Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dr. Watson PM Debugger problem![resolved]


  • This topic is locked This topic is locked

#1
ryanpalmerb

ryanpalmerb

    Member

  • Member
  • PipPip
  • 17 posts
Hello,

I am a first time user, so tell me if I'm doing anything wrong.

The background:
I have the same Dr. Watson problem that it seems alot of people have. The error message comes up when you try to do certain Windows functions, and I can't open certain document folders, the control panel, etc...

This is my parents fairly new computer. They were running for a while without Norton, anti-spyware, or Windows Updates...Ugh. I noticed it was running like crap, so I ran Norton and got rid of a lot of junk, did Windows Updates including SP2, and installed SpywareBlaster. This helped alot.

I also wanted to install Spybot S&D, and I downloaded it from PC World.com. Directly after the download finished I started getting the Dr. Watson messages. Did I get burned from PC World.com? The file seems fine and SpyBot works...

So...since then I've done the following:
1) Installed an IBM Update - Access Support Fix Pack 2 (Norton Suggestion)
2) Ran Ad-Aware - found about 2000 files..alot in C:\\ System Volume Information
3) Ran CW Shredder - found 1 file
4) Ran Spybot S&D - found about 100 files
5) Updated Spyware Blaster
6) Ran the online Trend scan

The Trend Scan found about 1100 files and deleted all but 3. They were all in the C:\\ System Volume Information folder...long file names. There were TROJ IEFEATS.O, HTML WINSHOW.A, TROJ WINSHOW.A, TROJ SMALL.SA, BKDR SMALL.AR, TROJ SEARCHAID.A, TROJ UZ.A, and TROJ AGENT.(just about any 2-letter combination you can think of).

Q: Should I install the TDS-3? I wasn't sure if this would interfere w/ Norton...

So...that's all the background I can think of.

What's going on with my computer? Thanks in advance...


Logfile of HijackThis v1.99.1
Scan saved at 12:33:00 PM, on 3/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\iedf.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\cisvc.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ntbd.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.partypoke...nstallstart.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2C957FC6-4BF9-7E14-76AA-8D1B10A5B6EE} - C:\WINDOWS\d3hw32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ntbd.exe] C:\WINDOWS\system32\ntbd.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\iedf.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements


#2
ryanpalmerb

ryanpalmerb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Since my last post, I noticed that my Norton was whacked. On the status screen the auto-protect was off and I could not enable it, and the email scan feature had the status of "error". I uninstalled Norton and installed AVG, did the updates and ran a scan. It found and deleted about 500 files, but couldn't delete them all.

Here is the updated log...please help!!!


Logfile of HijackThis v1.99.1
Scan saved at 7:40:46 PM, on 3/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\iedf.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.partypoke...nstallstart.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2C957FC6-4BF9-7E14-76AA-8D1B10A5B6EE} - C:\WINDOWS\d3hw32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\iedf.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#3
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi ryanpalmerb

Welcome to geekstogo!

Please read through the instructions before you start (you may want to print this out).

Download CW-Shredder at this link: CWShredder

Run CWShredder to fix your CWS problem.

Please set your system to show all files; please see here if you're unsure how to do this.

Download the CCleaner unzip the file to install.
Open CCleaner.
Place a check by everything in the Applications tab.
Place a check by Internet Explorer, Windows explorer, and System in the Windows tab.
Dont run it yet


Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {2C957FC6-4BF9-7E14-76AA-8D1B10A5B6EE} - C:\WINDOWS\d3hw32.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\iedf.exe


Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:

C:\WINDOWS\d3hw32.dll<--Delete this file
C:\WINDOWS\System32\vbsys2.dll<--Delete this file
C:\WINDOWS\iedf.exe<--Delete this file

Exit Explorer,

Now run the ccleaner

Reboot you system

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp

Please post the logs From both virus scans and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#4
ryanpalmerb

ryanpalmerb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thanks for the reply!

To update you so far:

1) I ran CW-Shredder - it removed cws.homesearch
2) I used xphidden.zip to show hidden files
3) I ran Hijack This - 2 of the files were not there...the ones starting w/ O2 - BHO no name and O-23 - Service.
4) Safe mode
5) I deleted C:\WINDOWS\iedf.exe - the other 2 files could not be found (I used search)
6) Ran the Crap Cleaner
7) Rebooted - got the error message that iedf.exe could not be found...I guess this is what we wanted?

Before I run the online scans I was wondering if there is anything else I can do first? I did the Trend Scan before and it took literally all night (I have dial-up) and I had to put a fan by the comp because it was getting hot! I have AVG installed...

Also, I noticed that the steps you suggest are different that those posted by pomp86 for what seems to be the same problem? Is there a reason for this? Are the Dr Watson problems actually different or do you just have different techniques?

So you know I have cwsserviceremove and aboutbuster installed...but never ran.

Again, thanks for your help! Here is the latest log if you need it:


Logfile of HijackThis v1.99.1
Scan saved at 1:02:35 PM, on 3/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.partypoke...nstallstart.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A8DF6951-4B2D-4979-A75E-972D4ABCC2D5} - C:\WINDOWS\netjh.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\iedf.exe" /s (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#5
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi ryanpalmerb

Welcome to geekstogo!

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {A8DF6951-4B2D-4979-A75E-972D4ABCC2D5} - C:\WINDOWS\netjh.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\iedf.exe" /s (file missing)

Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\WINDOWS\netjh.dll<--Delete this file

Exit Explorer

Now run the ccleaner

Reboot you system.

Post a new HJT.log

Kc :tazz:
  • 0

#6
ryanpalmerb

ryanpalmerb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Ok...here's what I did:

1) show all files...this was done already with xphidden.zip
2) HJT - found and deleted all 3 files you told me to
3) Safe Mode
4) Ran About Buster - log below (it deleted ALOT of stuff!?!)
5) Ran CW Shredder - was clean
6) looked for netjh.dll - not found...there was a netjh.exe but I didn't touch it
7) Ran crap cleaner
8) Reboot

What next?

Thanks again for the help!!!

Logfile of HijackThis v1.99.1
Scan saved at 2:08:59 PM, on 3/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.partypoke...nstallstart.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\iedf.exe" /s (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 25


Removed Data Streams:
C:\WINDOWS\addey32.dll:lueqs
C:\WINDOWS\cejxr.dat:gjktf
C:\WINDOWS\cgxhd.dat:mnjja
C:\WINDOWS\chaca.dat:rsqoa
C:\WINDOWS\chjff.dat:ktitc
C:\WINDOWS\eapxj.dat:wknws
C:\WINDOWS\ejcya.dat:akajy
C:\WINDOWS\frfhl.dat:fsagw
C:\WINDOWS\fxbvw.dat:kaawn
C:\WINDOWS\mrjwa.dat:lqrbt
C:\WINDOWS\rugqn.dat:fuyug
C:\WINDOWS\ssqnu.dat:owhvf


Removed 4 Random Key Entries
Removed! : C:\WINDOWS\abgsr.dat
Removed! : C:\WINDOWS\acect.dat
Removed! : C:\WINDOWS\acooi.dat
Removed! : C:\WINDOWS\acuke.dat
Removed! : C:\WINDOWS\aebdr.dat
Removed! : C:\WINDOWS\ageoc.dat
Removed! : C:\WINDOWS\aheoi.dat
Removed! : C:\WINDOWS\ajrix.dat
Removed! : C:\WINDOWS\ambiq.dat
Removed! : C:\WINDOWS\amzqq.dat
Removed! : C:\WINDOWS\anxun.dat
Removed! : C:\WINDOWS\aoffl.dat
Removed! : C:\WINDOWS\aojia.dat
Removed! : C:\WINDOWS\aopnk.dat
Removed! : C:\WINDOWS\aqyad.dat
Removed! : C:\WINDOWS\arioq.dat
Removed! : C:\WINDOWS\arwou.dat
Removed! : C:\WINDOWS\arzgj.dat
Removed! : C:\WINDOWS\asbbo.dat
Removed! : C:\WINDOWS\asnqg.dat
Removed! : C:\WINDOWS\asuhl.dat
Removed! : C:\WINDOWS\atvgk.dat
Removed! : C:\WINDOWS\atvie.dat
Removed! : C:\WINDOWS\auawh.dat
Removed! : C:\WINDOWS\aucvr.dat
Removed! : C:\WINDOWS\avejk.dat
Removed! : C:\WINDOWS\avjbg.dat
Removed! : C:\WINDOWS\axhae.dat
Removed! : C:\WINDOWS\axidw.dat
Removed! : C:\WINDOWS\ayqtd.dat
Removed! : C:\WINDOWS\badrx.dat
Removed! : C:\WINDOWS\bbyef.dat
Removed! : C:\WINDOWS\bcblk.dat
Removed! : C:\WINDOWS\bcpri.dat
Removed! : C:\WINDOWS\bcwry.dat
Removed! : C:\WINDOWS\bdfwb.dat
Removed! : C:\WINDOWS\behgn.dat
Removed! : C:\WINDOWS\bewpl.dat
Removed! : C:\WINDOWS\bfsrv.dat
Removed! : C:\WINDOWS\bgbql.dat
Removed! : C:\WINDOWS\bhgdh.dat
Removed! : C:\WINDOWS\bjben.dat
Removed! : C:\WINDOWS\bjbes.dat
Removed! : C:\WINDOWS\bkcda.dat
Removed! : C:\WINDOWS\bklsi.dat
Removed! : C:\WINDOWS\bkomy.dat
Removed! : C:\WINDOWS\bkpvr.dat
Removed! : C:\WINDOWS\bkzdy.dat
Removed! : C:\WINDOWS\blqjz.dat
Removed! : C:\WINDOWS\bonrq.dat
Removed! : C:\WINDOWS\bouls.dat
Removed! : C:\WINDOWS\bqsbu.dat
Removed! : C:\WINDOWS\bqxnc.dat
Removed! : C:\WINDOWS\brdmz.dat
Removed! : C:\WINDOWS\brhfc.dat
Removed! : C:\WINDOWS\bsewq.dat
Removed! : C:\WINDOWS\bsitj.dat
Removed! : C:\WINDOWS\bsxjb.dat
Removed! : C:\WINDOWS\btvqa.dat
Removed! : C:\WINDOWS\buite.dat
Removed! : C:\WINDOWS\bumot.dat
Removed! : C:\WINDOWS\bvfda.dat
Removed! : C:\WINDOWS\bwpod.dat
Removed! : C:\WINDOWS\bwtaq.dat
Removed! : C:\WINDOWS\bwwrf.dat
Removed! : C:\WINDOWS\bxijr.dat
Removed! : C:\WINDOWS\bxswt.dat
Removed! : C:\WINDOWS\bypfl.dat
Removed! : C:\WINDOWS\bzrpw.dat
Removed! : C:\WINDOWS\caibi.dat
Removed! : C:\WINDOWS\caogj.dat
Removed! : C:\WINDOWS\cdkne.dat
Removed! : C:\WINDOWS\cdoep.dat
Removed! : C:\WINDOWS\cdudc.dat
Removed! : C:\WINDOWS\cejxr.dat
Removed! : C:\WINDOWS\cepcp.dat
Removed! : C:\WINDOWS\cewcu.dat
Removed! : C:\WINDOWS\cffgr.dat
Removed! : C:\WINDOWS\cffkt.dat
Removed! : C:\WINDOWS\cfodj.dat
Removed! : C:\WINDOWS\cgxhd.dat
Removed! : C:\WINDOWS\chaca.dat
Removed! : C:\WINDOWS\chjff.dat
Removed! : C:\WINDOWS\chmzy.dat
Removed! : C:\WINDOWS\cidii.dat
Removed! : C:\WINDOWS\cijmh.dat
Removed! : C:\WINDOWS\cjdka.dat
Removed! : C:\WINDOWS\cjjal.dat
Removed! : C:\WINDOWS\cloum.dat
Removed! : C:\WINDOWS\clqxx.dat
Removed! : C:\WINDOWS\cmbxs.dat
Removed! : C:\WINDOWS\cmkep.dat
Removed! : C:\WINDOWS\cmtoe.dat
Removed! : C:\WINDOWS\cncpi.dat
Removed! : C:\WINDOWS\cnjpq.dat
Removed! : C:\WINDOWS\cochk.dat
Removed! : C:\WINDOWS\coclg.dat
Removed! : C:\WINDOWS\codtn.dat
Removed! : C:\WINDOWS\copmc.dat
Removed! : C:\WINDOWS\crhut.dat
Removed! : C:\WINDOWS\csbxh.dat
Removed! : C:\WINDOWS\ctfke.dat
Removed! : C:\WINDOWS\ctpiw.dat
Removed! : C:\WINDOWS\cutnx.dat
Removed! : C:\WINDOWS\cuvar.dat
Removed! : C:\WINDOWS\cuwgp.dat
Removed! : C:\WINDOWS\cuzpf.dat
Removed! : C:\WINDOWS\cvxux.dat
Removed! : C:\WINDOWS\cwitw.dat
Removed! : C:\WINDOWS\cwnsb.dat
Removed! : C:\WINDOWS\cxdik.dat
Removed! : C:\WINDOWS\cxhxi.dat
Removed! : C:\WINDOWS\cxyqc.dat
Removed! : C:\WINDOWS\cybkz.dat
Removed! : C:\WINDOWS\cyqjw.dat
Removed! : C:\WINDOWS\cyrcp.dat
Removed! : C:\WINDOWS\cyuuc.dat
Removed! : C:\WINDOWS\czelp.dat
Removed! : C:\WINDOWS\daakh.dat
Removed! : C:\WINDOWS\dafzh.dat
Removed! : C:\WINDOWS\danyb.dat
Removed! : C:\WINDOWS\dapjn.dat
Removed! : C:\WINDOWS\dbgxn.dat
Removed! : C:\WINDOWS\dcesm.dat
Removed! : C:\WINDOWS\dcowc.dat
Removed! : C:\WINDOWS\ddcal.dat
Removed! : C:\WINDOWS\ddfey.dat
Removed! : C:\WINDOWS\ddrni.dat
Removed! : C:\WINDOWS\dejlq.dat
Removed! : C:\WINDOWS\detwq.dat
Removed! : C:\WINDOWS\dghzz.dat
Removed! : C:\WINDOWS\diacz.dat
Removed! : C:\WINDOWS\dirzs.dat
Removed! : C:\WINDOWS\djcni.dat
Removed! : C:\WINDOWS\dkewc.dat
Removed! : C:\WINDOWS\dksog.dat
Removed! : C:\WINDOWS\dkvrr.dat
Removed! : C:\WINDOWS\dlhrn.dat
Removed! : C:\WINDOWS\dljmw.dat
Removed! : C:\WINDOWS\dlrzl.dat
Removed! : C:\WINDOWS\dmszs.dat
Removed! : C:\WINDOWS\dngan.dat
Removed! : C:\WINDOWS\dnlba.dat
Removed! : C:\WINDOWS\doeim.dat
Removed! : C:\WINDOWS\dovpf.dat
Removed! : C:\WINDOWS\dpgsl.dat
Removed! : C:\WINDOWS\dqhrt.dat
Removed! : C:\WINDOWS\dqpeq.dat
Removed! : C:\WINDOWS\dqqch.dat
Removed! : C:\WINDOWS\dvvtg.dat
Removed! : C:\WINDOWS\dvwzf.dat
Removed! : C:\WINDOWS\dwaqo.dat
Removed! : C:\WINDOWS\dxbud.dat
Removed! : C:\WINDOWS\dxhpz.dat
Removed! : C:\WINDOWS\dzdny.dat
Removed! : C:\WINDOWS\dzfxh.dat
Removed! : C:\WINDOWS\dzwpx.dat
Removed! : C:\WINDOWS\dzxsx.dat
Removed! : C:\WINDOWS\ealjw.dat
Removed! : C:\WINDOWS\eapxj.dat
Removed! : C:\WINDOWS\ebqqf.dat
Removed! : C:\WINDOWS\eczvx.dat
Removed! : C:\WINDOWS\edfxp.dat
Removed! : C:\WINDOWS\eemfo.dat
Removed! : C:\WINDOWS\efcqy.dat
Removed! : C:\WINDOWS\eghst.dat
Removed! : C:\WINDOWS\ehtvn.dat
Removed! : C:\WINDOWS\ehzfl.dat
Removed! : C:\WINDOWS\eiacp.dat
Removed! : C:\WINDOWS\ejcya.dat
Removed! : C:\WINDOWS\ekkvh.dat
Removed! : C:\WINDOWS\elieb.dat
Removed! : C:\WINDOWS\enxex.dat
Removed! : C:\WINDOWS\epsfa.dat
Removed! : C:\WINDOWS\esmps.dat
Removed! : C:\WINDOWS\eukij.dat
Removed! : C:\WINDOWS\eupcf.dat
Removed! : C:\WINDOWS\evctw.dat
Removed! : C:\WINDOWS\evtol.dat
Removed! : C:\WINDOWS\ewhrq.dat
Removed! : C:\WINDOWS\ewrup.dat
Removed! : C:\WINDOWS\exagg.dat
Removed! : C:\WINDOWS\exuxh.dat
Removed! : C:\WINDOWS\exvok.dat
Removed! : C:\WINDOWS\eypma.dat
Removed! : C:\WINDOWS\ezhgx.dat
Removed! : C:\WINDOWS\ezjzj.dat
Removed! : C:\WINDOWS\ezzzu.dat
Removed! : C:\WINDOWS\fbchp.dat
Removed! : C:\WINDOWS\fdrxn.dat
Removed! : C:\WINDOWS\fdswf.dat
Removed! : C:\WINDOWS\feebm.dat
Removed! : C:\WINDOWS\feepb.dat
Removed! : C:\WINDOWS\fewad.dat
Removed! : C:\WINDOWS\fffhw.dat
Removed! : C:\WINDOWS\ffsrh.dat
Removed! : C:\WINDOWS\fgazj.dat
Removed! : C:\WINDOWS\fgowe.dat
Removed! : C:\WINDOWS\fhmqn.dat
Removed! : C:\WINDOWS\finzo.dat
Removed! : C:\WINDOWS\fivpr.dat
Removed! : C:\WINDOWS\fjvpi.dat
Removed! : C:\WINDOWS\fmaoq.dat
Removed! : C:\WINDOWS\fmpho.dat
Removed! : C:\WINDOWS\fneyg.dat
Removed! : C:\WINDOWS\fntob.dat
Removed! : C:\WINDOWS\fobca.dat
Removed! : C:\WINDOWS\fojsh.dat
Removed! : C:\WINDOWS\fovft.dat
Removed! : C:\WINDOWS\fqbyq.dat
Removed! : C:\WINDOWS\frfhl.dat
Removed! : C:\WINDOWS\frken.dat
Removed! : C:\WINDOWS\frruq.dat
Removed! : C:\WINDOWS\fsjbj.dat
Removed! : C:\WINDOWS\fsnqu.dat
Removed! : C:\WINDOWS\fucjn.dat
Removed! : C:\WINDOWS\futjg.dat
Removed! : C:\WINDOWS\fvnfz.dat
Removed! : C:\WINDOWS\fvply.dat
Removed! : C:\WINDOWS\fwcmc.dat
Removed! : C:\WINDOWS\fxbvw.dat
Removed! : C:\WINDOWS\fyotu.dat
Removed! : C:\WINDOWS\fzrgi.dat
Removed! : C:\WINDOWS\fzwwc.dat
Removed! : C:\WINDOWS\gamkz.dat
Removed! : C:\WINDOWS\gcpfw.dat
Removed! : C:\WINDOWS\gdani.dat
Removed! : C:\WINDOWS\gdefm.dat
Removed! : C:\WINDOWS\gefqp.dat
Removed! : C:\WINDOWS\gekjn.dat
Removed! : C:\WINDOWS\gemrj.dat
Removed! : C:\WINDOWS\geusw.dat
Removed! : C:\WINDOWS\gftke.dat
Removed! : C:\WINDOWS\ggled.dat
Removed! : C:\WINDOWS\gglxa.dat
Removed! : C:\WINDOWS\ghsed.dat
Removed! : C:\WINDOWS\ghumj.dat
Removed! : C:\WINDOWS\gifbl.dat
Removed! : C:\WINDOWS\gjfvs.dat
Removed! : C:\WINDOWS\gjhqv.dat
Removed! : C:\WINDOWS\gkbvq.dat
Removed! : C:\WINDOWS\gkuro.dat
Removed! : C:\WINDOWS\glvbd.dat
Removed! : C:\WINDOWS\gmolz.dat
Removed! : C:\WINDOWS\gmpbo.dat
Removed! : C:\WINDOWS\gpmlu.dat
Removed! : C:\WINDOWS\gproe.dat
Removed! : C:\WINDOWS\gqgop.dat
Removed! : C:\WINDOWS\gqpoa.dat
Removed! : C:\WINDOWS\grilp.dat
Removed! : C:\WINDOWS\gsvvw.dat
Removed! : C:\WINDOWS\gtgtv.dat
Removed! : C:\WINDOWS\gvbdc.dat
Removed! : C:\WINDOWS\gwfxw.dat
Removed! : C:\WINDOWS\gyaow.dat
Removed! : C:\WINDOWS\gygql.dat
Removed! : C:\WINDOWS\gytfx.dat
Removed! : C:\WINDOWS\gziwa.dat
Removed! : C:\WINDOWS\gzmft.dat
Removed! : C:\WINDOWS\haemi.dat
Removed! : C:\WINDOWS\hashu.dat
Removed! : C:\WINDOWS\hbhbf.dat
Removed! : C:\WINDOWS\hbtue.dat
Removed! : C:\WINDOWS\hcdgj.dat
Removed! : C:\WINDOWS\hdkhg.dat
Removed! : C:\WINDOWS\hdplu.dat
Removed! : C:\WINDOWS\hekwe.dat
Removed! : C:\WINDOWS\helyu.dat
Removed! : C:\WINDOWS\hfgvc.dat
Removed! : C:\WINDOWS\hgutj.dat
Removed! : C:\WINDOWS\hhfpv.dat
Removed! : C:\WINDOWS\hhoef.dat
Removed! : C:\WINDOWS\hhuut.dat
Removed! : C:\WINDOWS\hhxqv.dat
Removed! : C:\WINDOWS\hjaar.dat
Removed! : C:\WINDOWS\hjepc.dat
Removed! : C:\WINDOWS\hkurq.dat
Removed! : C:\WINDOWS\hmksd.dat
Removed! : C:\WINDOWS\hnjef.dat
Removed! : C:\WINDOWS\hnwgw.dat
Removed! : C:\WINDOWS\hoxjw.dat
Removed! : C:\WINDOWS\hpnqz.dat
Removed! : C:\WINDOWS\hqpme.dat
Removed! : C:\WINDOWS\hqqvi.dat
Removed! : C:\WINDOWS\hquwj.dat
Removed! : C:\WINDOWS\htzsl.dat
Removed! : C:\WINDOWS\hudiq.dat
Removed! : C:\WINDOWS\huten.dat
Removed! : C:\WINDOWS\hvcqg.dat
Removed! : C:\WINDOWS\hvsli.dat
Removed! : C:\WINDOWS\hwbtg.dat
Removed! : C:\WINDOWS\hwegw.dat
Removed! : C:\WINDOWS\hxmpd.dat
Removed! : C:\WINDOWS\hzpqu.dat
Removed! : C:\WINDOWS\iallg.dat
Removed! : C:\WINDOWS\iaraz.dat
Removed! : C:\WINDOWS\iayff.dat
Removed! : C:\WINDOWS\ibfkr.dat
Removed! : C:\WINDOWS\iblpy.dat
Removed! : C:\WINDOWS\ibmnt.dat
Removed! : C:\WINDOWS\ibxck.dat
Removed! : C:\WINDOWS\icblf.dat
Removed! : C:\WINDOWS\icstz.dat
Removed! : C:\WINDOWS\iednt.dat
Removed! : C:\WINDOWS\ifdyn.dat
Removed! : C:\WINDOWS\ifqdl.dat
Removed! : C:\WINDOWS\ifsxn.dat
Removed! : C:\WINDOWS\iimyt.dat
Removed! : C:\WINDOWS\ijgfm.dat
Removed! : C:\WINDOWS\ikevr.dat
Removed! : C:\WINDOWS\ikszy.dat
Removed! : C:\WINDOWS\ilckr.dat
Removed! : C:\WINDOWS\ilrpr.dat
Removed! : C:\WINDOWS\ilsaz.dat
Removed! : C:\WINDOWS\imeje.dat
Removed! : C:\WINDOWS\imwfg.dat
Removed! : C:\WINDOWS\inwbu.dat
Removed! : C:\WINDOWS\inwrf.dat
Removed! : C:\WINDOWS\iopli.dat
Removed! : C:\WINDOWS\iowud.dat
Removed! : C:\WINDOWS\ipduj.dat
Removed! : C:\WINDOWS\ipwue.dat
Removed! : C:\WINDOWS\iqdip.dat
Removed! : C:\WINDOWS\iqdjb.dat
Removed! : C:\WINDOWS\iqnnp.dat
Removed! : C:\WINDOWS\iqtly.dat
Removed! : C:\WINDOWS\ircph.dat
Removed! : C:\WINDOWS\irlxa.dat
Removed! : C:\WINDOWS\isnfw.dat
Removed! : C:\WINDOWS\isxkl.dat
Removed! : C:\WINDOWS\iuqex.dat
Removed! : C:\WINDOWS\ivgry.dat
Removed! : C:\WINDOWS\ivzjj.dat
Removed! : C:\WINDOWS\iwnku.dat
Removed! : C:\WINDOWS\ixjil.dat
Removed! : C:\WINDOWS\ixjph.dat
Removed! : C:\WINDOWS\izhxj.dat
Removed! : C:\WINDOWS\izwzc.dat
Removed! : C:\WINDOWS\jaitr.dat
Removed! : C:\WINDOWS\jarcd.dat
Removed! : C:\WINDOWS\jbamx.dat
Removed! : C:\WINDOWS\jbgbd.dat
Removed! : C:\WINDOWS\jbiqf.dat
Removed! : C:\WINDOWS\jcjpn.dat
Removed! : C:\WINDOWS\jdpik.dat
Removed! : C:\WINDOWS\jdzyh.dat
Removed! : C:\WINDOWS\jeebz.dat
Removed! : C:\WINDOWS\jewyo.dat
Removed! : C:\WINDOWS\jffkl.dat
Removed! : C:\WINDOWS\jfurb.dat
Removed! : C:\WINDOWS\jgkot.dat
Removed! : C:\WINDOWS\jhfyf.dat
Removed! : C:\WINDOWS\jhvxp.dat
Removed! : C:\WINDOWS\jiaya.dat
Removed! : C:\WINDOWS\jiocr.dat
Removed! : C:\WINDOWS\jjiil.dat
Removed! : C:\WINDOWS\jkibm.dat
Removed! : C:\WINDOWS\jkqit.dat
Removed! : C:\WINDOWS\joqus.dat
Removed! : C:\WINDOWS\joynb.dat
Removed! : C:\WINDOWS\jpndq.dat
Removed! : C:\WINDOWS\jqdlk.dat
Removed! : C:\WINDOWS\jqebv.dat
Removed! : C:\WINDOWS\jquao.dat
Removed! : C:\WINDOWS\jratk.dat
Removed! : C:\WINDOWS\jrewg.dat
Removed! : C:\WINDOWS\jrymr.dat
Removed! : C:\WINDOWS\jseys.dat
Removed! : C:\WINDOWS\jstay.dat
Removed! : C:\WINDOWS\jsusn.dat
Removed! : C:\WINDOWS\jtnof.dat
Removed! : C:\WINDOWS\jtqyd.dat
Removed! : C:\WINDOWS\jtuds.dat
Removed! : C:\WINDOWS\jtxrj.dat
Removed! : C:\WINDOWS\jvaso.dat
Removed! : C:\WINDOWS\jvkoh.dat
Removed! : C:\WINDOWS\jvtpy.dat
Removed! : C:\WINDOWS\jwxeh.dat
Removed! : C:\WINDOWS\jxsar.dat
Removed! : C:\WINDOWS\jyini.dat
Removed! : C:\WINDOWS\jzjyp.dat
Removed! : C:\WINDOWS\karvq.dat
Removed! : C:\WINDOWS\kbamv.dat
Removed! : C:\WINDOWS\kcfon.dat
Removed! : C:\WINDOWS\kdapl.dat
Removed! : C:\WINDOWS\kdhua.dat
Removed! : C:\WINDOWS\kdpot.dat
Removed! : C:\WINDOWS\kduuh.dat
Removed! : C:\WINDOWS\kdvsp.dat
Removed! : C:\WINDOWS\kevwb.dat
Removed! : C:\WINDOWS\kfhfo.dat
Removed! : C:\WINDOWS\kftdj.dat
Removed! : C:\WINDOWS\kguqy.dat
Removed! : C:\WINDOWS\khelg.dat
Removed! : C:\WINDOWS\khumi.dat
Removed! : C:\WINDOWS\kinzm.dat
Removed! : C:\WINDOWS\kisle.dat
Removed! : C:\WINDOWS\kiyyo.dat
Removed! : C:\WINDOWS\kjtuh.dat
Removed! : C:\WINDOWS\kkjfj.dat
Removed! : C:\WINDOWS\kmaie.dat
Removed! : C:\WINDOWS\kmoot.dat
Removed! : C:\WINDOWS\kpaaf.dat
Removed! : C:\WINDOWS\kpcri.dat
Removed! : C:\WINDOWS\kpurf.dat
Removed! : C:\WINDOWS\kqefz.dat
Removed! : C:\WINDOWS\ksrwf.dat
Removed! : C:\WINDOWS\kstuy.dat
Removed! : C:\WINDOWS\ksyuk.dat
Removed! : C:\WINDOWS\kuquh.dat
Removed! : C:\WINDOWS\kvhvl.dat
Removed! : C:\WINDOWS\kvoqg.dat
Removed! : C:\WINDOWS\kwhsi.dat
Removed! : C:\WINDOWS\kwvwt.dat
Removed! : C:\WINDOWS\kxqjp.dat
Removed! : C:\WINDOWS\kygtj.dat
Removed! : C:\WINDOWS\kzmaj.dat
Removed! : C:\WINDOWS\kzxwm.dat
Removed! : C:\WINDOWS\lacal.dat
Removed! : C:\WINDOWS\lbbho.dat
Removed! : C:\WINDOWS\lbdlb.dat
Removed! : C:\WINDOWS\lbfoe.dat
Removed! : C:\WINDOWS\lcckq.dat
Removed! : C:\WINDOWS\lconj.dat
Removed! : C:\WINDOWS\lcugf.dat
Removed! : C:\WINDOWS\ledoy.dat
Removed! : C:\WINDOWS\lfbpl.dat
Removed! : C:\WINDOWS\lgkms.dat
Removed! : C:\WINDOWS\ljnrl.dat
Removed! : C:\WINDOWS\ljwnh.dat
Removed! : C:\WINDOWS\lkfen.dat
Removed! : C:\WINDOWS\lkhxn.dat
Removed! : C:\WINDOWS\llhfd.dat
Removed! : C:\WINDOWS\llvgc.dat
Removed! : C:\WINDOWS\lmqqt.dat
Removed! : C:\WINDOWS\lncfj.dat
Removed! : C:\WINDOWS\lnmey.dat
Removed! : C:\WINDOWS\lnxbp.dat
Removed! : C:\WINDOWS\lobge.dat
Removed! : C:\WINDOWS\loqxl.dat
Removed! : C:\WINDOWS\lqwar.dat
Removed! : C:\WINDOWS\lrimk.dat
Removed! : C:\WINDOWS\ltfgk.dat
Removed! : C:\WINDOWS\luvzz.dat
Removed! : C:\WINDOWS\luwsr.dat
Removed! : C:\WINDOWS\luykf.dat
Removed! : C:\WINDOWS\lvuod.dat
Removed! : C:\WINDOWS\lvuwh.dat
Removed! : C:\WINDOWS\lwbqy.dat
Removed! : C:\WINDOWS\lwrrz.dat
Removed! : C:\WINDOWS\lwuld.dat
Removed! : C:\WINDOWS\lwygq.dat
Removed! : C:\WINDOWS\lxewu.dat
Removed! : C:\WINDOWS\lxexx.dat
Removed! : C:\WINDOWS\lyivt.dat
Removed! : C:\WINDOWS\lzcal.dat
Removed! : C:\WINDOWS\marbt.dat
Removed! : C:\WINDOWS\mcvpz.dat
Removed! : C:\WINDOWS\mcwxa.dat
Removed! : C:\WINDOWS\mduyo.dat
Removed! : C:\WINDOWS\mgxcv.dat
Removed! : C:\WINDOWS\mgxgf.dat
Removed! : C:\WINDOWS\mhtkf.dat
Removed! : C:\WINDOWS\mhvoi.dat
Removed! : C:\WINDOWS\mivfn.dat
Removed! : C:\WINDOWS\mjclv.dat
Removed! : C:\WINDOWS\mjrui.dat
Removed! : C:\WINDOWS\mktbo.dat
Removed! : C:\WINDOWS\mnavr.dat
Removed! : C:\WINDOWS\moulo.dat
Removed! : C:\WINDOWS\moyrq.dat
Removed! : C:\WINDOWS\mqbib.dat
Removed! : C:\WINDOWS\mrjwa.dat
Removed! : C:\WINDOWS\mrkia.dat
Removed! : C:\WINDOWS\msxsv.dat
Removed! : C:\WINDOWS\muimc.dat
Removed! : C:\WINDOWS\mukfb.dat
Removed! : C:\WINDOWS\mvhpa.dat
Removed! : C:\WINDOWS\mxfrq.dat
Removed! : C:\WINDOWS\mxvql.dat
Removed! : C:\WINDOWS\mybym.dat
Removed! : C:\WINDOWS\mzzbt.dat
Removed! : C:\WINDOWS\nalxn.dat
Removed! : C:\WINDOWS\ncvhf.dat
Removed! : C:\WINDOWS\ncwhu.dat
Removed! : C:\WINDOWS\nfdnu.dat
Removed! : C:\WINDOWS\nfmng.dat
Removed! : C:\WINDOWS\nggmy.dat
Removed! : C:\WINDOWS\nhcwn.dat
Removed! : C:\WINDOWS\nhkqc.dat
Removed! : C:\WINDOWS\nhkxg.dat
Removed! : C:\WINDOWS\njets.dat
Removed! : C:\WINDOWS\njmms.dat
Removed! : C:\WINDOWS\njqzi.dat
Removed! : C:\WINDOWS\njuxx.dat
Removed! : C:\WINDOWS\njvzb.dat
Removed! : C:\WINDOWS\nkelx.dat
Removed! : C:\WINDOWS\nkufe.dat
Removed! : C:\WINDOWS\nlopc.dat
Removed! : C:\WINDOWS\nlowv.dat
Removed! : C:\WINDOWS\nlskz.dat
Removed! : C:\WINDOWS\nniho.dat
Removed! : C:\WINDOWS\nnnfx.dat
Removed! : C:\WINDOWS\nntia.dat
Removed! : C:\WINDOWS\nomaj.dat
Removed! : C:\WINDOWS\nosxg.dat
Removed! : C:\WINDOWS\novli.dat
Removed! : C:\WINDOWS\npdln.dat
Removed! : C:\WINDOWS\npknf.dat
Removed! : C:\WINDOWS\npqpo.dat
Removed! : C:\WINDOWS\npuwq.dat
Removed! : C:\WINDOWS\npwer.dat
Removed! : C:\WINDOWS\nqkie.dat
Removed! : C:\WINDOWS\nqoda.dat
Removed! : C:\WINDOWS\nrpfz.dat
Removed! : C:\WINDOWS\nrwmn.dat
Removed! : C:\WINDOWS\nsfql.dat
Removed! : C:\WINDOWS\nslng.dat
Removed! : C:\WINDOWS\nspte.dat
Removed! : C:\WINDOWS\ntaqw.dat
Removed! : C:\WINDOWS\ntsze.dat
Removed! : C:\WINDOWS\nukur.dat
Removed! : C:\WINDOWS\nxzzp.dat
Removed! : C:\WINDOWS\nyrjd.dat
Removed! : C:\WINDOWS\nyuiq.dat
Removed! : C:\WINDOWS\nzanj.dat
Removed! : C:\WINDOWS\nzcir.dat
Removed! : C:\WINDOWS\oabgd.dat
Removed! : C:\WINDOWS\oazre.dat
Removed! : C:\WINDOWS\obxpf.dat
Removed! : C:\WINDOWS\ocvuc.dat
Removed! : C:\WINDOWS\odvcw.dat
Removed! : C:\WINDOWS\oejys.dat
Removed! : C:\WINDOWS\ofjnn.dat
Removed! : C:\WINDOWS\ogayr.dat
Removed! : C:\WINDOWS\ogcch.dat
Removed! : C:\WINDOWS\ohlcl.dat
Removed! : C:\WINDOWS\ojljp.dat
Removed! : C:\WINDOWS\ojqvp.dat
Removed! : C:\WINDOWS\ojwtr.dat
Removed! : C:\WINDOWS\okfdh.dat
Removed! : C:\WINDOWS\oklcv.dat
Removed! : C:\WINDOWS\oleiu.dat
Removed! : C:\WINDOWS\olkkr.dat
Removed! : C:\WINDOWS\ollfw.dat
Removed! : C:\WINDOWS\olopf.dat
Removed! : C:\WINDOWS\omlax.dat
Removed! : C:\WINDOWS\opgwf.dat
Removed! : C:\WINDOWS\orarj.dat
Removed! : C:\WINDOWS\orgli.dat
Removed! : C:\WINDOWS\orvsf.dat
Removed! : C:\WINDOWS\osbjd.dat
Removed! : C:\WINDOWS\oscuh.dat
Removed! : C:\WINDOWS\otijk.dat
Removed! : C:\WINDOWS\otxmr.dat
Removed! : C:\WINDOWS\ougbc.dat
Removed! : C:\WINDOWS\ouhpg.dat
Removed! : C:\WINDOWS\ovdcc.dat
Removed! : C:\WINDOWS\ovfov.dat
Removed! : C:\WINDOWS\owebo.dat
Removed! : C:\WINDOWS\oxwsd.dat
Removed! : C:\WINDOWS\oxzjq.dat
Removed! : C:\WINDOWS\oyqwn.dat
Removed! : C:\WINDOWS\ozilt.dat
Removed! : C:\WINDOWS\paefz.dat
Removed! : C:\WINDOWS\panro.dat
Removed! : C:\WINDOWS\pbzdi.dat
Removed! : C:\WINDOWS\pedrj.dat
Removed! : C:\WINDOWS\peswm.dat
Removed! : C:\WINDOWS\pfaeo.dat
Removed! : C:\WINDOWS\phvmc.dat
Removed! : C:\WINDOWS\phvvl.dat
Removed! : C:\WINDOWS\pinuj.dat
Removed! : C:\WINDOWS\pixwi.dat
Removed! : C:\WINDOWS\pjqpj.dat
Removed! : C:\WINDOWS\plmbr.dat
Removed! : C:\WINDOWS\pltrt.dat
Removed! : C:\WINDOWS\pndcd.dat
Removed! : C:\WINDOWS\pneju.dat
Removed! : C:\WINDOWS\pnwet.dat
Removed! : C:\WINDOWS\pnwtk.dat
Removed! : C:\WINDOWS\ppjda.dat
Removed! : C:\WINDOWS\psnwe.dat
Removed! : C:\WINDOWS\psoyo.dat
Removed! : C:\WINDOWS\pspzo.dat
Removed! : C:\WINDOWS\puktj.dat
Removed! : C:\WINDOWS\puzpz.dat
Removed! : C:\WINDOWS\pwysi.dat
Removed! : C:\WINDOWS\pwzms.dat
Removed! : C:\WINDOWS\pwzmy.dat
Removed! : C:\WINDOWS\pxefp.dat
Removed! : C:\WINDOWS\pxmyp.dat
Removed! : C:\WINDOWS\pxnfs.dat
Removed! : C:\WINDOWS\pybcu.dat
Removed! : C:\WINDOWS\pysur.dat
Removed! : C:\WINDOWS\qagdg.dat
Removed! : C:\WINDOWS\qdszb.dat
Removed! : C:\WINDOWS\qeqeq.dat
Removed! : C:\WINDOWS\qheka.dat
Removed! : C:\WINDOWS\qifyf.dat
Removed! : C:\WINDOWS\qjyfv.dat
Removed! : C:\WINDOWS\qjzzw.dat
Removed! : C:\WINDOWS\qkjrk.dat
Removed! : C:\WINDOWS\qnspq.dat
Removed! : C:\WINDOWS\qnudp.dat
Removed! : C:\WINDOWS\qodwk.dat
Removed! : C:\WINDOWS\qqbyw.dat
Removed! : C:\WINDOWS\qqnph.dat
Removed! : C:\WINDOWS\qrihs.dat
Removed! : C:\WINDOWS\qronx.dat
Removed! : C:\WINDOWS\qsgna.dat
Removed! : C:\WINDOWS\qsojp.dat
Removed! : C:\WINDOWS\qtfim.dat
Removed! : C:\WINDOWS\qtwqh.dat
Removed! : C:\WINDOWS\qvazy.dat
Removed! : C:\WINDOWS\qxkba.dat
Removed! : C:\WINDOWS\qxyec.dat
Removed! : C:\WINDOWS\qykll.dat
Removed! : C:\WINDOWS\qympt.dat
Removed! : C:\WINDOWS\qznud.dat
Removed! : C:\WINDOWS\ragnj.dat
Removed! : C:\WINDOWS\rbypq.dat
Removed! : C:\WINDOWS\rcasu.dat
Removed! : C:\WINDOWS\rdwfc.dat
Removed! : C:\WINDOWS\rdwjf.dat
Removed! : C:\WINDOWS\rgffw.dat
Removed! : C:\WINDOWS\rgnzl.dat
Removed! : C:\WINDOWS\rhxpc.dat
Removed! : C:\WINDOWS\rmtiz.dat
Removed! : C:\WINDOWS\rnvna.dat
Removed! : C:\WINDOWS\rocni.dat
Removed! : C:\WINDOWS\rofnl.dat
Removed! : C:\WINDOWS\rpefp.dat
Removed! : C:\WINDOWS\rpwbk.dat
Removed! : C:\WINDOWS\rtlcw.dat
Removed! : C:\WINDOWS\rtshl.dat
Removed! : C:\WINDOWS\rucjt.dat
Removed! : C:\WINDOWS\rugqn.dat
Removed! : C:\WINDOWS\rvodd.dat
Removed! : C:\WINDOWS\rvytc.dat
Removed! : C:\WINDOWS\rwcax.dat
Removed! : C:\WINDOWS\rwxxd.dat
Removed! : C:\WINDOWS\ryagk.dat
Removed! : C:\WINDOWS\rylaf.dat
Removed! : C:\WINDOWS\rypwz.dat
Removed! : C:\WINDOWS\rzaax.dat
Removed! : C:\WINDOWS\rzkmg.dat
Removed! : C:\WINDOWS\sabcz.dat
Removed! : C:\WINDOWS\saehz.dat
Removed! : C:\WINDOWS\sakdz.dat
Removed! : C:\WINDOWS\sbujo.dat
Removed! : C:\WINDOWS\scdip.dat
Removed! : C:\WINDOWS\schyy.dat
Removed! : C:\WINDOWS\scjvt.dat
Removed! : C:\WINDOWS\scvvk.dat
Removed! : C:\WINDOWS\sdbxi.dat
Removed! : C:\WINDOWS\seagz.dat
Removed! : C:\WINDOWS\sekvo.dat
Removed! : C:\WINDOWS\seqfr.dat
Removed! : C:\WINDOWS\sfbzx.dat
Removed! : C:\WINDOWS\sfchn.dat
Removed! : C:\WINDOWS\sfpml.dat
Removed! : C:\WINDOWS\sfrlz.dat
Removed! : C:\WINDOWS\sfrmq.dat
Removed! : C:\WINDOWS\sgamg.dat
Removed! : C:\WINDOWS\sgjxj.dat
Removed! : C:\WINDOWS\sgwwr.dat
Removed! : C:\WINDOWS\shhla.dat
Removed! : C:\WINDOWS\shtws.dat
Removed! : C:\WINDOWS\siagc.dat
Removed! : C:\WINDOWS\sjvvd.dat
Removed! : C:\WINDOWS\sjwlk.dat
Removed! : C:\WINDOWS\skaji.dat
Removed! : C:\WINDOWS\skcwy.dat
Removed! : C:\WINDOWS\skoya.dat
Removed! : C:\WINDOWS\sohun.dat
Removed! : C:\WINDOWS\sovkg.dat
Removed! : C:\WINDOWS\soyma.dat
Removed! : C:\WINDOWS\spbys.dat
Removed! : C:\WINDOWS\sqddk.dat
Removed! : C:\WINDOWS\ssqnu.dat
Removed! : C:\WINDOWS\stdjf.dat
Removed! : C:\WINDOWS\stngr.dat
Removed! : C:\WINDOWS\stpig.dat
Removed! : C:\WINDOWS\stveg.dat
Removed! : C:\WINDOWS\suetv.dat
Removed! : C:\WINDOWS\sukmb.dat
Removed! : C:\WINDOWS\svefo.dat
Removed! : C:\WINDOWS\svrix.dat
Removed! : C:\WINDOWS\swgcp.dat
Removed! : C:\WINDOWS\swyxr.dat
Removed! : C:\WINDOWS\sxdaq.dat
Removed! : C:\WINDOWS\sxzaj.dat
Removed! : C:\WINDOWS\syqtn.dat
Removed! : C:\WINDOWS\szdpu.dat
Removed! : C:\WINDOWS\szymv.dat
Removed! : C:\WINDOWS\tafkm.dat
Removed! : C:\WINDOWS\tahzm.dat
Removed! : C:\WINDOWS\tajxj.dat
Removed! : C:\WINDOWS\taphj.dat
Removed! : C:\WINDOWS\taphk.dat
Removed! : C:\WINDOWS\tbmyb.dat
Removed! : C:\WINDOWS\tbntq.dat
Removed! : C:\WINDOWS\tbrcj.dat
Removed! : C:\WINDOWS\tbuju.dat
Removed! : C:\WINDOWS\tcarx.dat
Removed! : C:\WINDOWS\tddtz.dat
Removed! : C:\WINDOWS\temlh.dat
Removed! : C:\WINDOWS\tesbl.dat
Removed! : C:\WINDOWS\tetoi.dat
Removed! : C:\WINDOWS\tgsxk.dat
Removed! : C:\WINDOWS\thkzq.dat
Removed! : C:\WINDOWS\thtlz.dat
Removed! : C:\WINDOWS\tisdt.dat
Removed! : C:\WINDOWS\titdw.dat
Removed! : C:\WINDOWS\tiyxg.dat
Removed! : C:\WINDOWS\tizlg.dat
Removed! : C:\WINDOWS\tkcsq.dat
Removed! : C:\WINDOWS\tkiii.dat
Removed! : C:\WINDOWS\tkkmg.dat
Removed! : C:\WINDOWS\tllpl.dat
Removed! : C:\WINDOWS\tlyva.dat
Removed! : C:\WINDOWS\tmfmj.dat
Removed! : C:\WINDOWS\tmhnw.dat
Removed! : C:\WINDOWS\tmswl.dat
Removed! : C:\WINDOWS\toauh.dat
Removed! : C:\WINDOWS\tobpp.dat
Removed! : C:\WINDOWS\toiud.dat
Removed! : C:\WINDOWS\tokwp.dat
Removed! : C:\WINDOWS\tospw.dat
Removed! : C:\WINDOWS\tovyp.dat
Removed! : C:\WINDOWS\tpfoe.dat
Removed! : C:\WINDOWS\tqyru.dat
Removed! : C:\WINDOWS\trxmd.dat
Removed! : C:\WINDOWS\tscgf.dat
Removed! : C:\WINDOWS\tuahh.dat
Removed! : C:\WINDOWS\tutzx.dat
Removed! : C:\WINDOWS\tuydx.dat
Removed! : C:\WINDOWS\tvwqf.dat
Removed! : C:\WINDOWS\twhma.dat
Removed! : C:\WINDOWS\txhmz.dat
Removed! : C:\WINDOWS\tyaxo.dat
Removed! : C:\WINDOWS\tyskp.dat
Removed! : C:\WINDOWS\tyxtz.dat
Removed! : C:\WINDOWS\tzhhz.dat
Removed! : C:\WINDOWS\tzian.dat
Removed! : C:\WINDOWS\tzxjc.dat
Removed! : C:\WINDOWS\uakyi.dat
Removed! : C:\WINDOWS\uapdi.dat
Removed! : C:\WINDOWS\uayda.dat
Removed! : C:\WINDOWS\ubnhl.dat
Removed! : C:\WINDOWS\ucvts.dat
Removed! : C:\WINDOWS\udklt.dat
Removed! : C:\WINDOWS\udszl.dat
Removed! : C:\WINDOWS\uepph.dat
Removed! : C:\WINDOWS\uerof.dat
Removed! : C:\WINDOWS\uewzj.dat
Removed! : C:\WINDOWS\ufpky.dat
Removed! : C:\WINDOWS\ugbvp.dat
Removed! : C:\WINDOWS\ugmmw.dat
Removed! : C:\WINDOWS\uhmvi.dat
Removed! : C:\WINDOWS\uhxcm.dat
Removed! : C:\WINDOWS\uigzv.dat
Removed! : C:\WINDOWS\uilsf.dat
Removed! : C:\WINDOWS\ujdsi.dat
Removed! : C:\WINDOWS\ujqsh.dat
Removed! : C:\WINDOWS\ukeof.dat
Removed! : C:\WINDOWS\ukriz.dat
Removed! : C:\WINDOWS\uldnh.dat
Removed! : C:\WINDOWS\ulqgs.dat
Removed! : C:\WINDOWS\umolx.dat
Removed! : C:\WINDOWS\unygm.dat
Removed! : C:\WINDOWS\uoigw.dat
Removed! : C:\WINDOWS\uouac.dat
Removed! : C:\WINDOWS\uoybx.dat
Removed! : C:\WINDOWS\uqbbs.dat
Removed! : C:\WINDOWS\uqfrr.dat
Removed! : C:\WINDOWS\uqfzx.dat
Removed! : C:\WINDOWS\uqiom.dat
Removed! : C:\WINDOWS\urvcq.dat
Removed! : C:\WINDOWS\usslq.dat
Removed! : C:\WINDOWS\utbur.dat
Removed! : C:\WINDOWS\uwijg.dat
Removed! : C:\WINDOWS\uwtbn.dat
Removed! : C:\WINDOWS\uwvtl.dat
Removed! : C:\WINDOWS\uwzzi.dat
Removed! : C:\WINDOWS\uxnmh.dat
Removed! : C:\WINDOWS\uzjps.dat
Removed! : C:\WINDOWS\vcnon.dat
Removed! : C:\WINDOWS\vcqvy.dat
Removed! : C:\WINDOWS\vdfga.dat
Removed! : C:\WINDOWS\vdxxq.dat
Removed! : C:\WINDOWS\vdzwb.dat
Removed! : C:\WINDOWS\vfdxz.dat
Removed! : C:\WINDOWS\vfqwv.dat
Removed! : C:\WINDOWS\vgaiz.dat
Removed! : C:\WINDOWS\vgvep.dat
Removed! : C:\WINDOWS\vhumb.dat
Removed! : C:\WINDOWS\vkoin.dat
Removed! : C:\WINDOWS\vlqzq.dat
Removed! : C:\WINDOWS\vmzgk.dat
Removed! : C:\WINDOWS\vnsyy.dat
Removed! : C:\WINDOWS\vpphl.dat
Removed! : C:\WINDOWS\vraub.dat
Removed! : C:\WINDOWS\vrnti.dat
Removed! : C:\WINDOWS\vrnxi.dat
Removed! : C:\WINDOWS\vsbvx.dat
Removed! : C:\WINDOWS\vsrnj.dat
Removed! : C:\WINDOWS\vtfvf.dat
Removed! : C:\WINDOWS\vufvh.dat
Removed! : C:\WINDOWS\vukmc.dat
Removed! : C:\WINDOWS\vupvr.dat
Removed! : C:\WINDOWS\vvhcx.dat
Removed! : C:\WINDOWS\vvncl.dat
Removed! : C:\WINDOWS\vvwgt.dat
Removed! : C:\WINDOWS\vvypj.dat
Removed! : C:\WINDOWS\vwwlw.dat
Removed! : C:\WINDOWS\vxdsx.dat
Removed! : C:\WINDOWS\vygoj.dat
Removed! : C:\WINDOWS\vznkr.dat
Removed! : C:\WINDOWS\wagvh.dat
Removed! : C:\WINDOWS\wagwu.dat
Removed! : C:\WINDOWS\wamwx.dat
Removed! : C:\WINDOWS\wbich.dat
Removed! : C:\WINDOWS\wcdbv.dat
Removed! : C:\WINDOWS\wcirv.dat
Removed! : C:\WINDOWS\wdjkb.dat
Removed! : C:\WINDOWS\wdrue.dat
Removed! : C:\WINDOWS\wedfk.dat
Removed! : C:\WINDOWS\wevxx.dat
Removed! : C:\WINDOWS\wfpno.dat
Removed! : C:\WINDOWS\wfytu.dat
Removed! : C:\WINDOWS\wgdhd.dat
Removed! : C:\WINDOWS\wghsk.dat
Removed! : C:\WINDOWS\wgjux.dat
Removed! : C:\WINDOWS\whcbs.dat
Removed! : C:\WINDOWS\wjjbo.dat
Removed! : C:\WINDOWS\wjumf.dat
Removed! : C:\WINDOWS\wkbiu.dat
Removed! : C:\WINDOWS\wkjgo.dat
Removed! : C:\WINDOWS\wkpwc.dat
Removed! : C:\WINDOWS\wmadk.dat
Removed! : C:\WINDOWS\wmnyf.dat
Removed! : C:\WINDOWS\wniuw.dat
Removed! : C:\WINDOWS\wnusn.dat
Removed! : C:\WINDOWS\wofbk.dat
Removed! : C:\WINDOWS\wqbha.dat
Removed! : C:\WINDOWS\wqjvu.dat
Removed! : C:\WINDOWS\wrpmb.dat
Removed! : C:\WINDOWS\wscnp.dat
Removed! : C:\WINDOWS\wspqx.dat
Removed! : C:\WINDOWS\wtaut.dat
Removed! : C:\WINDOWS\wtuiq.dat
Removed! : C:\WINDOWS\wuntx.dat
Removed! : C:\WINDOWS\wupci.dat
Removed! : C:\WINDOWS\wvajn.dat
Removed! : C:\WINDOWS\wvvcd.dat
Removed! : C:\WINDOWS\wvvte.dat
Removed! : C:\WINDOWS\wwnhs.dat
Removed! : C:\WINDOWS\wyhmf.dat
Removed! : C:\WINDOWS\xaglp.dat
Removed! : C:\WINDOWS\xarzy.dat
Removed! : C:\WINDOWS\xbfes.dat
Removed! : C:\WINDOWS\xbtrg.dat
Removed! : C:\WINDOWS\xbwxy.dat
Removed! : C:\WINDOWS\xcdtx.dat
Removed! : C:\WINDOWS\xfbdl.dat
Removed! : C:\WINDOWS\xgklk.dat
Removed! : C:\WINDOWS\xgyit.dat
Removed! : C:\WINDOWS\xhbng.dat
Removed! : C:\WINDOWS\xhoyn.dat
Removed! : C:\WINDOWS\xhytg.dat
Removed! : C:\WINDOWS\xiply.dat
Removed! : C:\WINDOWS\xirjp.dat
Removed! : C:\WINDOWS\xjfqe.dat
Removed! : C:\WINDOWS\xkcnj.dat
Removed! : C:\WINDOWS\xlana.dat
Removed! : C:\WINDOWS\xldgj.dat
Removed! : C:\WINDOWS\xmkeh.dat
Removed! : C:\WINDOWS\xmpfc.dat
Removed! : C:\WINDOWS\xnxbs.dat
Removed! : C:\WINDOWS\xpbqz.dat
Removed! : C:\WINDOWS\xpdyx.dat
Removed! : C:\WINDOWS\xpjnx.dat
Removed! : C:\WINDOWS\xpkbq.dat
Removed! : C:\WINDOWS\xpldu.dat
Removed! : C:\WINDOWS\xsfpw.dat
Removed! : C:\WINDOWS\xsobw.dat
Removed! : C:\WINDOWS\xsytp.dat
Removed! : C:\WINDOWS\xttsn.dat
Removed! : C:\WINDOWS\xufpu.dat
Removed! : C:\WINDOWS\xuitp.dat
Removed! : C:\WINDOWS\xuoum.dat
Removed! : C:\WINDOWS\xvmaz.dat
Removed! : C:\WINDOWS\xvtxq.dat
Removed! : C:\WINDOWS\xysyw.dat
Removed! : C:\WINDOWS\xzzks.dat
Removed! : C:\WINDOWS\yayae.dat
Removed! : C:\WINDOWS\ybepv.dat
Removed! : C:\WINDOWS\ybhzv.dat
Removed! : C:\WINDOWS\ybpur.dat
Removed! : C:\WINDOWS\ydazv.dat
Removed! : C:\WINDOWS\ydgel.dat
Removed! : C:\WINDOWS\ydhxf.dat
Removed! : C:\WINDOWS\yeamk.dat
Removed! : C:\WINDOWS\yemzi.dat
Removed! : C:\WINDOWS\yfatr.dat
Removed! : C:\WINDOWS\yfdfm.dat
Removed! : C:\WINDOWS\yffus.dat
Removed! : C:\WINDOWS\yfnpi.dat
Removed! : C:\WINDOWS\yfrer.dat
Removed! : C:\WINDOWS\ygkwa.dat
Removed! : C:\WINDOWS\ygugl.dat
Removed! : C:\WINDOWS\ygzhd.dat
Removed! : C:\WINDOWS\yhpvk.dat
Removed! : C:\WINDOWS\yhuvl.dat
Removed! : C:\WINDOWS\yikkc.dat
Removed! : C:\WINDOWS\yiqve.dat
Removed! : C:\WINDOWS\yjnpa.dat
Removed! : C:\WINDOWS\ykdrx.dat
Removed! : C:\WINDOWS\ykobn.dat
Removed! : C:\WINDOWS\ymivo.dat
Removed! : C:\WINDOWS\ynugu.dat
Removed! : C:\WINDOWS\ypejn.dat
Removed! : C:\WINDOWS\yqrpm.dat
Removed! : C:\WINDOWS\yriwu.dat
Removed! : C:\WINDOWS\yrksg.dat
Removed! : C:\WINDOWS\yrwfk.dat
Removed! : C:\WINDOWS\yseoi.dat
Removed! : C:\WINDOWS\ysurp.dat
Removed! : C:\WINDOWS\ytnku.dat
Removed! : C:\WINDOWS\ytvtf.dat
Removed! : C:\WINDOWS\ytyjf.dat
Removed! : C:\WINDOWS\yutkz.dat
Removed! : C:\WINDOWS\ywcji.dat
Removed! : C:\WINDOWS\ywewx.dat
Removed! : C:\WINDOWS\yxkgi.dat
Removed! : C:\WINDOWS\yxliy.dat
Removed! : C:\WINDOWS\yxqir.dat
Removed! : C:\WINDOWS\yxzxs.dat
Removed! : C:\WINDOWS\yyaks.dat
Removed! : C:\WINDOWS\yyssd.dat
Removed! : C:\WINDOWS\yzcdn.dat
Removed! : C:\WINDOWS\yzfxb.dat
Removed! : C:\WINDOWS\yzntq.dat
Removed! : C:\WINDOWS\zcbnx.dat
Removed! : C:\WINDOWS\zcfmo.dat
Removed! : C:\WINDOWS\zcgml.dat
Removed! : C:\WINDOWS\zclfe.dat
Removed! : C:\WINDOWS\zcvqk.dat
Removed! : C:\WINDOWS\zfjpq.dat
Removed! : C:\WINDOWS\zgfqj.dat
Removed! : C:\WINDOWS\zggzx.dat
Removed! : C:\WINDOWS\zgvzc.dat
Removed! : C:\WINDOWS\zhfyi.dat
Removed! : C:\WINDOWS\zivxr.dat
Removed! : C:\WINDOWS\zjbse.dat
Removed! : C:\WINDOWS\zjqji.dat
Removed! : C:\WINDOWS\zktta.dat
Removed! : C:\WINDOWS\zlwqq.dat
Removed! : C:\WINDOWS\zniit.dat
Removed! : C:\WINDOWS\znvcd.dat
Removed! : C:\WINDOWS\znxhc.dat
Removed! : C:\WINDOWS\zoblu.dat
Removed! : C:\WINDOWS\zoonh.dat
Removed! : C:\WINDOWS\zorts.dat
Removed! : C:\WINDOWS\zouac.dat
Removed! : C:\WINDOWS\zouya.dat
Removed! : C:\WINDOWS\zoxdn.dat
Removed! : C:\WINDOWS\zqrhi.dat
Removed! : C:\WINDOWS\zrawr.dat
Removed! : C:\WINDOWS\zrbzi.dat
Removed! : C:\WINDOWS\zrvky.dat
Removed! : C:\WINDOWS\ztftr.dat
Removed! : C:\WINDOWS\zvzrd.dat
Removed! : C:\WINDOWS\zwndn.dat
Removed! : C:\WINDOWS\zxbri.dat
Removed! : C:\WINDOWS\zxddd.dat
Removed! : C:\WINDOWS\zxkzw.dat
Removed! : C:\WINDOWS\zxqij.dat
Removed! : C:\WINDOWS\zymji.dat
Removed! : C:\WINDOWS\zzike.dat
Removed! : C:\WINDOWS\zznoq.dat
Removed! : C:\WINDOWS\zzpgd.dat
Removed! : C:\WINDOWS\zzrlx.dat
Removed! : C:\WINDOWS\system32\aaslq.dat
Removed! : C:\WINDOWS\system32\abixi.dat
Removed! : C:\WINDOWS\system32\adkzl.dat
Removed! : C:\WINDOWS\system32\adusa.dat
Removed! : C:\WINDOWS\system32\agmvk.dat
Removed! : C:\WINDOWS\system32\aikez.dat
Removed! : C:\WINDOWS\system32\airex.dat
Removed! : C:\WINDOWS\system32\aiwkf.dat
Removed! : C:\WINDOWS\system32\ajqdn.dat
Removed! : C:\WINDOWS\system32\ajqtq.dat
Removed! : C:\WINDOWS\system32\akoko.dat
Removed! : C:\WINDOWS\system32\akpuy.dat
Removed! : C:\WINDOWS\system32\aksxc.dat
Removed! : C:\WINDOWS\system32\allwg.dat
Removed! : C:\WINDOWS\system32\alwnb.dat
Removed! : C:\WINDOWS\system32\anevu.dat
Removed! : C:\WINDOWS\system32\aoxbv.dat
Removed! : C:\WINDOWS\system32\apbrc.dat
Removed! : C:\WINDOWS\system32\apwyb.dat
Removed! : C:\WINDOWS\system32\ariuy.dat
Removed! : C:\WINDOWS\system32\artzr.dat
Removed! : C:\WINDOWS\system32\askhw.dat
Removed! : C:\WINDOWS\system32\atbwa.dat
Removed! : C:\WINDOWS\system32\auqob.dat
Removed! : C:\WINDOWS\system32\avnso.dat
Removed! : C:\WINDOWS\system32\axctd.dat
Removed! : C:\WINDOWS\system32\axrsg.dat
Removed! : C:\WINDOWS\system32\axyok.dat
Removed! : C:\WINDOWS\system32\aychm.dat
Removed! : C:\WINDOWS\system32\azngh.dat
Removed! : C:\WINDOWS\system32\azpsv.dat
Removed! : C:\WINDOWS\system32\baoqs.dat
Removed! : C:\WINDOWS\system32\bdhcg.dat
Removed! : C:\WINDOWS\system32\bdrpp.dat
Removed! : C:\WINDOWS\system32\bdxlp.dat
Removed! : C:\WINDOWS\system32\bezqv.dat
Removed! : C:\WINDOWS\system32\bfdyw.dat
Removed! : C:\WINDOWS\system32\bfhcp.dat
Removed! : C:\WINDOWS\system32\bfnne.dat
Removed! : C:\WINDOWS\system32\bgblq.dat
Removed! : C:\WINDOWS\system32\bgwdg.dat
Removed! : C:\WINDOWS\system32\bhbpr.dat
Removed! : C:\WINDOWS\system32\bhfqn.dat
Removed! : C:\WINDOWS\system32\bidxk.dat
Removed! : C:\WINDOWS\system32\bkkkg.dat
Removed! : C:\WINDOWS\system32\bklsb.dat
Removed! : C:\WINDOWS\system32\bknyc.dat
Removed! : C:\WINDOWS\system32\bkyon.dat
Removed! : C:\WINDOWS\system32\blbjm.dat
Removed! : C:\WINDOWS\system32\bnhss.dat
Removed! : C:\WINDOWS\system32\bnpnm.dat
Removed! : C:\WINDOWS\system32\bnzip.dat
Removed! : C:\WINDOWS\system32\bodnm.dat
Removed! : C:\WINDOWS\system32\bqete.dat
Removed! : C:\WINDOWS\system32\bsgea.dat
Removed! : C:\WINDOWS\system32\bsiwg.dat
Removed! : C:\WINDOWS\system32\btdhx.dat
Removed! : C:\WINDOWS\system32\btlhz.dat
Removed! : C:\WINDOWS\system32\btwul.dat
Removed! : C:\WINDOWS\system32\btzmq.dat
Removed! : C:\WINDOWS\system32\btzsx.dat
Removed! : C:\WINDOWS\system32\bvkxr.dat
Removed! : C:\WINDOWS\system32\bvvws.dat
Removed! : C:\WINDOWS\system32\bvyyy.dat
Removed! : C:\WINDOWS\system32\bwdlf.dat
Removed! : C:\WINDOWS\system32\bxzub.dat
Removed! : C:\WINDOWS\system32\bzhui.dat
Removed! : C:\WINDOWS\system32\cagla.dat
Removed! : C:\WINDOWS\system32\cbdhz.dat
Removed! : C:\WINDOWS\system32\cbkag.dat
Removed! : C:\WINDOWS\system32\cdosb.dat
Removed! : C:\WINDOWS\system32\cdvbu.dat
Removed! : C:\WINDOWS\system32\cfnpv.dat
Removed! : C:\WINDOWS\system32\cfrwc.dat
Removed! : C:\WINDOWS\system32\cftbk.dat
Removed! : C:\WINDOWS\system32\ciykj.dat
Removed! : C:\WINDOWS\system32\cjrng.dat
Removed! : C:\WINDOWS\system32\cjtti.dat
Removed! : C:\WINDOWS\system32\cjvrq.dat
Removed! : C:\WINDOWS\system32\ckldi.dat
Removed! : C:\WINDOWS\system32\cmkmd.dat
Removed! : C:\WINDOWS\system32\cmkmr.dat
Removed! : C:\WINDOWS\system32\cmvkn.dat
Removed! : C:\WINDOWS\system32\cpdie.dat
Removed! : C:\WINDOWS\system32\cpmhe.dat
Removed! : C:\WINDOWS\system32\cquot.dat
Removed! : C:\WINDOWS\system32\crbdj.dat
Removed! : C:\WINDOWS\system32\crfsk.dat
Removed! : C:\WINDOWS\system32\crriu.dat
Removed! : C:\WINDOWS\system32\ctpva.dat
Removed! : C:\WINDOWS\system32\cubiy.dat
Removed! : C:\WINDOWS\system32\cxhak.dat
Removed! : C:\WINDOWS\system32\cxpbs.dat
Removed! : C:\WINDOWS\system32\cyitk.dat
Removed! : C:\WINDOWS\system32\czxji.dat
Removed! : C:\WINDOWS\system32\daxcs.dat
Removed! : C:\WINDOWS\system32\dbigm.dat
Removed! : C:\WINDOWS\system32\dcehk.dat
Removed! : C:\WINDOWS\system32\ddjox.dat
Removed! : C:\WINDOWS\system32\ddkrm.dat
Removed! : C:\WINDOWS\system32\denoz.dat
Removed! : C:\WINDOWS\system32\dexlk.dat
Removed! : C:\WINDOWS\system32\digds.dat
Removed! : C:\WINDOWS\system32\dirki.dat
Removed
  • 0

#7
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi ryanpalmerb

Welcome to geekstogo

Reboot into safemode

Important Step
1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:


Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\iedf.exe" /s

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you dont find this service listed go ahead with the next steps.


Please read through the instructions before you start (you may want to print this out).

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\iedf.exe" /s (file missing)

Click on Fix Checked when finished and exit HijackThis.

Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

Using Windows Explorer, locate the following files/folders, and delete them:

C:\WINDOWS\netjh.exe<--Delete this file

Exit Explorer

Now run the ccleaner

Reboot your system

Post back a fresh HijackThis log and we will take another look.

Kc :tazz:
  • 0

#8
ryanpalmerb

ryanpalmerb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Ok..here's what I did:

1) went into safe mode
2) went into service.msc, found the RPC Helper, didn't have to stop it (already stopped), changed startup type from auto to disabled.
3) ran HJT - did not find the file O23 - Service - RPC Helper......
4) Ran About Buster - see below
5) Ran CWShredder - was clean
6) Deleted C:\WINDOWS\netjh.exe
7) Ran Crap Cleaner
8) Reboot

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 25

No ADS found on system
Removed 4 Random Key Entries
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 25

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!


Logfile of HijackThis v1.99.1
Scan saved at 3:11:33 PM, on 3/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.partypoke...nstallstart.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#9
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi ryanpalmerb

Download the Microsoft Antispyware

1. Download the CCleaner unzip the file to install.
2. Open CCleaner.
3. Place a check by everything in the Applications tab.
4. Place a check by Internet Explorer, Windows explorer, and System in the Windows tab.
5. Hit the button that says Run CCleaner
6. Reboot to remove index.dat files.

Clean out all temp files in Mozilla, Internet Explorer.
Internet Explorer: Tools/ Internet Options/ General/ Temporary internet files/ Delete Files (NOTE, that this may take very long!). You can also set the memory limit to about 80 MB at the Settings.

Mozilla: Edit/ Options/ Extended/ Cache/ Clear Cache

Turn of system restore
Disabling or enabling Windows XP System Restore

Defrag your hard drive turn system restore back on and create a new restore point.

Congratulations! Your system is CLEAN :tazz:

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use). Click Here
QUOTE
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here http://windowsupdate.microsoft.com/ to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox user posted image.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

After doing all these, your system will be thoroughly protected from future threats. ;)

Kc ;)
  • 0

#10
ryanpalmerb

ryanpalmerb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
THANK YOU SOOOOOOO MUCH!!!!!

Everything is working great now! Whew!

Thank god for geekstogo!

About these steps:

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox user posted image.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

I use AOL for web browsing...should I get Firefox anyway? If I install it should uninstall IE?

If I install Sun's Java do I need to uninstall Microsofts Java?

Thanks again!!!
  • 0

#11
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi ryanpalmerb

I use AOL for web browsing...should I get Firefox anyway? If I install it should uninstall IE?
No do not remove IEXPLORER, I have four browsers but mostly use Firefox

Install sun java first run it make sure it is working ok, then follow the step for MSJAVA removal

You can download Sun's newer JVM for Windows at http://java.sun.com/getjava/index.html.
http://www.java.com/...load/manual.jsp
Windows (Offline Installation)
Download sun java first make sure it is working if ok

Then follow the steps to remove Microsoft Java Virtual Machine

How can I uninstall the Microsoft Java Virtual Machine (JVM) from Windows XP?

John Savill
InstantDoc #38206
John Savill's FAQ for Windows


A. You might want to remove the Microsoft JVM, which Microsoft no longer supports, in favor of the more recent Sun Microsystems JVM. To remove the Microsoft JVM, perform the following steps:

1. From the Start menu, select Run.
2. Enter the command

RunDll32 advpack.dll,LaunchINFSection java.inf,UnInstall

to start the uninstall process
3. Click Yes to the confirmation, then select Reboot.
4. After the machine restarts, delete the following items:
* the \%systemroot%\java folder
* java.pnf from the \%systemroot%\inf folder
* jview.exe and wjview.exe from the \%systemroot%\system32 folder
* The HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM registry subkey
* The HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\JAVA_VM registry subkey (to remove the Microsoft Internet Explorer (IE) options)

Microsoft Java is now removed.
You can download Sun's newer JVM for Windows at http://java.sun.com/getjava/index.html.
http://www.java.com/...load/manual.jsp
Windows (Offline Installation)


Kc :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP