back to you.

======

Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible, especially whilst in Safe Mode (you can't use the Internet)

======

You need to put HijackThis into its own folder. It makes backups and they need to be kept all in one place.

Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT". Now you have C:\HJT\ folder. Put your hijackthis.exe there.

======

Go to Start | Control Panel | Add/Remove Programs and remove the following (if they exist):

Network Monitor
Deskbar


Remember that these may require you to reboot your computer to complete the uninstallation- just let them.

======

Download Brute Force Uninstaller.
Unzip it to a folder of itís own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script ( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

======

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt in your next reply.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

======

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O4 - HKLM\..\Run: [defender] c:\\dfndrff_e38.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e38.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmff_e38.exe
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\mkorcl32.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SmFtYWwgTWFra291aw\command.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

======

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

======

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
======

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

======

Post me back the following (you may need more than one reply to get it all in!):
- C:\Look2Me-Destroyer.txt
- New HijackThis log
- AVG log

Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#4 jamal56783

jamal56783
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 27 October 2006 - 05:58 PM

Here are my logs:


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 10/27/2006 3:17:02 PM

Infected! C:\WINDOWS\system32\mkorcl32.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0012199.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0014199.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0015199.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0016199.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0016334.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0016338.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0018336.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP2\A0019335.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0020336.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021338.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021568.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021570.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021572.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021573.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021574.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021575.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021578.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021579.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021581.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021582.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021583.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021584.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021587.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021588.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021589.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021590.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021591.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0034964.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0035976.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0036171.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0036173.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0036175.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0036176.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0036179.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0036180.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0036187.dll
Infected! C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0036188.dll
Infected! C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0018019.dll
Infected! C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0019014.dll
Infected! C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0019020.dll
Infected! C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0020020.dll
Infected! C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0020028.dll
Infected! C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0021033.dll
Infected! C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0022028.dll
Infected! C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0023028.dll
Infected! C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0023031.dll
Infected! C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0023035.dll
Infected! C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0024039.dll
Infected! C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0025259.dll
Infected! C:\System Volume Information\_restore{60D6C988-141E-4B00-AD50-F367B3B38F0F}\RP0\A0007004.dll
Infected! C:\System Volume Information\_restore{60D6C988-141E-4B00-AD50-F367B3B38F0F}\RP0\A0008010.dll
Infected! C:\System Volume Information\_restore{60D6C988-141E-4B00-AD50-F367B3B38F0F}\RP2\A0009010.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038015.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038016.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038017.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038018.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038020.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038021.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038033.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038039.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038040.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038041.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038042.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038043.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038044.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038046.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038047.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038048.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038050.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038051.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038058.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038059.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038064.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038069.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0039058.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0042064.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0043062.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0044062.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0045062.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0046063.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0047062.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0048072.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0049061.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0050061.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0051061.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0052061.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0053061.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0054061.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0055062.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0056061.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0057061.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0058062.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0059062.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0060072.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0060100.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0060101.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0061100.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0062103.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0063104.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064107.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064135.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064139.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064263.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064264.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064265.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064266.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064268.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064269.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064270.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064271.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064272.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064273.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064274.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064275.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064276.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064277.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064278.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064279.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064280.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064281.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064282.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064283.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064284.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064285.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064286.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064287.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064288.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064289.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064290.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064291.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064292.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064293.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064294.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064295.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064296.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064297.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064298.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064299.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064300.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064301.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064302.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064303.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064304.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064305.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064306.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064307.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064308.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064309.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064310.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064311.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064312.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064313.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064314.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064315.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064316.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064317.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064318.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064319.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064320.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064321.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064322.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064323.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064324.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP5\A0069586.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP5\A0069587.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP5\A0069588.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP5\A0069589.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP5\A0069590.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP5\A0069591.dll
Infected! C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP5\A0069592.dll
Infected! C:\WINDOWS\SYSTEM32\l0p20a7oed.dll
Infected! C:\WINDOWS\SYSTEM32\mkorcl32.dll
Infected! C:\WINDOWS\SYSTEM32\mpports.dll
Infected! C:\WINDOWS\SYSTEM32\pelmon.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\mkorcl32.dll
C:\WINDOWS\system32\mkorcl32.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0012199.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0012199.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0014199.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0014199.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0015199.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0015199.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0016199.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0016199.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0016334.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0016334.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0016338.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0016338.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0018336.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0018336.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP2\A0019335.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP2\A0019335.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0020336.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0020336.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021338.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021338.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021568.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021568.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021570.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021570.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021572.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021572.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021573.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021573.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021574.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021574.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021575.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021575.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021578.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021578.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021579.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021579.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021581.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021581.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021582.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021582.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021583.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021583.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021584.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021584.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021587.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021587.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021588.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021588.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021589.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021589.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021590.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021590.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021591.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0021591.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0034964.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0034964.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0035976.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0035976.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0036171.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0036171.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0036173.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0036173.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0036175.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0036175.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0036176.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0036176.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0036179.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0036179.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0036180.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0036180.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0036187.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0036187.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0036188.dll
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP3\A0036188.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0018019.dll
C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0018019.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0019014.dll
C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0019014.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0019020.dll
C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0019020.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0020020.dll
C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0020020.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0020028.dll
C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0020028.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0021033.dll
C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0021033.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0022028.dll
C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0022028.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0023028.dll
C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0023028.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0023031.dll
C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0023031.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0023035.dll
C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0023035.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0024039.dll
C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0024039.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0025259.dll
C:\System Volume Information\_restore{509D4CF5-4ECB-4858-94B5-A1B767C87A41}\RP2\A0025259.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{60D6C988-141E-4B00-AD50-F367B3B38F0F}\RP0\A0007004.dll
C:\System Volume Information\_restore{60D6C988-141E-4B00-AD50-F367B3B38F0F}\RP0\A0007004.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{60D6C988-141E-4B00-AD50-F367B3B38F0F}\RP0\A0008010.dll
C:\System Volume Information\_restore{60D6C988-141E-4B00-AD50-F367B3B38F0F}\RP0\A0008010.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{60D6C988-141E-4B00-AD50-F367B3B38F0F}\RP2\A0009010.dll
C:\System Volume Information\_restore{60D6C988-141E-4B00-AD50-F367B3B38F0F}\RP2\A0009010.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038015.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038015.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038016.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038016.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038017.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038017.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038018.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038018.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038020.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038020.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038021.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038021.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038033.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038033.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038039.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038039.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038040.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038040.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038041.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038041.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038042.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038042.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038043.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038043.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038044.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038044.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038046.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038046.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038047.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038047.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038048.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038048.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038050.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038050.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038051.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038051.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038058.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038058.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038059.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038059.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038064.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038064.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038069.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0038069.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0039058.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0039058.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0042064.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0042064.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0043062.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0043062.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0044062.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0044062.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0045062.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0045062.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0046063.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0046063.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0047062.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0047062.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0048072.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0048072.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0049061.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0049061.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0050061.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0050061.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0051061.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0051061.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0052061.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0052061.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0053061.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0053061.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0054061.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0054061.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0055062.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0055062.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0056061.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0056061.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0057061.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0057061.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0058062.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0058062.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0059062.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0059062.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0060072.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0060072.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0060100.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0060100.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0060101.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0060101.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0061100.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0061100.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0062103.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0062103.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0063104.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0063104.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064107.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064107.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064135.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064135.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064139.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064139.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064263.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064263.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064264.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064264.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064265.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064265.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064266.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064266.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064268.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064268.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064269.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064269.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064270.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064270.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064271.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064271.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064272.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064272.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064273.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064273.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064274.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064274.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064275.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064275.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064276.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064276.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064277.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064277.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064278.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064278.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064279.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064279.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064280.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064280.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064281.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064281.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064282.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064282.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064283.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064283.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064284.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064284.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064285.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064285.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064286.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064286.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064287.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064287.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064288.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064288.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064289.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064289.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064290.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064290.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064291.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064291.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064292.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064292.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064293.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064293.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064294.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064294.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064295.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064295.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064296.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064296.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064297.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064297.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064298.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064298.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064299.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064299.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064300.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064300.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064301.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064301.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064302.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064302.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064303.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064303.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064304.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064304.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064305.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064305.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064306.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064306.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064307.dll
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP1\A0064307.dll Deleted successfully!

Attempting to delete: C:\System Volume In
Jamal

#5 jamal56783

jamal56783
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 27 October 2006 - 05:59 PM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:45:00 PM 10/27/2006

+ Scan result:



C:\Program Files\ipwins\bak\ipwins.exe -> Adware.Agent : No action taken.
HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Adware.Altnet : No action taken.
C:\Documents and Settings\All Users.WINDOWS\Application Data\AutoSearch.dll -> Adware.AutoSearch : No action taken.
C:\Program Files\Deskbar -> Adware.Softomate : No action taken.
C:\Program Files\Deskbar\deskbar.dll -> Adware.Softomate : No action taken.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : No action taken.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : No action taken.
HKU\S-1-5-21-1060284298-507921405-1343024091-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : No action taken.
C:\Documents and Settings\Jamal X\Local Settings\Temp\Temporary Internet Files\Content.IE5\DVZER6LN\xp-cydoor-728[1].swf -> Not-A-Virus.Hoax.SWF.Alerter.a : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@cartoonnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jamal X\Local Settings\Temp\Cookies\jamal x@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Cookies\system@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Cookies\system@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@adrevolver[3].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Jamal X\Local Settings\Temp\Cookies\jamal x@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Jamal X\Local Settings\Temp\Cookies\jamal x@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Administrator.JAMAL\Local Settings\Temp\Cookies\administrator@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Administrator.JAMAL-AEC6F108C\Cookies\administrator@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Administrator.JAMAL\Local Settings\Temp\Cookies\administrator@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Jamal X\Local Settings\Temp\Cookies\jamal x@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Cookies\system@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Jamal X\Local Settings\Temp\Cookies\jamal x@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Cookies\system@c.enhance[2].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@as-us.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Jamal X\Local Settings\Temp\Cookies\jamal x@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@ehg-maniatv.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Jamal X\Local Settings\Temp\Cookies\jamal x@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@project2.realtracker[1].txt -> TrackingCookie.Realtracker : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Jamal X\Local Settings\Temp\Cookies\jamal x@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Jamal X\Local Settings\Temp\Cookies\jamal x@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Administrator.JAMAL-AEC6F108C\Cookies\administrator@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Jamal X\Local Settings\Temp\Cookies\jamal x@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Cookies\system@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Jamal X\Cookies\jamal x@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Jamal X\Local Settings\Temp\Cookies\jamal x@zedo[1].txt -> TrackingCookie.Zedo : No action taken.


::Report end
Jamal

#6 jamal56783

jamal56783
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 27 October 2006 - 06:01 PM

Logfile of HijackThis v1.99.1
Scan saved at 3:51:38 PM, on 10/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jamal X\Desktop\HijackThis.exe
Jamal

#7 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 28 October 2006 - 04:21 AM

Hey there,
You didn't post me the full HJT log, half of it was missing. Also, you did not give me the full look2Me Destroyer log, so make sure you post them in your nxt post. You don't have to run new scans or anything, the reports should be saved for you, just copy and paste them again. Bear in mind that the L2M log is very long; you might need a couple of replies.

======

While you're there, can you do me an Uninstall list, please:

Open HijackThis
- Click the Config... button, then go to the Misc Tools section.
- Click on Open Uninstall Manager. You'll see a list of programs.
- Click on Save List...

The file "uninstall_list.txt" will be created. Copy and paste the contents of this file to your next reply.

======

Post me back the following (it'll take up a lot of posts, but don't worry about it.):
-Full HJT log
-Full Look2Me Destroyer log
-Uninstall list

Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#8 jamal56783

jamal56783
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 28 October 2006 - 01:52 PM

Adobe Flash Player 9 ActiveX
Command
HijackThis 1.99.1
OIN

Logfile of HijackThis v1.99.1
Scan saved at 11:47:29 AM, on 10/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\SmFtYWwgTWFra291aw\command.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jamal X\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O4 - HKLM\..\RunOnce: [{D7CC80D4-376C-4586-B023-4F35C2CEB28E} Deskbar UNINSTALL] regsvr32 /s /u "C:\Program Files\Deskbar\deskbar.dll"
Jamal

#9 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 28 October 2006 - 02:16 PM

Can I have the full Look2Me Destroyer log, please. It's located in C:\Look2Me-Destroyer.txt.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#10 jamal56783

jamal56783
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 28 October 2006 - 03:21 PM

its not in the c drive
Jamal

#11 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 29 October 2006 - 02:57 PM

Hey Jamal56783, sorry for the delay.

======

Go to Start | Control Panel | Add/Remove Programs and remove the following (if they exist):

Command
OIN


Remember that these may require you to reboot your computer to complete the uninstallation- just let them.

======

What did you set the default as for AVG, it should be set to Quarantine. Your log shows "No action taken", so can you make sure it's set to quarantine, and run me another scan in Safe Mode.

======

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

======

You're now running HJT from your Desktop, and this is still unsafe as you may accidentally delete its backups. Please move it to a folder.

======

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

======

Now, please reboot your computer into Safe Mode. This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list.

======

Next, please find and delete the following files/folders (if present):

C:\Program Files\Deskbar <--Folder
C:\WINDOWS\SmFtYWwgTWFra291aw <--Folder

======

Run the AVG scan again for me (use my last set of instructions.)

======

Reboot into Normal Mode.

======

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
======

Post back with the Ewido log, and a new HJT log, and a Panda log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#12 jamal56783

jamal56783
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 29 October 2006 - 04:08 PM

a few days ago my computer was not so bad but now its terrible. also my backround was changed and i cant change is back and my task manager is not opening. anyway here are my logs:

Logfile of HijackThis v1.99.1
Scan saved at 12:50:02 PM, on 10/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\testtestt.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\SmFtYWwgTWFra291aw\command.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\xpupdate.exe
C:\WINDOWS\SYSTEM32\vxgamet1.exe
C:\WINDOWS\SYSTEM32\vxgamet3.exe
C:\WINDOWS\SYSTEM32\vxgamet4.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\jamals\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\testtestt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\testtestt.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SmFtYWwgTWFra291aw\command.exe
Jamal

#13 jamal56783

jamal56783
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 29 October 2006 - 04:09 PM

Incident Status Location

Adware:Adware/CommAd Not disinfected C:\WINDOWS\SmFtYWwgTWFra291aw\command.exe
Adware:Adware/ActiveSearch Not disinfected C:\Program Files\Deskbar\deskbar.dll
Adware:Adware/CommAd Not disinfected C:\WINDOWS\SmFtYWwgTWFra291aw\asappsrv.dll
Virus:W32/Smitfraud.D Disinfected Operating system
Adware:adware/commad Not disinfected c:\windows\system32\atmtd.dll
Adware:adware/adsmart Not disinfected c:\windows\system32\dlh9jkdq1.exe
Adware:adware/secure32 Not disinfected c:\windows\system32\intell321.exe
Virus:bck/haxdoor.a Disinfected Operating system
Virus:w32/locksky.au.worm Disinfected Operating system
Virus:trj/abwiz.a Disinfected Operating system
Hacktool:rootkit/taskdirhide Not disinfected c:\windows\system32\taskdir.exe
Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard1.dat
Adware:adware/portalscan Not disinfected c:\program files\common files\Slmss
Adware:adware/alfacleaner Not disinfected Windows Registry
Adware:adware/mirar Not disinfected Windows Registry
Possible Virus. Not disinfected C:\Documents and Settings\All Users\Desktop\bundleexe.exe[exec-megalocast-downloadfile.exe-http%3A%2F%2Fjs.megalocast.net%2Fthankyou.php-.exe]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jamals\Cookies\jamals@atdmt[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\jamals\Cookies\jamals@tribalfusion[2].txt
Adware:Adware/ActiveSearch Not disinfected C:\Documents and Settings\jamals\Desktop\backups\backup-20061029-121954-816.dll
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\LocalService.NT AUTHORITY.002\Cookies\system@c.enhance[2].txt
Adware:Adware/SearchAid Not disinfected C:\Program Files\Network Monitor\netmon.exe
Adware:Adware/DeluxeComunications Not disinfected C:\RECYCLER\S-1-5-21-583907252-492894223-1060284298-1003\Dc14.exe
Virus:Trj/Downloader.KNM Disinfected C:\RECYCLER\S-1-5-21-583907252-492894223-1060284298-1003\Dc18\plugin.dll
Virus:Trj/Downloader.KNM Disinfected C:\RECYCLER\S-1-5-21-583907252-492894223-1060284298-1003\Dc18\plugin1.dll
Virus:Trj/Downloader.KNM Disinfected C:\RECYCLER\S-1-5-21-583907252-492894223-1060284298-1003\Dc18\~uninstall.exe
Virus:Trj/Spammer.H Disinfected C:\WINDOWS\comdlj32.dll
Jamal

#14 jamal56783

jamal56783
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 29 October 2006 - 04:10 PM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:01:21 PM 10/29/2006

+ Scan result:



C:\Program Files\BraveSentry -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\BraveSentry.exe -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\BraveSentry.lic -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\BraveSentry0.bs -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\BraveSentry0.dll -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\BraveSentry1.bs -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\BraveSentry1.dll -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\BraveSentry2.dll -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\BraveSentry3.dll -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\Uninstall.exe -> Adware.Bravesentry : No action taken.
[1732] C:\WINDOWS\SmFtYWwgTWFra291aw\command.exe -> Adware.CommAd : No action taken.
[660] C:\WINDOWS\SmFtYWwgTWFra291aw\asappsrv.dll -> Adware.CommAd : No action taken.
[772] C:\WINDOWS\SmFtYWwgTWFra291aw\asappsrv.dll -> Adware.CommAd : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0001014.dll -> Adware.EZula : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002202.dll -> Adware.EZula : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002088.exe -> Adware.IEPlug : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002181.dll -> Adware.NewDotNet : No action taken.
C:\Documents and Settings\jamals\Desktop\backups\backup-20061029-121954-816.dll -> Adware.Softomate : No action taken.
C:\Program Files\Deskbar -> Adware.Softomate : No action taken.
C:\Program Files\Deskbar\Cache -> Adware.Softomate : No action taken.
C:\Program Files\Deskbar\about.html -> Adware.Softomate : No action taken.
C:\Program Files\Deskbar\basis.xml -> Adware.Softomate : No action taken.
C:\Program Files\Deskbar\deskbar.crc -> Adware.Softomate : No action taken.
C:\Program Files\Deskbar\deskbar.dll -> Adware.Softomate : No action taken.
C:\Program Files\Deskbar\deskbar.inf -> Adware.Softomate : No action taken.
C:\Program Files\Deskbar\icons.bmp -> Adware.Softomate : No action taken.
C:\Program Files\Deskbar\inst.bat -> Adware.Softomate : No action taken.
C:\Program Files\Deskbar\mbback.bmp -> Adware.Softomate : No action taken.
C:\Program Files\Deskbar\mbbigopen.bmp -> Adware.Softomate : No action taken.
C:\Program Files\Deskbar\mbclose.bmp -> Adware.Softomate : No action taken.
C:\Program Files\Deskbar\mbfwd.bmp -> Adware.Softomate : No action taken.
C:\Program Files\Deskbar\mblogo.bmp -> Adware.Softomate : No action taken.
C:\Program Files\Deskbar\mbsep.bmp -> Adware.Softomate : No action taken.
C:\Program Files\Deskbar\options.html -> Adware.Softomate : No action taken.
C:\Program Files\Deskbar\softomate.gif -> Adware.Softomate : No action taken.
C:\Program Files\Deskbar\version.txt -> Adware.Softomate : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E} -> Adware.Softomate : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38} -> Adware.Softomate : No action taken.
HKLM\SOFTWARE\Classes\TypeLib\{A4C8F181-6CDB-4DCC-9FC9-BB9933C81E1F} -> Adware.Softomate : No action taken.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : No action taken.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : No action taken.
HKU\S-1-5-21-1060284298-507921405-1343024091-1010\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : No action taken.
C:\RECYCLER\S-1-5-21-583907252-492894223-1060284298-1003\Dc14.exe -> Adware.SurfSide : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002055.dll -> Adware.SurfSide : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002056.dll -> Adware.SurfSide : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002057.exe -> Adware.SurfSide : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002080.exe -> Adware.SurfSide : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002085.exe -> Adware.SurfSide : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002116.dll -> Adware.SurfSide : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0004191.exe -> Adware.SurfSide : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002037.dll -> Adware.TrafficSol : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0003185.dll -> Adware.TrafficSol : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0001016.dll -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002042.dll -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002046.dll -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002049.exe -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002052.exe -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002112.dll -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0006195.exe -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0006199.dll -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002109.exe -> Adware.ZenoSearch : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002115.exe -> Adware.ZenoSearch : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0004198.exe -> Adware.ZenoSearch : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002086.exe -> Downloader.Adload.az : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002063.exe -> Downloader.Adload.fk : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002073.exe -> Downloader.Adload.fk : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0004193.exe -> Downloader.Adload.fk : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002074.exe -> Downloader.Adload.fu : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002093.exe -> Downloader.Adload.fu : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002121.exe -> Downloader.Adload.fu : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0001011.exe -> Downloader.Adload.fv : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0001027.exe -> Downloader.Adload.fv : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0001032.exe -> Downloader.Adload.fv : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002060.exe -> Downloader.Adload.fv : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002061.exe -> Downloader.Adload.fv : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002068.exe -> Downloader.Adload.fv : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002069.exe -> Downloader.Adload.fv : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002118.exe -> Downloader.Adload.fv : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002065.exe -> Downloader.Adload.fz : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002072.exe -> Downloader.Adload.fz : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002076.exe -> Downloader.Adload.fz : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002096.exe -> Downloader.Adload.fz : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0004197.exe -> Downloader.Adload.fz : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002014.dll -> Downloader.Agent.agw : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0001013.exe -> Downloader.Qoologic.at : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0003178.exe -> Downloader.Qoologic.at : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002015.exe -> Downloader.Qoologic.bj : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002017.exe -> Downloader.Qoologic.bj : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002018.dll -> Downloader.Qoologic.bj : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002188.exe -> Downloader.Small.ajc : No action taken.
[1620] C:\WINDOWS\system32\testtestt.exe -> Downloader.Small.cya : No action taken.
[1948] C:\WINDOWS\SYSTEM32\vxgamet3.exe -> Downloader.Small.cya : No action taken.
C:\Documents and Settings\jamals\Local Settings\Temp\vxt3.game -> Downloader.Small.cyb : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002079.exe -> Downloader.Small.cyh : No action taken.
C:\Documents and Settings\jamals\Local Settings\Temp\vxt1.game -> Downloader.Small.dht : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0004186.exe -> Downloader.Tibs.id : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0005189.exe -> Downloader.Tibs.id : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0006189.exe -> Downloader.Tibs.id : No action taken.
C:\Documents and Settings\jamals\Local Settings\Temp\setup.exe -> Downloader.Tibs.if : No action taken.
C:\Documents and Settings\jamals\Local Settings\Temp\vxt2.game -> Downloader.Tibs.ir : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002110.exe -> Downloader.TSUpdate.o : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002132.exe -> Downloader.TSUpdate.o : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002117.exe -> Downloader.VB.agb : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0003182.exe -> Downloader.VB.anl : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002104.exe -> Downloader.VB.jl : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002135.exe/todoit.exe -> Downloader.VB.jl : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0003183.exe -> Downloader.VB.tw : No action taken.
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : No action taken.
C:\Documents and Settings\jamals\Local Settings\Temp\vxt4.game -> Proxy.Agent.ji : No action taken.
[1080] C:\WINDOWS\comdlj32.dll -> Proxy.Agent.ji : No action taken.
[1244] C:\WINDOWS\comdlj32.dll -> Proxy.Agent.ji : No action taken.
[1356] C:\WINDOWS\comdlj32.dll -> Proxy.Agent.ji : No action taken.
[1556] C:\WINDOWS\comdlj32.dll -> Proxy.Agent.ji : No action taken.
[1640] C:\WINDOWS\comdlj32.dll -> Proxy.Agent.ji : No action taken.
[1980] C:\WINDOWS\comdlj32.dll -> Proxy.Agent.ji : No action taken.
[372] C:\WINDOWS\comdlj32.dll -> Proxy.Agent.ji : No action taken.
[456] C:\WINDOWS\comdlj32.dll -> Proxy.Agent.ji : No action taken.
[480] C:\WINDOWS\comdlj32.dll -> Proxy.Agent.ji : No action taken.
[524] C:\WINDOWS\comdlj32.dll -> Proxy.Agent.ji : No action taken.
[544] C:\WINDOWS\comdlj32.dll -> Proxy.Agent.ji : No action taken.
[712] C:\WINDOWS\comdlj32.dll -> Proxy.Agent.ji : No action taken.
[776] C:\WINDOWS\comdlj32.dll -> Proxy.Agent.ji : No action taken.
[856] C:\WINDOWS\comdlj32.dll -> Proxy.Agent.ji : No action taken.
[940] C:\WINDOWS\comdlj32.dll -> Proxy.Agent.ji : No action taken.
C:\Documents and Settings\jamals\Local Settings\Temp\vx1.game -> Proxy.Xorpix.ar : No action taken.
C:\Documents and Settings\jamals\Cookies\jamals@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Cookies\system@c.enhance[2].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\jamals\Cookies\jamals@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\jamals\Cookies\jamals@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002108.exe -> Trojan.Imiserv.c : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002120.exe -> Trojan.Pakes : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002021.exe -> Trojan.Qoologic : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002136.exe -> Trojan.Qoologic : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002131.exe -> Trojan.Sinowal.ay : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002129.dll -> Trojan.Sinowal.az : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002130.dll -> Trojan.Sinowal.az : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002127.dll -> Trojan.Sinowal.k : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0002128.dll -> Trojan.Sinowal.k : No action taken.
C:\Documents and Settings\jamals\Local Settings\Temp\qvxt2.game -> Trojan.Small : No action taken.
C:\Documents and Settings\jamals\Local Settings\Temp\qvxt3.game -> Trojan.Small : No action taken.
C:\Documents and Settings\jamals\Local Settings\Temp\qvxt4.game -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0003177.exe -> Trojan.VB.tg : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0003179.exe -> Trojan.VB.tg : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0004185.dll -> Worm.Banwarum.f : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0005186.dll -> Worm.Banwarum.f : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0006183.dll -> Worm.Banwarum.f : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0007183.dll -> Worm.Banwarum.f : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0004182.dll -> Worm.Locksky.ao : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0005183.dll -> Worm.Locksky.ao : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0006182.dll -> Worm.Locksky.ao : No action taken.
C:\System Volume Information\_restore{32BEBE0F-2413-4A94-9366-4F0E03884AAD}\RP1\A0007184.dll -> Worm.Locksky.ao : No action taken.


::Report end
Jamal

#15 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 30 October 2006 - 11:40 AM

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall?

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users