Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

loadingwebsite/warning pop ups


  • Please log in to reply

#1
Chubbs

Chubbs

    Member

  • Member
  • PipPip
  • 31 posts
Hi, this is my first post on this website. Lately my computer has been opening rundll32.exe alot which is shortly followed by pop ups/adds in internet explorer windows. I have tried everything that I can think of so here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:23:29 PM, on 4/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\inetg\winlogon.exe
C:\WINDOWS\System32\rivlz.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\America Online 9.0\waol.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\WINDOWS\System32\rundll32.exe
C:\Documents and Settings\Lucas\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Lucas\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Lucas\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
F3 - REG:win.ini: run=C:\WINDOWS\inetg\winlogon.exe
O2 - BHO: (no name) - {06328303-8145-6034-ED77-7B81150E5C09} - C:\WINDOWS\System32\cnltnxzn.dll
O2 - BHO: (no name) - {0B70B616-E0FF-B4EF-4E69-F95158E34A07} - C:\WINDOWS\System32\stjhpgqo.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {7B87130B-1FC6-D1EB-720C-73A874F8F3E4} - C:\WINDOWS\System32\amdombel.dll
O2 - BHO: (no name) - {AD8F82DE-242F-4A81-B933-551D98E47FB0} - C:\WINDOWS\System32\habgp.dll
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetg\winlogon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rivlz.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Lucas\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetg\winlogon.exe
O4 - HKCU\..\RunOnce: [Web Offer] C:\WINDOWS\System32\Cache\Advtg.exe
O4 - Startup: DLHelperEXE.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.barg..._MARKETING9.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...58/QDow_AS2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0015.exe
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupd...ll/aun_0010.exe
O16 - DPF: {FDCC1518-6A63-11D9-AAC8-91EC5E497716} - http://www.ouchvideo...iewer_emg11.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB741E0-4678-439D-8CB3-14008F3CFF92}: NameServer = 205.188.146.145
O18 - Filter: text/html - {6E0FCF4C-411E-4C83-B42C-BC59C90F7403} - C:\WINDOWS\System32\habgp.dll
O18 - Filter: text/plain - {6E0FCF4C-411E-4C83-B42C-BC59C90F7403} - C:\WINDOWS\System32\habgp.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\p4r40e9qeh.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: piryrmibvjlh (vclydjwc6) - Unknown owner - C:\WINDOWS\System32\jqpdqycw6.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


Still having this trouble, appears to be similar to the loadingwebsite thing since half of the pop ups are from that. I can post a new HJT log if needed, any help would be appreciated.

Edited by Chubbs, 08 April 2005 - 03:52 PM.

  • 0

Advertisements


#2
Chubbs

Chubbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I have ran Ad-aware,CWS Shredder, and Spybot S&D
Problem is still present, also, drwtsn32 opens with the IE windows the same as rundll32 here is a new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 4:32:58 PM, on 4/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\inetg\winlogon.exe
C:\WINDOWS\System32\rivlz.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Documents and Settings\Lucas\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Lucas\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Lucas\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
F3 - REG:win.ini: run=C:\WINDOWS\inetg\winlogon.exe
O2 - BHO: (no name) - {06328303-8145-6034-ED77-7B81150E5C09} - C:\WINDOWS\System32\cnltnxzn.dll
O2 - BHO: (no name) - {0B70B616-E0FF-B4EF-4E69-F95158E34A07} - C:\WINDOWS\System32\stjhpgqo.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {7B87130B-1FC6-D1EB-720C-73A874F8F3E4} - C:\WINDOWS\System32\amdombel.dll
O2 - BHO: (no name) - {DCD9CD5F-84FB-4027-9059-66EAB0E6BE52} - C:\WINDOWS\System32\habgp.dll
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetg\winlogon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rivlz.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Lucas\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetg\winlogon.exe
O4 - Startup: DLHelperEXE.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.barg..._MARKETING9.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...58/QDow_AS2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0015.exe
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupd...ll/aun_0010.exe
O16 - DPF: {FDCC1518-6A63-11D9-AAC8-91EC5E497716} - http://www.ouchvideo...iewer_emg11.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB741E0-4678-439D-8CB3-14008F3CFF92}: NameServer = 205.188.146.145
O18 - Filter: text/html - {D178E0B9-6165-419A-A1BD-F5EAD93C7D43} - C:\WINDOWS\System32\habgp.dll
O18 - Filter: text/plain - {D178E0B9-6165-419A-A1BD-F5EAD93C7D43} - C:\WINDOWS\System32\habgp.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\d0j0la1m1d.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: piryrmibvjlh (vclydjwc6) - Unknown owner - C:\WINDOWS\System32\jqpdqycw6.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Edited by Chubbs, 08 April 2005 - 04:29 PM.

  • 0

#3
Chubbs

Chubbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I have been working on this some, still no luck, I have found some of what may be the problem, the thing is that I cannot delete it, not even in safe mode.
The program I suspect causing part of the problem is rivlz.exe, but seems to reinstall itself, by watching task manager the thing that could be reinstalling it may be called "tp7543" but I am unsure. Pop ups still exist, quite frequently, and other ad-ware gets installed every so often while rundll32 is up. Any help would be appreciated, a new HJT log can be posted.
  • 0

#4
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi and welcome Chubbs,

Please Download LSPFix and Run the Program.
Disconnect from the Internet and close all Internet Explorer Windows.
Check the "I know what I'm doing" Button and remove all traces of dolsp.dll ( Nothing else)
Then Reboot.

Post back a fresh HJT log when done please,
  • 0

#5
Chubbs

Chubbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hi don, thanks for responding.
I did what you said, that .dll file appears to be gone now but the rundll32 problems still exist, anyways, here is the fresh HJT log you requested :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 4:07:14 PM, on 4/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\inetg\winlogon.exe
C:\WINDOWS\System32\rivlz.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Documents and Settings\Lucas\Local Settings\Temp\Temporary Directory 10 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-paga.com/10013/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
F3 - REG:win.ini: run=C:\WINDOWS\inetg\winlogon.exe
O2 - BHO: (no name) - {06328303-8145-6034-ED77-7B81150E5C09} - (no file)
O2 - BHO: (no name) - {0B70B616-E0FF-B4EF-4E69-F95158E34A07} - (no file)
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {7B87130B-1FC6-D1EB-720C-73A874F8F3E4} - (no file)
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetg\winlogon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rivlz.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetg\winlogon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.barg..._MARKETING9.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...58/QDow_AS2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0015.exe
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupd...ll/aun_0010.exe
O16 - DPF: {FDCC1518-6A63-11D9-AAC8-91EC5E497716} - http://www.ouchvideo...iewer_emg11.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB741E0-4678-439D-8CB3-14008F3CFF92}: NameServer = 205.188.146.145
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\ir20l5fm1.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: piryrmibvjlh (vclydjwc6) - Unknown owner - C:\WINDOWS\System32\jqpdqycw6.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#6
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Yes it is gone,
Thats 1 down a few more to go :tazz:

Download SpSeHjfix into a folder. Disconnect from the net and Close ALL OPEN PROGRAMS. Run 'SpSeHjfix' and click on "Start Disinfection". When it's finished it will reboot your machine to finish the cleaning process. The tool creates a log of the fix which will appear in the folder.

Reboot and post a fresh HJT log and the log that was created by 'SpSeHjfix'.
  • 0

#7
Chubbs

Chubbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
here is the log from that one program:



(4/9/05 4:19:11 PM) SPSeHjFix started v1.1.1
(4/9/05 4:19:11 PM) OS: WinXP Service Pack 1 (5.1.2600)
(4/9/05 4:19:11 PM) Language: english
(4/9/05 4:19:15 PM) Disinfection started
(4/9/05 4:19:15 PM) Bad-Dll(IEP): (not found)
(4/9/05 4:19:16 PM) Bad-Dll(IEP) in BHO: (not found)
(4/9/05 4:19:16 PM) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06328303-8145-6034-ED77-7B81150E5C09} (file missing: deleted)
(4/9/05 4:19:16 PM) BHO-Key: HKCR\CLSID\{06328303-8145-6034-ED77-7B81150E5C09} (file missing: deleted)
(4/9/05 4:19:16 PM) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B70B616-E0FF-B4EF-4E69-F95158E34A07} (file missing: deleted)
(4/9/05 4:19:16 PM) BHO-Key: HKCR\CLSID\{0B70B616-E0FF-B4EF-4E69-F95158E34A07} (file missing: deleted)
(4/9/05 4:19:16 PM) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321E378-FFAD-4999-8C62-03CA8155F0B3} (file missing: deleted)
(4/9/05 4:19:16 PM) BHO-Key: HKCR\CLSID\{5321E378-FFAD-4999-8C62-03CA8155F0B3} (file missing: deleted)
(4/9/05 4:19:16 PM) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B87130B-1FC6-D1EB-720C-73A874F8F3E4} (file missing: deleted)
(4/9/05 4:19:16 PM) BHO-Key: HKCR\CLSID\{7B87130B-1FC6-D1EB-720C-73A874F8F3E4} (file missing: deleted)
(4/9/05 4:19:16 PM) UBF: 7
(4/9/05 4:19:16 PM) UBB: 3
(4/9/05 4:19:16 PM) UBR: 3
(4/9/05 4:19:16 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, SearchAssistant:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page:
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(4/9/05 4:19:19 PM) Stealth-String not found
(4/9/05 4:19:51 PM) Temp-Files delete on Reboot
(4/9/05 4:19:51 PM) File added to delete: error
(4/9/05 4:19:51 PM) File added to delete: c:\docume~1\lucas\locals~1\temp\~dfaaeb.tmp
(4/9/05 4:19:51 PM) File added to delete: c:\docume~1\lucas\locals~1\temp\90051adc.gdp_tmp_001
(4/9/05 4:19:51 PM) File added to delete: c:\docume~1\lucas\locals~1\temp\cab65562
(4/9/05 4:19:51 PM) File added to delete: c:\docume~1\lucas\locals~1\temp\history
(4/9/05 4:19:51 PM) File added to delete: c:\docume~1\lucas\locals~1\temp\temporary internet files
(4/9/05 4:19:51 PM) File added to delete: c:\docume~1\lucas\locals~1\temp\temporary internet files\content.ie5
(4/9/05 4:19:51 PM) Reboot

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 4:30:14 PM, on 4/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\inetg\winlogon.exe
C:\WINDOWS\System32\rivlz.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Lucas\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\Documents and Settings\Lucas\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-paga.com/10013/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
F3 - REG:win.ini: run=C:\WINDOWS\inetg\winlogon.exe
O2 - BHO: (no name) - {06328303-8145-6034-ED77-7B81150E5C09} - (no file)
O2 - BHO: (no name) - {0B70B616-E0FF-B4EF-4E69-F95158E34A07} - (no file)
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {7B87130B-1FC6-D1EB-720C-73A874F8F3E4} - (no file)
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetg\winlogon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rivlz.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetg\winlogon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.barg..._MARKETING9.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...58/QDow_AS2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0015.exe
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupd...ll/aun_0010.exe
O16 - DPF: {FDCC1518-6A63-11D9-AAC8-91EC5E497716} - http://www.ouchvideo...iewer_emg11.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB741E0-4678-439D-8CB3-14008F3CFF92}: NameServer = 205.188.146.145
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\k6nolg5316.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: piryrmibvjlh (vclydjwc6) - Unknown owner - C:\WINDOWS\System32\jqpdqycw6.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


ready for next instructions :tazz:
  • 0

#8
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Good deal,
Probably a good idea to print out the following or save it to notebook so you have them for easy reference

Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it hjt
Move HJT into this folder please,

Next,
Please open HJT> Click on the Config button> Click >Misc. Tools > Click > Open Process manager> Highlight “
winlogon.exe
rivlz.exe
jqpdqycw6.exe
“ >Click> Kill process>
Next click the scan button and put a check mark next to the following, close all open windows , Click “ Fix Checked”

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-paga.com/10013/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
F3 - REG:win.ini: run=C:\WINDOWS\inetg\winlogon.exe
O2 - BHO: (no name) - {06328303-8145-6034-ED77-7B81150E5C09} - (no file)
O2 - BHO: (no name) - {0B70B616-E0FF-B4EF-4E69-F95158E34A07} - (no file)
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {7B87130B-1FC6-D1EB-720C-73A874F8F3E4} - (no file)
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetg\winlogon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rivlz.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetg\winlogon.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.barg..._MARKETING9.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...58/QDow_AS2.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0015.exe
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupd...ll/aun_0010.exe
O16 - DPF: {FDCC1518-6A63-11D9-AAC8-91EC5E497716} - http://www.ouchvideo...iewer_emg11.cab
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\k6nolg5316.dll
O23 - Service: piryrmibvjlh (vclydjwc6) - Unknown owner - C:\WINDOWS\System32\jqpdqycw6.exe (file missing)

Reboot to safe mode ( by tapping the F8 key on start up ) make sure you can view all hidden folders/files View Hidden Folders search for and delete the following in BOLD

C:\WINDOWS\inetg\winlogon.exe
C:\WINDOWS\System32\rivlz.exe
C:\WINDOWS\system32\k6nolg5316.dll
C:\WINDOWS\System32\jqpdqycw6.exe
C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm <-- Delete Folder


Restart your computer, restart HJT and post back a fresh log
  • 0

#9
Chubbs

Chubbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Did what you said, but as you can see they still appear to be there :tazz:
here is HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 5:15:28 PM, on 4/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\rivlz.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\America Online 9.0\waol.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Documents and Settings\Lucas\Local Settings\Temp\Temporary Directory 6 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {06328303-8145-6034-ED77-7B81150E5C09} - (no file)
O2 - BHO: (no name) - {0B70B616-E0FF-B4EF-4E69-F95158E34A07} - (no file)
O2 - BHO: (no name) - {7B87130B-1FC6-D1EB-720C-73A874F8F3E4} - (no file)
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rivlz.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB741E0-4678-439D-8CB3-14008F3CFF92}: NameServer = 205.188.146.145
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\r68slgl716q.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: piryrmibvjlh (vclydjwc6) - Unknown owner - C:\WINDOWS\System32\jqpdqycw6.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#10
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Edited by don77, 09 April 2005 - 04:19 PM.

  • 0

Advertisements


#11
Chubbs

Chubbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
here is the log:
(ok, let me run the other program again, one minute)
L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\policies]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\r68slgl716q.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{6E490003-0262-1EB7-08DB-F2DA1E3EDFF3}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{955B7B84-5308-419c-8ED8-0B9CA3C56985}"="America Online"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
"{CDFA0DDD-2FCD-4C65-A1B6-08DA5DD46CF4}"=""
"{8B4D2AB3-DE50-4473-B67F-20B239B6A3A6}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CDFA0DDD-2FCD-4C65-A1B6-08DA5DD46CF4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CDFA0DDD-2FCD-4C65-A1B6-08DA5DD46CF4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CDFA0DDD-2FCD-4C65-A1B6-08DA5DD46CF4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CDFA0DDD-2FCD-4C65-A1B6-08DA5DD46CF4}\InprocServer32]
@="C:\\WINDOWS\\system32\\ipaksie.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8B4D2AB3-DE50-4473-B67F-20B239B6A3A6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8B4D2AB3-DE50-4473-B67F-20B239B6A3A6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8B4D2AB3-DE50-4473-B67F-20B239B6A3A6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8B4D2AB3-DE50-4473-B67F-20B239B6A3A6}\InprocServer32]
@="C:\\WINDOWS\\system32\\dpdskmgr.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
Locate .tmp files:
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 0000-5A8C

Directory of C:\WINDOWS\System32

04/09/2005 05:38 PM 232,989 guard.tmp
04/09/2005 05:34 PM 232,989 dpdskmgr.dll
04/09/2005 05:22 PM 232,989 lvr4099qe.dll
04/09/2005 05:11 PM 234,945 q6nulg5916.dll
04/09/2005 05:02 PM 232,989 ipaksie.dll
04/09/2005 05:01 PM 232,989 r68slgl716q.dll
04/09/2005 03:57 PM 232,989 azao0913e.dll
04/09/2005 03:35 PM 234,575 p68qlgl516q.dll
04/09/2005 03:00 PM 232,989 wbpns.dll
04/09/2005 01:05 PM 233,088 lvr0099me.dll
04/09/2005 12:39 PM 232,989 kednec95.dll
04/09/2005 12:20 PM 232,989 wzaudsdk.dll
04/09/2005 12:20 PM 234,234 ir42l5ho1.dll
04/09/2005 12:14 PM 232,989 dkskadp.dll
04/09/2005 09:07 AM 232,989 lztif12n.dll
04/08/2005 07:00 PM 234,874 q0860alsedq60.dll
04/08/2005 04:25 PM 234,874 mqv1_0.dll
04/08/2005 04:25 PM 233,260 azaslg5716.dll
04/07/2005 06:47 PM 234,874 bgowselc.dll
04/07/2005 06:25 PM 234,874 ani3d2ag.dll
04/07/2005 04:38 PM 234,874 lvjm0911e.dll
04/07/2005 04:34 PM 234,874 nswmsdrm.dll
04/07/2005 04:22 PM 234,874 cPis2022.dll
04/07/2005 04:13 PM 234,874 m0ju0a19ed.dll
04/07/2005 04:11 PM 234,874 mbimsg.dll
04/07/2005 04:10 PM 233,248 n62ulgf9162.dll
04/07/2005 03:59 PM 233,248 wznscard.dll
04/07/2005 03:34 PM 234,874 mxrdim.dll
04/06/2005 06:56 PM 233,248 flntext.dll
04/06/2005 05:51 PM 233,248 ibengine.dll
04/06/2005 04:35 PM 233,248 j4p00e7meh.dll
04/06/2005 03:52 PM 233,248 f00olad31d0.dll
04/06/2005 03:50 PM 233,248 msicda.dll
04/06/2005 03:27 PM 233,248 knymgr.dll
04/05/2005 10:03 PM 233,248 wgssvc.dll
04/05/2005 08:59 PM 233,248 woerrenu.dll
04/05/2005 06:59 PM 233,248 oeecnv32.dll
04/05/2005 03:30 PM 233,248 c4000edmeh0a0.dll
04/05/2005 03:28 PM 233,248 Lzwvc12n.dll
04/04/2005 08:32 PM 233,248 m0nqla551d.dll
04/04/2005 08:31 PM 233,248 iOsads.dll
04/03/2005 12:27 PM 233,248 fpr2039oe.dll
04/03/2005 12:26 PM 233,248 mcmtapi.dll
04/03/2005 11:59 AM 233,248 tGpiui.dll
04/03/2005 11:38 AM 233,248 lt0027dmg.dll
04/03/2005 11:36 AM 233,248 sYpulg7916.dll
04/03/2005 11:21 AM 233,248 lvl4093qe.dll
04/03/2005 11:19 AM 233,248 lJp2la7o1d.dll
04/02/2005 11:14 PM 233,248 l00u0ad9ed0.dll
04/02/2005 11:13 PM 233,248 pxdx5016.dll
04/01/2005 12:19 AM 233,248 mhmdd.dll
03/31/2005 07:00 PM 233,248 oyeaut32.dll
03/31/2005 03:28 PM 233,248 azaslgj716o.dll
03/31/2005 03:26 PM 233,248 kudda.dll
03/31/2005 10:53 AM 233,248 o6nslg5716.dll
03/31/2005 10:52 AM 233,248 marui.dll
03/31/2005 09:18 AM 233,248 qyap.dll
03/31/2005 08:40 AM 233,248 fn2021fmg.dll
03/31/2005 08:38 AM 233,248 dimrtp.dll
03/30/2005 07:23 PM 233,248 aza40ehqeh4e0.dll
03/30/2005 07:21 PM 233,248 rkvpmsg.dll
03/30/2005 03:41 PM 233,248 jrproxy.dll
03/30/2005 09:20 AM 233,248 l88mlil118q.dll
03/30/2005 09:17 AM 233,248 le2409fqe.dll
03/29/2005 02:48 PM 233,248 l0p2la7o1d.dll
03/29/2005 02:47 PM 233,248 wocltui.dll
03/29/2005 09:28 AM 233,248 dysrslvr.dll
03/28/2005 09:55 AM 233,248 f4j20e1oeh.dll
03/28/2005 09:53 AM 233,248 iijml5111.dll
03/27/2005 12:48 PM 233,248 mlawt.dll
03/27/2005 12:28 PM 233,248 PzpOops.dll
03/27/2005 09:35 AM 233,248 h0l2la3o1d.dll
03/27/2005 09:33 AM 233,248 nwwmsdrm.dll
03/26/2005 11:18 AM 233,248 azaml5711.dll
03/26/2005 11:16 AM 233,248 szdoclc.dll
03/25/2005 11:47 PM 233,248 wwp.dll
03/25/2005 10:43 AM 233,248 jadwmie.dll
03/24/2005 11:33 PM 233,248 en2ql1f51.dll
03/24/2005 11:31 PM 233,248 wqerror.dll
03/24/2005 07:43 PM 233,248 ipetppui.dll
03/24/2005 05:42 PM 233,248 irj2l51o1.dll
03/24/2005 05:40 PM 233,248 mnvcrt40.dll
03/23/2005 10:21 PM 233,248 k4pmle711h.dll
03/23/2005 10:18 PM 233,248 whpns.dll
03/23/2005 04:33 PM 233,248 kddcz2.dll
03/22/2005 09:51 PM 233,248 k444lehq1h4e.dll
03/22/2005 09:49 PM 233,248 alicap32.dll
03/22/2005 07:14 PM 233,248 sxsvcs.dll
03/22/2005 04:34 PM 233,248 lvjo0913e.dll
03/22/2005 04:32 PM 233,248 munetobj.dll
03/22/2005 12:40 AM 233,248 ir4sl5h71.dll
03/22/2005 12:37 AM 233,248 mawsock.dll
03/21/2005 04:34 PM 233,248 kedcan.dll
03/20/2005 07:17 PM 233,248 r48slel71hq.dll
03/20/2005 07:15 PM 233,248 sncpack.dll
03/20/2005 12:32 PM 233,248 xcnroll.dll
03/20/2005 09:40 AM 233,248 enrol1931.dll
03/20/2005 09:38 AM 233,248 wysdmoe2.dll
03/20/2005 02:00 AM 233,248 enl4l13q1.dll
03/20/2005 01:59 AM 233,248 dJd8thk.dll
03/20/2005 12:40 AM 233,248 uhnphost.dll
03/19/2005 10:55 PM 233,248 hr2s05f7e.dll
03/19/2005 10:53 PM 233,248 lo6q09j5e.dll
03/19/2005 10:35 PM 233,248 l0l60a3sed.dll
03/19/2005 10:33 PM 233,248 mlsign32.dll
03/19/2005 09:12 PM 233,248 e4200efmeh2a0.dll
03/19/2005 09:11 PM 233,248 wnerror.dll
03/19/2005 09:00 PM 233,248 m0rmla911d.dll
03/19/2005 08:58 PM 233,248 dOdrm.dll
03/19/2005 03:00 PM 233,248 g604lgdq160e.dll
03/19/2005 02:59 PM 233,248 mxcpx32r.dLL
03/19/2005 10:23 AM 233,248 enlsl1371.dll
03/19/2005 10:21 AM 233,248 snrvdeps.dll
03/18/2005 08:33 PM 233,248 enj6l11s1.dll
03/18/2005 08:31 PM 233,248 obpdx32.dll
03/18/2005 04:20 PM 233,248 mTpistub.dll
03/17/2005 06:06 PM 233,248 k8no0i53e8.dll
03/17/2005 06:05 PM 233,248 tKpi.dll
03/17/2005 02:10 PM 233,248 mzjava.dll
03/17/2005 01:49 PM 233,248 enlql1351.dll
03/17/2005 07:39 AM 233,248 lv4209hoe.dll
03/17/2005 07:36 AM 233,248 remps.dll
03/16/2005 06:58 PM 233,248 enn6l15s1.dll
03/16/2005 06:57 PM 233,248 db16gt.dLL
03/16/2005 05:36 PM 233,248 hbd.dll
03/16/2005 04:21 PM 233,248 j06mlaj11do.dll
03/16/2005 04:19 PM 233,248 ncmsevt.dll
03/15/2005 08:55 PM 233,248 k4lq0e35eh.dll
03/15/2005 08:54 PM 233,248 pbintui.dll
03/15/2005 04:41 PM 233,248 tbbyuv.dll
03/15/2005 04:26 PM 233,248 nitplwiz.dll
03/15/2005 04:26 PM 233,248 en8ul1l91.dll
03/15/2005 04:25 PM 233,248 mbmtapi.dll
03/15/2005 04:25 PM 233,937 lv8609lse.dll
03/15/2005 03:28 PM 233,460 irpml5711.dll
03/15/2005 03:18 PM 229,218 f6l02g3mg6.dll
03/15/2005 11:44 AM 229,769 ir4ol5h31.dll
03/15/2005 11:39 AM 230,904 aza2laho1d4c.dll
03/15/2005 11:33 AM 230,904 lgeps11n.dll
03/15/2005 11:18 AM 229,736 l48m0el1ehq.dll
02/12/2005 09:37 AM 229,736 enlul1391.dll
02/12/2005 09:19 AM 475 flgeas.dll
02/12/2005 09:01 AM 229,736 f2l02c3mgf.dll
02/11/2005 10:53 PM 229,736 n2n60c5sef.dll
02/11/2005 12:25 AM 229,736 jt6m07j1e.dll
02/10/2005 06:57 PM 229,736 o6pqlg7516.dll
02/10/2005 04:31 PM 229,736 i042laho1d4c.dll
02/09/2005 11:43 PM 229,736 fp8m03l1e.dll
02/08/2005 08:03 PM 229,736 g8400ihme84a0.dll
02/08/2005 06:59 PM 229,736 n6n6lg5s16.dll
02/08/2005 04:25 PM 229,736 n6l8lg3u16.dll
02/08/2005 12:15 AM 229,736 fp8803lue.dll
02/07/2005 08:28 PM 229,736 irp0l57m1.dll
02/07/2005 07:49 PM 229,736 ir82l5lo1.dll
02/07/2005 05:44 PM 229,736 m6julg1916.dll
02/07/2005 05:33 PM 229,736 m4460ehseh460.dll
02/07/2005 01:25 AM 229,736 jt4m07h1e.dll
02/06/2005 03:31 PM 229,736 ir0ml5d11.dll
02/06/2005 08:07 AM 229,736 o0lu0a39ed.dll
02/06/2005 12:34 AM 229,736 j86m0ij1e8o.dll
02/05/2005 06:55 PM 229,736 o648lghu1648.dll
02/05/2005 06:27 PM 229,736 ir2ol5f31.dll
02/05/2005 03:03 PM 229,736 n04s0ah7ed4.dll
02/05/2005 02:10 PM 229,736 l4n40e5qeh.dll
02/05/2005 10:01 AM 229,736 irjml5111.dll
02/04/2005 08:44 PM 230,996 fn4021hmg.dll
02/04/2005 07:32 PM 231,307 enpql1751.dll
02/04/2005 06:06 PM 230,646 lv0609dse.dll
02/03/2005 09:51 PM 230,000 m664lgjq16oe.dll
02/03/2005 06:51 PM 230,180 k4440ehqeh4e0.dll
02/02/2005 11:14 PM 229,736 ked101a.dll
02/02/2005 11:14 PM 230,726 u0ru0a99ed.dll
02/02/2005 10:45 PM 231,593 azaql1h51.dll
02/02/2005 10:04 PM 231,397 en66l1js1.dll
02/02/2005 09:48 PM 231,712 s6pulg7916.dll
02/02/2005 09:44 PM 230,165 lv2409fqe.dll
02/02/2005 09:34 PM 231,277 en4ql1h51.dll
02/02/2005 09:30 PM 231,657 en2ul1f91.dll
02/02/2005 09:27 PM 231,111 irpol5731.dll
02/02/2005 09:25 PM 230,651 hrju0519e.dll
02/02/2005 06:40 PM 229,736 iTsads.dll
02/02/2005 06:40 PM 230,305 lv6q09j5e.dll
02/02/2005 06:24 PM 231,512 q6pslg7716.dll
02/02/2005 06:21 PM 230,633 jtr8079ue.dll
01/29/2005 11:04 AM <DIR> dllcache
04/12/2003 04:07 AM <DIR> Microsoft
184 File(s) 42,556,664 bytes
2 Dir(s) 27,739,246,592 bytes free

Edited by Chubbs, 09 April 2005 - 04:18 PM.

  • 0

#12
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Sorry for the confusion chubbs not necessary, this is what I need thanks,


Next

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log, and we'll clean up what's left. :tazz:

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
  • 0

#13
Chubbs

Chubbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
ok will do
  • 0

#14
Chubbs

Chubbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
here is the log:

L2Mfix 1.03

Running From:
C:\Program Files\Hijackthis\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting up for Reboot


Starting Reboot!

C:\Program Files\Hijackthis\l2mfix
System Rebooted!

Running From:
C:\Program Files\Hijackthis\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 208 'explorer.exe'
Killing PID 208 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1716 'rundll32.exe'
Killing PID 1716 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\6uo4svc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\alicap32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ani3d2ag.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aza2laho1d4c.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aza40ehqeh4e0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azaml5711.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azao0913e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azaql1h51.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azaslg5716.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azaslgj716o.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\bgowselc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\c4000edmeh0a0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cPis2022.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\db16gt.dLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dimrtp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dJd8thk.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dkskadp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dmmsvinn.dLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dOdrm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dpdskmgr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dysrslvr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\e4200efmeh2a0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en2ql1f51.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en2ul1f91.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en4ql1h51.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en66l1js1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en8ul1l91.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enj6l11s1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enl4l13q1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enlql1351.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enlsl1371.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enlul1391.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enn6l15s1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enpql1751.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enrol1931.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\f00olad31d0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\f2l02c3mgf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\f4j20e1oeh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\f6l02g3mg6.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fageas.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\flntext.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fn2021fmg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fn4021hmg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fp6s03j7e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fp8803lue.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fp8m03l1e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fpr2039oe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\g604lgdq160e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\g8400ihme84a0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\h0l2la3o1d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hbd.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hr2s05f7e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hrju0519e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\i042laho1d4c.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ibengine.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iijml5111.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ikv6mon.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iOsads.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ipaksie.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ipetppui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir0ml5d11.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir2ol5f31.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir42l5ho1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir4ol5h31.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir4sl5h71.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir82l5lo1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irj2l51o1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irjml5111.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irp0l57m1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irpml5711.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irpol5731.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iTsads.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ixrnonce.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j06mlaj11do.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j4p00e7meh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j86m0ij1e8o.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jadwmie.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jeproxy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jrproxy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jt4m07h1e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jt6m07j1e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jtr8079ue.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jUvacypt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k4440ehqeh4e0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k444lehq1h4e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k4lq0e35eh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k4pmle711h.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k8no0i53e8.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kddcz2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ked101a.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kedcan.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kednec95.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\knymgr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kudda.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l00u0ad9ed0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l0l60a3sed.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l0p2la7o1d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l48m0el1ehq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l4n40e5qeh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l88mlil118q.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\le2409fqe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lgeps11n.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lJp2la7o1d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lo6q09j5e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lt0027dmg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lv0609dse.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lv2409fqe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lv4209hoe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lv6q09j5e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lv8609lse.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvjm0911e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvjo0913e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvl4093qe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvr0099me.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvr4099qe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lztif12n.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\Lzwvc12n.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m0ju0a19ed.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m0nqla551d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m0rmla911d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m4460ehseh460.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m664lgjq16oe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m6julg1916.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\marui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mawsock.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mb43dmod.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mbimsg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mbmtapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mcmtapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MEOEACCT.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mhmdd.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mlaudite.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mlawt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mlsign32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mnvcrt40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mqv1_0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\msicda.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mTpistub.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\munetobj.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mxcpx32r.dLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mxrdim.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mzjava.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n04s0ah7ed4.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n2n60c5sef.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n62ulgf9162.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n6l8lg3u16.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n6n6lg5s16.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ncmsevt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nitplwiz.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nolsapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nswmsdrm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nwwmsdrm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o0lu0a39ed.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o648lghu1648.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o6nslg5716.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o6pqlg7516.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\obpdx32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\oeecnv32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\oyeaut32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\p66slgj716o.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\p68qlgl516q.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\p88q0il5e8q.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\pbintui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\pxdx5016.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\PzpOops.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\q0860alsedq60.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\q6nulg5916.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\q6pslg7716.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\qyap.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\r48slel71hq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\remps.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rkvpmsg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\s6pulg7916.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sncpack.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\snrvdeps.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sxsvcs.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sYpulg7916.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\szdoclc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\tbbyuv.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\tGpiui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\tKpi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\u0ru0a99ed.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\uhnphost.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\vphelper.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wbpns.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wgssvc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\whpns.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wnerror.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wocltui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\woerrenu.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wqerror.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wwp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wysdmoe2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wzaudsdk.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wznscard.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\xcnroll.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINDOWS\system32\6uo4svc.dll
Successfully Deleted: C:\WINDOWS\system32\6uo4svc.dll
deleting: C:\WINDOWS\system32\alicap32.dll
Successfully Deleted: C:\WINDOWS\system32\alicap32.dll
deleting: C:\WINDOWS\system32\ani3d2ag.dll
Successfully Deleted: C:\WINDOWS\system32\ani3d2ag.dll
deleting: C:\WINDOWS\system32\aza2laho1d4c.dll
Successfully Deleted: C:\WINDOWS\system32\aza2laho1d4c.dll
deleting: C:\WINDOWS\system32\aza40ehqeh4e0.dll
Successfully Deleted: C:\WINDOWS\system32\aza40ehqeh4e0.dll
deleting: C:\WINDOWS\system32\azaml5711.dll
Successfully Deleted: C:\WINDOWS\system32\azaml5711.dll
deleting: C:\WINDOWS\system32\azao0913e.dll
Successfully Deleted: C:\WINDOWS\system32\azao0913e.dll
deleting: C:\WINDOWS\system32\azaql1h51.dll
Successfully Deleted: C:\WINDOWS\system32\azaql1h51.dll
deleting: C:\WINDOWS\system32\azaslg5716.dll
Successfully Deleted: C:\WINDOWS\system32\azaslg5716.dll
deleting: C:\WINDOWS\system32\azaslgj716o.dll
Successfully Deleted: C:\WINDOWS\system32\azaslgj716o.dll
deleting: C:\WINDOWS\system32\bgowselc.dll
Successfully Deleted: C:\WINDOWS\system32\bgowselc.dll
deleting: C:\WINDOWS\system32\c4000edmeh0a0.dll
Successfully Deleted: C:\WINDOWS\system32\c4000edmeh0a0.dll
deleting: C:\WINDOWS\system32\cPis2022.dll
Successfully Deleted: C:\WINDOWS\system32\cPis2022.dll
deleting: C:\WINDOWS\system32\db16gt.dLL
Successfully Deleted: C:\WINDOWS\system32\db16gt.dLL
deleting: C:\WINDOWS\system32\dimrtp.dll
Successfully Deleted: C:\WINDOWS\system32\dimrtp.dll
deleting: C:\WINDOWS\system32\dJd8thk.dll
Successfully Deleted: C:\WINDOWS\system32\dJd8thk.dll
deleting: C:\WINDOWS\system32\dkskadp.dll
Successfully Deleted: C:\WINDOWS\system32\dkskadp.dll
deleting: C:\WINDOWS\system32\dmmsvinn.dLL
Successfully Deleted: C:\WINDOWS\system32\dmmsvinn.dLL
deleting: C:\WINDOWS\system32\dOdrm.dll
Successfully Deleted: C:\WINDOWS\system32\dOdrm.dll
deleting: C:\WINDOWS\system32\dpdskmgr.dll
Successfully Deleted: C:\WINDOWS\system32\dpdskmgr.dll
deleting: C:\WINDOWS\system32\dysrslvr.dll
Successfully Deleted: C:\WINDOWS\system32\dysrslvr.dll
deleting: C:\WINDOWS\system32\e4200efmeh2a0.dll
Successfully Deleted: C:\WINDOWS\system32\e4200efmeh2a0.dll
deleting: C:\WINDOWS\system32\en2ql1f51.dll
Successfully Deleted: C:\WINDOWS\system32\en2ql1f51.dll
deleting: C:\WINDOWS\system32\en2ul1f91.dll
Successfully Deleted: C:\WINDOWS\system32\en2ul1f91.dll
deleting: C:\WINDOWS\system32\en4ql1h51.dll
Successfully Deleted: C:\WINDOWS\system32\en4ql1h51.dll
deleting: C:\WINDOWS\system32\en66l1js1.dll
Successfully Deleted: C:\WINDOWS\system32\en66l1js1.dll
deleting: C:\WINDOWS\system32\en8ul1l91.dll
Successfully Deleted: C:\WINDOWS\system32\en8ul1l91.dll
deleting: C:\WINDOWS\system32\enj6l11s1.dll
Successfully Deleted: C:\WINDOWS\system32\enj6l11s1.dll
deleting: C:\WINDOWS\system32\enl4l13q1.dll
Successfully Deleted: C:\WINDOWS\system32\enl4l13q1.dll
deleting: C:\WINDOWS\system32\enlql1351.dll
Successfully Deleted: C:\WINDOWS\system32\enlql1351.dll
deleting: C:\WINDOWS\system32\enlsl1371.dll
Successfully Deleted: C:\WINDOWS\system32\enlsl1371.dll
deleting: C:\WINDOWS\system32\enlul1391.dll
Successfully Deleted: C:\WINDOWS\system32\enlul1391.dll
deleting: C:\WINDOWS\system32\enn6l15s1.dll
Successfully Deleted: C:\WINDOWS\system32\enn6l15s1.dll
deleting: C:\WINDOWS\system32\enpql1751.dll
Successfully Deleted: C:\WINDOWS\system32\enpql1751.dll
deleting: C:\WINDOWS\system32\enrol1931.dll
Successfully Deleted: C:\WINDOWS\system32\enrol1931.dll
deleting: C:\WINDOWS\system32\f00olad31d0.dll
Successfully Deleted: C:\WINDOWS\system32\f00olad31d0.dll
deleting: C:\WINDOWS\system32\f2l02c3mgf.dll
Successfully Deleted: C:\WINDOWS\system32\f2l02c3mgf.dll
deleting: C:\WINDOWS\system32\f4j20e1oeh.dll
Successfully Deleted: C:\WINDOWS\system32\f4j20e1oeh.dll
deleting: C:\WINDOWS\system32\f6l02g3mg6.dll
Successfully Deleted: C:\WINDOWS\system32\f6l02g3mg6.dll
deleting: C:\WINDOWS\system32\fageas.dll
Successfully Deleted: C:\WINDOWS\system32\fageas.dll
deleting: C:\WINDOWS\system32\flntext.dll
Successfully Deleted: C:\WINDOWS\system32\flntext.dll
deleting: C:\WINDOWS\system32\fn2021fmg.dll
Successfully Deleted: C:\WINDOWS\system32\fn2021fmg.dll
deleting: C:\WINDOWS\system32\fn4021hmg.dll
Successfully Deleted: C:\WINDOWS\system32\fn4021hmg.dll
deleting: C:\WINDOWS\system32\fp6s03j7e.dll
Successfully Deleted: C:\WINDOWS\system32\fp6s03j7e.dll
deleting: C:\WINDOWS\system32\fp8803lue.dll
Successfully Deleted: C:\WINDOWS\system32\fp8803lue.dll
deleting: C:\WINDOWS\system32\fp8m03l1e.dll
Successfully Deleted: C:\WINDOWS\system32\fp8m03l1e.dll
deleting: C:\WINDOWS\system32\fpr2039oe.dll
Successfully Deleted: C:\WINDOWS\system32\fpr2039oe.dll
deleting: C:\WINDOWS\system32\g604lgdq160e.dll
Successfully Deleted: C:\WINDOWS\system32\g604lgdq160e.dll
deleting: C:\WINDOWS\system32\g8400ihme84a0.dll
Successfully Deleted: C:\WINDOWS\system32\g8400ihme84a0.dll
deleting: C:\WINDOWS\system32\h0l2la3o1d.dll
Successfully Deleted: C:\WINDOWS\system32\h0l2la3o1d.dll
deleting: C:\WINDOWS\system32\hbd.dll
Successfully Deleted: C:\WINDOWS\system32\hbd.dll
deleting: C:\WINDOWS\system32\hr2s05f7e.dll
Successfully Deleted: C:\WINDOWS\system32\hr2s05f7e.dll
deleting: C:\WINDOWS\system32\hrju0519e.dll
Successfully Deleted: C:\WINDOWS\system32\hrju0519e.dll
deleting: C:\WINDOWS\system32\i042laho1d4c.dll
Successfully Deleted: C:\WINDOWS\system32\i042laho1d4c.dll
deleting: C:\WINDOWS\system32\ibengine.dll
Successfully Deleted: C:\WINDOWS\system32\ibengine.dll
deleting: C:\WINDOWS\system32\iijml5111.dll
Successfully Deleted: C:\WINDOWS\system32\iijml5111.dll
deleting: C:\WINDOWS\system32\ikv6mon.dll
Successfully Deleted: C:\WINDOWS\system32\ikv6mon.dll
deleting: C:\WINDOWS\system32\iOsads.dll
Successfully Deleted: C:\WINDOWS\system32\iOsads.dll
deleting: C:\WINDOWS\system32\ipaksie.dll
Successfully Deleted: C:\WINDOWS\system32\ipaksie.dll
deleting: C:\WINDOWS\system32\ipetppui.dll
Successfully Deleted: C:\WINDOWS\system32\ipetppui.dll
deleting: C:\WINDOWS\system32\ir0ml5d11.dll
Successfully Deleted: C:\WINDOWS\system32\ir0ml5d11.dll
deleting: C:\WINDOWS\system32\ir2ol5f31.dll
Successfully Deleted: C:\WINDOWS\system32\ir2ol5f31.dll
deleting: C:\WINDOWS\system32\ir42l5ho1.dll
Successfully Deleted: C:\WINDOWS\system32\ir42l5ho1.dll
deleting: C:\WINDOWS\system32\ir4ol5h31.dll
Successfully Deleted: C:\WINDOWS\system32\ir4ol5h31.dll
deleting: C:\WINDOWS\system32\ir4sl5h71.dll
Successfully Deleted: C:\WINDOWS\system32\ir4sl5h71.dll
deleting: C:\WINDOWS\system32\ir82l5lo1.dll
Successfully Deleted: C:\WINDOWS\system32\ir82l5lo1.dll
deleting: C:\WINDOWS\system32\irj2l51o1.dll
Successfully Deleted: C:\WINDOWS\system32\irj2l51o1.dll
deleting: C:\WINDOWS\system32\irjml5111.dll
Successfully Deleted: C:\WINDOWS\system32\irjml5111.dll
deleting: C:\WINDOWS\system32\irp0l57m1.dll
Successfully Deleted: C:\WINDOWS\system32\irp0l57m1.dll
deleting: C:\WINDOWS\system32\irpml5711.dll
Successfully Deleted: C:\WINDOWS\system32\irpml5711.dll
deleting: C:\WINDOWS\system32\irpol5731.dll
Successfully Deleted: C:\WINDOWS\system32\irpol5731.dll
deleting: C:\WINDOWS\system32\iTsads.dll
Successfully Deleted: C:\WINDOWS\system32\iTsads.dll
deleting: C:\WINDOWS\system32\ixrnonce.dll
Successfully Deleted: C:\WINDOWS\system32\ixrnonce.dll
deleting: C:\WINDOWS\system32\j06mlaj11do.dll
Successfully Deleted: C:\WINDOWS\system32\j06mlaj11do.dll
deleting: C:\WINDOWS\system32\j4p00e7meh.dll
Successfully Deleted: C:\WINDOWS\system32\j4p00e7meh.dll
deleting: C:\WINDOWS\system32\j86m0ij1e8o.dll
Successfully Deleted: C:\WINDOWS\system32\j86m0ij1e8o.dll
deleting: C:\WINDOWS\system32\jadwmie.dll
Successfully Deleted: C:\WINDOWS\system32\jadwmie.dll
deleting: C:\WINDOWS\system32\jeproxy.dll
Successfully Deleted: C:\WINDOWS\system32\jeproxy.dll
deleting: C:\WINDOWS\system32\jrproxy.dll
Successfully Deleted: C:\WINDOWS\system32\jrproxy.dll
deleting: C:\WINDOWS\system32\jt4m07h1e.dll
Successfully Deleted: C:\WINDOWS\system32\jt4m07h1e.dll
deleting: C:\WINDOWS\system32\jt6m07j1e.dll
Successfully Deleted: C:\WINDOWS\system32\jt6m07j1e.dll
deleting: C:\WINDOWS\system32\jtr8079ue.dll
Successfully Deleted: C:\WINDOWS\system32\jtr8079ue.dll
deleting: C:\WINDOWS\system32\jUvacypt.dll
Successfully Deleted: C:\WINDOWS\system32\jUvacypt.dll
deleting: C:\WINDOWS\system32\k4440ehqeh4e0.dll
Successfully Deleted: C:\WINDOWS\system32\k4440ehqeh4e0.dll
deleting: C:\WINDOWS\system32\k444lehq1h4e.dll
Successfully Deleted: C:\WINDOWS\system32\k444lehq1h4e.dll
deleting: C:\WINDOWS\system32\k4lq0e35eh.dll
Successfully Deleted: C:\WINDOWS\system32\k4lq0e35eh.dll
deleting: C:\WINDOWS\system32\k4pmle711h.dll
Successfully Deleted: C:\WINDOWS\system32\k4pmle711h.dll
deleting: C:\WINDOWS\system32\k8no0i53e8.dll
Successfully Deleted: C:\WINDOWS\system32\k8no0i53e8.dll
deleting: C:\WINDOWS\system32\kddcz2.dll
Successfully Deleted: C:\WINDOWS\system32\kddcz2.dll
deleting: C:\WINDOWS\system32\ked101a.dll
Successfully Deleted: C:\WINDOWS\system32\ked101a.dll
deleting: C:\WINDOWS\system32\kedcan.dll
Successfully Deleted: C:\WINDOWS\system32\kedcan.dll
deleting: C:\WINDOWS\system32\kednec95.dll
Successfully Deleted: C:\WINDOWS\system32\kednec95.dll
deleting: C:\WINDOWS\system32\knymgr.dll
Successfully Deleted: C:\WINDOWS\system32\knymgr.dll
deleting: C:\WINDOWS\system32\kudda.dll
Successfully Deleted: C:\WINDOWS\system32\kudda.dll
deleting: C:\WINDOWS\system32\l00u0ad9ed0.dll
Successfully Deleted: C:\WINDOWS\system32\l00u0ad9ed0.dll
deleting: C:\WINDOWS\system32\l0l60a3sed.dll
Successfully Deleted: C:\WINDOWS\system32\l0l60a3sed.dll
deleting: C:\WINDOWS\system32\l0p2la7o1d.dll
Successfully Deleted: C:\WINDOWS\system32\l0p2la7o1d.dll
deleting: C:\WINDOWS\system32\l48m0el1ehq.dll
Successfully Deleted: C:\WINDOWS\system32\l48m0el1ehq.dll
deleting: C:\WINDOWS\system32\l4n40e5qeh.dll
Successfully Deleted: C:\WINDOWS\system32\l4n40e5qeh.dll
deleting: C:\WINDOWS\system32\l88mlil118q.dll
Successfully Deleted: C:\WINDOWS\system32\l88mlil118q.dll
deleting: C:\WINDOWS\system32\le2409fqe.dll
Successfully Deleted: C:\WINDOWS\system32\le2409fqe.dll
deleting: C:\WINDOWS\system32\lgeps11n.dll
Successfully Deleted: C:\WINDOWS\system32\lgeps11n.dll
deleting: C:\WINDOWS\system32\lJp2la7o1d.dll
Successfully Deleted: C:\WINDOWS\system32\lJp2la7o1d.dll
deleting: C:\WINDOWS\system32\lo6q09j5e.dll
Successfully Deleted: C:\WINDOWS\system32\lo6q09j5e.dll
deleting: C:\WINDOWS\system32\lt0027dmg.dll
Successfully Deleted: C:\WINDOWS\system32\lt0027dmg.dll
deleting: C:\WINDOWS\system32\lv0609dse.dll
Successfully Deleted: C:\WINDOWS\system32\lv0609dse.dll
deleting: C:\WINDOWS\system32\lv2409fqe.dll
Successfully Deleted: C:\WINDOWS\system32\lv2409fqe.dll
deleting: C:\WINDOWS\system32\lv4209hoe.dll
Successfully Deleted: C:\WINDOWS\system32\lv4209hoe.dll
deleting: C:\WINDOWS\system32\lv6q09j5e.dll
Successfully Deleted: C:\WINDOWS\system32\lv6q09j5e.dll
deleting: C:\WINDOWS\system32\lv8609lse.dll
Successfully Deleted: C:\WINDOWS\system32\lv8609lse.dll
deleting: C:\WINDOWS\system32\lvjm0911e.dll
Successfully Deleted: C:\WINDOWS\system32\lvjm0911e.dll
deleting: C:\WINDOWS\system32\lvjo0913e.dll
Successfully Deleted: C:\WINDOWS\system32\lvjo0913e.dll
deleting: C:\WINDOWS\system32\lvl4093qe.dll
Successfully Deleted: C:\WINDOWS\system32\lvl4093qe.dll
deleting: C:\WINDOWS\system32\lvr0099me.dll
Successfully Deleted: C:\WINDOWS\system32\lvr0099me.dll
deleting: C:\WINDOWS\system32\lvr4099qe.dll
Successfully Deleted: C:\WINDOWS\system32\lvr4099qe.dll
deleting: C:\WINDOWS\system32\lztif12n.dll
Successfully Deleted: C:\WINDOWS\system32\lztif12n.dll
deleting: C:\WINDOWS\system32\Lzwvc12n.dll
Successfully Deleted: C:\WINDOWS\system32\Lzwvc12n.dll
deleting: C:\WINDOWS\system32\m0ju0a19ed.dll
Successfully Deleted: C:\WINDOWS\system32\m0ju0a19ed.dll
deleting: C:\WINDOWS\system32\m0nqla551d.dll
Successfully Deleted: C:\WINDOWS\system32\m0nqla551d.dll
deleting: C:\WINDOWS\system32\m0rmla911d.dll
Successfully Deleted: C:\WINDOWS\system32\m0rmla911d.dll
deleting: C:\WINDOWS\system32\m4460ehseh460.dll
Successfully Deleted: C:\WINDOWS\system32\m4460ehseh460.dll
deleting: C:\WINDOWS\system32\m664lgjq16oe.dll
Successfully Deleted: C:\WINDOWS\system32\m664lgjq16oe.dll
deleting: C:\WINDOWS\system32\m6julg1916.dll
Successfully Deleted: C:\WINDOWS\system32\m6julg1916.dll
deleting: C:\WINDOWS\system32\marui.dll
Successfully Deleted: C:\WINDOWS\system32\marui.dll
deleting: C:\WINDOWS\system32\mawsock.dll
Successfully Deleted: C:\WINDOWS\system32\mawsock.dll
deleting: C:\WINDOWS\system32\mb43dmod.dll
Successfully Deleted: C:\WINDOWS\system32\mb43dmod.dll
deleting: C:\WINDOWS\system32\mbimsg.dll
Successfully Deleted: C:\WINDOWS\system32\mbimsg.dll
deleting: C:\WINDOWS\system32\mbmtapi.dll
Successfully Deleted: C:\WINDOWS\system32\mbmtapi.dll
deleting: C:\WINDOWS\system32\mcmtapi.dll
Successfully Deleted: C:\WINDOWS\system32\mcmtapi.dll
deleting: C:\WINDOWS\system32\MEOEACCT.DLL
Successfully Deleted: C:\WINDOWS\system32\MEOEACCT.DLL
deleting: C:\WINDOWS\system32\mhmdd.dll
Successfully Deleted: C:\WINDOWS\system32\mhmdd.dll
deleting: C:\WINDOWS\system32\mlaudite.dll
Successfully Deleted: C:\WINDOWS\system32\mlaudite.dll
deleting: C:\WINDOWS\system32\mlawt.dll
Successfully Deleted: C:\WINDOWS\system32\mlawt.dll
deleting: C:\WINDOWS\system32\mlsign32.dll
Successfully Deleted: C:\WINDOWS\system32\mlsign32.dll
deleting: C:\WINDOWS\system32\mnvcrt40.dll
Successfully Deleted: C:\WINDOWS\system32\mnvcrt40.dll
deleting: C:\WINDOWS\system32\mqv1_0.dll
Successfully Deleted: C:\WINDOWS\system32\mqv1_0.dll
deleting: C:\WINDOWS\system32\msicda.dll
Successfully Deleted: C:\WINDOWS\system32\msicda.dll
deleting: C:\WINDOWS\system32\mTpistub.dll
Successfully Deleted: C:\WINDOWS\system32\mTpistub.dll
deleting: C:\WINDOWS\system32\munetobj.dll
Successfully Deleted: C:\WINDOWS\system32\munetobj.dll
deleting: C:\WINDOWS\system32\mxcpx32r.dLL
Successfully Deleted: C:\WINDOWS\system32\mxcpx32r.dLL
deleting: C:\WINDOWS\system32\mxrdim.dll
Successfully Deleted: C:\WINDOWS\system32\mxrdim.dll
deleting: C:\WINDOWS\system32\mzjava.dll
Successfully Deleted: C:\WINDOWS\system32\mzjava.dll
deleting: C:\WINDOWS\system32\n04s0ah7ed4.dll
Successfully Deleted: C:\WINDOWS\system32\n04s0ah7ed4.dll
deleting: C:\WINDOWS\system32\n2n60c5sef.dll
Successfully Deleted: C:\WINDOWS\system32\n2n60c5sef.dll
deleting: C:\WINDOWS\system32\n62ulgf9162.dll
Successfully Deleted: C:\WINDOWS\system32\n62ulgf9162.dll
deleting: C:\WINDOWS\system32\n6l8lg3u16.dll
Successfully Deleted: C:\WINDOWS\system32\n6l8lg3u16.dll
deleting: C:\WINDOWS\system32\n6n6lg5s16.dll
Successfully Deleted: C:\WINDOWS\system32\n6n6lg5s16.dll
deleting: C:\WINDOWS\system32\ncmsevt.dll
Successfully Deleted: C:\WINDOWS\system32\ncmsevt.dll
deleting: C:\WINDOWS\system32\nitplwiz.dll
Successfully Deleted: C:\WINDOWS\system32\nitplwiz.dll
deleting: C:\WINDOWS\system32\nolsapi.dll
Successfully Deleted: C:\WINDOWS\system32\nolsapi.dll
deleting: C:\WINDOWS\system32\nswmsdrm.dll
Successfully Deleted: C:\WINDOWS\system32\nswmsdrm.dll
deleting: C:\WINDOWS\system32\nwwmsdrm.dll
Successfully Deleted: C:\WINDOWS\system32\nwwmsdrm.dll
deleting: C:\WINDOWS\system32\o0lu0a39ed.dll
Successfully Deleted: C:\WINDOWS\system32\o0lu0a39ed.dll
deleting: C:\WINDOWS\system32\o648lghu1648.dll
Successfully Deleted: C:\WINDOWS\system32\o648lghu1648.dll
deleting: C:\WINDOWS\system32\o6nslg5716.dll
Successfully Deleted: C:\WINDOWS\system32\o6nslg5716.dll
deleting: C:\WINDOWS\system32\o6pqlg7516.dll
Successfully Deleted: C:\WINDOWS\system32\o6pqlg7516.dll
deleting: C:\WINDOWS\system32\obpdx32.dll
Successfully Deleted: C:\WINDOWS\system32\obpdx32.dll
deleting: C:\WINDOWS\system32\oeecnv32.dll
Successfully Deleted: C:\WINDOWS\system32\oeecnv32.dll
deleting: C:\WINDOWS\system32\oyeaut32.dll
Successfully Deleted: C:\WINDOWS\system32\oyeaut32.dll
deleting: C:\WINDOWS\system32\p66slgj716o.dll
Successfully Deleted: C:\WINDOWS\system32\p66slgj716o.dll
deleting: C:\WINDOWS\system32\p68qlgl516q.dll
Successfully Deleted: C:\WINDOWS\system32\p68qlgl516q.dll
deleting: C:\WINDOWS\system32\p88q0il5e8q.dll
Successfully Deleted: C:\WINDOWS\system32\p88q0il5e8q.dll
deleting: C:\WINDOWS\system32\pbintui.dll
Successfully Deleted: C:\WINDOWS\system32\pbintui.dll
deleting: C:\WINDOWS\system32\pxdx5016.dll
Successfully Deleted: C:\WINDOWS\system32\pxdx5016.dll
deleting: C:\WINDOWS\system32\PzpOops.dll
Successfully Deleted: C:\WINDOWS\system32\PzpOops.dll
deleting: C:\WINDOWS\system32\q0860alsedq60.dll
Successfully Deleted: C:\WINDOWS\system32\q0860alsedq60.dll
deleting: C:\WINDOWS\system32\q6nulg5916.dll
Successfully Deleted: C:\WINDOWS\system32\q6nulg5916.dll
deleting: C:\WINDOWS\system32\q6pslg7716.dll
Successfully Deleted: C:\WINDOWS\system32\q6pslg7716.dll
deleting: C:\WINDOWS\system32\qyap.dll
Successfully Deleted: C:\WINDOWS\system32\qyap.dll
deleting: C:\WINDOWS\system32\r48slel71hq.dll
Successfully Deleted: C:\WINDOWS\system32\r48slel71hq.dll
deleting: C:\WINDOWS\system32\remps.dll
Successfully Deleted: C:\WINDOWS\system32\remps.dll
deleting: C:\WINDOWS\system32\rkvpmsg.dll
Successfully Deleted: C:\WINDOWS\system32\rkvpmsg.dll
deleting: C:\WINDOWS\system32\s6pulg7916.dll
Successfully Deleted: C:\WINDOWS\system32\s6pulg7916.dll
deleting: C:\WINDOWS\system32\sncpack.dll
Successfully Deleted: C:\WINDOWS\system32\sncpack.dll
deleting: C:\WINDOWS\system32\snrvdeps.dll
Successfully Deleted: C:\WINDOWS\system32\snrvdeps.dll
deleting: C:\WINDOWS\system32\sxsvcs.dll
Successfully Deleted: C:\WINDOWS\system32\sxsvcs.dll
deleting: C:\WINDOWS\system32\sYpulg7916.dll
Successfully Deleted: C:\WINDOWS\system32\sYpulg7916.dll
deleting: C:\WINDOWS\system32\szdoclc.dll
Successfully Deleted: C:\WINDOWS\system32\szdoclc.dll
deleting: C:\WINDOWS\system32\tbbyuv.dll
Successfully Deleted: C:\WINDOWS\system32\tbbyuv.dll
deleting: C:\WINDOWS\system32\tGpiui.dll
Successfully Deleted: C:\WINDOWS\system32\tGpiui.dll
deleting: C:\WINDOWS\system32\tKpi.dll
Successfully Deleted: C:\WINDOWS\system32\tKpi.dll
deleting: C:\WINDOWS\system32\u0ru0a99ed.dll
Successfully Deleted: C:\WINDOWS\system32\u0ru0a99ed.dll
deleting: C:\WINDOWS\system32\uhnphost.dll
Successfully Deleted: C:\WINDOWS\system32\uhnphost.dll
deleting: C:\WINDOWS\system32\vphelper.dll
Successfully Deleted: C:\WINDOWS\system32\vphelper.dll
deleting: C:\WINDOWS\system32\wbpns.dll
Successfully Deleted: C:\WINDOWS\system32\wbpns.dll
deleting: C:\WINDOWS\system32\wgssvc.dll
Successfully Deleted: C:\WINDOWS\system32\wgssvc.dll
deleting: C:\WINDOWS\system32\whpns.dll
Successfully Deleted: C:\WINDOWS\system32\whpns.dll
deleting: C:\WINDOWS\system32\wnerror.dll
Successfully Deleted: C:\WINDOWS\system32\wnerror.dll
deleting: C:\WINDOWS\system32\wocltui.dll
Successfully Deleted: C:\WINDOWS\system32\wocltui.dll
deleting: C:\WINDOWS\system32\woerrenu.dll
Successfully Deleted: C:\WINDOWS\system32\woerrenu.dll
deleting: C:\WINDOWS\system32\wqerror.dll
Successfully Deleted: C:\WINDOWS\system32\wqerror.dll
deleting: C:\WINDOWS\system32\wwp.dll
Successfully Deleted: C:\WINDOWS\system32\wwp.dll
deleting: C:\WINDOWS\system32\wysdmoe2.dll
Successfully Deleted: C:\WINDOWS\system32\wysdmoe2.dll
deleting: C:\WINDOWS\system32\wzaudsdk.dll
Successfully Deleted: C:\WINDOWS\system32\wzaudsdk.dll
deleting: C:\WINDOWS\system32\wznscard.dll
Successfully Deleted: C:\WINDOWS\system32\wznscard.dll
deleting: C:\WINDOWS\system32\xcnroll.dll
Successfully Deleted: C:\WINDOWS\system32\xcnroll.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp

Desktop.ini sucessfully removed

Zipping up files for submission:
adding: 6uo4svc.dll (104 bytes security) (deflated 5%)
adding: alicap32.dll (104 bytes security) (deflated 4%)
adding: ani3d2ag.dll (104 bytes security) (deflated 5%)
adding: aza2laho1d4c.dll (104 bytes security) (deflated 5%)
adding: aza40ehqeh4e0.dll (104 bytes security) (deflated 4%)
adding: azaml5711.dll (104 bytes security) (deflated 4%)
adding: azao0913e.dll (104 bytes security) (deflated 4%)
adding: azaql1h51.dll (104 bytes security) (deflated 5%)
adding: azaslg5716.dll (104 bytes security) (deflated 4%)
adding: azaslgj716o.dll (104 bytes security) (deflated 4%)
adding: bgowselc.dll (104 bytes security) (deflated 5%)
adding: c4000edmeh0a0.dll (104 bytes security) (deflated 4%)
adding: cPis2022.dll (104 bytes security) (deflated 5%)
adding: db16gt.dLL (104 bytes security) (deflated 4%)
adding: dimrtp.dll (104 bytes security) (deflated 4%)
adding: dJd8thk.dll (104 bytes security) (deflated 4%)
adding: dkskadp.dll (104 bytes security) (deflated 4%)
adding: dmmsvinn.dLL (104 bytes security) (deflated 4%)
adding: dOdrm.dll (104 bytes security) (deflated 4%)
adding: dpdskmgr.dll (104 bytes security) (deflated 4%)
adding: dysrslvr.dll (104 bytes security) (deflated 4%)
adding: e4200efmeh2a0.dll (104 bytes security) (deflated 4%)
adding: en2ql1f51.dll (104 bytes security) (deflated 4%)
adding: en2ul1f91.dll (104 bytes security) (deflated 5%)
adding: en4ql1h51.dll (104 bytes security) (deflated 5%)
adding: en66l1js1.dll (104 bytes security) (deflated 5%)
adding: en8ul1l91.dll (104 bytes security) (deflated 4%)
adding: enj6l11s1.dll (104 bytes security) (deflated 4%)
adding: enl4l13q1.dll (104 bytes security) (deflated 4%)
adding: enlql1351.dll (104 bytes security) (deflated 4%)
adding: enlsl1371.dll (104 bytes security) (deflated 4%)
adding: enlul1391.dll (104 bytes security) (deflated 5%)
adding: enn6l15s1.dll (104 bytes security) (deflated 4%)
adding: enpql1751.dll (104 bytes security) (deflated 5%)
adding: enrol1931.dll (104 bytes security) (deflated 4%)
adding: f00olad31d0.dll (104 bytes security) (deflated 4%)
adding: f2l02c3mgf.dll (104 bytes security) (deflated 5%)
adding: f4j20e1oeh.dll (104 bytes security) (deflated 4%)
adding: f6l02g3mg6.dll (104 bytes security) (deflated 4%)
adding: fageas.dll (104 bytes security) (deflated 5%)
adding: flntext.dll (104 bytes security) (deflated 4%)
adding: fn2021fmg.dll (104 bytes security) (deflated 4%)
adding: fn4021hmg.dll (104 bytes security) (deflated 5%)
adding: fp6s03j7e.dll (104 bytes security) (deflated 4%)
adding: fp8803lue.dll (104 bytes security) (deflated 5%)
adding: fp8m03l1e.dll (104 bytes security) (deflated 5%)
adding: fpr2039oe.dll (104 bytes security) (deflated 4%)
adding: g604lgdq160e.dll (104 bytes security) (deflated 4%)
adding: g8400ihme84a0.dll (104 bytes security) (deflated 5%)
adding: h0l2la3o1d.dll (104 bytes security) (deflated 4%)
adding: hbd.dll (104 bytes security) (deflated 4%)
adding: hr2s05f7e.dll (104 bytes security) (deflated 4%)
adding: hrju0519e.dll (104 bytes security) (deflated 5%)
adding: i042laho1d4c.dll (104 bytes security) (deflated 5%)
adding: ibengine.dll (104 bytes security) (deflated 4%)
adding: iijml5111.dll (104 bytes security) (deflated 4%)
adding: ikv6mon.dll (104 bytes security) (deflated 5%)
adding: iOsads.dll (104 bytes security) (deflated 4%)
adding: ipaksie.dll (104 bytes security) (deflated 4%)
adding: ipetppui.dll (104 bytes security) (deflated 4%)
adding: ir0ml5d11.dll (104 bytes security) (deflated 5%)
adding: ir2ol5f31.dll (104 bytes security) (deflated 5%)
adding: ir42l5ho1.dll (104 bytes security) (deflated 5%)
adding: ir4ol5h31.dll (104 bytes security) (deflated 5%)
adding: ir4sl5h71.dll (104 bytes security) (deflated 4%)
adding: ir82l5lo1.dll (104 bytes security) (deflated 5%)
adding: irj2l51o1.dll (104 bytes security) (deflated 4%)
adding: irjml5111.dll (104 bytes security) (deflated 5%)
adding: irp0l57m1.dll (104 bytes security) (deflated 5%)
adding: irpml5711.dll (104 bytes security) (deflated 4%)
adding: irpol5731.dll (104 bytes security) (deflated 5%)
adding: iTsads.dll (104 bytes security) (deflated 5%)
adding: ixrnonce.dll (104 bytes security) (deflated 5%)
adding: j06mlaj11do.dll (104 bytes security) (deflated 4%)
adding: j4p00e7meh.dll (104 bytes security) (deflated 4%)
adding: j86m0ij1e8o.dll (104 bytes security) (deflated 5%)
adding: jadwmie.dll (104 bytes security) (deflated 4%)
adding: jeproxy.dll (104 bytes security) (deflated 5%)
adding: jrproxy.dll (104 bytes security) (deflated 4%)
adding: jt4m07h1e.dll (104 bytes security) (deflated 5%)
adding: jt6m07j1e.dll (104 bytes security) (deflated 5%)
adding: jtr8079ue.dll (104 bytes security) (deflated 5%)
adding: jUvacypt.dll (104 bytes security) (deflated 5%)
adding: k4440ehqeh4e0.dll (104 bytes security) (deflated 5%)
adding: k444lehq1h4e.dll (104 bytes security) (deflated 4%)
adding: k4lq0e35eh.dll (104 bytes security) (deflated 4%)
adding: k4pmle711h.dll (104 bytes security) (deflated 4%)
adding: k8no0i53e8.dll (104 bytes security) (deflated 4%)
adding: kddcz2.dll (104 bytes security) (deflated 4%)
adding: ked101a.dll (104 bytes security) (deflated 5%)
adding: kedcan.dll (104 bytes security) (deflated 4%)
adding: kednec95.dll (104 bytes security) (deflated 4%)
adding: knymgr.dll (104 bytes security) (deflated 4%)
adding: kudda.dll (104 bytes security) (deflated 4%)
adding: l00u0ad9ed0.dll (104 bytes security) (deflated 4%)
adding: l0l60a3sed.dll (104 bytes security) (deflated 4%)
adding: l0p2la7o1d.dll (104 bytes security) (deflated 4%)
adding: l48m0el1ehq.dll (104 bytes security) (deflated 5%)
adding: l4n40e5qeh.dll (104 bytes security) (deflated 5%)
adding: l88mlil118q.dll (104 bytes security) (deflated 4%)
adding: le2409fqe.dll (104 bytes security) (deflated 4%)
adding: lgeps11n.dll (104 bytes security) (deflated 5%)
adding: lJp2la7o1d.dll (104 bytes security) (deflated 4%)
adding: lo6q09j5e.dll (104 bytes security) (deflated 4%)
adding: lt0027dmg.dll (104 bytes security) (deflated 4%)
adding: lv0609dse.dll (104 bytes security) (deflated 5%)
adding: lv2409fqe.dll (104 bytes security) (deflated 5%)
adding: lv4209hoe.dll (104 bytes security) (deflated 4%)
adding: lv6q09j5e.dll (104 bytes security) (deflated 5%)
adding: lv8609lse.dll (104 bytes security) (deflated 5%)
adding: lvjm0911e.dll (104 bytes security) (deflated 5%)
adding: lvjo0913e.dll (104 bytes security) (deflated 4%)
adding: lvl4093qe.dll (104 bytes security) (deflated 4%)
adding: lvr0099me.dll (104 bytes security) (deflated 4%)
adding: lvr4099qe.dll (104 bytes security) (deflated 4%)
adding: lztif12n.dll (104 bytes security) (deflated 4%)
adding: Lzwvc12n.dll (104 bytes security) (deflated 4%)
adding: m0ju0a19ed.dll (104 bytes security) (deflated 5%)
adding: m0nqla551d.dll (104 bytes security) (deflated 4%)
adding: m0rmla911d.dll (104 bytes security) (deflated 4%)
adding: m4460ehseh460.dll (104 bytes security) (deflated 5%)
adding: m664lgjq16oe.dll (104 bytes security) (deflated 5%)
adding: m6julg1916.dll (104 bytes security) (deflated 5%)
adding: marui.dll (104 bytes security) (deflated 4%)
adding: mawsock.dll (104 bytes security) (deflated 4%)
adding: mb43dmod.dll (104 bytes security) (deflated 5%)
adding: mbimsg.dll (104 bytes security) (deflated 5%)
adding: mbmtapi.dll (104 bytes security) (deflated 4%)
adding: mcmtapi.dll (104 bytes security) (deflated 4%)
adding: MEOEACCT.DLL (104 bytes security) (deflated 5%)
adding: mhmdd.dll (104 bytes security) (deflated 4%)
adding: mlaudite.dll (104 bytes security) (deflated 5%)
adding: mlawt.dll (104 bytes security) (deflated 4%)
adding: mlsign32.dll (104 bytes security) (deflated 4%)
adding: mnvcrt40.dll (104 bytes security) (deflated 4%)
adding: mqv1_0.dll (104 bytes security) (deflated 5%)
adding: msicda.dll (104 bytes security) (deflated 4%)
adding: mTpistub.dll (104 bytes security) (deflated 4%)
adding: munetobj.dll (104 bytes security) (deflated 4%)
adding: mxcpx32r.dLL (104 bytes security) (deflated 4%)
adding: mxrdim.dll (104 bytes security) (deflated 5%)
adding: mzjava.dll (104 bytes security) (deflated 4%)
adding: n04s0ah7ed4.dll (104 bytes security) (deflated 5%)
adding: n2n60c5sef.dll (104 bytes security) (deflated 5%)
adding: n62ulgf9162.dll (104 bytes security) (deflated 4%)
adding: n6l8lg3u16.dll (104 bytes security) (deflated 5%)
adding: n6n6lg5s16.dll (104 bytes security) (deflated 5%)
adding: ncmsevt.dll (104 bytes security) (deflated 4%)
adding: nitplwiz.dll (104 bytes security) (deflated 4%)
adding: nolsapi.dll (104 bytes security) (deflated 4%)
adding: nswmsdrm.dll (104 bytes security) (deflated 5%)
adding: nwwmsdrm.dll (104 bytes security) (deflated 4%)
adding: o0lu0a39ed.dll (104 bytes security) (deflated 5%)
adding: o648lghu1648.dll (104 bytes security) (deflated 5%)
adding: o6nslg5716.dll (104 bytes security) (deflated 4%)
adding: o6pqlg7516.dll (104 bytes security) (deflated 5%)
adding: obpdx32.dll (104 bytes security) (deflated 4%)
adding: oeecnv32.dll (104 bytes security) (deflated 4%)
adding: oyeaut32.dll (104 bytes security) (deflated 4%)
adding: p66slgj716o.dll (104 bytes security) (deflated 5%)
adding: p68qlgl516q.dll (104 bytes security) (deflated 5%)
adding: p88q0il5e8q.dll (104 bytes security) (deflated 5%)
adding: pbintui.dll (104 bytes security) (deflated 4%)
adding: pxdx5016.dll (104 bytes security) (deflated 4%)
adding: PzpOops.dll (104 bytes security) (deflated 4%)
adding: q0860alsedq60.dll (104 bytes security) (deflated 5%)
adding: q6nulg5916.dll (104 bytes security) (deflated 5%)
adding: q6pslg7716.dll (104 bytes security) (deflated 5%)
adding: qyap.dll (104 bytes security) (deflated 4%)
adding: r48slel71hq.dll (104 bytes security) (deflated 4%)
adding: remps.dll (104 bytes security) (deflated 4%)
adding: rkvpmsg.dll (104 bytes security) (deflated 4%)
adding: s6pulg7916.dll (104 bytes security) (deflated 5%)
adding: sncpack.dll (104 bytes security) (deflated 4%)
adding: snrvdeps.dll (104 bytes security) (deflated 4%)
adding: sxsvcs.dll (104 bytes security) (deflated 4%)
adding: sYpulg7916.dll (104 bytes security) (deflated 4%)
adding: szdoclc.dll (104 bytes security) (deflated 4%)
adding: tbbyuv.dll (104 bytes security) (deflated 4%)
adding: tGpiui.dll (104 bytes security) (deflated 4%)
adding: tKpi.dll (104 bytes security) (deflated 4%)
adding: u0ru0a99ed.dll (104 bytes security) (deflated 5%)
adding: uhnphost.dll (104 bytes security) (deflated 4%)
adding: vphelper.dll (104 bytes security) (deflated 5%)
adding: wbpns.dll (104 bytes security) (deflated 4%)
adding: wgssvc.dll (104 bytes security) (deflated 4%)
adding: whpns.dll (104 bytes security) (deflated 4%)
adding: wnerror.dll (104 bytes security) (deflated 4%)
adding: wocltui.dll (104 bytes security) (deflated 4%)
adding: woerrenu.dll (104 bytes security) (deflated 4%)
adding: wqerror.dll (104 bytes security) (deflated 4%)
adding: wwp.dll (104 bytes security) (deflated 4%)
adding: wysdmoe2.dll (104 bytes security) (deflated 4%)
adding: wzaudsdk.dll (104 bytes security) (deflated 4%)
adding: wznscard.dll (104 bytes security) (deflated 4%)
adding: xcnroll.dll (104 bytes security) (deflated 4%)
adding: guard.tmp (104 bytes security) (deflated 4%)
adding: clear.reg (104 bytes security) (deflated 37%)
adding: echo.reg (104 bytes security) (deflated 5%)
adding: desktop.ini (104 bytes security) (deflated 15%)
adding: direct.txt (104 bytes security) (stored 0%)
adding: lo2.txt (104 bytes security) (deflated 90%)
adding: readme.txt (104 bytes security) (deflated 49%)
adding: report.txt (104 bytes security) (deflated 69%)
adding: test.txt (104 bytes security) (deflated 86%)
adding: test2.txt (104 bytes security) (deflated 17%)
adding: test3.txt (104 bytes security) (deflated 17%)
adding: test5.txt (104 bytes security) (deflated 17%)
adding: xfind.txt (104 bytes security) (deflated 81%)
adding: backregs/8B4D2AB3-DE50-4473-B67F-20B239B6A3A6.reg (104 bytes security) (deflated 70%)
adding: backregs/CDFA0DDD-2FCD-4C65-A1B6-08DA5DD46CF4.reg (104 bytes security) (deflated 70%)
adding: backregs/shell.reg (104 bytes security) (deflated 73%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granti
  • 0

#15
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hey chubbs
Looks like a bit of the log is missing,,

Need to see a fresh HJT log as well please
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP