Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

W32/Mabezat.B.worm shredding my PC apart [RESOLVED]

Started by Hussam Magdy , May 22 2008 09:23 PM

  • This topic is locked This topic is locked

#16
Hussam Magdy
Posted 29 May 2008 - 02:37 AM

Hussam Magdy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
OTMoveIt report

File/Folder D:\SONGS moved successfully.
File/Folder D:\OTHERS moved successfully.
D:\VIDEOS moved successfully.
E:\SOURCES moved successfully.
< E:\TOP 100 HOT-POP 2008-05-03 BILLBOARD - TORRENT TATTY FEAT RIAA STARS @224\OFFICE2007 SERIAL.TXT.EXE >
File/Folder E:\TOP 100 HOT-POP 2008-05-03 BILLBOARD - TORRENT TATTY FEAT RIAA STARS @224\OFFICE2007 SERIAL.TXT.EXE not found.
E:\FOUND.000 moved successfully.
E:\NICKELBACK moved successfully.
E:\HOW IT'S MADE moved successfully.
F:\VIDEO_TS moved successfully.
F:\MUSIC moved successfully.
F:\MOVIES moved successfully.
F:\MOVIES moved successfully.
F:\EMULATORS moved successfully.
F:\EDUCATIONAL\HEBA moved successfully.
F:\BOOKS moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05292008_033852


and the CUREit Report

A0014901.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0014902.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0014903.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014904.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014905.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014906.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014907.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014908.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014909.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014910.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014911.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014912.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014913.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014914.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014915.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014916.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014917.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014918.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014919.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014920.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014921.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014922.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014923.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014924.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014924.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0014925.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014926.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014927.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014928.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014929.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014930.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014931.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014932.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014933.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014934.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014935.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014936.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014937.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014938.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014939.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014940.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014941.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014942.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014943.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014944.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014945.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014946.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014947.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014948.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014949.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014949.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0014950.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014951.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014952.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014953.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014954.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014955.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014955.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0014956.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014957.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014958.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014958.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0014959.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014959.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0014960.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014961.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014962.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014963.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014964.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014965.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014966.EXE;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014967.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014968.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014969.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014970.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014971.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014972.EXE;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014973.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014974.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014975.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014976.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014977.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014978.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014979.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0014980.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014981.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014982.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014983.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014984.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014985.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014986.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014987.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014988.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014989.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014990.EXE;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014991.EXE;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014992.EXE;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014993.EXE;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014994.EXE;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014995.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014996.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014997.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014998.EXE;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0014999.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015000.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015001.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015002.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015003.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015004.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015005.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015006.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015007.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015008.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015009.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015010.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015011.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015012.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015013.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015014.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015015.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015016.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015017.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015018.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015019.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015020.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015021.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015022.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015023.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015024.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015025.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015026.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015027.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015028.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015029.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015030.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015031.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015032.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015033.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015034.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015035.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Cured.;
A0015039.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015040.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015041.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015045.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015046.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015047.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015048.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015049.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015050.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015051.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015052.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015053.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015054.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015055.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015056.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015057.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015058.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015059.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015060.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015061.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015062.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015063.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015064.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015065.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015066.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015067.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015068.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015069.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015070.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015071.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015072.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015073.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015074.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015075.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015076.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015077.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015078.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015079.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015080.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015081.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015082.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015083.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015084.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015085.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015086.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015087.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015088.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015089.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015090.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015091.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015092.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015093.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015094.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015095.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015096.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015097.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015098.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015099.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015100.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015101.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015102.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015103.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015104.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015105.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015106.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015107.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015108.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015109.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015110.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015111.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015112.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015113.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015114.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015115.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015116.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015117.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015118.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015119.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015120.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015121.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015122.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015123.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015124.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015125.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015126.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015127.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015128.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015129.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015130.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015131.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015132.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015133.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015134.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015135.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015136.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015137.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015138.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015139.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015140.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015141.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015142.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015143.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015144.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015145.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015146.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015147.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015148.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015149.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015150.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015151.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015152.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015153.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015154.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015155.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015156.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015157.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015158.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015159.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015160.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015161.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015162.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015163.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015164.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015165.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015166.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015167.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015168.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015169.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015170.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015171.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015172.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015173.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015174.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015175.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015176.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015177.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015178.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015179.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015180.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015181.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015182.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015183.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015184.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015185.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015186.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015187.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015188.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015189.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015190.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015191.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015192.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015193.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015194.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015195.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015196.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015197.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015198.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015199.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015200.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015201.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015202.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015203.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015204.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015205.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015206.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015207.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015208.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015209.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015210.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015211.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015212.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015213.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015214.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015215.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015216.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015217.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015218.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015219.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015220.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015221.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015222.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015223.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015224.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015225.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015226.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015227.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015228.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015229.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015230.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015231.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015232.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015233.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015234.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015235.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015236.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015237.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015238.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015239.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015240.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015241.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015242.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015243.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015244.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015245.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015246.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015247.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015248.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015249.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015250.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015251.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015252.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015253.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015254.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015255.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015256.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015257.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015258.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015259.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015260.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015261.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015262.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015263.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015264.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015265.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015266.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015267.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015268.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015269.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015270.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015271.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015272.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015273.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015274.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015275.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015276.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015277.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015278.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015279.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015280.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015281.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015282.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015283.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015284.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015285.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015286.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015287.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015288.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015289.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015290.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015291.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015292.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015293.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015294.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015295.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015296.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015297.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015298.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015299.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015300.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015301.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015302.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015303.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015304.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015305.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015306.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015307.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015308.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015309.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015310.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015311.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015312.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015313.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015314.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015315.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015316.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015317.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015318.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015319.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015320.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015321.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015322.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015323.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015324.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015325.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015326.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015327.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015328.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015329.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015330.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015331.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015332.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015333.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015334.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015335.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015336.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015337.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015338.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015339.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015340.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015341.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015342.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015343.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015344.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015345.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015346.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015347.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015348.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015349.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015350.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A00
  • 0

Advertisements

#17
Hussam Magdy
Posted 29 May 2008 - 02:39 AM

Hussam Magdy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
A0015351.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015352.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015353.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015354.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015355.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015356.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015357.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015358.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015359.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015360.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015361.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015362.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015363.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015364.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015365.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015366.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015367.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015368.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015369.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015370.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015371.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015372.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015373.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015374.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015375.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015376.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015377.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015378.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015379.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015380.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015381.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015382.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015383.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015384.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015385.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015386.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015387.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015388.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015389.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015390.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015391.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015392.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015393.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015394.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015395.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015396.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015397.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015398.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015399.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015400.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015401.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015402.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015403.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015404.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015405.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015406.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015407.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015408.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015409.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015410.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015411.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015412.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015413.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015414.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015415.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015416.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015417.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015418.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015419.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015420.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015421.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015422.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015423.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015424.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015425.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015426.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015427.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015428.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015429.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015430.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015431.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015432.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015433.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015434.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015435.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015436.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015437.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015438.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015439.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015440.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015441.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015442.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015443.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015444.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015445.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015446.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015447.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015448.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015449.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015450.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015451.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015452.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015453.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015454.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015455.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015456.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015457.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015458.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015459.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015460.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015461.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015462.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015463.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015464.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015465.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015466.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015467.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015468.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015469.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015470.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015471.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015472.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015473.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015474.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015475.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015476.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015477.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015478.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015479.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015480.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015481.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015482.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015483.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015484.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015485.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015486.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015487.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015488.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015489.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015490.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015491.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015492.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015493.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015494.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015495.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015496.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015497.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015498.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015499.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015500.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015501.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015502.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015503.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015504.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015505.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015506.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015507.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015508.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015509.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015510.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015511.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015512.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015513.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015514.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015515.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015516.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015517.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015518.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015519.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015520.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015521.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015522.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015523.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015524.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015525.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015526.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015527.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015528.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015529.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015530.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015531.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015532.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015533.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015534.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015535.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015536.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015537.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015538.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015539.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015540.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015541.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015542.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015543.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015544.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015545.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015546.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015547.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015548.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015549.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015550.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015551.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015552.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015553.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015554.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015555.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015556.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015557.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015558.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015559.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015560.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015561.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015562.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015563.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015564.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015565.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015566.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015567.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015568.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015569.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
A0015570.exe;C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP12;Win32.HLLW.Tazebama;Deleted.;
SONGS .0XE;C:\_OTMoveIt\MovedFiles\05292008_033211\SONGS;Win32.HLLW.Tazebama;Deleted.;
OTHERS .0XE;C:\_OTMoveIt\MovedFiles\05292008_033246\OTHERS;Win32.HLLW.Tazebama;Deleted.;
BOOKS .0XE;C:\_OTMoveIt\MovedFiles\05292008_033852\BOOKS;Win32.HLLW.Tazebama;Deleted.;
HEBA .0XE;C:\_OTMoveIt\MovedFiles\05292008_033852\EDUCATIONAL\HEBA;Win32.HLLW.Tazebama;Deleted.;
EMULATORS .0XE;C:\_OTMoveIt\MovedFiles\05292008_033852\EMULATORS;Win32.HLLW.Tazebama;Deleted.;
FOUND.000 .0XE;C:\_OTMoveIt\MovedFiles\05292008_033852\FOUND.000;Win32.HLLW.Tazebama;Deleted.;
HOW IT'S MADE .0XE;C:\_OTMoveIt\MovedFiles\05292008_033852\HOW IT'S MADE;Win32.HLLW.Tazebama;Deleted.;
INSTALLMSN11AR.0XE;C:\_OTMoveIt\MovedFiles\05292008_033852\MOVIES;Win32.HLLW.Tazebama;Deleted.;
MOVIES .0XE;C:\_OTMoveIt\MovedFiles\05292008_033852\MOVIES;Win32.HLLW.Tazebama;Deleted.;
MUSIC .0XE;C:\_OTMoveIt\MovedFiles\05292008_033852\MUSIC;Win32.HLLW.Tazebama;Deleted.;
NICKELBACK .0XE;C:\_OTMoveIt\MovedFiles\05292008_033852\NICKELBACK;Win32.HLLW.Tazebama;Deleted.;
SOURCES .0XE;C:\_OTMoveIt\MovedFiles\05292008_033852\SOURCES;Win32.HLLW.Tazebama;Deleted.;
VIDEOS .0XE;C:\_OTMoveIt\MovedFiles\05292008_033852\VIDEOS;Win32.HLLW.Tazebama;Deleted.;
VIDEO_TS .0XE;C:\_OTMoveIt\MovedFiles\05292008_033852\VIDEO_TS;Win32.HLLW.Tazebama;Deleted.;


There were Icons beside the files that say "CURED" but I couldnt move or delete them , they were blanked out ...
  • 0

#18
RatHat
Posted 29 May 2008 - 04:04 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Lets see what we have left over now.

Download OTCleanIt again.
Double-click OTCleanIt.exe to run it.
Click the Clean up button
Click Yes to the reboot.

Now Turn OFF System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Restart your computer.

Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore.
  • Click Apply, and then click OK.

System Restore will now be active again.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please run an online scan with Kaspersky WebScanner. Note: You must use Internet Explorer to run this scan.

Click the Accept button.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display the results if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop as Kaspersky.txt.
  • Copy and paste that information in your next post.
Lets see how much is left, and whether we have got the file infector!

Regards,
RatHat
  • 0

#19
Hussam Magdy
Posted 29 May 2008 - 08:05 PM

Hussam Magdy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 30, 2008 5:04:00 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/05/2008
Kaspersky Anti-Virus database records: 812777
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 61344
Number of viruses found: 1
Number of infected objects: 15
Number of suspicious objects: 0
Duration of the scan process: 01:20:52

Infected Object Name / Virus Name / Last Action
C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
C:\Documents and Settings\All Users\Application Data\sentinel\2.1\gwhashs.dat Object is locked skipped
C:\Documents and Settings\Hussamofe\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Hussamofe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Hussamofe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Hussamofe\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Hussamofe\Local Settings\History\History.IE5\MSHist012008052920080530\index.dat Object is locked skipped
C:\Documents and Settings\Hussamofe\Local Settings\History\History.IE5\MSHist012008053020080531\index.dat Object is locked skipped
C:\Documents and Settings\Hussamofe\Local Settings\Temp\~DF264B.tmp Object is locked skipped
C:\Documents and Settings\Hussamofe\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Hussamofe\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Hussamofe\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Hussamofe\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Panda Security\Panda Antivirus 2008\cace2423dfb97c58fe7dd9f120557063PSK_NAMES Object is locked skipped
C:\Program Files\Panda Security\Panda Antivirus 2008\cace2423dfb97c58fe7dd9f120557063PSK_NAMES2 Object is locked skipped
C:\Program Files\WindowsUpdate\log.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
D:\Recycled\RECYCLED .0XE Infected: Worm.Win32.Mabezat.b skipped
D:\System Volume Information\SYSTEM VOLUME INFORMATION .0XE Infected: Worm.Win32.Mabezat.b skipped
D:\System Volume Information\WINDOWS KEYS SECRETS.0XE Infected: Worm.Win32.Mabezat.b skipped
E:\$RECYCLE.BIN\$RECYCLE.BIN .0XE Infected: Worm.Win32.Mabezat.b skipped
E:\System Volume Information\SYSTEM VOLUME INFORMATION .0XE Infected: Worm.Win32.Mabezat.b skipped
E:\System Volume Information\HP_LASERJETALLINONECONFIG.0XE Infected: Worm.Win32.Mabezat.b skipped
E:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
E:\Sources\Karaoke\KARAOKE .0XE Infected: Worm.Win32.Mabezat.b skipped
E:\Sources\Itunes\ITUNES .0XE Infected: Worm.Win32.Mabezat.b skipped
E:\Sources\Power DVD\POWER DVD .0XE Infected: Worm.Win32.Mabezat.b skipped
E:\Sources\DirectX9\DIRECTX9 .0XE Infected: Worm.Win32.Mabezat.b skipped
E:\Sources\Codecs\CODECS .0XE Infected: Worm.Win32.Mabezat.b skipped
E:\Sources\TempClean\TEMPCLEAN .0XE Infected: Worm.Win32.Mabezat.b skipped
E:\Sources\Spyware\SPYWARE .0XE Infected: Worm.Win32.Mabezat.b skipped
E:\Sources\Spy\SPY .0XE Infected: Worm.Win32.Mabezat.b skipped
F:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
F:\Recycled\RECYCLED .0XE Infected: Worm.Win32.Mabezat.b skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
  • 0

#20
RatHat
Posted 29 May 2008 - 09:21 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
It is still showing infected files! :)

Download OTMoveIt2 by OldTimer again.
  • Save it to your desktop.
  • Double-click OTMoveIt2.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

D:\Recycled
E:\$RECYCLE.BIN
E:\Sources
F:\Recycled


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Open Notepad, and copy everything in the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy).
  • Save the Notepad file to your Desktop as OTM.txt.
  • Close OTMoveIt
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please include the contents of OTM.txt in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Step 1:
Download the eScan Antivirus Toolkit Here. Save it to the Desktop, it is roughly 10MB in size.
Before running the program we need to update the signature files first in Step 2.

Step 2:
Updating the eScan Antivirus Toolkit with the latest files:

1.) Double-click on the mwav.exe file saved to the Desktop; it will extract the program files to a new folder called Kaspersky at the root of the C:\drive. (C:\Kaspersky.)

2.) Double-click on My Computer, double-click on the Hard Drive (usually the C:\drive), find and double-click on the Kaspersky folder; inside the Kaspersky folder, find and double-click on the kavupd.exe file. Double-clicking on the kavupd.exe file opens the Windows command prompt (DOS screen) and updates the program with all the latest signature files.

3.) After the update is complete, the bottom of the command prompt will read "Press any key to continue", press any key to close the screen. Close eScan for now. You need to also close all Windows Explorer windows (or "My Computer" windows) to allow a refresh.

4.) *Important* : in order to complete the update process, you must now do the following:

- Using Windows Explorer (or "My Computer"), go to C:\Downloads and "Copy" all files present in that folder
- "Paste" the files in C:\Kaspersky
- Allow the overwriting of existing files, when prompted
- Close Windows Explorer

Please do not run a scan with the eScan Antivirus Toolkit utility yet.

Step 3:
Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.

Step 4:
From Safe Mode, run the eScan Antivirus Toolkit. Please follow these instructions:

1.) To run the eScan Antivirus Toolkit program, look for a file called mwavscan.com inside the C:\Kaspersky folder.

2.) Double-click on the mwavscan.com file; this will open the eScan program.

3.) With the eScan interface on your Desktop, make sure that these boxes under Scan Option are checked : Memory, Registry, Startup Folders, System Folders, Services.

4.) Check the Drive box, this will enable the All Local Drives radio button below it. Make sure it is activated.

5.) Below these boxes, make sure the box Scan All Files is checked, not Program Files.

6.) Click the Scan Clean button and let the utility run until it completes a thorough scan of your hard drive. When the scan has finished it will read Scan Completed. Do not Exit the tool just yet.

7.) Open a new NotePad file (click on "Start" >> "All Programs" >>"Accessories" >> "NotePad"), then Copy/Paste the content of the Virus Log Information window into that file, and save it. eScan also creates a full log inside the C:\Kaspersky folder (named mwav.log), but it is huge and cannot be posted on a forum. Please post the content of the log you have saved (into NotePad) in your next reply, once all steps are completed.

Reboot your computer into normal Windows and post me the OTM.txt, the MBAM log, and the results of the eScan that you saved.

Regards,
RatHat
  • 0

#21
Hussam Magdy
Posted 30 May 2008 - 01:07 AM

Hussam Magdy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
OTM.txt First ...

D:\Recycled moved successfully.
E:\$RECYCLE.BIN moved successfully.
E:\Sources\Windows.Media.Player.11.Final_+_VALIDATION.CRACK-SystemGhost\Windows.Media.Player.11-SystemGhost\Validation.Crack moved successfully.
E:\Sources\Windows.Media.Player.11.Final_+_VALIDATION.CRACK-SystemGhost\Windows.Media.Player.11-SystemGhost moved successfully.
E:\Sources\Windows.Media.Player.11.Final_+_VALIDATION.CRACK-SystemGhost moved successfully.
E:\Sources\WinRAR.v3.70.Incl.Keymaker.And.Patch-CORE\cr-wr370 moved successfully.
E:\Sources\WinRAR.v3.70.Incl.Keymaker.And.Patch-CORE moved successfully.
E:\Sources\Internet explorer 7+ CRACK in FOUR STEPS 100 % WOrking\Internet explorer 7+ CRACK in FOUR STEPS 100 % WOrking\Internet explorer 7+ CRACK in FOUR STEPS 100 % WOrking\IE7-WindowsXP-x86-enu\update moved successfully.
E:\Sources\Internet explorer 7+ CRACK in FOUR STEPS 100 % WOrking\Internet explorer 7+ CRACK in FOUR STEPS 100 % WOrking\Internet explorer 7+ CRACK in FOUR STEPS 100 % WOrking\IE7-WindowsXP-x86-enu moved successfully.
E:\Sources\Internet explorer 7+ CRACK in FOUR STEPS 100 % WOrking\Internet explorer 7+ CRACK in FOUR STEPS 100 % WOrking\Internet explorer 7+ CRACK in FOUR STEPS 100 % WOrking moved successfully.
E:\Sources\Internet explorer 7+ CRACK in FOUR STEPS 100 % WOrking\Internet explorer 7+ CRACK in FOUR STEPS 100 % WOrking moved successfully.
E:\Sources\Internet explorer 7+ CRACK in FOUR STEPS 100 % WOrking moved successfully.
E:\Sources\Folder Lock 5.2.6 With [Serial] moved successfully.
E:\Sources\wmp11-windowsxp-x86-enu moved successfully.
E:\Sources\TOEFL IBT CD1&CD2 moved successfully.
E:\Sources\LimeWire PRO Version 4.12.6\LimeWire4.12.6Win moved successfully.
E:\Sources\LimeWire PRO Version 4.12.6 moved successfully.
E:\Sources\FamilyGuy_XtremeDesktop_Setup\FamilyGuy_XtremeDesktop_Setup moved successfully.
E:\Sources\FamilyGuy_XtremeDesktop_Setup moved successfully.
E:\Sources\ImTOO iPod Movie Converter 2.1 moved successfully.
E:\Sources\Spy\Microsoft AntiSpyware 2006 Upgrade moved successfully.
E:\Sources\Spy moved successfully.
E:\Sources\BLACK.AND.WHITE.2.KEYGEN-DEViANCE\dev-bw2k moved successfully.
E:\Sources\BLACK.AND.WHITE.2.KEYGEN-DEViANCE moved successfully.
E:\Sources\Spyware\CWShredder\CWShredder moved successfully.
E:\Sources\Spyware\CWShredder moved successfully.
E:\Sources\Spyware\Nailfix\Nailfix moved successfully.
E:\Sources\Spyware\Nailfix moved successfully.
E:\Sources\Spyware\l2mfix\regfixes moved successfully.
E:\Sources\Spyware\l2mfix\backregs moved successfully.
E:\Sources\Spyware\l2mfix moved successfully.
E:\Sources\Spyware\KillBox moved successfully.
E:\Sources\Spyware\Anti-Spyware moved successfully.
E:\Sources\Spyware moved successfully.
E:\Sources\Sharing clients\Lime Wire LimeWire Pro 4.9.23\LimeWire Pro 4.9.23 moved successfully.
E:\Sources\Sharing clients\Lime Wire LimeWire Pro 4.9.23 moved successfully.
E:\Sources\Sharing clients moved successfully.
E:\Sources\Bittorrent clients moved successfully.
E:\Sources\Mobile Stuff moved successfully.
E:\Sources\TempClean moved successfully.
E:\Sources\Important files moved successfully.
E:\Sources\Codecs moved successfully.
E:\Sources\MSN Messenger\New Winks (Pucca & The Ring) 7 moved successfully.
E:\Sources\MSN Messenger\New BlueMountain Winks (13) moved successfully.
E:\Sources\MSN Messenger\New BlueMountain Moods (7) moved successfully.
E:\Sources\MSN Messenger\New BlueMountain Emoticons (5 Packs Including 32 Emoticons) moved successfully.
E:\Sources\MSN Messenger\MSN Stuff\EmoPack V1 moved successfully.
E:\Sources\MSN Messenger\MSN Stuff\Love MSN Pack\Display Pictures moved successfully.
E:\Sources\MSN Messenger\MSN Stuff\Love MSN Pack\Emoticons moved successfully.
E:\Sources\MSN Messenger\MSN Stuff\Love MSN Pack\Backgrounds moved successfully.
E:\Sources\MSN Messenger\MSN Stuff\Love MSN Pack moved successfully.
E:\Sources\MSN Messenger\MSN Stuff\Mood II Display Pictures moved successfully.
E:\Sources\MSN Messenger\MSN Stuff moved successfully.
E:\Sources\MSN Messenger\Winks moved successfully.
E:\Sources\MSN Messenger\MSN 7\winks moved successfully.
E:\Sources\MSN Messenger\MSN 7\installer moved successfully.
E:\Sources\MSN Messenger\MSN 7\moods moved successfully.
E:\Sources\MSN Messenger\MSN 7\smileys moved successfully.
E:\Sources\MSN Messenger\MSN 7 moved successfully.
E:\Sources\MSN Messenger moved successfully.
E:\Sources\DirectX9\DirectX 9.0 C moved successfully.
E:\Sources\DirectX9 moved successfully.
E:\Sources\WinAVI VideoConverter 6.3 PL\RMdll moved successfully.
E:\Sources\WinAVI VideoConverter 6.3 PL moved successfully.
E:\Sources\Power DVD moved successfully.
E:\Sources\Internet.Download.Manager.5.12.With.All.Patches.MiYAN\IDM PATCH's AND KEYGEN's\IDM.5.12.Keygen.By.TCK moved successfully.
E:\Sources\Internet.Download.Manager.5.12.With.All.Patches.MiYAN\IDM PATCH's AND KEYGEN's\IDM.5.12.Patch.ASTALAVISTA moved successfully.
E:\Sources\Internet.Download.Manager.5.12.With.All.Patches.MiYAN\IDM PATCH's AND KEYGEN's\IDM.5.12.Patch.UNREAL\IDM.Patch moved successfully.
E:\Sources\Internet.Download.Manager.5.12.With.All.Patches.MiYAN\IDM PATCH's AND KEYGEN's\IDM.5.12.Patch.UNREAL moved successfully.
E:\Sources\Internet.Download.Manager.5.12.With.All.Patches.MiYAN\IDM PATCH's AND KEYGEN's moved successfully.
E:\Sources\Internet.Download.Manager.5.12.With.All.Patches.MiYAN moved successfully.
E:\Sources\YouTube FLV to AVI Converter PRO 2.0.5\MKDEV TEAM CRACK\MKDEV TEAM CRACK moved successfully.
E:\Sources\YouTube FLV to AVI Converter PRO 2.0.5\MKDEV TEAM CRACK moved successfully.
E:\Sources\YouTube FLV to AVI Converter PRO 2.0.5 moved successfully.
E:\Sources\Apple.QuickTime.Pro.v7.3.0.70.Multilingual.Regged-CORE\Apple.QuickTime.Pro.v7.3.0.70.Multilingual\QuickTimeInstaller moved successfully.
E:\Sources\Apple.QuickTime.Pro.v7.3.0.70.Multilingual.Regged-CORE\Apple.QuickTime.Pro.v7.3.0.70.Multilingual moved successfully.
E:\Sources\Apple.QuickTime.Pro.v7.3.0.70.Multilingual.Regged-CORE moved successfully.
E:\Sources\Itunes moved successfully.
E:\Sources\Rarlab.WinRAR.v3.71.FiNAL.VALENCIAN.Cracked-BRAiGHTLiNG\bl-rwr371fva moved successfully.
E:\Sources\Rarlab.WinRAR.v3.71.FiNAL.VALENCIAN.Cracked-BRAiGHTLiNG moved successfully.
E:\Sources\Karaoke\(D's) The Sunfly Karaoke Collection CDG (5 of 25) moved successfully.
E:\Sources\Karaoke\(M's) The Sunfly Karaoke Collection Cdg (14 Of 26) moved successfully.
E:\Sources\Karaoke moved successfully.
E:\Sources moved successfully.
F:\Recycled moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05302008_064607


================================================================================
=========



MalwareBytes Log ....


Malwarebytes' Anti-Malware 1.13
Database version: 800

6:57:38 AM 5/30/2008
mbam-log-5-30-2008 (06-57-38).txt

Scan type: Quick Scan
Objects scanned: 36347
Time elapsed: 3 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


================================================================================
========


Escan Log here too ...


File C:\_OTMoveIt\MovedFiles\05302008_064607\$RECYCLE.BIN\$RECYCLE.BIN .0XE infected by "Worm.Win32.Mabezat.b" Virus. Action Taken: File Deleted.

File C:\_OTMoveIt\MovedFiles\05302008_064607\Recycled\RECYCLED .0XE infected by "Worm.Win32.Mabezat.b" Virus. Action Taken: File Deleted.

File C:\_OTMoveIt\MovedFiles\05302008_064607\Sources\Codecs\CODECS .0XE infected by "Worm.Win32.Mabezat.b" Virus. Action Taken: File Deleted.

File C:\_OTMoveIt\MovedFiles\05302008_064607\Sources\DirectX9\DIRECTX9 .0XE infected by "Worm.Win32.Mabezat.b" Virus. Action Taken: File Deleted.

File C:\_OTMoveIt\MovedFiles\05302008_064607\Sources\Itunes\ITUNES .0XE infected by "Worm.Win32.Mabezat.b" Virus. Action Taken: File Deleted.

File C:\_OTMoveIt\MovedFiles\05302008_064607\Sources\Karaoke\KARAOKE .0XE infected by "Worm.Win32.Mabezat.b" Virus. Action Taken: File Deleted.

File C:\_OTMoveIt\MovedFiles\05302008_064607\Sources\Power DVD\POWER DVD .0XE infected by "Worm.Win32.Mabezat.b" Virus. Action Taken: File Deleted.

File C:\_OTMoveIt\MovedFiles\05302008_064607\Sources\Spy\SPY .0XE infected by "Worm.Win32.Mabezat.b" Virus. Action Taken: File Deleted.

File C:\_OTMoveIt\MovedFiles\05302008_064607\Sources\Spyware\SPYWARE .0XE infected by "Worm.Win32.Mabezat.b" Virus. Action Taken: File Deleted.

File C:\_OTMoveIt\MovedFiles\05302008_064607\Sources\TempClean\TEMPCLEAN .0XE infected by "Worm.Win32.Mabezat.b" Virus. Action Taken: File Deleted.

File D:\System Volume Information\SYSTEM VOLUME INFORMATION .0XE infected by "Worm.Win32.Mabezat.b" Virus. Action Taken: File Deleted.

File D:\System Volume Information\WINDOWS KEYS SECRETS.0XE infected by "Worm.Win32.Mabezat.b" Virus. Action Taken: File Deleted.

File E:\System Volume Information\SYSTEM VOLUME INFORMATION .0XE infected by "Worm.Win32.Mabezat.b" Virus. Action Taken: File Deleted.

File E:\System Volume Information\HP_LASERJETALLINONECONFIG.0XE infected by "Worm.Win32.Mabezat.b" Virus. Action Taken: File Deleted.


That's all u asked for :)

Edited by Hussam Magdy, 30 May 2008 - 01:08 AM.

  • 0

#22
RatHat
Posted 30 May 2008 - 02:16 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Lets carry out the routine in post 18 again.

OTCleanIt
Reset System Restore
ATF Cleaner
Kaspersky scan

Post me the results of the Kaspersky scan when done, and lets hope we have it cleaned this time.

Regards,
RatHat
  • 0

#23
Hussam Magdy
Posted 30 May 2008 - 09:12 AM

Hussam Magdy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 30, 2008 6:09:13 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/05/2008
Kaspersky Anti-Virus database records: 814948
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
I:\

Scan Statistics:
Total number of scanned objects: 61274
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:14:02

Infected Object Name / Virus Name / Last Action
C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
C:\Documents and Settings\All Users\Application Data\sentinel\2.1\gwhashs.dat Object is locked skipped
C:\Documents and Settings\Hussamofe\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Hussamofe\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Hussamofe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Hussamofe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Hussamofe\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Hussamofe\Local Settings\History\History.IE5\MSHist012008053020080531\index.dat Object is locked skipped
C:\Documents and Settings\Hussamofe\Local Settings\Temp\~DF1F5E.tmp Object is locked skipped
C:\Documents and Settings\Hussamofe\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Hussamofe\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Hussamofe\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Panda Security\Panda Antivirus 2008\cace2423dfb97c58fe7dd9f120557063PSK_NAMES Object is locked skipped
C:\Program Files\Panda Security\Panda Antivirus 2008\cace2423dfb97c58fe7dd9f120557063PSK_NAMES2 Object is locked skipped
C:\Program Files\WindowsUpdate\log.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
D:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP1\change.log Object is locked skipped
E:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP1\change.log Object is locked skipped
E:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
F:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{E31535B5-06E2-4AA2-856B-3D3ED86808FF}\RP1\change.log Object is locked skipped

Scan process completed.



Please tell me that I'm clean and that the locked objects are nothing :) :)
  • 0

#24
RatHat
Posted 30 May 2008 - 09:18 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
We might just have it!

Lets make sure though. Run another F-Secure online scan:
  • Go to http://support.f-sec.../home/ols.shtml
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take a while, so please be patient
  • 0

#25
Hussam Magdy
Posted 30 May 2008 - 02:34 PM

Hussam Magdy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Scanning Report
Friday, May 30, 2008 22:18:09 - 23:34:33
Computer name: HUSSAM
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\ E:\ F:\


--------------------------------------------------------------------------------

Result: 1 malware found
Tracking Cookie (spyware)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 36568
System: 3323
Not scanned: 8
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 1
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Hydra: 2.8.8110, 2008-05-30
F-Secure AVP: 7.0.171, 2008-05-30
F-Secure Pegasus: 1.20.0, 2008-04-15
F-Secure Blacklight: 1.0.68
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
  • 0

Advertisements

#26
RatHat
Posted 30 May 2008 - 05:43 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK, you look clean!

Can you post me a HijackThis log please.
  • 0

#27
Hussam Magdy
Posted 30 May 2008 - 09:33 PM

Hussam Magdy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:33:49 AM, on 5/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....ink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe

--
End of file - 8926 bytes
  • 0

#28
RatHat
Posted 30 May 2008 - 10:21 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot.

Post me a fresh HijackThis log, and let me know if you have had any more problems.

Regards,
RatHat
  • 0

#29
Hussam Magdy
Posted 31 May 2008 - 07:16 AM

Hussam Magdy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:14:31 PM, on 5/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....ink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe

--
End of file - 8156 bytes



Actually I dont have problems now at all ... pc is faster, everything is working smoothly except I need to reinstall every program that got deleted during the disinfection ... Is there a topic around here for prevention in the future ?!! I have no firewall , no automatic updates and no antivirus installed :) ...
How does my hijackthis log look ?!!
  • 0

#30
RatHat
Posted 31 May 2008 - 07:25 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hey there,

OK! Well done, your log is clean again! :)

Now I would advise copying all your files to a spare hard drive, and then reformatting your computer. I am not 100% sure that we have completely got rid of this worm, though I cannot be sure as I have not had any dealings with it before, and have not been able to find anyone else who has.

If you choose to reinstall your programs only, below are some methods for keeping protected against future infection. One thing I would say though, if you continue to use cracked software and P2P programs, you can be sure you will get infected again.

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Now lets Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Turn OFF System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Restart your computer.

Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore.
  • Click Apply, and then click OK.

System Restore will now be active again.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Next, lets reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

Reset Hidden/System Files & Folders
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
  • CHECK the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


In addition to Windows updates, you also need to ensure that your version of Java is the latest.Click here to download the latest version (Java Runtime Environment (JRE) 6 Update 6). Once downloaded, install it and then Reboot your computer.

It is most important that you also uninstall older versions of Java.
  • Click Start, Control Panel, Add/Remove Programs.
  • Delete all Java updates except Java ™ 6 Update 6
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OK, now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware
  • SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. A tutorial can be found here.
  • Spybot Search & Destroy a powerful tool which can "search and destroy" nasties that make it onto your system. Now with an Immunize section that will help prevent future infections. A tutorial can be found here.
  • AdAware another very powerful tool which searches and kills nasties that infect your system. A tutorial can be found here. AdAware and Spybot Search & Destroy compliment each other very well.

Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Next lets look at Firewalls. These help to prevent unauthorised access both to and from the internet or your local network. A firewall is considered a first line of defense in protecting private information. Below are two free firewalls to choose from, if you do not already have one. Note: You only need one firewall one your system.

Personal Firewalls~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


On to personal Anti Virus programs. One AV is a must have! But never more than one, as this can and will cause conflicts and false readings. I have listed three free AV's below which are as good as any paid subscription AV, as long as you allow them to update themselves.

Anti Virus Programs~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Lastly, it is a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

Temp File Cleaners
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Note: Do NOT run this program if you have XP Professional 64 bit edition.
  • ATF Cleaner A very powerful cleaning program for XP and Windows 2000 only. Note: You may have this already as part of the fixes you have run.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I will keep this log open for the next couple of days, so if you have any further problems post another reply here.

OK, all the best, and stay safe!

Best regards,
RatHat
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP