Elite Member
I Need Serious Help(RESOLVED) Logfile of HijackThis v1.99.1
Scan saved at 2:03:10 PM, on 6/30/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\Owner\Desktop\msgr8in.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\GLB3CD.tmp
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qsg7.hpwis.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: compaq toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [defender] C:\\defender25.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Spyware & Adware Removal] "C:\Program Files\Spyware & Adware Removal\SAR.exe" NoHint
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QuickSet Internet Zone - {3417D8E1-5942-11d6-A0E0-0002B364F69B} - C:\Program Files\QSIZ\qsiz.EXE (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02a7917d...p/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1145794293500
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://217.73.66.1/del/loader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBE1F9E2-D9A2-414D-A17A-C6CC7A5A6257}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\jt8u07l9e.dll
O20 - Winlogon Notify: winzoa32 - C:\WINDOWS\SYSTEM32\winzoa32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
help me
Senior Member (Canada)
You are not running HijackThis (HJT) from a desired location. You really need to setup a dedicated folder for HJT items – to avoid horrible clutter and/or potential lost backup issues.
It's best that the HijackThis tool NOT be located in its current location (particularly on your Desktop or in a TEMP folder). This way you can more easily undo any changes if something goes wrong.
- Create a new folder in your C: Drive.
- Name the FOLDER HijackThis (or HJT) such as C:\Program Files\HijackThis or C:\HJT and move the HijackThis.exe file into it.
- Run HJT from there (and revise your shortcut accordingly).
Please download the latest version of Look2Me-Remover.exe to your desktop.
http://www.atribune.org/ccount/click.php?id=7
* Close all windows before continuing.
* Double-click Look2Me-Remover.exe to run it.
* Put a check next to Run this program as a task.
* You will receive a message saying Look2Me-Remover will close and re-open in approximately 10 seconds. Click OK
* When Look2Me-Remover re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
* Once it's done scanning, click the Remove L2M button.
* You will receive a Done Scanning message, click OK.
* When completed, you will receive this message: Done removing infected files! Look2Me-Remover will now shutdown your computer, click OK.
* Your computer will then shutdown.
* Turn your computer back on.
* Please post the contents of C:\Look2Me-Remover.txt and a new HiJackThis log.
If you receive a message from your firewall about this program accessing the Internet please allow it.
If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new...b/MSWINSCK.OCX
Elite Member
Originally Posted by ramesh help
are u the admin or just a helper...do u have an hotmail account or an msn messenger account..
Senior Member (Canada)
I am a moderator and co-head (with NEAL) of this FORUM section. We do not do fixes on these boards thru private messaging or email - most sites do not as well. Some may have a chat forum, but we don't.are u the admin or just a helper...do u have an hotmail account or an msn messenger account..
Elite Member
LOGFILE
Logfile of HijackThis v1.99.1
Scan saved at 7:40:11 PM, on 7/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TrustIn Popups\TrustInPopups.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qsg7.hpwis.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: compaq toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [TrustIn Popups] "C:\Program Files\TrustIn Popups\TrustInPopups.exe"
O4 - HKCU\..\Run: [Trust Cleaner] C:\Program Files\Trust Cleaner\TrustCleaner.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: QuickSet Internet Zone - {3417D8E1-5942-11d6-A0E0-0002B364F69B} - C:\Program Files\QSIZ\qsiz.EXE (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02a7917d...p/RdxIE601.cab
O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} (WeeklyExecuter Class) - http://soft.trustincash.com/install/tload.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1145794293500
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://217.73.66.1/del/loader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBE1F9E2-D9A2-414D-A17A-C6CC7A5A6257}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: pushow86.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
2) how to get the contents of C:\Look2Me-Remover.txt ..after removing already
Dedicated Member
VOPTHIS is out of town for a few days and will be helping you for now.
Don't worry about the text it appears to of been removed(infection) by the tool.
Next step...
Please download WebRoot SpySweeper from HERE (It's a 14-day trial):
* Click Download Now to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits
o Please UNCHECK Do not Sweep System Restore Folder.
* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply along with a fresh HJT log.
Elite Member
after removing what i have been Instructed to..and this is the log file that
i said to be missing...
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 7/12/2006 7:23:18 PM
Infected! C:\WINDOWS\system32\gp0ql3d51.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0010669.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0010676.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011676.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011678.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011688.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011689.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011701.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011702.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011717.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011718.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011731.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011732.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011744.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011745.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011755.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011756.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0012761.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0013761.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0013764.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0013771.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0013774.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0013781.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0014780.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0014784.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0014791.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0014797.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015803.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015807.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015816.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015823.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015825.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015834.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015835.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015844.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015845.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0016844.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0016855.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0016856.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0017855.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0018855.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0018863.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0018870.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0018873.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0018880.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0018888.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0018896.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0019894.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0019900.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0019987.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0019988.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020005.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020006.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020016.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020017.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020027.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020028.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020039.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020040.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020053.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020063.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0022070.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0022072.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0022079.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0022082.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0022161.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0022168.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0023167.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0024171.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0024176.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0024184.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0024194.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0025201.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0026201.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0027201.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0028201.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0028206.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0028225.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000188.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000189.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000197.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000198.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000206.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000213.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000215.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000223.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000231.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000238.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP5\A0000240.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP5\A0001263.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP5\A0001270.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001279.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001286.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001287.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001289.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001290.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001294.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001299.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001306.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001308.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0002314.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0003308.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0003315.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0003316.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0003317.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0003319.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0004326.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0004327.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0004466.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0004467.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0004476.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0004477.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0005476.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0005491.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0006498.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0006499.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0007498.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0007519.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0007521.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0007530.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0007531.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0008530.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009530.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009539.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009540.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009550.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009551.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009561.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009562.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009563.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009564.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP8\A0009574.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP8\A0009575.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP8\A0009583.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP8\A0009584.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0009597.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0009598.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0009607.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0009608.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0009617.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0009618.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0009627.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0009628.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0010633.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0010639.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0010640.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0010649.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0010650.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0010659.dll
Infected! C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0010660.dll
Infected! C:\WINDOWS\system32\aza80cjuefo80.dll
Infected! C:\WINDOWS\system32\d8j02i1mg8.dll
Infected! C:\WINDOWS\system32\fp0q03d5e.dll
Infected! C:\WINDOWS\system32\fp4m03h1e.dll
Infected! C:\WINDOWS\system32\gp0ql3d51.dll
Infected! C:\WINDOWS\system32\gprol3931.dll
Infected! C:\WINDOWS\system32\i2lolc331f.dll
Infected! C:\WINDOWS\system32\iufxhk.dll
Infected! C:\WINDOWS\system32\jrl0253mg.dll
Infected! C:\WINDOWS\system32\k4lq0e35eh.dll
Infected! C:\WINDOWS\system32\k6pmlg7116.dll
Infected! C:\WINDOWS\system32\m4820eloehqc0.dll
Infected! C:\WINDOWS\system32\mfdtctm.dll
Infected! C:\WINDOWS\system32\n0p40a7qed.dll
Infected! C:\WINDOWS\system32\n2l80c3uef.dll
Infected! C:\WINDOWS\system32\nbwrshu.dll
Infected! C:\WINDOWS\system32\nnprovau.dll
Infected! C:\WINDOWS\system32\o2ro0c93ef.dll
Infected! C:\WINDOWS\system32\oobcp32r.dll
Infected! C:\WINDOWS\system32\p04ulah91d4.dll
Infected! C:\WINDOWS\system32\p6p6lg7s16.dll
Infected! C:\WINDOWS\system32\p86s0ij7e8o.dll
Infected! C:\WINDOWS\system32\q2680cjuefo80.dll
Infected! C:\WINDOWS\system32\q268lcju1fo8.dll
Infected! C:\WINDOWS\system32\topmonui.dll
Infected! C:\WINDOWS\system32\wisdmoe.dll
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\gp0ql3d51.dll
C:\WINDOWS\system32\gp0ql3d51.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0010669.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0010669.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0010676.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0010676.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011676.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011676.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011678.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011678.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011688.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011688.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011689.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011689.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011701.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011701.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011702.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011702.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011717.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011717.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011718.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011718.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011731.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011731.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011732.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011732.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011744.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011744.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011745.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011745.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011755.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011755.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011756.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0011756.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0012761.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0012761.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0013761.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0013761.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0013764.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0013764.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0013771.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0013771.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0013774.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0013774.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0013781.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0013781.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0014780.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0014780.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0014784.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0014784.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0014791.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0014791.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0014797.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0014797.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015803.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015803.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015807.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015807.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015816.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015816.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015823.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015823.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015825.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015825.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015834.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015834.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015835.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015835.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015844.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015844.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015845.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0015845.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0016844.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0016844.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0016855.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0016855.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0016856.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP10\A0016856.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0017855.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0017855.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0018855.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0018855.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0018863.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0018863.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0018870.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0018870.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0018873.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0018873.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0018880.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0018880.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0018888.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0018888.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0018896.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0018896.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0019894.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0019894.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0019900.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP11\A0019900.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0019987.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0019987.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0019988.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0019988.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020005.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020005.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020006.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020006.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020016.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020016.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020017.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020017.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020027.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020027.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020028.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020028.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020039.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020039.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020040.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020040.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020053.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020053.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020063.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0020063.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0022070.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0022070.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0022072.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0022072.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0022079.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0022079.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0022082.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP12\A0022082.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0022161.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0022161.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0022168.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0022168.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0023167.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0023167.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0024171.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0024171.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0024176.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0024176.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0024184.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0024184.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0024194.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0024194.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0025201.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0025201.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0026201.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0026201.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0027201.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0027201.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0028201.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0028201.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0028206.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0028206.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0028225.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP13\A0028225.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000188.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000188.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000189.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000189.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000197.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000197.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000198.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000198.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000206.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000206.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000213.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000213.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000215.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000215.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000223.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000223.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000231.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000231.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000238.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP4\A0000238.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP5\A0000240.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP5\A0000240.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP5\A0001263.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP5\A0001263.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP5\A0001270.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP5\A0001270.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001279.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001279.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001286.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001286.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001287.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001287.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001289.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001289.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001290.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001290.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001294.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001294.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001299.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001299.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001306.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001306.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001308.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0001308.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0002314.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0002314.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0003308.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0003308.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0003315.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0003315.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0003316.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0003316.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0003317.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0003317.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0003319.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP6\A0003319.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0004326.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0004326.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0004327.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0004327.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0004466.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0004466.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0004467.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0004467.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0004476.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0004476.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0004477.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0004477.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0005476.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0005476.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0005491.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0005491.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0006498.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0006498.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0006499.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0006499.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0007498.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0007498.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0007519.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0007519.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0007521.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0007521.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0007530.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0007530.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0007531.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0007531.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0008530.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0008530.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009530.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009530.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009539.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009539.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009540.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009540.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009550.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009550.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009551.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009551.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009561.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009561.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009562.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009562.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009563.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009563.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009564.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP7\A0009564.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP8\A0009574.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP8\A0009574.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP8\A0009575.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP8\A0009575.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP8\A0009583.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP8\A0009583.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP8\A0009584.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP8\A0009584.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0009597.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0009597.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0009598.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0009598.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0009607.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0009607.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0009608.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0009608.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0009617.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0009617.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0009618.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0009618.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0009627.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0009627.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0009628.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0009628.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0010633.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0010633.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0010639.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0010639.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0010640.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0010640.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0010649.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0010649.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0010650.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0010650.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0010659.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0010659.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0010660.dll
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP9\A0010660.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\aza80cjuefo80.dll
C:\WINDOWS\system32\aza80cjuefo80.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\d8j02i1mg8.dll
C:\WINDOWS\system32\d8j02i1mg8.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\fp0q03d5e.dll
C:\WINDOWS\system32\fp0q03d5e.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\fp4m03h1e.dll
C:\WINDOWS\system32\fp4m03h1e.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\gp0ql3d51.dll
C:\WINDOWS\system32\gp0ql3d51.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\gprol3931.dll
C:\WINDOWS\system32\gprol3931.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\i2lolc331f.dll
C:\WINDOWS\system32\i2lolc331f.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\iufxhk.dll
C:\WINDOWS\system32\iufxhk.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\jrl0253mg.dll
C:\WINDOWS\system32\jrl0253mg.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\k4lq0e35eh.dll
C:\WINDOWS\system32\k4lq0e35eh.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\k6pmlg7116.dll
C:\WINDOWS\system32\k6pmlg7116.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\m4820eloehqc0.dll
C:\WINDOWS\system32\m4820eloehqc0.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\mfdtctm.dll
C:\WINDOWS\system32\mfdtctm.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\n0p40a7qed.dll
C:\WINDOWS\system32\n0p40a7qed.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\n2l80c3uef.dll
C:\WINDOWS\system32\n2l80c3uef.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\nbwrshu.dll
C:\WINDOWS\system32\nbwrshu.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\nnprovau.dll
C:\WINDOWS\system32\nnprovau.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\o2ro0c93ef.dll
C:\WINDOWS\system32\o2ro0c93ef.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\oobcp32r.dll
C:\WINDOWS\system32\oobcp32r.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\p04ulah91d4.dll
C:\WINDOWS\system32\p04ulah91d4.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\p6p6lg7s16.dll
C:\WINDOWS\system32\p6p6lg7s16.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\p86s0ij7e8o.dll
C:\WINDOWS\system32\p86s0ij7e8o.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\q2680cjuefo80.dll
C:\WINDOWS\system32\q2680cjuefo80.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\q268lcju1fo8.dll
C:\WINDOWS\system32\q268lcju1fo8.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\topmonui.dll
C:\WINDOWS\system32\topmonui.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\wisdmoe.dll
C:\WINDOWS\system32\wisdmoe.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Themes
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{EF0FE5B2-D28B-48C5-B55E-F70FEA2271C3}"
HKCR\Clsid\{EF0FE5B2-D28B-48C5-B55E-F70FEA2271C3}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{E8411FB0-4305-4D93-A75F-C93FCF900DE5}"
HKCR\Clsid\{E8411FB0-4305-4D93-A75F-C93FCF900DE5}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{EAEFFE94-CD00-40A2-882D-AFDAEA47A40C}"
HKCR\Clsid\{EAEFFE94-CD00-40A2-882D-AFDAEA47A40C}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrators - Succeeded
Dedicated Member
Thanks for that log,
Please go back to post # 6 and do the spysweeper, thanks.
Elite Member
your most welcome
1) this is the 1st time running Spy Sweeper Session Log
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
10:51 PM: Shield States
10:51 PM: Spyware Definitions: 717
10:51 PM: Spy Sweeper 5.0.5.1286 started
9:48 PM: Your spyware definitions have been updated.
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
9:35 PM: Shield States
9:35 PM: Spyware Definitions: 691
9:35 PM: Spy Sweeper 5.0.5.1286 started
9:35 PM: Spy Sweeper 5.0.5.1286 started
9:35 PM: | Start of Session, Thursday, July 13, 2006 |
********
10:48 PM: Removal process completed. Elapsed time 00:02:11
10:48 PM: Preparing to restart your computer. Please wait...
10:47 PM: Quarantining All Traces: whenu savenow
10:47 PM: Quarantining All Traces: trustin bar
10:47 PM: Quarantining All Traces: pesttrap
10:47 PM: Quarantining All Traces: prosearching hijack
10:47 PM: Quarantining All Traces: 2020search hijack
10:47 PM: Quarantining All Traces: saristar dialer
10:47 PM: Quarantining All Traces: ist software
10:47 PM: Quarantining All Traces: prosearch.com hijack
10:47 PM: Quarantining All Traces: command
10:47 PM: Quarantining All Traces: phoneaccess dialer
10:47 PM: Quarantining All Traces: dialer access
10:47 PM: Quarantining All Traces: marketscore
10:47 PM: Quarantining All Traces: trust cleaner
10:47 PM: Warning: A call to an OS function failed
10:47 PM: Quarantining All Traces: advertismen
10:47 PM: Quarantining All Traces: coolwebsearch (cws)
10:47 PM: Quarantining All Traces: look2me
10:47 PM: Quarantining All Traces: cws-aboutblank
10:47 PM: Quarantining All Traces: trojan-downloader-zlob
10:47 PM: Quarantining All Traces: trojan agent winlogonhook
10:47 PM: Quarantining All Traces: actualkeylogger
10:46 PM: Removal process initiated
10:43 PM: Traces Found: 42
10:43 PM: Full Sweep has completed. Elapsed time 00:50:38
10:43 PM: C:\WINDOWS\system32\stdole3.tlb (ID = 305316)
10:43 PM: C:\WINDOWS\system32\pushow86.dll (ID = 316010)
10:43 PM: Detected running threat: C:\WINDOWS\system32\pushow86.dll (ID = 316010)
10:43 PM: File Sweep Complete, Elapsed Time: 00:47:25
10:35 PM: Warning: Failed to access drive E:
10:31 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because
it is being used by another process
10:31 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it
is being used by another process
10:31 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file
because it is being used by another process
10:31 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it
is being used by another process
10:31 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file
because it is being used by another process
10:31 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it
is being used by another process
10:31 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it
is being used by another process
10:31 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is
being used by another process
10:31 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because
it is being used by another process
10:31 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it
is being used by another process
10:30 PM: Warning: Failed to open file "c:\windows\system32\winzoa32.dll". Access is denied
10:29 PM: C:\WINDOWS\system32\cemetrix.dll (ID = 243051)
10:29 PM: Found Adware: marketscore
10:24 PM: C:\WINDOWS\trustinbar.exe (ID = 269764)
10:24 PM: Found Adware: trustin bar
10:24 PM: C:\WINDOWS\icont.exe (ID = 65739)
10:24 PM: Found Adware: look2me
10:24 PM: c:\recycler\s-1-5-21-2649711371-3604966831-2589084201-1003\dc327\tcd.sys (ID = 318582)
10:24 PM: Found Adware: trust cleaner
10:22 PM: C:\Program Files\VVSN (1 subtraces) (ID = 2147486920)
10:22 PM: Found Adware: whenu savenow
10:19 PM: C:\Program Files\PestTrap (1 subtraces) (ID = 2147507944)
10:19 PM: Found Adware: pesttrap
10:18 PM: C:\Program Files\Network Monitor (ID = 2147507525)
10:14 PM: Warning: Failed to open file "c:\program files\common files\symantec shared\ccpd-lc\symlcrst.dll". The process
cannot access the file because it is being used by another process
10:02 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application
data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
10:02 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application
data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
10:02 PM: C:\Documents and Settings\Owner\Desktop\2nd desktop\ramesh\srikdu\pendrive\New Folder\actualkeylogger.exe (ID =
159584)
9:58 PM: Warning: Failed to open file "c:\documents and settings\owner\ntuser.dat.log". The process cannot access the file
because it is being used by another process
9:58 PM: Warning: Failed to open file "c:\documents and settings\owner\ntuser.dat". The process cannot access the file
because it is being used by another process
9:57 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application
data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
9:57 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application
data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
9:57 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access
the file because it is being used by another process
9:57 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the
file because it is being used by another process
9:57 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application
data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
9:57 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application
data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
9:57 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy
sweeper\data\settings.dat". The process cannot access the file because it is being used by another process
9:57 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access
the file because it is being used by another process
9:57 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the
file because it is being used by another process
9:56 PM: Warning: Failed to open file "c:\pagefile.sys". The process cannot access the file because it is being used by
another process
9:56 PM: Warning: Failed to open file "c:\hiberfil.sys". The process cannot access the file because it is being used by
another process
9:56 PM: Starting File Sweep
9:56 PM: Warning: A call to an OS function failed
9:56 PM: Warning: Failed to access drive A:
9:56 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
9:56 PM: Starting Cookie Sweep
9:56 PM: Registry Sweep Complete, Elapsed Time:00:01:50
9:55 PM: HKU\S-1-5-21-2649711371-3604966831-2589084201-1003\software\microsoft\internet explorer\main\ || start page_bak (
ID = 1339810)
9:55 PM: HKU\S-1-5-21-2649711371-3604966831-2589084201-1003\software\microsoft\internet explorer\main\ || searchurl (ID =
1339809)
9:55 PM: Found Adware: prosearching hijack
9:55 PM: HKU\S-1-5-21-2649711371-3604966831-2589084201-1003\software\microsoft\internet explorer\search\ || searchassistant
(ID = 1192311)
9:55 PM: Found Adware: 2020search hijack
9:55 PM: HKU\S-1-5-21-2649711371-3604966831-2589084201-1003\software\phoneaccess2\ (ID = 1008399)
9:55 PM: HKU\S-1-5-21-2649711371-3604966831-2589084201-1003\software\akprogram\ (ID = 849397)
9:55 PM: HKU\S-1-5-21-2649711371-3604966831-2589084201-1003\software\coulomb\ (ID = 140401)
9:55 PM: Found Adware: saristar dialer
9:55 PM: HKU\S-1-5-21-2649711371-3604966831-2589084201-1003\software\ist\ (ID = 129108)
9:55 PM: Found Adware: ist software
9:55 PM: HKU\S-1-5-21-2649711371-3604966831-2589084201-1003\software\microsoft\internet explorer\main\ || homeoldsp (ID =
115923)
9:55 PM: Found Adware: cws-aboutblank
9:55 PM: HKLM\software\microsoft\windows nt\currentversion\windows\ || appinit_dlls (ID = 1518544)
9:55 PM: Found Adware: advertismen
9:55 PM: HKLM\software\microsoft\windows\currentversion\pol icies\explorer\run\ || wininet.dll (ID = 1497178)
9:55 PM: HKLM\software\microsoft\internet explorer\main\ || start page_bak (ID = 1250791)
9:55 PM: HKLM\software\microsoft\internet explorer\main\ || searchurl (ID = 1250790)
9:55 PM: HKLM\software\microsoft\internet explorer\main\ || search page_bak (ID = 1250789)
9:55 PM: HKLM\software\microsoft\internet explorer\main\ || start page (ID = 1250785)
9:55 PM: HKLM\software\microsoft\internet explorer\main\ || local page (ID = 1250784)
9:55 PM: Found Adware: prosearch.com hijack
9:55 PM: HKLM\software\microsoft\windows\currentversion\uni nstall\media-codec\ (ID = 1247798)
9:55 PM: HKLM\software\microsoft\windows\currentversion\app paths\ecodec.exe\ (ID = 1159208)
9:55 PM: Found Trojan Horse: trojan-downloader-zlob
9:54 PM: HKLM\software\microsoft\code store database\distribution units\{ad7fafb0-16d6-40c3-af27-585d6e6453fd}\ (ID =
1059507)
9:54 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmd service\ (ID = 1016072)
9:54 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmd service\0000\ (ID = 1016064)
9:54 PM: Found Adware: command
9:54 PM: HKLM\software\classes\typelib\{c435415d-83af-47c7-a297-6b6bc817df48}\ (ID = 1008419)
9:54 PM: HKLM\software\classes\phoneaccess.phoneaccess\ (ID = 1008401)
9:54 PM: HKCR\typelib\{c435415d-83af-47c7-a297-6b6bc817df48}\ (ID = 1008389)
9:54 PM: HKCR\phoneaccess.phoneaccess\ (ID = 1008371)
9:54 PM: Found Adware: phoneaccess dialer
9:54 PM: HKLM\software\microsoft\mssmgr\ (ID = 937101)
9:54 PM: Found Trojan Horse: trojan agent winlogonhook
9:54 PM: HKLM\software\akprogram\ (ID = 849399)
9:54 PM: Found System Monitor: actualkeylogger
9:54 PM: HKLM\software\microsoft\code store database\distribution units\{ad7fafb0-16d6-40c3-af27-585d6e6453fd}\ (ID =
125083)
9:54 PM: Found Adware: dialer access
9:54 PM: HKCR\typelib\{344ee577-2027-4714-82ff-0d7538488547}\ (ID = 112503)
9:54 PM: HKLM\software\classes\typelib\{344ee577-2027-4714-82ff-0d7538488547}\ (ID = 109797)
9:54 PM: Found Adware: coolwebsearch (cws)
9:54 PM: Starting Registry Sweep
9:54 PM: Memory Sweep Complete, Elapsed Time: 00:02:03
9:52 PM: Starting Memory Sweep
9:51 PM: Warning: A call to an OS function failed
9:51 PM: Sweep initiated using definitions version 717
9:51 PM: Spy Sweeper 5.0.5.1286 started
9:51 PM: | Start of Session, Thursday, July 13, 2006 |
********
2) this is the (hijackthis log) for the (1st Spy Sweeper Session Log)
Logfile of HijackThis v1.99.1
Scan saved at 11:00:35 PM, on 7/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qsg7.hpwis.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: compaq toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [wcmdmgr] "C:\WINDOWS\wt\updater\wcmdmgrl.exe" -launch
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.
htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download
Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download
Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06
\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!
\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!
\Messenger\YahooMessenger.exe
O9 - Extra button: QuickSet Internet Zone - {3417D8E1-5942-11d6-A0E0-0002B364F69B} - C:\Program Files\QSIZ\qsiz.EXE (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.
cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/
tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/
ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/
fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/
installs/yinst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02a7917d...03d005/netzip/
RdxIE601.cab
O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - http://soft.trustincash.com/install/tload.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5
Controls/en/x86/client/wuweb_site.cab?1145794293500
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/
MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5
free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/
SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.
exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton
AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton
AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe
3) this is the 2nd time running Spy Sweeper Session Log
6:45 PM: None
6:45 PM: Traces Found: 0
6:45 PM: Full Sweep has completed. Elapsed time 00:42:26
6:45 PM: File Sweep Complete, Elapsed Time: 00:38:41
6:42 PM: Warning: Failed to access drive E:
6:37 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because
it is being used by another process
6:37 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is
being used by another process
6:37 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because
it is being used by another process
6:37 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it
is being used by another process
6:37 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because
it is being used by another process
6:37 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it
is being used by another process
6:37 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it
is being used by another process
6:37 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is
being used by another process
6:37 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because
it is being used by another process
6:37 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it
is being used by another process
6:37 PM: Warning: Failed to open file "c:\windows\system32\winzoa32.dll". Access is denied
6:22 PM: Warning: Failed to open file "c:\program files\common files\symantec shared\ccpd-lc\symlcrst.dll". The process
cannot access the file because it is being used by another process
6:13 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application
data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
6:13 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application
data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
6:09 PM: Warning: Failed to open file "c:\documents and settings\owner\ntuser.dat.log". The process cannot access the file
because it is being used by another process
6:09 PM: Warning: Failed to open file "c:\documents and settings\owner\ntuser.dat". The process cannot access the file
because it is being used by another process
6:07 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application
data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
6:07 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application
data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
6:07 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access
the file because it is being used by another process
6:07 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the
file because it is being used by another process
6:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application
data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
6:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application
data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
6:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy
sweeper\data\settings.dat". The process cannot access the file because it is being used by another process
6:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access
the file because it is being used by another process
6:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the
file because it is being used by another process
6:07 PM: Warning: Failed to open file "c:\pagefile.sys". The process cannot access the file because it is being used by
another process
6:07 PM: Warning: Failed to open file "c:\hiberfil.sys". The process cannot access the file because it is being used by
another process
6:07 PM: Starting File Sweep
6:07 PM: Warning: A call to an OS function failed
6:07 PM: Warning: Failed to access drive A:
6:07 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
6:06 PM: Starting Cookie Sweep
6:06 PM: Registry Sweep Complete, Elapsed Time:00:01:42
6:05 PM: Starting Registry Sweep
6:05 PM: Memory Sweep Complete, Elapsed Time: 00:01:27
6:03 PM: Starting Memory Sweep
6:03 PM: Warning: A call to an OS function failed
6:03 PM: Sweep initiated using definitions version 718
6:03 PM: Spy Sweeper 5.0.5.1286 started
6:03 PM: | Start of Session, Friday, July 14, 2006 |
********
6:03 PM: | End of Session, Friday, July 14, 2006 |
6:02 PM: Your spyware definitions have been updated.
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: Off
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
5:48 PM: Shield States
5:48 PM: Spyware Definitions: 717
5:47 PM: Spy Sweeper 5.0.5.1286 started
Operation: Terminate
Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
1:41 PM: Tamper Detection
Operation: Terminate
Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
1:41 PM: Tamper Detection
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: Off
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
12:10 PM: Shield States
12:10 PM: Spyware Definitions: 717
12:09 PM: Spy Sweeper 5.0.5.1286 started
11:04 PM: Startup Shield: Off
3) this is the (hijackthis log) for the (2nd Spy Sweeper Session Log)
Logfile of HijackThis v1.99.1
Scan saved at 7:09:43 PM, on 7/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qsg7.hpwis.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: compaq toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.
htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download
Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download
Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06
\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!
\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!
\Messenger\YahooMessenger.exe
O9 - Extra button: QuickSet Internet Zone - {3417D8E1-5942-11d6-A0E0-0002B364F69B} - C:\Program Files\QSIZ\qsiz.EXE (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.
cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/
tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/
ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/
fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/
installs/yinst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02a7917d...03d005/netzip/
RdxIE601.cab
O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - http://soft.trustincash.com/install/tload.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5
Controls/en/x86/client/wuweb_site.cab?1145794293500
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/
MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5
free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/
SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBE1F9E2-D9A2-414D-A17A-C6CC7A5A6257}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.
exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton
AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton
AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe
Last edited by ramesh help; 14-07-2006 at 12:14 PM.
Dedicated Member
HI,
To remove the double spacing in your hijackthis log, please do the following:
- Please go to Start >> Run... and type notepad.exe
- Hit OK.
- Now go to Format and uncheck WordWrap.
- Close Notepad.
- Then post a new HijackThis log next time you reply.
Download and install
Ewido anti-spyware
4.0 (uninstall any previous version first).
- Click the Download BUTTON. On the next page click the
Download now BUTTON.- Save and then install (Run) from the save location.
- Open/Run ewido anti-spyware
- Wait a few moments and Ewido should Auto update itself (note date of last
update). If it doesn't update, click the update ICON at top of
screen:
- Click on the Update now LINK at the top of the window
- Click on the Start update button
- Wait for the update to download and install
- This is very important to get the LATEST
updates- Click on the Status ICON
- Under "Your computers Security"
Click change status on Resident shield to inactive
(ONLY consider activation of that feature once you are
clean)- Click on the Scanner ICON at the top of the window
- Click on the Settings tab then select Recommended Actions
and choose Quarantine
Close ALL open Windows / Programs / Folders. Please start
Ewido, and run a full scan:
- Click on the default Status ICON and select
the Scan now LINK.
OR
- Click on the Scanner ICON . Select the Scan
TAB.
- Select Complete System Scan. Ewido will now begin to scan your
system.
- If Ewido finds anything it will list them in the Preview WINDOW:
- Make sure that Set all elements to: shows
Quarantine, if not click on the link and choose
Quarantine from the popup menu.- Select Apply all actions at the bottom of the window (and the
items found will be quarantined - and recoverable, if any items are needed
back).- When the scan has completed, click on the Save Scan Report button
and save the scan to your Desktop where it can be easily found.- Copy and paste the EWIDO scan results into your next
post.- Close Ewido.
