Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Long time guest reader, now losing my hair...

Started by Maven911 , Jul 19 2005 08:11 PM

  • This topic is locked This topic is locked

#1
Maven911
Posted 19 July 2005 - 08:11 PM

Maven911

    Member

  • Member
  • PipPip
  • 32 posts
Hi,
I'm a long time reader, in the past when I googled for help against malware, I was able to solve my problems by the things you guys recommended to others.

Now I am in a big binde, and I would really appreciate some expert help on this because I really really really need it. I'm sorry for the length of my message, I'm just trying to be as detailed as possible.
Since yesterday I am having big troubles with another attack by various malware software self-installed on my pc, the problems include:

1.A toolbar added to Windows Explorer (like a Google Search one except theres links to gambling,pharmacy,finance,adult). (I am able to "hide" it on other accounts, but not my main one, the options are greyed out under: View --> Toolbar)
2.URL's that will redirect.
3.An unbelivable amount of "not responding" programs and freeze-ups, I am happy that I can just open firefox and actually post this, its been my 3rd reboot just to be able to open firefox and hijackthis at the same time). Which also means that whenever I use my Adware/Spy Removal, they freeze midway. I have runned scans with Venus Fly Trap, Spybot, Spyware Doctor and AVG Antivirus only to stop them because they were no longer responding. They detect minor problems, "clean" them up, and then redetect then everytime again. Though Venus FlyTrap did remove these from startup on "msconfig" (I tried manually, but they reappeared every time I restarted before using FlyTrap):
Jaguar.exe
Kargo.exe
wormexe.exe
utsgmon.exe

4.Ware Out Inc. was self-installed on my computer, I removed it.
5.Pop-up Bubble Messages that tell me there's spyware, while it's actually being executed by the malware so that I go on sites that it wants me to go on. (Only happens when I'm using IE rathar then Firefox).

Also, I'm tying to figure out why it's so slow by using Windows Task Manager. When idle, my CPU is at 7% usage(95% of that is System Idle..is it suppose to be that much??). Before the malwares installed, it used to be 3-4%, though I don't think it matters much. Also my page filed used is 250 Mb by the time my PC is started, with 60Mb free. Yet, it reacts incredibly slower then normal.
I tried shutting down some of the "bigger" tasks (except explorer.exe) that hogged my memory, and when I closed one of the svchost.exe, there was a message that countdowns to 60 seconds and says Windows must shut-down by the NT/Administrator because of a Remote Procedure Call (RPC). Is that normal???
Because in the past, when I tried to shut down all sorts of tasks "for fun", I never got this 60 second countdown...and the word "remote" scares me also...

I'm sorry once again for the long rambling...please help, I will be eternally grateful.

Here's my HiJack log:
Logfile of HijackThis v1.99.1
Scan saved at 10:10:34 PM, on 19/07/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\MathLab\webserver\bin\win32\matlabserver.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
c:\mathlab\bin\win32\matlab.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Shan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {83165855-35FD-9812-4608-C42FC0A457C5} - utsgmon.dll (file missing)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Shan\Application Data\Mozilla\Profiles\default\jw91rha3.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\xqoxe.dll
O2 - BHO: Name - {139F423B-D185-469A-9418-E8843C5BAE3D} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {1711163E-0759-4822-B2D6-BEB4A35FB43D} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {19A5B51E-83D3-46C9-92C8-3C594FC61E17} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {20884615-9E58-47D0-9E0C-F5A0C406C583} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {3D0A2D30-983F-4368-8D4B-487640934165} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {3E45873E-E274-41B8-B1EA-02EB41A13A9A} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {3F2832C9-13AB-4C3E-B8E5-5F457C4454B7} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Name - {5C8E26E0-CFEA-44BA-B246-B72862D1AB9A} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {72B9229F-2179-4615-8047-6AED5631A372} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {750A77E4-124E-4CEE-90CB-9C7E417F322E} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {75B47C19-CEAC-4DAC-BCEB-416E378FD786} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Name - {A5F4EBC2-183F-4A47-BD57-42510EA116F7} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {A77C2B23-7AD6-48C5-9FFA-EF441D937F85} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {B4254571-47CD-47A1-9117-ECA30B8F9D8B} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O2 - BHO: Name - {CF8ADA9D-922C-46A3-AD8B-2704BA34CAD8} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {DE419A1C-06BE-423C-BA31-362AD5E17791} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {E10A3900-08C8-4D5F-8B68-3D97DB3D2006} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {F14F383C-A26C-40CF-97E8-1A29FC2B051D} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {F5B49C98-FB1C-4961-9FBC-20FDFE1520F7} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {F5FFE383-FBBF-4F6F-A0AF-93FD68882AC2} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {F60A9D8D-C47A-4EF9-9D5D-52F311E2584F} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {FE0A35F3-640C-4E88-B3D3-E94CC477A4D1} - C:\WINDOWS\System32\msolx.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\xqoxe.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [br0ken] UserSp1.exe
O4 - HKLM\..\Run: [GhostSurfDelSatellite] C:\Program Files\SpyCat\DeleteSatellite.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {22222222-2222-2222-2222-222222222222} - file://c:\x.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://67.68.70.131/web/NetCam.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1109200142302
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futurema...lobal/msc34.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{633A6F70-EC6F-4182-94D7-0081FEB099E6}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0B34E30-24FD-4D36-9BC0-EC485D83B80C}: NameServer = 69.50.184.86,85.255.112.9
O21 - SSODL: SystemCheck - {54645654-2225-4455-44A1-9F4543D34544} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MathLab\webserver\bin\win32\matlabserver.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
  • 0

Advertisements

#2
Rawe
Posted 23 July 2005 - 12:32 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello and welcome.

I'm sorry for the late reply, there's heavy traffic here.

Well, you have a messy log there!

Please print these instructions out, or write them down, as you can't read them during the fix.

You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download SpSeHjfix Here.
Download and install CleanUp! Here

Save all of these files somewhere you will remember like to the Desktop.

Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)

Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

Now run CleanUp! Click CleanUp and allow it to delete all the temporary files. REBOOT!!

Please run an free online anti-virus scan; Kaspersky or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.

- Rawe :tazz:
  • 0

#3
Maven911
Posted 23 July 2005 - 01:30 PM

Maven911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Thank you,
for assisting me, I am very very grateful.
And yes I know how busy the site is, when I first posted, my page was gone off the 1st page of the Malware Thread in less then an hour, lol.
I am currently running the online anti-virus scan as we speak.
I will update you shortly.
Thank you again.
:tazz:
  • 0

#4
Rawe
Posted 23 July 2005 - 01:58 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
I'll be back soon, I'll just take a little brake and watch some TV.
Go ahead and post those logs, I'll take a look at them in a hour maybe - will post further instructions then. ;)

- Rawe :tazz:
  • 0

#5
Maven911
Posted 23 July 2005 - 06:19 PM

Maven911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi,
I followed your instructions to the letter, there seems to be no CWS variant
found on my computer.

Sorry for the long delay, it took a while to do the online scan, even with a
basic cable connection.

This is gonna be a longggg post..lol.

Right-now there is:
-No major slowdown on my computer anymore. (So I can run some scans..without
on safe mode, but I still did it in safe mode anyway).
-Toolbar still there.
-Still Redirects URL's on both Firefox and IE to adult sites. :tazz:
(I noticed that it redirects mainly smaller sites and fansites, not the "big
name" sites)

I would like to give you a recap of some of the things I did before I
received a reply.

Before (past 4 days since posted topic):
-I d/l all the things that are recommended to do before posting a topic on
the forum (including Clean-up it found 1.6GB of temp files on 1st try!!! and
CW Shredder-found no CW variant before). But I still downloaded them again,
and updated both of them again and runned-them in the proper sequence as you
told me too.
-I d/l WinPatrol as recommeded on geekstogo.com frontpage, I turned off the
startup process: usersp1.exe (you can see it on the previous hijack log).
Don't know if it helped or was needed to do so...
-I updated AVG Antivirus, and now its always "on". When I am on the web, it
randomly pops-up a message telling me that I have a Trojan Clicker at
"C:\Windows\System32\rdsndin.exe"..but get this! I can't delete it, move it
to the vault nor heal it. The only option that works is to click "Continue".
Also, I tried looking for this file under System32 on Explorer,...it's not
there!!!
-I ran AVG on Safe mode, it found 2 viruses:
Trojan Horse Collected.4.AT
Trojan Horse Clicker.FR (this is actually the rdsndin.exe file, it should be
in the "vault", but it's unhealable and the message always pops-up)
-I downloaded Trend-Micros anti-virus and ran-it under Safe Mode.
-I checked marked to ask for a prompt whenever a page executes or scripts an
ActiveX control on IE (I suspect that this is how I got the viruses).


After (Today):
-I ran AboutBuster twice ,
(it didnt ask me to shutdown explorer.exe). It found nothing and it couldn't
scan for ADS because it wasn't NTFS(???) I posted the log below.
-CWShredder said "not present" to all variants of CWS, as usual.
-SpSeHjfikx didn't find anything (log below).
Ran Clean-up.
-Kaspersky only allows you to scan files 1Mb at a time now...
So, I decided I would rathar go with TrendMicro lol (like I had a choice
:-P),
I did the Complete Scan and it said it found 31 viruses(Funny, since I d/l
the Trend-micro antivrus a few days ago and it didnt detect this before) and
2 spyware-adware programs. Most of the "viruses" were situated in the Java
Libary, but afer deleting them, nothing happened concerning the toolbar and redirection of urls. (Log file below)


LOG FILES:

AboutBuster:
AboutBuster 5.0 reference file 31
Scan started on [7/23/2005] at [3:09:27 PM]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 3:12:15 PM


AboutBuster 5.0 reference file 31
Scan started on [7/23/2005] at [3:16:15 PM]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 3:18:55 PM



-SpseHjfix:

(7/23/05 3:21:23 PM) SPSeHjFix started v1.1.2
(7/23/05 3:21:23 PM) OS: WinXP (5.1.2600)
(7/23/05 3:21:23 PM) Language: english
(7/23/05 3:21:23 PM) Win-Path: C:\WINDOWS
(7/23/05 3:21:23 PM) System-Path: C:\WINDOWS\System32
(7/23/05 3:21:23 PM) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
(7/23/05 3:21:29 PM) Disinfection started
(7/23/05 3:21:29 PM) Bad-Dll(IEP): (not found)
(7/23/05 3:21:29 PM) Bad-Dll(IEP) in BHO: (not found)
(7/23/05 3:21:29 PM) UBF: 4 - UBB: 27 - UBR: 11
(7/23/05 3:21:29 PM) UBF: 4 - UBB: 27 - UBR: 11
(7/23/05 3:21:29 PM) Bad IE-pages:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL:

about:blank
(7/23/05 3:21:29 PM) Stealth-String not found
(7/23/05 3:21:29 PM) Not infected->END



Trend-Micro Log:

31 viruses detected
No worm or trojan horse detected
2 spyware progrmas detected
20 vulnerabilities detected

Results:
We have detected 10 infected file(s) with 31 virus(es) on your computer. Only

0 out of 0 infected files are displayed.
Detected File Associated Virus Name
C:\Documents and Settings\Shan\My Documents\My Received Files\heat.exe

JOKE_MELT.A
C:\Documents and Settings\Shan\My Documents\My Received Files\rumor.exe

JOKE_SMALLPEN
C:\Documents and Settings\Shan\My Documents\Libary Of Alex

2\Funny\Friends.exe JOKE_32
C:\Documents and Settings\Shan\Application

Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-17148c72-4a8bc069.

zip
- BlackBox.class JAVA_BYTEVER.B
- VB.class JAVA_BYTEVER.B
- Dummy.class JAVA_BYTEVER.B
- Beyond.class JAVA_BYTEVER.G
C:\Documents and Settings\Shan\Application

Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-57d4f3e5-1b76bd3d.

zip
- BlackBox.class JAVA_BYTEVER.B
- VB.class JAVA_BYTEVER.B
- Dummy.class JAVA_BYTEVER.B
- Beyond.class JAVA_BYTEVER.G
C:\Documents and Settings\Shan\Application

Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-4dd47f9

2.zip
- GetAccess.class JAVA_BYTEVER.A
- InsecureClassLoader.class JAVA_BYTEVER.A
- Dummy.class JAVA_BYTEVER.A
- Installer.class JAVA_BYTEVER.A
C:\Documents and

Settings\Shan\.jpi_cache\jar\1.0\classload.jar-7d9192de-7b2501d1.zip
- GetAccess.class JAVA_BYTEVER.A
- InsecureClassLoader.class JAVA_BYTEVER.A
- Dummy.class JAVA_BYTEVER.A
- Installer.class JAVA_BYTEVER.A
C:\Documents and

Settings\Shan\.jpi_cache\jar\1.0\classload.jar-6bfe7dce-4cab61f4.zip
- GetAccess.class JAVA_BYTEVER.A
- InsecureClassLoader.class JAVA_BYTEVER.A
- Dummy.class JAVA_BYTEVER.A
- Installer.class JAVA_BYTEVER.A
C:\Documents and

Settings\Shan\.jpi_cache\jar\1.0\classload.jar-1f8050ce-5a592ca8.zip
- GetAccess.class JAVA_BYTEVER.A
- InsecureClassLoader.class JAVA_BYTEVER.A
- Dummy.class JAVA_BYTEVER.A
- Installer.class JAVA_BYTEVER.A
C:\Documents and

Settings\Abu\.jpi_cache\jar\1.0\classload.jar-1f8050ce-690f0c3d.zip
- GetAccess.class JAVA_BYTEVER.A
- InsecureClassLoader.class JAVA_BYTEVER.A
- Dummy.class JAVA_BYTEVER.A
- Installer.class JAVA_BYTEVER.A

Whether personal information was tracked and reported by spyware. Spyware is

often installed secretly with legitimate programs downloaded from the

Internet.
Results:
We have detected 2 spyware(s) on your computer. Only 0 out of 0 spywares are

displayed.
Spyware Name Spyware Type
ADW_BADBITOR.A Adware
SPYW_AROUNDWEB.A Spyware








HiJackthis Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:08:49 PM, on 23/07/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\MathLab\webserver\bin\win32\matlabserver.exe
C:\Program Files\Panda Software\Panda Antivirus

Platinum\Firewall\PavFires.exe
c:\mathlab\bin\win32\matlab.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Shan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) =

http://clearsurfing.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =

about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {83165855-35FD-9812-4608-C42FC0A457C5} -

utsgmon.dll (file missing)
N3 - Netscape 7: user_pref("browser.search.defaultengine",

"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWe

b_01.src"); (C:\Documents and Settings\Shan\Application

Data\Mozilla\Profiles\default\jw91rha3.slt\prefs.js)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} -

C:\WINDOWS\System32\xqoxe.dll
O2 - BHO: Name - {139F423B-D185-469A-9418-E8843C5BAE3D} -

C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {1711163E-0759-4822-B2D6-BEB4A35FB43D} -

C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {19A5B51E-83D3-46C9-92C8-3C594FC61E17} -

C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {20884615-9E58-47D0-9E0C-F5A0C406C583} -

C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {3D0A2D30-983F-4368-8D4B-487640934165} -

C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {3E45873E-E274-41B8-B1EA-02EB41A13A9A} -

C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {3F2832C9-13AB-4C3E-B8E5-5F457C4454B7} -

C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Name - {5C8E26E0-CFEA-44BA-B246-B72862D1AB9A} -

C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {72B9229F-2179-4615-8047-6AED5631A372} -

C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {750A77E4-124E-4CEE-90CB-9C7E417F322E} -

C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {75B47C19-CEAC-4DAC-BCEB-416E378FD786} -

C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN

Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Name - {A5F4EBC2-183F-4A47-BD57-42510EA116F7} -

C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {A77C2B23-7AD6-48C5-9FFA-EF441D937F85} -

C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {B4254571-47CD-47A1-9117-ECA30B8F9D8B} -

C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -

C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O2 - BHO: Name - {CF8ADA9D-922C-46A3-AD8B-2704BA34CAD8} -

C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {DE419A1C-06BE-423C-BA31-362AD5E17791} -

C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {E10A3900-08C8-4D5F-8B68-3D97DB3D2006} -

C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {F14F383C-A26C-40CF-97E8-1A29FC2B051D} -

C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {F5B49C98-FB1C-4961-9FBC-20FDFE1520F7} -

C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {F5FFE383-FBBF-4F6F-A0AF-93FD68882AC2} -

C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {F60A9D8D-C47A-4EF9-9D5D-52F311E2584F} -

C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {FE0A35F3-640C-4E88-B3D3-E94CC477A4D1} -

C:\WINDOWS\System32\msolx.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} -

C:\WINDOWS\System32\xqoxe.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda

Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN

Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus

Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -

C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -

{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

http://messenger.zon...kr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -

http://housecall60.t...all/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient

Class) -

http://messenger.zon...nt.cab31267.cab
O16 - DPF: {22222222-2222-2222-2222-222222222222} - file://c:\x.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -

http://messenger.zon...er.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -

http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -

http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.micros.../client/wuweb_s

ite.cab?1121900481909
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient

Class) -

http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) -

http://messenger.zon...ot.cab31267.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) -

http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -

http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)

- http://messenger.zon...wn.cab31267.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{633A6F70-EC6F-4182-94D7-0081FEB099E6}:

NameServer = 69.50.184.86,85.255.112.9
O17 -

HKLM\System\CCS\Services\Tcpip\..\{C0B34E30-24FD-4D36-9BC0-EC485D83B80C}:

NameServer = 69.50.184.86,85.255.112.9
O21 - SSODL: SystemCheck - {54645654-2225-4455-44A1-9F4543D34544} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: MATLAB Server (matlabserver) - Unknown owner -

C:\MathLab\webserver\bin\win32\matlabserver.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software -

C:\Program Files\Panda Software\Panda Antivirus

Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software -

C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: SmartLinkService (SLService) - -

C:\WINDOWS\SYSTEM32\slserv.exe

Wow, you made it, this was lonnggggg wasnt it?
;)
  • 0

#6
Maven911
Posted 23 July 2005 - 11:50 PM

Maven911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Also, just did a scan with AVG (non safe mode and updated to today),
it found nothing in all 130,000 files of mine...
  • 0

#7
Rawe
Posted 24 July 2005 - 01:34 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi again..
It's odd, since your HJT says that you have about:blank.
But ok, let's continue.

Could you please run a new scan with HiJackThis and then post a fresh log from notepad - but make sure Wordwrap isn't selected.
The log is hard to read like that..

- Rawe :tazz:
  • 0

#8
Maven911
Posted 24 July 2005 - 12:24 PM

Maven911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
No problemo,
here's a fresh Hijacklog off the presses.

Logfile of HijackThis v1.99.1
Scan saved at 2:22:37 PM, on 24/07/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\MathLab\webserver\bin\win32\matlabserver.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
c:\mathlab\bin\win32\matlab.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Shan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {83165855-35FD-9812-4608-C42FC0A457C5} - utsgmon.dll (file missing)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Shan\Application Data\Mozilla\Profiles\default\jw91rha3.slt\prefs.js)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\xqoxe.dll
O2 - BHO: Name - {139F423B-D185-469A-9418-E8843C5BAE3D} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {1711163E-0759-4822-B2D6-BEB4A35FB43D} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {19A5B51E-83D3-46C9-92C8-3C594FC61E17} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {20884615-9E58-47D0-9E0C-F5A0C406C583} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {3D0A2D30-983F-4368-8D4B-487640934165} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {3E45873E-E274-41B8-B1EA-02EB41A13A9A} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {3F2832C9-13AB-4C3E-B8E5-5F457C4454B7} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Name - {5C8E26E0-CFEA-44BA-B246-B72862D1AB9A} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {72B9229F-2179-4615-8047-6AED5631A372} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {750A77E4-124E-4CEE-90CB-9C7E417F322E} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {75B47C19-CEAC-4DAC-BCEB-416E378FD786} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Name - {A5F4EBC2-183F-4A47-BD57-42510EA116F7} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {A77C2B23-7AD6-48C5-9FFA-EF441D937F85} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {B4254571-47CD-47A1-9117-ECA30B8F9D8B} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O2 - BHO: Name - {CF8ADA9D-922C-46A3-AD8B-2704BA34CAD8} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {DE419A1C-06BE-423C-BA31-362AD5E17791} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {E10A3900-08C8-4D5F-8B68-3D97DB3D2006} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {F14F383C-A26C-40CF-97E8-1A29FC2B051D} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {F5B49C98-FB1C-4961-9FBC-20FDFE1520F7} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {F5FFE383-FBBF-4F6F-A0AF-93FD68882AC2} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {F60A9D8D-C47A-4EF9-9D5D-52F311E2584F} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {FE0A35F3-640C-4E88-B3D3-E94CC477A4D1} - C:\WINDOWS\System32\msolx.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\xqoxe.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {22222222-2222-2222-2222-222222222222} - file://c:\x.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121900481909
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{633A6F70-EC6F-4182-94D7-0081FEB099E6}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0B34E30-24FD-4D36-9BC0-EC485D83B80C}: NameServer = 69.50.184.86,85.255.112.9
O21 - SSODL: SystemCheck - {54645654-2225-4455-44A1-9F4543D34544} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MathLab\webserver\bin\win32\matlabserver.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
  • 0

#9
Rawe
Posted 24 July 2005 - 12:36 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi again. Thanks for the new log.

Please print these instructions out, or write them down, as you can't read them during the fix.

Run a new scan with HiJackThis. Close any open windows and/or open browsers, making sure that only HJT is running. Check the following objects for removal;

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {83165855-35FD-9812-4608-C42FC0A457C5} - utsgmon.dll (file missing)
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\xqoxe.dll
O2 - BHO: Name - {139F423B-D185-469A-9418-E8843C5BAE3D} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {1711163E-0759-4822-B2D6-BEB4A35FB43D} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {19A5B51E-83D3-46C9-92C8-3C594FC61E17} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {20884615-9E58-47D0-9E0C-F5A0C406C583} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {3D0A2D30-983F-4368-8D4B-487640934165} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {3E45873E-E274-41B8-B1EA-02EB41A13A9A} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {3F2832C9-13AB-4C3E-B8E5-5F457C4454B7} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {5C8E26E0-CFEA-44BA-B246-B72862D1AB9A} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {72B9229F-2179-4615-8047-6AED5631A372} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {750A77E4-124E-4CEE-90CB-9C7E417F322E} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {75B47C19-CEAC-4DAC-BCEB-416E378FD786} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {A5F4EBC2-183F-4A47-BD57-42510EA116F7} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {A77C2B23-7AD6-48C5-9FFA-EF441D937F85} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {B4254571-47CD-47A1-9117-ECA30B8F9D8B} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {CF8ADA9D-922C-46A3-AD8B-2704BA34CAD8} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {DE419A1C-06BE-423C-BA31-362AD5E17791} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {E10A3900-08C8-4D5F-8B68-3D97DB3D2006} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {F14F383C-A26C-40CF-97E8-1A29FC2B051D} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {F5B49C98-FB1C-4961-9FBC-20FDFE1520F7} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {F5FFE383-FBBF-4F6F-A0AF-93FD68882AC2} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {F60A9D8D-C47A-4EF9-9D5D-52F311E2584F} - C:\WINDOWS\System32\msolx.dll (file missing)
O2 - BHO: Name - {FE0A35F3-640C-4E88-B3D3-E94CC477A4D1} - C:\WINDOWS\System32\msolx.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {22222222-2222-2222-2222-222222222222} - file://c:\x.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab

Make sure they are checked, then hit "Fix Checked".

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files - option.

Next, please reboot your computer in Safe Mode by doing the following;

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Using Windows Explorer, locate the following files and delete if present;

C:\WINDOWS\System32\msolx.dll
C:\WINDOWS\web\related.htm
C:\WINDOWS\System32\xqoxe.dll
utsgmon.dll <= Locate using Windows Search - function.

If the files aren't there, just jump on to the next step!

Run CleanUp! and reboot.

Boot up into normal mode, run a new scan with HiJackThis and post the fresh log here.

- Rawe :tazz:

Edited by Rawe, 24 July 2005 - 12:37 PM.

  • 0

#10
Maven911
Posted 24 July 2005 - 03:28 PM

Maven911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
wOOt, half my problem is gone, the toolbar is gone,
the Url redirection is still there.

I couldn't find utsgmon and msolx.dll was in AVG's Virus Vault (a Trojan Downloader was the Virus name) from a scan I did 4 months ago, it has been deleted.

I really need to know, I have a few dll's in the virus vault, can I delete them without risking screwing up my computer?
They are: iecustom32.dll
vbsys2.dll


Logfile of HijackThis v1.99.1
Scan saved at 5:23:34 PM, on 24/07/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\MathLab\webserver\bin\win32\matlabserver.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
c:\mathlab\bin\win32\matlab.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Documents and Settings\Shan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Shan\Application Data\Mozilla\Profiles\default\jw91rha3.slt\prefs.js)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121900481909
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{633A6F70-EC6F-4182-94D7-0081FEB099E6}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0B34E30-24FD-4D36-9BC0-EC485D83B80C}: NameServer = 69.50.184.86,85.255.112.9
O21 - SSODL: SystemCheck - {54645654-2225-4455-44A1-9F4543D34544} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MathLab\webserver\bin\win32\matlabserver.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
  • 0

Advertisements

#11
Rawe
Posted 24 July 2005 - 03:40 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Yep, empty your virus vault. ;)

Then please do this for me;

Download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Double-click the file to install it as follows:
    • Click "Next", read the agreement, Click "Next"
    • Choose "Custom" click "Next".
    • Leave the default installation directoy as it is, then click "Next".
    • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
    • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
    • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
    Disable SpySweeper Shields
    • Click Shields on the left.
    • Click Internet Explorer and uncheck all items.
    • Click Windows System and uncheck all items.
    • Click Startup Programs and uncheck all items.
  • Once the definitions are installed and shields disabled, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
- Rawe :tazz:


You can go ahead and uninstall these programs;

SpSeHjfix
About:Buster
CWShredder

Be sure to delete the files too. Then empty your recycle bin.
  • 0

#12
Maven911
Posted 24 July 2005 - 08:00 PM

Maven911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Can I just keep those programs..Im kind off a program hoarder of sorts.

here's the log:

********
9:21 PM: |··· Start of Session, July 24, 2005 ···|
9:21 PM: Spy Sweeper started
9:21 PM: Sweep initiated using definitions version 505
9:21 PM: Starting Memory Sweep
9:27 PM: Memory Sweep Complete, Elapsed Time: 00:05:40
9:27 PM: Starting Registry Sweep
9:27 PM: Found Adware: cws-aboutblank
9:27 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-839522115-1957994488-1007\software\microsoft\internet explorer\main\ || homeoldsp (ID = 4376876)
9:27 PM: Found Adware: cws obfuscated bho hijack
9:27 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-839522115-1957994488-1007\software\microsoft\internet explorer\main\ || search bar (ID = 4377741)
9:27 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-839522115-1957994488-1007\software\microsoft\internet explorer\main\ || search page (ID = 4377742)
9:27 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-839522115-1957994488-1007\software\microsoft\internet explorer\search\ || searchassistant (ID = 4377752)
9:27 PM: Found Adware: quicklink search toolbar
9:27 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-839522115-1957994488-1006\software\microsoft\internet explorer\toolbar\webbrowser\ || {08bec6aa-49fc-4379-3587-4b21e286c19e} (ID = 4400505)
9:27 PM: Found Adware: searchtoolbar
9:27 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-839522115-1957994488-1006\software\microsoft\internet explorer\toolbar\webbrowser\ || {08bec6aa-49fc-4379-3587-4b21e286c19e} (ID = 4402704)
9:27 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-839522115-1957994488-1006\software\searchtoolbar\ (5 subtraces) (ID = 4402712)
9:27 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-839522115-1957994488-1007\software\searchtoolbar\ (5 subtraces) (ID = 4402712)
9:27 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-839522115-1957994488-501\software\searchtoolbar\ (5 subtraces) (ID = 4402712)
9:27 PM: Found Trojan Horse: trojan-downloader-hidd
9:27 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-839522115-1957994488-1006\software\microsoft\internet explorer\ || emandislc (ID = 4406221)
9:27 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-839522115-1957994488-1007\software\microsoft\internet explorer\ || emandislc (ID = 4406221)
9:27 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-839522115-1957994488-1006\software\microsoft\windows\currentversion\nur\ (11 subtraces) (ID = 4406283)
9:27 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-839522115-1957994488-1007\software\microsoft\windows\currentversion\nur\ (11 subtraces) (ID = 4406283)
9:27 PM: Found Trojan Horse: trojan-downloader-wareout
9:27 PM: HKU\S-1-5-21-1644491937-839522115-1957994488-1003\software\microsoft\internet explorer\extensions\cmdmapping\ || {bf69df00-2734-477f-8257-27cd04f88779} (ID = 4406439)
9:27 PM: HKU\S-1-5-21-1644491937-839522115-1957994488-1003\software\wareout\ (6 subtraces) (ID = 4406478)
9:27 PM: Registry Sweep Complete, Elapsed Time:00:00:29
9:27 PM: Starting Cookie Sweep
9:27 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:28 PM: Starting File Sweep
9:28 PM: Warning: Failed to open file "c:\hiberfil.sys". Access is denied
9:28 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
9:31 PM: Warning: Failed to open file "c:\windows\system32\csent.exe". The process cannot access the file because it is being used by another process
9:31 PM: Warning: Failed to open file "c:\windows\system32\rdsndin.exe". Access is denied
9:32 PM: Found Trojan Horse: trojan-secdrop
9:32 PM: connmie.exe (ID = 4125749)
9:32 PM: Found Adware: freshbar
9:32 PM: dxconf.exe (ID = 4102918)
9:32 PM: hdtrk.dll (ID = 4124957)
9:32 PM: hdxnv.dll (ID = 4124957)
9:32 PM: hdofe.dll (ID = 4124957)
9:32 PM: hdhut.dll (ID = 4124957)
9:32 PM: hdeni.dll (ID = 4124957)
9:32 PM: hdyco.dll (ID = 4124957)
9:32 PM: hddfg.dll (ID = 4124957)
9:32 PM: hdbdz.dll (ID = 4124957)
9:32 PM: hdvvy.dll (ID = 4124957)
9:32 PM: hdyxv.dll (ID = 4124957)
9:32 PM: hdhwz.dll (ID = 4124957)
9:32 PM: hdmdn.dll (ID = 4124957)
9:32 PM: hdkzb.dll (ID = 4124957)
9:32 PM: hdbnc.dll (ID = 4124957)
9:32 PM: hdmyf.dll (ID = 4124957)
9:32 PM: hdmwc.dll (ID = 4124957)
9:32 PM: hdnyd.dll (ID = 4124957)
9:32 PM: hdeai.dll (ID = 4124957)
9:32 PM: hdumx.dll (ID = 4124957)
9:32 PM: hdluj.dll (ID = 4124957)
9:32 PM: hdeoo.dll (ID = 4124957)
9:32 PM: hdhhx.dll (ID = 4124957)
9:32 PM: hduez.dll (ID = 4124957)
9:32 PM: hdoxu.dll (ID = 4124957)
9:32 PM: hddku.dll (ID = 4124957)
9:32 PM: hdxmk.dll (ID = 4124957)
9:32 PM: hdzxb.dll (ID = 4124957)
9:32 PM: hdebb.dll (ID = 4124957)
9:32 PM: hdzaz.dll (ID = 4124957)
9:32 PM: hdhkm.dll (ID = 4124957)
9:32 PM: hdmhg.dll (ID = 4124957)
9:32 PM: hdiit.dll (ID = 4124957)
9:32 PM: hdeok.dll (ID = 4124957)
9:32 PM: hdauv.dll (ID = 4124957)
9:32 PM: hdzkt.dll (ID = 4124957)
9:32 PM: hdhal.dll (ID = 4124957)
9:32 PM: hdswr.dll (ID = 4124957)
9:32 PM: hdpee.dll (ID = 4124957)
9:32 PM: hdlps.dll (ID = 4124957)
9:32 PM: hdbgn.dll (ID = 4124957)
9:32 PM: hdozo.dll (ID = 4124957)
9:32 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
9:34 PM: hdxen.dll (ID = 4124957)
9:34 PM: hdfre.dll (ID = 4124957)
9:34 PM: hdgad.dll (ID = 4124957)
9:34 PM: hdiym.dll (ID = 4124957)
9:34 PM: hdvtk.dll (ID = 4124957)
9:34 PM: hdslm.dll (ID = 4124957)
9:34 PM: hddou.dll (ID = 4124957)
9:34 PM: hdwke.dll (ID = 4124957)
9:34 PM: hdxix.dll (ID = 4124957)
9:41 PM: Warning: Failed to open file "c:\documents and settings\shan\ntuser.dat". The process cannot access the file because it is being used by another process
9:41 PM: Warning: Failed to open file "c:\documents and settings\shan\ntuser.dat.log". The process cannot access the file because it is being used by another process
9:41 PM: Warning: Failed to open file "c:\documents and settings\shan\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
9:41 PM: Warning: Failed to open file "c:\documents and settings\shan\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
9:50 PM: Warning: Failed to open file "c:\documents and settings\shan\application data\mozilla\firefox\profiles\zgq3r8vm.default\parent.lock". The process cannot access the file because it is being used by another process
9:51 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
9:51 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
9:51 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
9:51 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
9:51 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
9:51 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
9:51 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
9:51 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
9:53 PM: File Sweep Complete, Elapsed Time: 00:25:04
9:53 PM: Full Sweep has completed. Elapsed time 00:31:38
9:53 PM: Traces Found: 110
9:55 PM: Removal process initiated
9:55 PM: Quarantining All Traces: cws-aboutblank
9:55 PM: Quarantining All Traces: cws obfuscated bho hijack
9:55 PM: Quarantining All Traces: quicklink search toolbar
9:55 PM: Quarantining All Traces: searchtoolbar
9:55 PM: Quarantining All Traces: trojan-downloader-hidd
9:55 PM: Quarantining All Traces: trojan-downloader-wareout
9:55 PM: Quarantining All Traces: trojan-secdrop
9:55 PM: Quarantining All Traces: freshbar
9:55 PM: Removal process completed. Elapsed time 00:00:30
********
9:11 PM: |··· Start of Session, July 24, 2005 ···|
9:11 PM: Spy Sweeper started
9:15 PM: Processing Hosts File Alerts
9:15 PM: Fixed Hosts File entry: 127.0.0.1
9:21 PM: |··· End of Session, July 24, 2005 ···|
  • 0

#13
Rawe
Posted 25 July 2005 - 03:59 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Please do an online scan with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Standard
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start to scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
- Rawe :tazz:
  • 0

#14
Maven911
Posted 25 July 2005 - 02:45 PM

Maven911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Kay,
I come home at 7, and it may take me over an hour to do the scan. but as soon as its done, ill post the log.
Thanks.
  • 0

#15
Maven911
Posted 25 July 2005 - 08:00 PM

Maven911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Finally, after 2 hours, I got the scan done..woof

I guess it only scans and doesn't delete the files...
Here's the log: (it's 2 viruses with 413 infected files)

-------------------------------------------------------------------------------
KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Monday, July 25, 2005 21:47:41
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 26/07/2005
Kaspersky Anti-Virus database records: 132047
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 107007
Number of viruses found: 2
Number of infected objects: 413
Number of suspicious objects: 0
Duration of the scan process: 6173 sec

Infected Object Name - Virus Name
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000475.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000476.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000477.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000059.exe Infected: Trojan.Win32.Qhost.qr
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000478.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000479.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000480.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000082.exe Infected: Trojan.Win32.Qhost.qr
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000481.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000482.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000483.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000484.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000485.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000486.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000487.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000488.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000186.exe Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000187.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000188.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000189.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000190.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000191.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000192.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000193.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000194.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000195.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000196.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000197.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000198.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000199.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000200.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000201.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000202.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000203.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000204.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000205.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000206.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000207.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000208.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000209.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000210.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000211.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000212.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000213.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000214.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000215.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000216.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000217.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000218.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000219.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000220.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000221.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000222.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000223.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000224.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000225.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000226.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000227.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000228.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000229.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000230.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000231.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000232.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000233.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000234.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000235.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000236.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000237.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000238.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000239.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000240.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000241.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000242.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000243.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000244.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000245.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000246.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000247.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000248.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000249.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000250.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000251.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000252.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000253.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000254.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000255.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000256.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000257.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000258.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000259.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000260.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000261.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000262.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000263.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000264.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000265.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000266.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000267.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000268.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000269.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000270.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000271.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000272.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000273.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000274.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000275.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000276.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000277.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000278.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000279.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000280.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000281.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000282.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000283.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000284.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000285.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000286.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000287.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000288.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000289.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000290.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000291.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000292.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000293.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000294.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000295.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000296.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000297.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000298.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000299.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000300.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000301.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000302.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000303.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000304.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000305.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000306.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000307.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000308.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000309.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000310.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000311.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000312.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000313.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000314.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000315.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000316.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000317.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000318.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000319.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000320.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000321.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000322.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000323.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000324.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000325.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000326.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000327.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000328.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000329.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000330.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000331.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000332.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000333.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000334.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000335.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000336.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000337.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000338.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000339.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000340.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000341.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000342.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000343.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000344.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000345.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000346.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000347.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000348.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000349.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000350.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000351.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000352.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000353.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000354.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000355.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000356.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000357.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000358.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000359.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000360.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000361.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000362.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000363.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000364.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000365.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000366.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000367.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000368.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000369.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000370.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000371.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000372.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000373.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000374.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000375.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000376.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000377.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000378.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000379.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000380.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000381.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000382.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000383.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000384.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000385.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000386.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000387.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000388.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000389.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000390.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000391.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000392.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000393.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000394.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000395.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000396.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000397.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000398.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000399.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000400.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000401.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000402.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000403.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000404.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000405.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000406.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000407.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000408.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000409.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000410.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000411.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000412.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000413.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000414.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000415.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000416.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000417.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000418.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000419.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000420.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000421.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000422.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000423.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000424.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000425.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000426.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000427.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000428.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000429.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000430.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000431.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000432.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000433.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000434.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000435.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000436.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000437.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000438.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000439.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000440.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000441.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000442.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000443.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000444.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000445.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000446.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000447.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000448.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000449.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000450.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000451.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000452.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000453.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000454.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000455.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000456.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000457.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000458.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000459.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000460.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000461.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000462.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000463.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000464.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000465.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000466.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000467.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000468.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000469.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000470.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000471.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000472.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000473.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000474.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000489.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000490.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000491.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000492.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000493.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000494.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000495.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000496.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000497.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000498.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000499.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000500.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000501.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000502.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000503.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000504.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000505.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000506.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000507.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000508.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000509.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000510.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000511.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000512.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000513.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000514.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000515.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000516.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000517.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000518.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000519.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000520.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000521.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000522.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000523.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000524.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000525.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000526.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000527.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000528.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000529.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000530.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000531.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000532.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000533.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000534.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000535.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000536.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000537.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000538.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000539.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000540.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000541.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000542.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000543.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000544.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000545.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000546.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000549.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000550.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000551.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000552.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000553.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000554.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000555.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000556.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000557.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000558.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000559.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000560.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000561.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000562.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000563.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000564.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000565.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000566.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000567.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000568.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000569.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000570.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000571.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000572.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000573.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000574.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000575.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000576.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000577.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000578.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000579.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000580.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000581.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000582.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000583.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000584.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000585.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000586.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000587.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000588.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000589.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000590.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000591.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000592.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000593.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000594.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000595.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000596.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000597.dll Infected: HackTool.Win32.Hidd.g
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP1\A0000598.dll Infected: HackTool.Win32.Hidd.g

Scan process completed.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP