Logfile of HijackThis v1.99.1
Scan saved at 12:55:08 PM, on 9/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\Promon.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Shane\Desktop\hijackthis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [V3Start] C:\Program Files\NeoWiz\V3Update\V3Start.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} (MSN Chat Control 4.1) -
http://fdl.msn.com/p...t/msnchat41.cabO16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -
http://www.fileplane...DC_1_0_0_44.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by14fd.bay14....es/MsnPUpld.cabO16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} (IniMasHandler Class) -
http://www.bccard.co...niMasPlugin.cabO16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) -
http://www.installen...gine/isetup.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft...free/asinst.cabO16 - DPF: {AD66F420-3AB3-43EE-B1E7-304D21084009} (view_card Class) -
http://211.176.60.11.../letteecard.cabO16 - DPF: {D5FC2094-4B01-4F6C-A07C-E247C9442E5A} (AvatarWeb Control) -
http://www.msnplus.c...x/AvatarWeb.cabO16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) -
http://ax.phobos.app.../ITDetector.cabO23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
VUNDOFIX.TXT
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Suspending PID 132 'smss.exe'
Threads [136][140][144]
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Killing PID 732 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Error, Cannot find a process with an image name of rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Killing PID 208 'winlogon.exe'
File Deleted sucessfully.
Files Deleted sucessfully.
Active Scan
Incident Status Location
Adware:adware/superspider No disinfected C:\WINDOWS\system32\jac.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\msguard.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\repair\__delete_on_reboot__infosys.dll
Virus:Trj/Dissec.A Disinfected C:\WINDOWS\20dab.exe
Virus:Bck/Agent.K Disinfected C:\WINDOWS\poiudvp.exe.tcf
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\WebCounter.jar-53ebf3b-7bf8b949.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\WebCounter.jar-53ebf3b-7bf8b949.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\WebCounter.jar-53ebf3b-7bf8b949.zip[WebCounter.class]
Virus:Trj/Shinwow.A Disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\WebCounter.jar-53ebf3b-7bf8b949.zip[a.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\classload.jar-1f5b6b54-29348303.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\classload.jar-1f5b6b54-29348303.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\classload.jar-1f5b6b54-29348303.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\classload.jar-1f5b6b54-29348303.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\classload.jar-d350ec1-7b6c4254.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\classload.jar-d350ec1-7b6c4254.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\classload.jar-d350ec1-7b6c4254.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\classload.jar-d350ec1-7b6c4254.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\loaderadv292.jar-3778142a-4fb7e2fb.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\loaderadv292.jar-3778142a-4fb7e2fb.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\loaderadv292.jar-3778142a-4fb7e2fb.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\loaderadv292.jar-3778142a-4fb7e2fb.zip[Parser.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\playup_ro.jar-45c6f3d0-72065384.zip[Bubble.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\playup_ro.jar-45c6f3d0-72065384.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\playup_ro.jar-45c6f3d0-72065384.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\playup_ro.jar-45c6f3d0-72065384.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\count4.jar-47cfe281-3c86c4d0.zip[BB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\count4.jar-47cfe281-3c86c4d0.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\count4.jar-47cfe281-3c86c4d0.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\count4.jar-47cfe281-3c86c4d0.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\count4.jar-47cfe281-3c86c4d0.zip[BeyondInterface.class]
Adware:Adware/IST.ISTBar No disinfected C:\Documents and Settings\Shane\.jpi_cache\jar\1.0\javainstaller.jar-4514e5ea-5ae04b03.zip[InstallerApplet.class]
Virus:Trj/Classloader.B Disinfected C:\Documents and Settings\Shane\.jpi_cache\file\1.0\in_s.class-678329ec-7c6c2364.class
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\file\1.0\Dummy.class-774d507d-1148baab.class
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shane\.jpi_cache\file\1.0\ok.class-602516f-323534d8.class
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Hypnosis for Beginners.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\FruityLoops Studio Producer Edition 5.02.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\SuperVideoCap 4.19.390.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Bat! 3.60.02.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Internet Download Accelerator 4.3.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Registry Cleaner 32 1.1.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\LeapFTP 2.7.6.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Rollercoaster World 2.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Celtic Kings The Punic Wars.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Stronghold 2.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\The Settlers Heritage of King.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Spider Solitaire Collection 6.0.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Aliens vs. Predator 2.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Jetfighter 2015.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Pinball Master 2.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Gamehouse Aloha Tripeaks 1.01.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Trackmania Sunrise.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Everest Home Edition 2.20.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\BreezeBrowser 2.9.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\GetDataBack for NTFS 2.31.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\GetDataBack for FAT 2.31.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Child Control 7.136.0.0.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Kingdia DVD Ripper Professional 2.4.6.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Kingdia DVD Audo Ripper 1.6.5.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\LimeWire Pro 4.9.28.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\QuickBooks Premier 2005.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\EyeCU 2.2 Professional.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Splats HTML 1.0.3.9.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\3DWebButton 1.7.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\HD Tune 2.50.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Bunty Aur Bubli (Hindi).zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Phir Milenge (Hindi).zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Dil Chahta Hai (Hindi).zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Parineeta (Hindi).zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\OmniPage Pro 15 Office.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Advanced RAR Password Recovery 1.52.48.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Ulead DVD MovieFactory 4.0.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\AoA DVD Copy 2.2.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Windows Mobile 5.0.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Shane\Complete\Advanced Uninstaller Pro 2005 7.0.zip[Setup.exe]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kelly s\.jpi_cache\jar\1.0\ar3.jar-1f8b980f-3d59c280.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kelly s\.jpi_cache\jar\1.0\ar3.jar-1f8b980f-3d59c280.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kelly s\.jpi_cache\jar\1.0\ar3.jar-1f8b980f-3d59c280.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kelly s\.jpi_cache\jar\1.0\ar3.jar-5157872c-3bae471c.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kelly s\.jpi_cache\jar\1.0\ar3.jar-5157872c-3bae471c.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kelly s\.jpi_cache\jar\1.0\ar3.jar-5157872c-3bae471c.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kelly s\.jpi_cache\jar\1.0\classload.jar-227d9698-5f1dfccf.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kelly s\.jpi_cache\jar\1.0\classload.jar-227d9698-5f1dfccf.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kelly s\.jpi_cache\jar\1.0\classload.jar-227d9698-5f1dfccf.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kelly s\.jpi_cache\jar\1.0\classload.jar-227d9698-5f1dfccf.zip[Installer.class]
Adware:Adware/SaveNow No disinfected C:\System Volume Information\_restore{CE6F2276-A2E8-42DC-A0DF-D97043A16423}\RP786\A0386415.exe
Virus:W32/Alcan.A.worm Disinfected C:\System Volume Information\_restore{CE6F2276-A2E8-42DC-A0DF-D97043A16423}\RP789\A0386692.exe
Virus:W32/Alcan.A.worm Disinfected C:\System Volume Information\_restore{CE6F2276-A2E8-42DC-A0DF-D97043A16423}\RP789\A0386767.exe
Virus:Bck/Agent.K Disinfected C:\System Volume Information\_restore{CE6F2276-A2E8-42DC-A0DF-D97043A16423}\RP789\A0386773.exe
Spyware:Spyware/Virtumonde No disinfected C:\System Volume Information\_restore{CE6F2276-A2E8-42DC-A0DF-D97043A16423}\RP790\A0386886.dll
Virus:Trj/Agent.AJK Disinfected C:\System Volume Information\_restore{CE6F2276-A2E8-42DC-A0DF-D97043A16423}\RP790\A0387092.dll
Virus:Trj/Dissec.A Disinfected C:\System Volume Information\_restore{CE6F2276-A2E8-42DC-A0DF-D97043A16423}\RP790\A0387093.exe
thanks a lot for helping me man, i mean it.