WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Too many pop ups!

Started by dragonlove , Mar 14 2006 03:28 PM

This topic is locked

12 replies to this topic

#1 dragonlove

New Member

New Member
6 posts

Posted 14 March 2006 - 03:28 PM

I've been getting ALOT of pop ups lately and I dont know why!! some of them are from hug-ediscounts unique offers a-d-w-a-r-e coolwebsearch adrotator winfixer.. etc.
help!!

Logfile of HijackThis v1.99.1
Scan saved at 4:22:02 PM, on 3/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\WINDOWS\msoevc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Duc\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fcps.blackboard.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fcps.blackboard.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\system32\yayvw.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ykpwqq.exe reg_run
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1138644586271
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37600.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectk...flowActiveX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\ir40l5hm1.dll
O20 - Winlogon Notify: yayvw - C:\WINDOWS\system32\yayvw.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: OSdebug (Microsoft Regulator) - Unknown owner - C:\WINDOWS\msoevc.exe
O23 - Service: Remote Procedure Call (RPC) Service (RpcSssvc) - Unknown owner - C:\WINDOWS\system32\RpcSs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Edited by dragonlove, 14 March 2006 - 03:29 PM.

Advertisements

Register to Remove

#2 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 14 March 2006 - 08:17 PM

dragonlove,

Welcome to the Tom Coyote Forum, let me tell ya, you have got a bunch of bad things going on. I suggest you print this out because we will be closing your browser for part of the fix.

First we need to disable two bad services that are running on your system so we can delete them.

When you look for these services, they could be listed either way, in or out of the brackets.
OSdebug (Microsoft Regulator)
Remote Procedure Call (RPC) Service (RpcSssvc)

* Go to Start> Run and type in services.msc then press Enter
* Scroll down to Both Services I have listed above in Red
* Double Click that service to open it.
* Click on Stop Service.
* Then change the Startup Type to Disabled.
* OK your way out of the program.

SHOW HIDDEN FILES AND FOLDERS

* Click on MY COMPUTER
* Then on your C: Drive
* Then to TOOLS/ FOLDER OPTIONS/ VIEW
* Choose the radio button to SHOW HIDDEN FILES AND FOLDERS
* Take the checkmark out of HIDE EXTENSIONS FOR KNOWN FILE TYPES
* Then APPLY/ OK

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Hold off on posting the log until we are done with the fix.

Download and install Ewido Anti-Malware
Ewido Anti-Malware
* Launch Ewido, there should be an icon on your desktop for it to double-click.
o Click on update
o You should see Update Complete when done.
o Now close out the program <-- Dont run it yet

Now reboot into Safemode
To Enter SAFEMODE

* Go to START/ SHUT OF YOUR COMPUTER/ RESTART
* As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.
* Use the UP AND DOWN ARROW KEYS to scroll up to SAFEMODE
* Then press the ENTER KEY ON YOUR KEYBOARD

Now open Ewido
o Click on scanner.
o Run a full system scan
o Let the program scan the machine.
o While the scan is in progress you will be prompted to clean files, click OK.
o When Prompted - Select Perform action on all infections.
o Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
o Click Save report.
o Save the report to your desktop.

While in Safemode, open HJT Scan Only, close all open windows , the only window you should have open is HJT, put a checkmark in the following entries and click on Fix Checked.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\system32\yayvw.dll
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ykpwqq.exe reg_run
O20 - Winlogon Notify: yayvw - C:\WINDOWS\system32\yayvw.dll
O23 - Service: OSdebug (Microsoft Regulator) - Unknown owner - C:\WINDOWS\msoevc.exe
O23 - Service: Remote Procedure Call (RPC) Service (RpcSssvc) - Unknown owner - C:\WINDOWS\system32\RpcSs.exe

Still in Safemode, look for and delete the following files in Red Dont be alarmed if you cant find them, the scans may have removed them, this is a doublecheck to make sure there gone.

C:\WINDOWS\msoevc.exe
C:\WINDOWS\system32\RpcSs.exe
C:\WINDOWS\system32\yayvw.dll
C:\WINDOWS\system32\ykpwqq.exe

Reboot nomally

Download and Install CCleaner

* Click on Run Cleaner
* Run the Issues Scan < When it asks you to backup the Registry..Say Yes

Tutorial for CCleaner
http://www.ccleaner.com/help/tour1.asp

Post back with the Ewido log, the Vundo Log and a new HJT log and let me know how your system is running now.

Ken

Edited by ken545, 14 March 2006 - 08:35 PM.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#3 dragonlove

New Member

New Member
6 posts

Posted 14 March 2006 - 11:20 PM

I still get pop ups...

Vundo txt.
VundoFix V4.2.33

Checking Java version...

Sun Java not detected
Scan started at 9:54:41 PM 3/14/2006

Listing files found while scanning....

C:\WINDOWS\system32\yayvw.dll
C:\WINDOWS\system32\wvyay.ini
C:\WINDOWS\system32\wvyay.bak1
C:\WINDOWS\system32\wvyay.bak2

C:\WINDOWS\system32\fedgh.bak1
C:\WINDOWS\system32\fedgh.bak2
C:\WINDOWS\system32\fedgh.ini
C:\WINDOWS\system32\fedgh.ini2
C:\WINDOWS\system32\wvyay.bak1
C:\WINDOWS\system32\wvyay.bak2
C:\WINDOWS\system32\wvyay.ini
C:\WINDOWS\system32\yayvw.dll

VundoFix V4.2.33

Checking Java version...

Sun Java not detected
Scan started at 9:56:12 PM 3/14/2006

Listing files found while scanning....

C:\WINDOWS\system32\yayvw.dll
C:\WINDOWS\system32\wvyay.ini
C:\WINDOWS\system32\wvyay.bak1
C:\WINDOWS\system32\wvyay.bak2

C:\WINDOWS\system32\fedgh.bak1
C:\WINDOWS\system32\fedgh.bak2
C:\WINDOWS\system32\fedgh.ini
C:\WINDOWS\system32\fedgh.ini2
C:\WINDOWS\system32\wvyay.bak1
C:\WINDOWS\system32\wvyay.bak2
C:\WINDOWS\system32\wvyay.ini
C:\WINDOWS\system32\yayvw.dll
C:\WINDOWS\system32\fedgh.ini2
C:\WINDOWS\system32\fedgh.bak2
C:\WINDOWS\system32\fedgh.ini
C:\WINDOWS\system32\fedgh.ini2
Attempting to delete C:\WINDOWS\system32\yayvw.dll
C:\WINDOWS\system32\yayvw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvyay.ini
C:\WINDOWS\system32\wvyay.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvyay.bak1
C:\WINDOWS\system32\wvyay.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvyay.bak2
C:\WINDOWS\system32\wvyay.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\fedgh.bak1
C:\WINDOWS\system32\fedgh.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\fedgh.bak2
C:\WINDOWS\system32\fedgh.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\fedgh.ini
C:\WINDOWS\system32\fedgh.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fedgh.ini2
C:\WINDOWS\system32\fedgh.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

HIJACK REPORT AFTER VUNDO

Logfile of HijackThis v1.99.1
Scan saved at 10:01:19 PM, on 3/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Duc\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fcps.blackboard.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fcps.blackboard.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ykpwqq.exe reg_run
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1138644586271
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37600.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectk...flowActiveX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\ir2ml5f11.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

EWIDO SCAN REPORT

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:50:59 PM, 3/14/2006
+ Report-Checksum: 2D74FFAD

+ Scan result:

HKU\.DEFAULT\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup
HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup
HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83A5F7B7-DC75-44CE-9195-264F41709FA9} -> Adware.Virtumonde : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA32FB3B-21C9-42CC-B8EF-01A9B28EDB0D} -> Adware.Virtumonde : Cleaned with backup
HKU\S-1-5-21-1275210071-789336058-1343024091-1003\Software\Kazaa\Promotions\Cydoor -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1275210071-789336058-1343024091-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1275210071-789336058-1343024091-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1275210071-789336058-1343024091-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1275210071-789336058-1343024091-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_1068 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1275210071-789336058-1343024091-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1275210071-789336058-1343024091-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1275210071-789336058-1343024091-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4492 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1275210071-789336058-1343024091-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1275210071-789336058-1343024091-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1275210071-789336058-1343024091-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_1068 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1275210071-789336058-1343024091-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1275210071-789336058-1343024091-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1275210071-789336058-1343024091-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_1068 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1275210071-789336058-1343024091-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1275210071-789336058-1343024091-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Queue -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1275210071-789336058-1343024091-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Status -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1275210071-789336058-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83A5F7B7-DC75-44CE-9195-264F41709FA9} -> Adware.Virtumonde : Cleaned with backup
HKU\S-1-5-21-1275210071-789336058-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA32FB3B-21C9-42CC-B8EF-01A9B28EDB0D} -> Adware.Virtumonde : Cleaned with backup
HKU\S-1-5-18\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup
HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup
HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83A5F7B7-DC75-44CE-9195-264F41709FA9} -> Adware.Virtumonde : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA32FB3B-21C9-42CC-B8EF-01A9B28EDB0D} -> Adware.Virtumonde : Cleaned with backup
[676] C:\WINDOWS\system32\rlchost.dll -> Adware.Look2Me : Error during cleaning
[752] C:\WINDOWS\system32\rlchost.dll -> Adware.Look2Me : Error during cleaning
C:\2464.exe -> Downloader.Adload.t : Cleaned with backup
C:\4634.exe -> Downloader.Adload.r : Cleaned with backup
C:\adef.exe -> Downloader.Adload.j : Cleaned with backup
C:\docs.exe -> Downloader.Adload.o : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\piox.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\Documents and Settings\CT\Cookies\ct@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\CT\Cookies\ct@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\Documents and Settings\CT\Cookies\ct@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\CT\Cookies\ct@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\CT\Cookies\ct@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\CT\Cookies\ct@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\CT\Cookies\ct@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\CT\Cookies\ct@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\CT\Cookies\ct@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\CT\Cookies\ct@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@adorigin[2].txt -> TrackingCookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@ads43.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@ads49.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@snagajob.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@spylog[2].txt -> TrackingCookie.Spylog : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@verizonmysuperpages.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Duc\Cookies\duc@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Duc\Local Settings\Temp\Cookies\duc@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Duc\Local Settings\Temp\Cookies\duc@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Duc\Local Settings\Temp\temp.fr721A -> Adware.Virtumonde : Cleaned with backup
C:\Documents and Settings\Duc\Local Settings\Temp\Temporary Internet Files\Content.IE5\RMK6SH97\ff2[1] -> Adware.Virtumonde : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0B9HFVU8\sjq3lg[1].jpg -> Downloader.Adload.r : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0XYN4H6B\1ckwl[1].jpg -> Downloader.Adload.o : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0XYN4H6B\eas[1].exe -> Downloader.Adload.t : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0XYN4H6B\g69j9[1].jpg -> Downloader.Adload.j : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I4S4TJBJ\drsmartload[1].exe -> Downloader.VB.wj : Cleaned with backup
C:\drsmartload1.exe -> Downloader.VB.wj : Cleaned with backup
C:\WINDOWS\msoevc.exe -> Backdoor.SdBot.xd : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\bnackbox.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GO3JI9C1\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\QDPL5ZVN\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\QDPL5ZVN\AppWrap[2].exe -> Adware.AdURL : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UG7183GO\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup
C:\WINDOWS\system32\dxloader.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\en46l1hs1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\glkfq.dll -> Downloader.Small : Cleaned with backup
C:\WINDOWS\system32\igrdbg32.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ir44l5hq1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ir4ml5h11.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\irnql5551.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\j0j60a1sed.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\jt2m07f1e.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\jumb.exe -> Downloader.Adload.k : Cleaned with backup
C:\WINDOWS\system32\k044lahq1d4e.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\k4pmle711h.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\kcjfvvv.exe -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\khfcb.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\system32\kydes.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\lv0q09d5e.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\lvj6091se.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\lvrm0991e.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\m4280efueh280.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\MJC42D.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mllii.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\system32\msndex.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\n4p40e7qeh.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\nlobjapi.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\nnlanman.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\nqtid.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\nrmsevt.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\o4ro0e93eh.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\phcn20.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\qaiessp.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\WINDOWS\system32\qvwpg.dat -> Downloader.Qoologic.at : Cleaned with backup
C:\WINDOWS\system32\rmdsregq.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\RpcSs.exe -> Worm.Opanki.as : Cleaned with backup
C:\WINDOWS\system32\rqoop.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\system32\rss.exe -> Proxy.Ranky.ef : Cleaned with backup
C:\WINDOWS\system32\ssqop.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\system32\sylx.dll -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\vtspn.dll -> Downloader.ConHook.w : Cleaned with backup
C:\WINDOWS\system32\wgse.exe -> Trojan.Runner.h : Cleaned with backup
C:\WINDOWS\system32\wjnipsec.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\wxerrenu.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ykpwqq.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\WINDOWS\Temp\Cookies\duc@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\duc@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\WINDOWS\Temp\Cookies\duc@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\WINDOWS\Temp\Cookies\duc@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\WINDOWS\Temp\Cookies\duc@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup

::Report End

NEW HIJACK REPORt

Logfile of HijackThis v1.99.1
Scan saved at 12:17:07 AM, on 3/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Duc\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fcps.blackboard.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fcps.blackboard.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1138644586271
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37600.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectk...flowActiveX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\lvlu0939e.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 15 March 2006 - 06:51 AM

Good Morning dragonlove,

I still get pop ups...

Lets work on that, you have got to understand that your computer was just not infected with a virus, it would take all my fingers and toes to count all the bad stuff you had.

Written by Atribune

Please download Look2Me-Destroyer.exe to your desktop.

Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.

You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.

You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.

Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive...ib/MSWINSCK.OCX

Before you post the Look2 me log and a new HJT log, lets do this first.....

Boot in into safemode and open HJT Scan Only and fix these entries.

R3 - Default URLSearchHook is missing
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\lvlu0939e.dll

C:\WINDOWS\system32\lvlu0939e.dll <--Look for and delete this file

Reboot normally.

Post the contents of the C:\Look2Me-Destroyer.txt and a new HiJackThis log.

Ken

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#5 dragonlove

New Member

New Member
6 posts

Posted 15 March 2006 - 02:14 PM

I couldn't find this file C:\WINDOWS\system32\lvlu0939e.dll LOOK2ME txt Look2Me-Destroyer V1.0.10 Scanning for infected files..... Scan started at 3/15/2006 2:54:07 PM Infected! C:\WINDOWS\system32\e020lafm1d2a.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP129\A0066802.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0066879.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0066887.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067055.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067082.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067099.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067100.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067119.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067120.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067137.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067138.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067154.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0068166.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0068168.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0068181.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0068183.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0068193.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0068200.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP131\A0069221.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP132\A0069287.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP132\A0069298.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP133\A0069302.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP133\A0069315.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP133\A0069326.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP133\A0069337.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP135\A0070423.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP135\A0070644.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP136\A0070648.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP137\A0070845.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP137\A0070846.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP137\A0070859.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP138\A0070911.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0071022.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0071023.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0071039.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0071040.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0071058.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0071059.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0072058.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0075061.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0075065.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0076062.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0076068.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076081.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076082.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076084.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076090.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076091.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076092.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076094.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076095.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076096.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076097.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076098.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076099.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076100.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076101.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076102.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076103.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076104.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076105.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076283.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076286.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076305.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076317.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0077316.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP141\A0077465.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP141\A0077483.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP141\A0077484.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP142\A0077506.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP142\A0077507.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP142\A0077520.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP142\A0077536.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP142\A0077537.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077679.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077680.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077694.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077705.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077786.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077844.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077859.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077873.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077884.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077895.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077901.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077916.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077929.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077931.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077942.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077945.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077958.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077960.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077974.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077979.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077990.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077996.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0079004.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0079007.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0079025.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079051.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079067.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079078.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079086.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079099.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079103.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079119.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079149.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079160.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP145\A0080169.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080228.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080239.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080259.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080269.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080276.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080287.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080288.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080289.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080291.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080292.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080293.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080294.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080295.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080296.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080298.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080299.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080302.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080303.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080304.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080305.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080306.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080309.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080310.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080311.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080312.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080313.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080314.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080315.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080316.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080326.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080327.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080330.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080364.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080365.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080373.dll Infected! C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080374.dll Infected! C:\WINDOWS\system32\e020lafm1d2a.dll Infected! C:\WINDOWS\system32\lvno0953e.dll Infected! C:\WINDOWS\system32\rlchost.dll Infected! C:\WINDOWS\system32\sxmpsnap.dll Attempting to delete infected files... Attempting to delete: C:\WINDOWS\system32\e020lafm1d2a.dll C:\WINDOWS\system32\e020lafm1d2a.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP129\A0066802.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP129\A0066802.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0066879.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0066879.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0066887.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0066887.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067055.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067055.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067082.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067082.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067099.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067099.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067100.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067100.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067119.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067119.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067120.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067120.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067137.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067137.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067138.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067138.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067154.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0067154.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0068166.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0068166.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0068168.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0068168.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0068181.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0068181.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0068183.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0068183.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0068193.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0068193.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0068200.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP130\A0068200.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP131\A0069221.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP131\A0069221.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP132\A0069287.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP132\A0069287.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP132\A0069298.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP132\A0069298.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP133\A0069302.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP133\A0069302.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP133\A0069315.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP133\A0069315.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP133\A0069326.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP133\A0069326.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP133\A0069337.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP133\A0069337.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP135\A0070423.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP135\A0070423.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP135\A0070644.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP135\A0070644.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP136\A0070648.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP136\A0070648.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP137\A0070845.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP137\A0070845.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP137\A0070846.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP137\A0070846.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP137\A0070859.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP137\A0070859.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP138\A0070911.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP138\A0070911.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0071022.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0071022.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0071023.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0071023.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0071039.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0071039.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0071040.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0071040.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0071058.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0071058.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0071059.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0071059.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0072058.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0072058.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0075061.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0075061.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0075065.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0075065.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0076062.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0076062.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0076068.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP139\A0076068.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076081.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076081.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076082.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076082.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076084.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076084.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076090.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076090.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076091.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076091.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076092.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076092.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076094.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076094.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076095.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076095.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076096.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076096.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076097.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076097.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076098.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076098.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076099.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076099.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076100.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076100.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076101.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076101.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076102.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076102.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076103.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076103.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076104.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076104.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076105.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076105.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076283.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076283.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076286.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076286.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076305.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076305.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076317.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0076317.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0077316.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP140\A0077316.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP141\A0077465.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP141\A0077465.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP141\A0077483.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP141\A0077483.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP141\A0077484.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP141\A0077484.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP142\A0077506.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP142\A0077506.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP142\A0077507.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP142\A0077507.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP142\A0077520.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP142\A0077520.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP142\A0077536.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP142\A0077536.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP142\A0077537.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP142\A0077537.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077679.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077679.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077680.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077680.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077694.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077694.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077705.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077705.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077786.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077786.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077844.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077844.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077859.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077859.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077873.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077873.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077884.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077884.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077895.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077895.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077901.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077901.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077916.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077916.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077929.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077929.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077931.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077931.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077942.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077942.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077945.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077945.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077958.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077958.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077960.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077960.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077974.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077974.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077979.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077979.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077990.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077990.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077996.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0077996.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0079004.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0079004.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0079007.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0079007.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0079025.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP143\A0079025.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079051.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079051.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079067.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079067.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079078.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079078.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079086.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079086.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079099.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079099.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079103.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079103.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079119.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079119.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079149.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079149.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079160.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP144\A0079160.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP145\A0080169.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP145\A0080169.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080228.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080228.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080239.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080239.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080259.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080259.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080269.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080269.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080276.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080276.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080287.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080287.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080288.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080288.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080289.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080289.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080291.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080291.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080292.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080292.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080293.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080293.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080294.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080294.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080295.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080295.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080296.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080296.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080298.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080298.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080299.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080299.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080302.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080302.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080303.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080303.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080304.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080304.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080305.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080305.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080306.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080306.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080309.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080309.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080310.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080310.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080311.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080311.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080312.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080312.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080313.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080313.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080314.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080314.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080315.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080315.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080316.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080316.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080326.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080326.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080327.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080327.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080330.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080330.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080364.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080364.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080365.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080365.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080373.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080373.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080374.dll C:\System Volume Information\_restore{9B268263-7203-4DBB-803B-A5CC047A4D74}\RP146\A0080374.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\e020lafm1d2a.dll C:\WINDOWS\system32\e020lafm1d2a.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\lvno0953e.dll C:\WINDOWS\system32\lvno0953e.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\rlchost.dll C:\WINDOWS\system32\rlchost.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\sxmpsnap.dll C:\WINDOWS\system32\sxmpsnap.dll Deleted successfully! Making registry repairs. Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ModuleUsage Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{18863A9B-E415-444A-B7CC-87E2E2A26E50}" HKCR\Clsid\{18863A9B-E415-444A-B7CC-87E2E2A26E50} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{EF7E8777-8BCA-4272-98D9-B5E376DB4549}" HKCR\Clsid\{EF7E8777-8BCA-4272-98D9-B5E376DB4549} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{398407E1-20F6-4DBF-ABF6-C24DAFE89C43}" HKCR\Clsid\{398407E1-20F6-4DBF-ABF6-C24DAFE89C43} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{304CD5E1-766C-4D44-8B5C-9221095D0EF9}" HKCR\Clsid\{304CD5E1-766C-4D44-8B5C-9221095D0EF9} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1CF29B99-FA00-42F5-B4AE-4E820E763054}" HKCR\Clsid\{1CF29B99-FA00-42F5-B4AE-4E820E763054} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2D3B6496-D5F4-44AE-9F32-6DEF5BC79968}" HKCR\Clsid\{2D3B6496-D5F4-44AE-9F32-6DEF5BC79968} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F9D1C8A3-FED9-4F84-A96C-719CBD907216}" HKCR\Clsid\{F9D1C8A3-FED9-4F84-A96C-719CBD907216} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{69811873-8530-4545-A920-FF6C2532936E}" HKCR&

#6 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 15 March 2006 - 02:40 PM

dragonlove, It looks like it got rid of that infection, but I need to see a new HJT log. Ken

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#7 dragonlove

New Member

New Member
6 posts

Posted 15 March 2006 - 02:52 PM

I think i have too!!! I havent had any pop ups in the last fifteen minutes =] Do i have to go into safe mode again?

#8 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 15 March 2006 - 02:55 PM

No, I need the HJT log in normal mode

Ken

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#9 dragonlove

New Member

New Member
6 posts

Posted 15 March 2006 - 03:06 PM

here you go!!
Logfile of HijackThis v1.99.1
Scan saved at 3:49:47 PM, on 3/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Duc\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fcps.blackboard.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fcps.blackboard.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1138644586271
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37600.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectk...flowActiveX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#10 dragonlove

New Member

New Member
6 posts

Posted 15 March 2006 - 03:19 PM

PS! If I've gotten rid of all the infections in my computer can you tell me how to prevent future infections? Could you recommend any firewalls or antispyware softwares for me? Should I keep the HJT, Ewido, Vundo, CCleaner and Look2me programs? Thanks again for all the help!!

#11 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 15 March 2006 - 03:23 PM

dragonlove, I am leaving work in a bit, but please check back, I will go over your new log and make sure its all clean, and at that point I have some great free tools for you to install that will help keep your system more secure. Be back early evening Ken

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#12 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 15 March 2006 - 07:41 PM

dragonlove,

First off you have no Anti-Virus software installed :thumbdown:

if you dont want to spend the money on a program, my list of tips includes 2 free programs, just choose one, with Anti Virus software MORE IS NOT BETTER.

Should I keep the HJT, Ewido, Vundo, CCleaner and Look2me programs?

You should remove the Vundo and Look2me programs, these are programs you want to use ONLY to remove an infection, it is not something to run on a regular basis.

Ewido I had you install is a trial, but you will lose the background guard function in 30 days but you still will have access to downloading updates and running the scans.

CCleaner is something you should run once or twice a month to keep all the temp files at bay, you dont need to run the Issues scan to often, we like you to run it after an infection to make sure it cleans out the bad entries in the registry.

You should move HJT off the desktop and into its own folder, this is a program you want to keep and also keep updated to the lastest version in case you ever have to post another log. BUT DONT REMOVE ENTRIES ON YOUR OWN removing the wrong entries can make your system inoperable.

Your HIJACKTHIS program is current, but it is very important that it resides in its own folder.
We will use Hijackthis (HJT) to make changes to your system and HJT will make backups of those changes,
If HJT is not in its own folder, those backups could be lost.

Easy to fix,
* just go to MY COMPUTER > YOUR C:\ DRIVE and create a new folder and name it HIJACKTHIS .
* Now scroll to where you have HJT currently, right click on the HJT icon and select CUT .
* Now open the new folder you just created and right click within that folder and select PASTE .
* Now HJT should reside in C:\HIJACKTHIS\HIJACKTHIS.EXE

You can open HJT and go to the Misc Tools section, scroll towards the bottom and you can check for an updated program, the version you have now is the latest.

You can follow these tips and tools to install to help keep all the bad guys out and to keep you more secure.
Be sure to follow the instructions for System Restore because all the bad stuff YOU remove is backed up in that program and if you ever use it to restore your system to an earlier date, you will become infected all over again :rant2:

* Download and Install CCleaner,
* Click on RUN TOOL
* This program is safe to run, but it will delete your cookies, so if there are any you want to keep,
* Go to Options> Cookies and move any you want to keep from the left window to the right window.

* When you run the Issues Scan before you click on Remove Selected Issues, it will ask you to backup the registry, Say Yes.

* Go to My Computer/ C:/ Windows/ Prefetch and remove all the contents of the Prefetch Folder.
But not the Prefetch folder itself.

* Open INTERNET EXPLORER
* Click on the TOOLS MENU
* Then INTERNET OPTIONS
* At the GENERAL TAB (which should be the first tab you are currently on),
* click on the DELETE FILES BUTTON and put a checkmark in DELETE ALL OFFLINE CONTENT.
* Then press the OK BUTTON . This may take quite a while, so do not be alarmed with how long it takes.
* When it is done, your Temporary Internet Files will now be deleted.

Now Empty your Recycle Bin

System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

Turn off System Restore.

* Right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* Check Turn off System Restore on all Drives.
* Click Apply, and then click OK.

Reboot your System

Turn ON System Restore.

* Right-click My Computer.
* ClickProperties.
* Click the System Restore tab.
* UN-Check Turn off System Restore on all Drives.
* Click Apply, and then click OK.

* Go to Start/ Control Panel/ Performance and Maintenance/ System Restore/ Create a New Restore Point
You need to be in Category View to access this feature.
You can name the restore point anything you like, something that you can remember

* Make sure that your ANTI-VIRUS SOFTWARE is up to date and run a full scan at least once aweek.

* Here are Free Anti-Virus Programs if you need one

AVG Free Edition
AntVir Personal Edition

* Spybot Search and Destroy 1.4
Check for Updates/ Immunize and run a Full System Scan on a regular basis.

* Ad-Aware SE Personal 1.06
Check for Updates and run a Full System Scan on a regular basis.

* Spyware Blaster It will prevent most spyware from ever being installed.

* Spyware Guard It offers realtime protection from spyware installation attempts.

* Win Patrol This program will warn you when any changes are being made to your system and
give you the option to deny the change.

* IE- Spyad IE-Spyad places over 4000 web sites and domains
in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed,
although you will still be able to connect to the sites.

* Firefox Browser
It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use
them both. When it asks you if you want it to be your default browser, say NO and take the checkmark out of the box to ask you again. After you use this
for awhile, you will want to make it your default.

* Thunderbird Mail There companion mail program was highly favored in PCWorld Magazine,
this has a good spam filter and is more secure than Outlook Express.

* Zone Alarm Here is a free Firewall from Zone Labs, I wouldn't
access the internet without it.

* WINDOWS UPDATES - Enable Automatic Updates
Right click on MY COMPUTER/Click on PROPERTIES/ AUTOMATIC UPDATES and put a mark in the radio button
DOWNLOAD UPDATES FOR ME BUT LET ME CHOOSE WHEN TO INSTALL THEM.

* Go to START/ CONTROL PANEL> PERFORMANCE AND MAINTENANCE> REARRANGE ITEMS ON YOUR HARD DISK TO MAKE PROGRAMS RUN FASTER
This is the Windows Disk Defragger, run this maybe once or twice a month to keep your system running good. The first time you run it, it may take awhile.

It has been nice helping you , glad your clean and things are well, I will leave this thread open for a few days in case you have any other questions.

Thanks for using Tom Coyote

Safe Surfin,

Ken

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#13 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 01 April 2006 - 10:45 AM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Body Background

skin color theme