Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

loadingwebsite/warning pop ups

Started by Chubbs , Apr 07 2005 07:31 PM

Please log in to reply

#16
Chubbs

Posted 09 April 2005 - 04:57 PM

Member

Topic Starter
Member
31 posts

ok....i might have messed up during copy and paste, let me try again.
as for HJT log, ill have another one for you right away :tazz:

#17
Chubbs

Posted 09 April 2005 - 05:00 PM

Member

Topic Starter
Member
31 posts

repost of that log, HJT log in a minute:

L2Mfix 1.03

Running From:
C:\Program Files\Hijackthis\l2mfix

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

Setting registry permissions:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry

Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

Setting up for Reboot

Starting Reboot!

C:\Program Files\Hijackthis\l2mfix
System Rebooted!

Running From:
C:\Program Files\Hijackthis\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 208 'explorer.exe'
Killing PID 208 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1716 'rundll32.exe'
Killing PID 1716 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\6uo4svc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\alicap32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ani3d2ag.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aza2laho1d4c.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aza40ehqeh4e0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azaml5711.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azao0913e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azaql1h51.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azaslg5716.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azaslgj716o.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\bgowselc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\c4000edmeh0a0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cPis2022.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\db16gt.dLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dimrtp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dJd8thk.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dkskadp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dmmsvinn.dLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dOdrm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dpdskmgr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dysrslvr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\e4200efmeh2a0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en2ql1f51.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en2ul1f91.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en4ql1h51.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en66l1js1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en8ul1l91.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enj6l11s1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enl4l13q1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enlql1351.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enlsl1371.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enlul1391.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enn6l15s1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enpql1751.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enrol1931.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\f00olad31d0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\f2l02c3mgf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\f4j20e1oeh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\f6l02g3mg6.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fageas.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\flntext.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fn2021fmg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fn4021hmg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fp6s03j7e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fp8803lue.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fp8m03l1e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fpr2039oe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\g604lgdq160e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\g8400ihme84a0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\h0l2la3o1d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hbd.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hr2s05f7e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hrju0519e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\i042laho1d4c.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ibengine.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iijml5111.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ikv6mon.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iOsads.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ipaksie.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ipetppui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir0ml5d11.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir2ol5f31.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir42l5ho1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir4ol5h31.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir4sl5h71.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir82l5lo1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irj2l51o1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irjml5111.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irp0l57m1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irpml5711.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irpol5731.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iTsads.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ixrnonce.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j06mlaj11do.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j4p00e7meh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j86m0ij1e8o.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jadwmie.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jeproxy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jrproxy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jt4m07h1e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jt6m07j1e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jtr8079ue.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jUvacypt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k4440ehqeh4e0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k444lehq1h4e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k4lq0e35eh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k4pmle711h.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k8no0i53e8.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kddcz2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ked101a.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kedcan.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kednec95.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\knymgr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kudda.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l00u0ad9ed0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l0l60a3sed.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l0p2la7o1d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l48m0el1ehq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l4n40e5qeh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l88mlil118q.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\le2409fqe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lgeps11n.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lJp2la7o1d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lo6q09j5e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lt0027dmg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lv0609dse.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lv2409fqe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lv4209hoe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lv6q09j5e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lv8609lse.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvjm0911e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvjo0913e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvl4093qe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvr0099me.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvr4099qe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lztif12n.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\Lzwvc12n.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m0ju0a19ed.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m0nqla551d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m0rmla911d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m4460ehseh460.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m664lgjq16oe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m6julg1916.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\marui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mawsock.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mb43dmod.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mbimsg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mbmtapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mcmtapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MEOEACCT.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mhmdd.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mlaudite.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mlawt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mlsign32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mnvcrt40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mqv1_0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\msicda.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mTpistub.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\munetobj.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mxcpx32r.dLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mxrdim.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mzjava.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n04s0ah7ed4.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n2n60c5sef.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n62ulgf9162.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n6l8lg3u16.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n6n6lg5s16.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ncmsevt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nitplwiz.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nolsapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nswmsdrm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nwwmsdrm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o0lu0a39ed.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o648lghu1648.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o6nslg5716.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o6pqlg7516.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\obpdx32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\oeecnv32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\oyeaut32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\p66slgj716o.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\p68qlgl516q.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\p88q0il5e8q.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\pbintui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\pxdx5016.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\PzpOops.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\q0860alsedq60.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\q6nulg5916.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\q6pslg7716.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\qyap.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\r48slel71hq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\remps.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rkvpmsg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\s6pulg7916.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sncpack.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\snrvdeps.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sxsvcs.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sYpulg7916.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\szdoclc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\tbbyuv.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\tGpiui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\tKpi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\u0ru0a99ed.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\uhnphost.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\vphelper.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wbpns.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wgssvc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\whpns.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wnerror.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wocltui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\woerrenu.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wqerror.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wwp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wysdmoe2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wzaudsdk.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wznscard.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\xcnroll.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINDOWS\system32\6uo4svc.dll
Successfully Deleted: C:\WINDOWS\system32\6uo4svc.dll
deleting: C:\WINDOWS\system32\alicap32.dll
Successfully Deleted: C:\WINDOWS\system32\alicap32.dll
deleting: C:\WINDOWS\system32\ani3d2ag.dll
Successfully Deleted: C:\WINDOWS\system32\ani3d2ag.dll
deleting: C:\WINDOWS\system32\aza2laho1d4c.dll
Successfully Deleted: C:\WINDOWS\system32\aza2laho1d4c.dll
deleting: C:\WINDOWS\system32\aza40ehqeh4e0.dll
Successfully Deleted: C:\WINDOWS\system32\aza40ehqeh4e0.dll
deleting: C:\WINDOWS\system32\azaml5711.dll
Successfully Deleted: C:\WINDOWS\system32\azaml5711.dll
deleting: C:\WINDOWS\system32\azao0913e.dll
Successfully Deleted: C:\WINDOWS\system32\azao0913e.dll
deleting: C:\WINDOWS\system32\azaql1h51.dll
Successfully Deleted: C:\WINDOWS\system32\azaql1h51.dll
deleting: C:\WINDOWS\system32\azaslg5716.dll
Successfully Deleted: C:\WINDOWS\system32\azaslg5716.dll
deleting: C:\WINDOWS\system32\azaslgj716o.dll
Successfully Deleted: C:\WINDOWS\system32\azaslgj716o.dll
deleting: C:\WINDOWS\system32\bgowselc.dll
Successfully Deleted: C:\WINDOWS\system32\bgowselc.dll
deleting: C:\WINDOWS\system32\c4000edmeh0a0.dll
Successfully Deleted: C:\WINDOWS\system32\c4000edmeh0a0.dll
deleting: C:\WINDOWS\system32\cPis2022.dll
Successfully Deleted: C:\WINDOWS\system32\cPis2022.dll
deleting: C:\WINDOWS\system32\db16gt.dLL
Successfully Deleted: C:\WINDOWS\system32\db16gt.dLL
deleting: C:\WINDOWS\system32\dimrtp.dll
Successfully Deleted: C:\WINDOWS\system32\dimrtp.dll
deleting: C:\WINDOWS\system32\dJd8thk.dll
Successfully Deleted: C:\WINDOWS\system32\dJd8thk.dll
deleting: C:\WINDOWS\system32\dkskadp.dll
Successfully Deleted: C:\WINDOWS\system32\dkskadp.dll
deleting: C:\WINDOWS\system32\dmmsvinn.dLL
Successfully Deleted: C:\WINDOWS\system32\dmmsvinn.dLL
deleting: C:\WINDOWS\system32\dOdrm.dll
Successfully Deleted: C:\WINDOWS\system32\dOdrm.dll
deleting: C:\WINDOWS\system32\dpdskmgr.dll
Successfully Deleted: C:\WINDOWS\system32\dpdskmgr.dll
deleting: C:\WINDOWS\system32\dysrslvr.dll
Successfully Deleted: C:\WINDOWS\system32\dysrslvr.dll
deleting: C:\WINDOWS\system32\e4200efmeh2a0.dll
Successfully Deleted: C:\WINDOWS\system32\e4200efmeh2a0.dll
deleting: C:\WINDOWS\system32\en2ql1f51.dll
Successfully Deleted: C:\WINDOWS\system32\en2ql1f51.dll
deleting: C:\WINDOWS\system32\en2ul1f91.dll
Successfully Deleted: C:\WINDOWS\system32\en2ul1f91.dll
deleting: C:\WINDOWS\system32\en4ql1h51.dll
Successfully Deleted: C:\WINDOWS\system32\en4ql1h51.dll
deleting: C:\WINDOWS\system32\en66l1js1.dll
Successfully Deleted: C:\WINDOWS\system32\en66l1js1.dll
deleting: C:\WINDOWS\system32\en8ul1l91.dll
Successfully Deleted: C:\WINDOWS\system32\en8ul1l91.dll
deleting: C:\WINDOWS\system32\enj6l11s1.dll
Successfully Deleted: C:\WINDOWS\system32\enj6l11s1.dll
deleting: C:\WINDOWS\system32\enl4l13q1.dll
Successfully Deleted: C:\WINDOWS\system32\enl4l13q1.dll
deleting: C:\WINDOWS\system32\enlql1351.dll
Successfully Deleted: C:\WINDOWS\system32\enlql1351.dll
deleting: C:\WINDOWS\system32\enlsl1371.dll
Successfully Deleted: C:\WINDOWS\system32\enlsl1371.dll
deleting: C:\WINDOWS\system32\enlul1391.dll
Successfully Deleted: C:\WINDOWS\system32\enlul1391.dll
deleting: C:\WINDOWS\system32\enn6l15s1.dll
Successfully Deleted: C:\WINDOWS\system32\enn6l15s1.dll
deleting: C:\WINDOWS\system32\enpql1751.dll
Successfully Deleted: C:\WINDOWS\system32\enpql1751.dll
deleting: C:\WINDOWS\system32\enrol1931.dll
Successfully Deleted: C:\WINDOWS\system32\enrol1931.dll
deleting: C:\WINDOWS\system32\f00olad31d0.dll
Successfully Deleted: C:\WINDOWS\system32\f00olad31d0.dll
deleting: C:\WINDOWS\system32\f2l02c3mgf.dll
Successfully Deleted: C:\WINDOWS\system32\f2l02c3mgf.dll
deleting: C:\WINDOWS\system32\f4j20e1oeh.dll
Successfully Deleted: C:\WINDOWS\system32\f4j20e1oeh.dll
deleting: C:\WINDOWS\system32\f6l02g3mg6.dll
Successfully Deleted: C:\WINDOWS\system32\f6l02g3mg6.dll
deleting: C:\WINDOWS\system32\fageas.dll
Successfully Deleted: C:\WINDOWS\system32\fageas.dll
deleting: C:\WINDOWS\system32\flntext.dll
Successfully Deleted: C:\WINDOWS\system32\flntext.dll
deleting: C:\WINDOWS\system32\fn2021fmg.dll
Successfully Deleted: C:\WINDOWS\system32\fn2021fmg.dll
deleting: C:\WINDOWS\system32\fn4021hmg.dll
Successfully Deleted: C:\WINDOWS\system32\fn4021hmg.dll
deleting: C:\WINDOWS\system32\fp6s03j7e.dll
Successfully Deleted: C:\WINDOWS\system32\fp6s03j7e.dll
deleting: C:\WINDOWS\system32\fp8803lue.dll
Successfully Deleted: C:\WINDOWS\system32\fp8803lue.dll
deleting: C:\WINDOWS\system32\fp8m03l1e.dll
Successfully Deleted: C:\WINDOWS\system32\fp8m03l1e.dll
deleting: C:\WINDOWS\system32\fpr2039oe.dll
Successfully Deleted: C:\WINDOWS\system32\fpr2039oe.dll
deleting: C:\WINDOWS\system32\g604lgdq160e.dll
Successfully Deleted: C:\WINDOWS\system32\g604lgdq160e.dll
deleting: C:\WINDOWS\system32\g8400ihme84a0.dll
Successfully Deleted: C:\WINDOWS\system32\g8400ihme84a0.dll
deleting: C:\WINDOWS\system32\h0l2la3o1d.dll
Successfully Deleted: C:\WINDOWS\system32\h0l2la3o1d.dll
deleting: C:\WINDOWS\system32\hbd.dll
Successfully Deleted: C:\WINDOWS\system32\hbd.dll
deleting: C:\WINDOWS\system32\hr2s05f7e.dll
Successfully Deleted: C:\WINDOWS\system32\hr2s05f7e.dll
deleting: C:\WINDOWS\system32\hrju0519e.dll
Successfully Deleted: C:\WINDOWS\system32\hrju0519e.dll
deleting: C:\WINDOWS\system32\i042laho1d4c.dll
Successfully Deleted: C:\WINDOWS\system32\i042laho1d4c.dll
deleting: C:\WINDOWS\system32\ibengine.dll
Successfully Deleted: C:\WINDOWS\system32\ibengine.dll
deleting: C:\WINDOWS\system32\iijml5111.dll
Successfully Deleted: C:\WINDOWS\system32\iijml5111.dll
deleting: C:\WINDOWS\system32\ikv6mon.dll
Successfully Deleted: C:\WINDOWS\system32\ikv6mon.dll
deleting: C:\WINDOWS\system32\iOsads.dll
Successfully Deleted: C:\WINDOWS\system32\iOsads.dll
deleting: C:\WINDOWS\system32\ipaksie.dll
Successfully Deleted: C:\WINDOWS\system32\ipaksie.dll
deleting: C:\WINDOWS\system32\ipetppui.dll
Successfully Deleted: C:\WINDOWS\system32\ipetppui.dll
deleting: C:\WINDOWS\system32\ir0ml5d11.dll
Successfully Deleted: C:\WINDOWS\system32\ir0ml5d11.dll
deleting: C:\WINDOWS\system32\ir2ol5f31.dll
Successfully Deleted: C:\WINDOWS\system32\ir2ol5f31.dll
deleting: C:\WINDOWS\system32\ir42l5ho1.dll
Successfully Deleted: C:\WINDOWS\system32\ir42l5ho1.dll
deleting: C:\WINDOWS\system32\ir4ol5h31.dll
Successfully Deleted: C:\WINDOWS\system32\ir4ol5h31.dll
deleting: C:\WINDOWS\system32\ir4sl5h71.dll
Successfully Deleted: C:\WINDOWS\system32\ir4sl5h71.dll
deleting: C:\WINDOWS\system32\ir82l5lo1.dll
Successfully Deleted: C:\WINDOWS\system32\ir82l5lo1.dll
deleting: C:\WINDOWS\system32\irj2l51o1.dll
Successfully Deleted: C:\WINDOWS\system32\irj2l51o1.dll
deleting: C:\WINDOWS\system32\irjml5111.dll
Successfully Deleted: C:\WINDOWS\system32\irjml5111.dll
deleting: C:\WINDOWS\system32\irp0l57m1.dll
Successfully Deleted: C:\WINDOWS\system32\irp0l57m1.dll
deleting: C:\WINDOWS\system32\irpml5711.dll
Successfully Deleted: C:\WINDOWS\system32\irpml5711.dll
deleting: C:\WINDOWS\system32\irpol5731.dll
Successfully Deleted: C:\WINDOWS\system32\irpol5731.dll
deleting: C:\WINDOWS\system32\iTsads.dll
Successfully Deleted: C:\WINDOWS\system32\iTsads.dll
deleting: C:\WINDOWS\system32\ixrnonce.dll
Successfully Deleted: C:\WINDOWS\system32\ixrnonce.dll
deleting: C:\WINDOWS\system32\j06mlaj11do.dll
Successfully Deleted: C:\WINDOWS\system32\j06mlaj11do.dll
deleting: C:\WINDOWS\system32\j4p00e7meh.dll
Successfully Deleted: C:\WINDOWS\system32\j4p00e7meh.dll
deleting: C:\WINDOWS\system32\j86m0ij1e8o.dll
Successfully Deleted: C:\WINDOWS\system32\j86m0ij1e8o.dll
deleting: C:\WINDOWS\system32\jadwmie.dll
Successfully Deleted: C:\WINDOWS\system32\jadwmie.dll
deleting: C:\WINDOWS\system32\jeproxy.dll
Successfully Deleted: C:\WINDOWS\system32\jeproxy.dll
deleting: C:\WINDOWS\system32\jrproxy.dll
Successfully Deleted: C:\WINDOWS\system32\jrproxy.dll
deleting: C:\WINDOWS\system32\jt4m07h1e.dll
Successfully Deleted: C:\WINDOWS\system32\jt4m07h1e.dll
deleting: C:\WINDOWS\system32\jt6m07j1e.dll
Successfully Deleted: C:\WINDOWS\system32\jt6m07j1e.dll
deleting: C:\WINDOWS\system32\jtr8079ue.dll
Successfully Deleted: C:\WINDOWS\system32\jtr8079ue.dll
deleting: C:\WINDOWS\system32\jUvacypt.dll
Successfully Deleted: C:\WINDOWS\system32\jUvacypt.dll
deleting: C:\WINDOWS\system32\k4440ehqeh4e0.dll
Successfully Deleted: C:\WINDOWS\system32\k4440ehqeh4e0.dll
deleting: C:\WINDOWS\system32\k444lehq1h4e.dll
Successfully Deleted: C:\WINDOWS\system32\k444lehq1h4e.dll
deleting: C:\WINDOWS\system32\k4lq0e35eh.dll
Successfully Deleted: C:\WINDOWS\system32\k4lq0e35eh.dll
deleting: C:\WINDOWS\system32\k4pmle711h.dll
Successfully Deleted: C:\WINDOWS\system32\k4pmle711h.dll
deleting: C:\WINDOWS\system32\k8no0i53e8.dll
Successfully Deleted: C:\WINDOWS\system32\k8no0i53e8.dll
deleting: C:\WINDOWS\system32\kddcz2.dll
Successfully Deleted: C:\WINDOWS\system32\kddcz2.dll
deleting: C:\WINDOWS\system32\ked101a.dll
Successfully Deleted: C:\WINDOWS\system32\ked101a.dll
deleting: C:\WINDOWS\system32\kedcan.dll
Successfully Deleted: C:\WINDOWS\system32\kedcan.dll
deleting: C:\WINDOWS\system32\kednec95.dll
Successfully Deleted: C:\WINDOWS\system32\kednec95.dll
deleting: C:\WINDOWS\system32\knymgr.dll
Successfully Deleted: C:\WINDOWS\system32\knymgr.dll
deleting: C:\WINDOWS\system32\kudda.dll
Successfully Deleted: C:\WINDOWS\system32\kudda.dll
deleting: C:\WINDOWS\system32\l00u0ad9ed0.dll
Successfully Deleted: C:\WINDOWS\system32\l00u0ad9ed0.dll
deleting: C:\WINDOWS\system32\l0l60a3sed.dll
Successfully Deleted: C:\WINDOWS\system32\l0l60a3sed.dll
deleting: C:\WINDOWS\system32\l0p2la7o1d.dll
Successfully Deleted: C:\WINDOWS\system32\l0p2la7o1d.dll
deleting: C:\WINDOWS\system32\l48m0el1ehq.dll
Successfully Deleted: C:\WINDOWS\system32\l48m0el1ehq.dll
deleting: C:\WINDOWS\system32\l4n40e5qeh.dll
Successfully Deleted: C:\WINDOWS\system32\l4n40e5qeh.dll
deleting: C:\WINDOWS\system32\l88mlil118q.dll
Successfully Deleted: C:\WINDOWS\system32\l88mlil118q.dll
deleting: C:\WINDOWS\system32\le2409fqe.dll
Successfully Deleted: C:\WINDOWS\system32\le2409fqe.dll
deleting: C:\WINDOWS\system32\lgeps11n.dll
Successfully Deleted: C:\WINDOWS\system32\lgeps11n.dll
deleting: C:\WINDOWS\system32\lJp2la7o1d.dll
Successfully Deleted: C:\WINDOWS\system32\lJp2la7o1d.dll
deleting: C:\WINDOWS\system32\lo6q09j5e.dll
Successfully Deleted: C:\WINDOWS\system32\lo6q09j5e.dll
deleting: C:\WINDOWS\system32\lt0027dmg.dll
Successfully Deleted: C:\WINDOWS\system32\lt0027dmg.dll
deleting: C:\WINDOWS\system32\lv0609dse.dll
Successfully Deleted: C:\WINDOWS\system32\lv0609dse.dll
deleting: C:\WINDOWS\system32\lv2409fqe.dll
Successfully Deleted: C:\WINDOWS\system32\lv2409fqe.dll
deleting: C:\WINDOWS\system32\lv4209hoe.dll
Successfully Deleted: C:\WINDOWS\system32\lv4209hoe.dll
deleting: C:\WINDOWS\system32\lv6q09j5e.dll
Successfully Deleted: C:\WINDOWS\system32\lv6q09j5e.dll
deleting: C:\WINDOWS\system32\lv8609lse.dll
Successfully Deleted: C:\WINDOWS\system32\lv8609lse.dll
deleting: C:\WINDOWS\system32\lvjm0911e.dll
Successfully Deleted: C:\WINDOWS\system32\lvjm0911e.dll
deleting: C:\WINDOWS\system32\lvjo0913e.dll
Successfully Deleted: C:\WINDOWS\system32\lvjo0913e.dll
deleting: C:\WINDOWS\system32\lvl4093qe.dll
Successfully Deleted: C:\WINDOWS\system32\lvl4093qe.dll
deleting: C:\WINDOWS\system32\lvr0099me.dll
Successfully Deleted: C:\WINDOWS\system32\lvr0099me.dll
deleting: C:\WINDOWS\system32\lvr4099qe.dll
Successfully Deleted: C:\WINDOWS\system32\lvr4099qe.dll
deleting: C:\WINDOWS\system32\lztif12n.dll
Successfully Deleted: C:\WINDOWS\system32\lztif12n.dll
deleting: C:\WINDOWS\system32\Lzwvc12n.dll
Successfully Deleted: C:\WINDOWS\system32\Lzwvc12n.dll
deleting: C:\WINDOWS\system32\m0ju0a19ed.dll
Successfully Deleted: C:\WINDOWS\system32\m0ju0a19ed.dll
deleting: C:\WINDOWS\system32\m0nqla551d.dll
Successfully Deleted: C:\WINDOWS\system32\m0nqla551d.dll
deleting: C:\WINDOWS\system32\m0rmla911d.dll
Successfully Deleted: C:\WINDOWS\system32\m0rmla911d.dll
deleting: C:\WINDOWS\system32\m4460ehseh460.dll
Successfully Deleted: C:\WINDOWS\system32\m4460ehseh460.dll
deleting: C:\WINDOWS\system32\m664lgjq16oe.dll
Successfully Deleted: C:\WINDOWS\system32\m664lgjq16oe.dll
deleting: C:\WINDOWS\system32\m6julg1916.dll
Successfully Deleted: C:\WINDOWS\system32\m6julg1916.dll
deleting: C:\WINDOWS\system32\marui.dll
Successfully Deleted: C:\WINDOWS\system32\marui.dll
deleting: C:\WINDOWS\system32\mawsock.dll
Successfully Deleted: C:\WINDOWS\system32\mawsock.dll
deleting: C:\WINDOWS\system32\mb43dmod.dll
Successfully Deleted: C:\WINDOWS\system32\mb43dmod.dll
deleting: C:\WINDOWS\system32\mbimsg.dll
Successfully Deleted: C:\WINDOWS\system32\mbimsg.dll
deleting: C:\WINDOWS\system32\mbmtapi.dll
Successfully Deleted: C:\WINDOWS\system32\mbmtapi.dll
deleting: C:\WINDOWS\system32\mcmtapi.dll
Successfully Deleted: C:\WINDOWS\system32\mcmtapi.dll
deleting: C:\WINDOWS\system32\MEOEACCT.DLL
Successfully Deleted: C:\WINDOWS\system32\MEOEACCT.DLL
deleting: C:\WINDOWS\system32\mhmdd.dll
Successfully Deleted: C:\WINDOWS\system32\mhmdd.dll
deleting: C:\WINDOWS\system32\mlaudite.dll
Successfully Deleted: C:\WINDOWS\system32\mlaudite.dll
deleting: C:\WINDOWS\system32\mlawt.dll
Successfully Deleted: C:\WINDOWS\system32\mlawt.dll
deleting: C:\WINDOWS\system32\mlsign32.dll
Successfully Deleted: C:\WINDOWS\system32\mlsign32.dll
deleting: C:\WINDOWS\system32\mnvcrt40.dll
Successfully Deleted: C:\WINDOWS\system32\mnvcrt40.dll
deleting: C:\WINDOWS\system32\mqv1_0.dll
Successfully Deleted: C:\WINDOWS\system32\mqv1_0.dll
deleting: C:\WINDOWS\system32\msicda.dll
Successfully Deleted: C:\WINDOWS\system32\msicda.dll
deleting: C:\WINDOWS\system32\mTpistub.dll
Successfully Deleted: C:\WINDOWS\system32\mTpistub.dll
deleting: C:\WINDOWS\system32\munetobj.dll
Successfully Deleted: C:\WINDOWS\system32\munetobj.dll
deleting: C:\WINDOWS\system32\mxcpx32r.dLL
Successfully Deleted: C:\WINDOWS\system32\mxcpx32r.dLL
deleting: C:\WINDOWS\system32\mxrdim.dll
Successfully Deleted: C:\WINDOWS\system32\mxrdim.dll
deleting: C:\WINDOWS\system32\mzjava.dll
Successfully Deleted: C:\WINDOWS\system32\mzjava.dll
deleting: C:\WINDOWS\system32\n04s0ah7ed4.dll
Successfully Deleted: C:\WINDOWS\system32\n04s0ah7ed4.dll
deleting: C:\WINDOWS\system32\n2n60c5sef.dll
Successfully Deleted: C:\WINDOWS\system32\n2n60c5sef.dll
deleting: C:\WINDOWS\system32\n62ulgf9162.dll
Successfully Deleted: C:\WINDOWS\system32\n62ulgf9162.dll
deleting: C:\WINDOWS\system32\n6l8lg3u16.dll
Successfully Deleted: C:\WINDOWS\system32\n6l8lg3u16.dll
deleting: C:\WINDOWS\system32\n6n6lg5s16.dll
Successfully Deleted: C:\WINDOWS\system32\n6n6lg5s16.dll
deleting: C:\WINDOWS\system32\ncmsevt.dll
Successfully Deleted: C:\WINDOWS\system32\ncmsevt.dll
deleting: C:\WINDOWS\system32\nitplwiz.dll
Successfully Deleted: C:\WINDOWS\system32\nitplwiz.dll
deleting: C:\WINDOWS\system32\nolsapi.dll
Successfully Deleted: C:\WINDOWS\system32\nolsapi.dll
deleting: C:\WINDOWS\system32\nswmsdrm.dll
Successfully Deleted: C:\WINDOWS\system32\nswmsdrm.dll
deleting: C:\WINDOWS\system32\nwwmsdrm.dll
Successfully Deleted: C:\WINDOWS\system32\nwwmsdrm.dll
deleting: C:\WINDOWS\system32\o0lu0a39ed.dll
Successfully Deleted: C:\WINDOWS\system32\o0lu0a39ed.dll
deleting: C:\WINDOWS\system32\o648lghu1648.dll
Successfully Deleted: C:\WINDOWS\system32\o648lghu1648.dll
deleting: C:\WINDOWS\system32\o6nslg5716.dll
Successfully Deleted: C:\WINDOWS\system32\o6nslg5716.dll
deleting: C:\WINDOWS\system32\o6pqlg7516.dll
Successfully Deleted: C:\WINDOWS\system32\o6pqlg7516.dll
deleting: C:\WINDOWS\system32\obpdx32.dll
Successfully Deleted: C:\WINDOWS\system32\obpdx32.dll
deleting: C:\WINDOWS\system32\oeecnv32.dll
Successfully Deleted: C:\WINDOWS\system32\oeecnv32.dll
deleting: C:\WINDOWS\system32\oyeaut32.dll
Successfully Deleted: C:\WINDOWS\system32\oyeaut32.dll
deleting: C:\WINDOWS\system32\p66slgj716o.dll
Successfully Deleted: C:\WINDOWS\system32\p66slgj716o.dll
deleting: C:\WINDOWS\system32\p68qlgl516q.dll
Successfully Deleted: C:\WINDOWS\system32\p68qlgl516q.dll
deleting: C:\WINDOWS\system32\p88q0il5e8q.dll
Successfully Deleted: C:\WINDOWS\system32\p88q0il5e8q.dll
deleting: C:\WINDOWS\system32\pbintui.dll
Successfully Deleted: C:\WINDOWS\system32\pbintui.dll
deleting: C:\WINDOWS\system32\pxdx5016.dll
Successfully Deleted: C:\WINDOWS\system32\pxdx5016.dll
deleting: C:\WINDOWS\system32\PzpOops.dll
Successfully Deleted: C:\WINDOWS\system32\PzpOops.dll
deleting: C:\WINDOWS\system32\q0860alsedq60.dll
Successfully Deleted: C:\WINDOWS\system32\q0860alsedq60.dll
deleting: C:\WINDOWS\system32\q6nulg5916.dll
Successfully Deleted: C:\WINDOWS\system32\q6nulg5916.dll
deleting: C:\WINDOWS\system32\q6pslg7716.dll
Successfully Deleted: C:\WINDOWS\system32\q6pslg7716.dll
deleting: C:\WINDOWS\system32\qyap.dll
Successfully Deleted: C:\WINDOWS\system32\qyap.dll
deleting: C:\WINDOWS\system32\r48slel71hq.dll
Successfully Deleted: C:\WINDOWS\system32\r48slel71hq.dll
deleting: C:\WINDOWS\system32\remps.dll
Successfully Deleted: C:\WINDOWS\system32\remps.dll
deleting: C:\WINDOWS\system32\rkvpmsg.dll
Successfully Deleted: C:\WINDOWS\system32\rkvpmsg.dll
deleting: C:\WINDOWS\system32\s6pulg7916.dll
Successfully Deleted: C:\WINDOWS\system32\s6pulg7916.dll
deleting: C:\WINDOWS\system32\sncpack.dll
Successfully Deleted: C:\WINDOWS\system32\sncpack.dll
deleting: C:\WINDOWS\system32\snrvdeps.dll
Successfully Deleted: C:\WINDOWS\system32\snrvdeps.dll
deleting: C:\WINDOWS\system32\sxsvcs.dll
Successfully Deleted: C:\WINDOWS\system32\sxsvcs.dll
deleting: C:\WINDOWS\system32\sYpulg7916.dll
Successfully Deleted: C:\WINDOWS\system32\sYpulg7916.dll
deleting: C:\WINDOWS\system32\szdoclc.dll
Successfully Deleted: C:\WINDOWS\system32\szdoclc.dll
deleting: C:\WINDOWS\system32\tbbyuv.dll
Successfully Deleted: C:\WINDOWS\system32\tbbyuv.dll
deleting: C:\WINDOWS\system32\tGpiui.dll
Successfully Deleted: C:\WINDOWS\system32\tGpiui.dll
deleting: C:\WINDOWS\system32\tKpi.dll
Successfully Deleted: C:\WINDOWS\system32\tKpi.dll
deleting: C:\WINDOWS\system32\u0ru0a99ed.dll
Successfully Deleted: C:\WINDOWS\system32\u0ru0a99ed.dll
deleting: C:\WINDOWS\system32\uhnphost.dll
Successfully Deleted: C:\WINDOWS\system32\uhnphost.dll
deleting: C:\WINDOWS\system32\vphelper.dll
Successfully Deleted: C:\WINDOWS\system32\vphelper.dll
deleting: C:\WINDOWS\system32\wbpns.dll
Successfully Deleted: C:\WINDOWS\system32\wbpns.dll
deleting: C:\WINDOWS\system32\wgssvc.dll
Successfully Deleted: C:\WINDOWS\system32\wgssvc.dll
deleting: C:\WINDOWS\system32\whpns.dll
Successfully Deleted: C:\WINDOWS\system32\whpns.dll
deleting: C:\WINDOWS\system32\wnerror.dll
Successfully Deleted: C:\WINDOWS\system32\wnerror.dll
deleting: C:\WINDOWS\system32\wocltui.dll
Successfully Deleted: C:\WINDOWS\system32\wocltui.dll
deleting: C:\WINDOWS\system32\woerrenu.dll
Successfully Deleted: C:\WINDOWS\system32\woerrenu.dll
deleting: C:\WINDOWS\system32\wqerror.dll
Successfully Deleted: C:\WINDOWS\system32\wqerror.dll
deleting: C:\WINDOWS\system32\wwp.dll
Successfully Deleted: C:\WINDOWS\system32\wwp.dll
deleting: C:\WINDOWS\system32\wysdmoe2.dll
Successfully Deleted: C:\WINDOWS\system32\wysdmoe2.dll
deleting: C:\WINDOWS\system32\wzaudsdk.dll
Successfully Deleted: C:\WINDOWS\system32\wzaudsdk.dll
deleting: C:\WINDOWS\system32\wznscard.dll
Successfully Deleted: C:\WINDOWS\system32\wznscard.dll
deleting: C:\WINDOWS\system32\xcnroll.dll
Successfully Deleted: C:\WINDOWS\system32\xcnroll.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp

Desktop.ini sucessfully removed

Zipping up files for submission:
adding: 6uo4svc.dll (104 bytes security) (deflated 5%)
adding: alicap32.dll (104 bytes security) (deflated 4%)
adding: ani3d2ag.dll (104 bytes security) (deflated 5%)
adding: aza2laho1d4c.dll (104 bytes security) (deflated 5%)
adding: aza40ehqeh4e0.dll (104 bytes security) (deflated 4%)
adding: azaml5711.dll (104 bytes security) (deflated 4%)
adding: azao0913e.dll (104 bytes security) (deflated 4%)
adding: azaql1h51.dll (104 bytes security) (deflated 5%)
adding: azaslg5716.dll (104 bytes security) (deflated 4%)
adding: azaslgj716o.dll (104 bytes security) (deflated 4%)
adding: bgowselc.dll (104 bytes security) (deflated 5%)
adding: c4000edmeh0a0.dll (104 bytes security) (deflated 4%)
adding: cPis2022.dll (104 bytes security) (deflated 5%)
adding: db16gt.dLL (104 bytes security) (deflated 4%)
adding: dimrtp.dll (104 bytes security) (deflated 4%)
adding: dJd8thk.dll (104 bytes security) (deflated 4%)
adding: dkskadp.dll (104 bytes security) (deflated 4%)
adding: dmmsvinn.dLL (104 bytes security) (deflated 4%)
adding: dOdrm.dll (104 bytes security) (deflated 4%)
adding: dpdskmgr.dll (104 bytes security) (deflated 4%)
adding: dysrslvr.dll (104 bytes security) (deflated 4%)
adding: e4200efmeh2a0.dll (104 bytes security) (deflated 4%)
adding: en2ql1f51.dll (104 bytes security) (deflated 4%)
adding: en2ul1f91.dll (104 bytes security) (deflated 5%)
adding: en4ql1h51.dll (104 bytes security) (deflated 5%)
adding: en66l1js1.dll (104 bytes security) (deflated 5%)
adding: en8ul1l91.dll (104 bytes security) (deflated 4%)
adding: enj6l11s1.dll (104 bytes security) (deflated 4%)
adding: enl4l13q1.dll (104 bytes security) (deflated 4%)
adding: enlql1351.dll (104 bytes security) (deflated 4%)
adding: enlsl1371.dll (104 bytes security) (deflated 4%)
adding: enlul1391.dll (104 bytes security) (deflated 5%)
adding: enn6l15s1.dll (104 bytes security) (deflated 4%)
adding: enpql1751.dll (104 bytes security) (deflated 5%)
adding: enrol1931.dll (104 bytes security) (deflated 4%)
adding: f00olad31d0.dll (104 bytes security) (deflated 4%)
adding: f2l02c3mgf.dll (104 bytes security) (deflated 5%)
adding: f4j20e1oeh.dll (104 bytes security) (deflated 4%)
adding: f6l02g3mg6.dll (104 bytes security) (deflated 4%)
adding: fageas.dll (104 bytes security) (deflated 5%)
adding: flntext.dll (104 bytes security) (deflated 4%)
adding: fn2021fmg.dll (104 bytes security) (deflated 4%)
adding: fn4021hmg.dll (104 bytes security) (deflated 5%)
adding: fp6s03j7e.dll (104 bytes security) (deflated 4%)
adding: fp8803lue.dll (104 bytes security) (deflated 5%)
adding: fp8m03l1e.dll (104 bytes security) (deflated 5%)
adding: fpr2039oe.dll (104 bytes security) (deflated 4%)
adding: g604lgdq160e.dll (104 bytes security) (deflated 4%)
adding: g8400ihme84a0.dll (104 bytes security) (deflated 5%)
adding: h0l2la3o1d.dll (104 bytes security) (deflated 4%)
adding: hbd.dll (104 bytes security) (deflated 4%)
adding: hr2s05f7e.dll (104 bytes security) (deflated 4%)
adding: hrju0519e.dll (104 bytes security) (deflated 5%)
adding: i042laho1d4c.dll (104 bytes security) (deflated 5%)
adding: ibengine.dll (104 bytes security) (deflated 4%)
adding: iijml5111.dll (104 bytes security) (deflated 4%)
adding: ikv6mon.dll (104 bytes security) (deflated 5%)
adding: iOsads.dll (104 bytes security) (deflated 4%)
adding: ipaksie.dll (104 bytes security) (deflated 4%)
adding: ipetppui.dll (104 bytes security) (deflated 4%)
adding: ir0ml5d11.dll (104 bytes security) (deflated 5%)
adding: ir2ol5f31.dll (104 bytes security) (deflated 5%)
adding: ir42l5ho1.dll (104 bytes security) (deflated 5%)
adding: ir4ol5h31.dll (104 bytes security) (deflated 5%)
adding: ir4sl5h71.dll (104 bytes security) (deflated 4%)
adding: ir82l5lo1.dll (104 bytes security) (deflated 5%)
adding: irj2l51o1.dll (104 bytes security) (deflated 4%)
adding: irjml5111.dll (104 bytes security) (deflated 5%)
adding: irp0l57m1.dll (104 bytes security) (deflated 5%)
adding: irpml5711.dll (104 bytes security) (deflated 4%)
adding: irpol5731.dll (104 bytes security) (deflated 5%)
adding: iTsads.dll (104 bytes security) (deflated 5%)
adding: ixrnonce.dll (104 bytes security) (deflated 5%)
adding: j06mlaj11do.dll (104 bytes security) (deflated 4%)
adding: j4p00e7meh.dll (104 bytes security) (deflated 4%)
adding: j86m0ij1e8o.dll (104 bytes security) (deflated 5%)
adding: jadwmie.dll (104 bytes security) (deflated 4%)
adding: jeproxy.dll (104 bytes security) (deflated 5%)
adding: jrproxy.dll (104 bytes security) (deflated 4%)
adding: jt4m07h1e.dll (104 bytes security) (deflated 5%)
adding: jt6m07j1e.dll (104 bytes security) (deflated 5%)
adding: jtr8079ue.dll (104 bytes security) (deflated 5%)
adding: jUvacypt.dll (104 bytes security) (deflated 5%)
adding: k4440ehqeh4e0.dll (104 bytes security) (deflated 5%)
adding: k444lehq1h4e.dll (104 bytes security) (deflated 4%)
adding: k4lq0e35eh.dll (104 bytes security) (deflated 4%)
adding: k4pmle711h.dll (104 bytes security) (deflated 4%)
adding: k8no0i53e8.dll (104 bytes security) (deflated 4%)
adding: kddcz2.dll (104 bytes security) (deflated 4%)
adding: ked101a.dll (104 bytes security) (deflated 5%)
adding: kedcan.dll (104 bytes security) (deflated 4%)
adding: kednec95.dll (104 bytes security) (deflated 4%)
adding: knymgr.dll (104 bytes security) (deflated 4%)
adding: kudda.dll (104 bytes security) (deflated 4%)
adding: l00u0ad9ed0.dll (104 bytes security) (deflated 4%)
adding: l0l60a3sed.dll (104 bytes security) (deflated 4%)
adding: l0p2la7o1d.dll (104 bytes security) (deflated 4%)
adding: l48m0el1ehq.dll (104 bytes security) (deflated 5%)
adding: l4n40e5qeh.dll (104 bytes security) (deflated 5%)
adding: l88mlil118q.dll (104 bytes security) (deflated 4%)
adding: le2409fqe.dll (104 bytes security) (deflated 4%)
adding: lgeps11n.dll (104 bytes security) (deflated 5%)
adding: lJp2la7o1d.dll (104 bytes security) (deflated 4%)
adding: lo6q09j5e.dll (104 bytes security) (deflated 4%)
adding: lt0027dmg.dll (104 bytes security) (deflated 4%)
adding: lv0609dse.dll (104 bytes security) (deflated 5%)
adding: lv2409fqe.dll (104 bytes security) (deflated 5%)
adding: lv4209hoe.dll (104 bytes security) (deflated 4%)
adding: lv6q09j5e.dll (104 bytes security) (deflated 5%)
adding: lv8609lse.dll (104 bytes security) (deflated 5%)
adding: lvjm0911e.dll (104 bytes security) (deflated 5%)
adding: lvjo0913e.dll (104 bytes security) (deflated 4%)
adding: lvl4093qe.dll (104 bytes security) (deflated 4%)
adding: lvr0099me.dll (104 bytes security) (deflated 4%)
adding: lvr4099qe.dll (104 bytes security) (deflated 4%)
adding: lztif12n.dll (104 bytes security) (deflated 4%)
adding: Lzwvc12n.dll (104 bytes security) (deflated 4%)
adding: m0ju0a19ed.dll (104 bytes security) (deflated 5%)
adding: m0nqla551d.dll (104 bytes security) (deflated 4%)
adding: m0rmla911d.dll (104 bytes security) (deflated 4%)
adding: m4460ehseh460.dll (104 bytes security) (deflated 5%)
adding: m664lgjq16oe.dll (104 bytes security) (deflated 5%)
adding: m6julg1916.dll (104 bytes security) (deflated 5%)
adding: marui.dll (104 bytes security) (deflated 4%)
adding: mawsock.dll (104 bytes security) (deflated 4%)
adding: mb43dmod.dll (104 bytes security) (deflated 5%)
adding: mbimsg.dll (104 bytes security) (deflated 5%)
adding: mbmtapi.dll (104 bytes security) (deflated 4%)
adding: mcmtapi.dll (104 bytes security) (deflated 4%)
adding: MEOEACCT.DLL (104 bytes security) (deflated 5%)
adding: mhmdd.dll (104 bytes security) (deflated 4%)
adding: mlaudite.dll (104 bytes security) (deflated 5%)
adding: mlawt.dll (104 bytes security) (deflated 4%)
adding: mlsign32.dll (104 bytes security) (deflated 4%)
adding: mnvcrt40.dll (104 bytes security) (deflated 4%)
adding: mqv1_0.dll (104 bytes security) (deflated 5%)
adding: msicda.dll (104 bytes security) (deflated 4%)
adding: mTpistub.dll (104 bytes security) (deflated 4%)
adding: munetobj.dll (104 bytes security) (deflated 4%)
adding: mxcpx32r.dLL (104 bytes security) (deflated 4%)
adding: mxrdim.dll (104 bytes security) (deflated 5%)
adding: mzjava.dll (104 bytes security) (deflated 4%)
adding: n04s0ah7ed4.dll (104 bytes security) (deflated 5%)
adding: n2n60c5sef.dll (104 bytes security) (deflated 5%)
adding: n62ulgf9162.dll (104 bytes security) (deflated 4%)
adding: n6l8lg3u16.dll (104 bytes security) (deflated 5%)
adding: n6n6lg5s16.dll (104 bytes security) (deflated 5%)
adding: ncmsevt.dll (104 bytes security) (deflated 4%)
adding: nitplwiz.dll (104 bytes security) (deflated 4%)
adding: nolsapi.dll (104 bytes security) (deflated 4%)
adding: nswmsdrm.dll (104 bytes security) (deflated 5%)
adding: nwwmsdrm.dll (104 bytes security) (deflated 4%)
adding: o0lu0a39ed.dll (104 bytes security) (deflated 5%)
adding: o648lghu1648.dll (104 bytes security) (deflated 5%)
adding: o6nslg5716.dll (104 bytes security) (deflated 4%)
adding: o6pqlg7516.dll (104 bytes security) (deflated 5%)
adding: obpdx32.dll (104 bytes security) (deflated 4%)
adding: oeecnv32.dll (104 bytes security) (deflated 4%)
adding: oyeaut32.dll (104 bytes security) (deflated 4%)
adding: p66slgj716o.dll (104 bytes security) (deflated 5%)
adding: p68qlgl516q.dll (104 bytes security) (deflated 5%)
adding: p88q0il5e8q.dll (104 bytes security) (deflated 5%)
adding: pbintui.dll (104 bytes security) (deflated 4%)
adding: pxdx5016.dll (104 bytes security) (deflated 4%)
adding: PzpOops.dll (104 bytes security) (deflated 4%)
adding: q0860alsedq60.dll (104 bytes security) (deflated 5%)
adding: q6nulg5916.dll (104 bytes security) (deflated 5%)
adding: q6pslg7716.dll (104 bytes security) (deflated 5%)
adding: qyap.dll (104 bytes security) (deflated 4%)
adding: r48slel71hq.dll (104 bytes security) (deflated 4%)
adding: remps.dll (104 bytes security) (deflated 4%)
adding: rkvpmsg.dll (104 bytes security) (deflated 4%)
adding: s6pulg7916.dll (104 bytes security) (deflated 5%)
adding: sncpack.dll (104 bytes security) (deflated 4%)
adding: snrvdeps.dll (104 bytes security) (deflated 4%)
adding: sxsvcs.dll (104 bytes security) (deflated 4%)
adding: sYpulg7916.dll (104 bytes security) (deflated 4%)
adding: szdoclc.dll (104 bytes security) (deflated 4%)
adding: tbbyuv.dll (104 bytes security) (deflated 4%)
adding: tGpiui.dll (104 bytes security) (deflated 4%)
adding: tKpi.dll (104 bytes security) (deflated 4%)
adding: u0ru0a99ed.dll (104 bytes security) (deflated 5%)
adding: uhnphost.dll (104 bytes security) (deflated 4%)
adding: vphelper.dll (104 bytes security) (deflated 5%)
adding: wbpns.dll (104 bytes security) (deflated 4%)
adding: wgssvc.dll (104 bytes security) (deflated 4%)
adding: whpns.dll (104 bytes security) (deflated 4%)
adding: wnerror.dll (104 bytes security) (deflated 4%)
adding: wocltui.dll (104 bytes security) (deflated 4%)
adding: woerrenu.dll (104 bytes security) (deflated 4%)
adding: wqerror.dll (104 bytes security) (deflated 4%)
adding: wwp.dll (104 bytes security) (deflated 4%)
adding: wysdmoe2.dll (104 bytes security) (deflated 4%)
adding: wzaudsdk.dll (104 bytes security) (deflated 4%)
adding: wznscard.dll (104 bytes security) (deflated 4%)
adding: xcnroll.dll (104 bytes security) (deflated 4%)
adding: guard.tmp (104 bytes security) (deflated 4%)
adding: clear.reg (104 bytes security) (deflated 37%)
adding: echo.reg (104 bytes security) (deflated 5%)
adding: desktop.ini (104 bytes security) (deflated 15%)
adding: direct.txt (104 bytes security) (stored 0%)
adding: lo2.txt (104 bytes security) (deflated 90%)
adding: readme.txt (104 bytes security) (deflated 49%)
adding: report.txt (104 bytes security) (deflated 69%)
adding: test.txt (104 bytes security) (deflated 86%)
adding: test2.txt (104 bytes security) (deflated 17%)
adding: test3.txt (104 bytes security) (deflated 17%)
adding: test5.txt (104 bytes security) (deflated 17%)
adding: xfind.txt (104 bytes security) (deflated 81%)
adding: backregs/8B4D2AB3-DE50-4473-B67F-20B239B6A3A6.reg (104 bytes security) (deflated 70%)
adding: backregs/CDFA0DDD-2FCD-4C65-A1B6-08DA5DD46CF4.reg (104 bytes security) (deflated 70%)
adding: backregs/shell.reg (104 bytes security) (deflated 73%)

Restoring Registry Permissions:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!

Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

Restoring Sedebugprivil

#18
Chubbs

Posted 09 April 2005 - 05:02 PM

Member

Topic Starter
Member
31 posts

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 6:59:10 PM, on 4/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rivlz.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Documents and Settings\Lucas\Local Settings\Temp\Temporary Directory 7 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {06328303-8145-6034-ED77-7B81150E5C09} - (no file)
O2 - BHO: (no name) - {0B70B616-E0FF-B4EF-4E69-F95158E34A07} - (no file)
O2 - BHO: (no name) - {7B87130B-1FC6-D1EB-720C-73A874F8F3E4} - (no file)
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rivlz.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB741E0-4678-439D-8CB3-14008F3CFF92}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: piryrmibvjlh (vclydjwc6) - Unknown owner - C:\WINDOWS\System32\jqpdqycw6.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#19
don77

Posted 09 April 2005 - 05:10 PM

Malware Expert

Retired Staff
18,526 posts

Ok, we are getting there,
Do you have any programs you disabled from your start ups ?
Next,
I really need you to create a new folder for HJT and move it into it please,
Next,
Please open HJT> Click on the Config button> Click >Misc. Tools > Click > Open Process manager> Highlight “

rivlz.exe
jqpdqycw6.exe
“ >Click> Kill process>
Next click the scan button and put a check mark next to the following, close all open windows , Click “ Fix Checked”
O2 - BHO: (no name) - {06328303-8145-6034-ED77-7B81150E5C09} - (no file)
O2 - BHO: (no name) - {0B70B616-E0FF-B4EF-4E69-F95158E34A07} - (no file)
O2 - BHO: (no name) - {7B87130B-1FC6-D1EB-720C-73A874F8F3E4} - (no file)
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rivlz.exe
O23 - Service: piryrmibvjlh (vclydjwc6) - Unknown owner - C:\WINDOWS\System32\jqpdqycw6.exe (file missing)

Reboot to safe mode ( by tapping the F8 key on start up ) make sure you can view all hidden folders/files View Hidden Folders search for and delete the following in BOLD

C:\WINDOWS\System32\rivlz.exe
C:\WINDOWS\System32\jqpdqycw6.exe

Restart your computer, restart HJT and post back a fresh log

#20
Chubbs

Posted 09 April 2005 - 05:13 PM

Member

Topic Starter
Member
31 posts

last time i rebooted in safe mode and checked system32 folder these 2 files were not there:

C:\WINDOWS\System32\rivlz.exe
C:\WINDOWS\System32\jqpdqycw6.exe

rivlz.exe may not be there because i deleted it earlier in the day to try and stop it from opening, as for the j one, i dont know, havent seen it before.
anyways, ill get u that log

#21
don77

Posted 09 April 2005 - 05:16 PM

Malware Expert

Retired Staff
18,526 posts

Tell you what do 1 more thing for me as well please.

Download and run Service Filter:[list]
[list]
[*]Please download ServiceFilter.
[*]Unzip ServiceFilter.zip to a convenient folder like C:\ServiceFilter.
[*]Navigate to where you unzipped it and double-click on ServiceFilter.vbs.
[*]If you have an active anti-virus it might prevent the script from starting. Please allow the script to run.
[*]It will open a text file (POST_THIS.TXT) that lists all of the irregular services.
[*]Press Ctrl + A simultaneously to select all of the text.
[*]Copy and paste the whole thing into your next post.
[*]A copy of POST_THIS.TXT is saved to where ServiceFilter.vbs was saved just in case you accidentally close out of it.

#22
Chubbs

Posted 09 April 2005 - 05:38 PM

Member

Topic Starter
Member
31 posts

here is HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:33:18 PM, on 4/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\rivlz.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Documents and Settings\Lucas\Local Settings\Temp\Temporary Directory 10 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {06328303-8145-6034-ED77-7B81150E5C09} - (no file)
O2 - BHO: (no name) - {0B70B616-E0FF-B4EF-4E69-F95158E34A07} - (no file)
O2 - BHO: (no name) - {7B87130B-1FC6-D1EB-720C-73A874F8F3E4} - (no file)
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rivlz.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB741E0-4678-439D-8CB3-14008F3CFF92}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: piryrmibvjlh (vclydjwc6) - Unknown owner - C:\WINDOWS\System32\jqpdqycw6.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

log of the other thing:

The script did not recognize the services listed below.
This does not mean that they are a problem.

To copy the entire contents of this document for posting:
At the top of this window click "Edit" then "Select All"
Next click "Edit" again then "Copy"
Now right click in the forum post box then click "Paste"

########################################

ServiceFilter 1.1
by rand1038

Microsoft Windows XP Home Edition
Version: 5.1.2600 Service Pack 1
Apr 9, 2005 7:18:36 PM

---> Begin Service Listing <---

Unknown Service # 1
Service Name: HPConfig
Display Name: HP Configuration Interface Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\windows\system32\hpconfig.exe
State: Running
Process ID: 512
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True

Unknown Service # 2
Service Name: HPWirelessMgr
Display Name: HPWirelessMgr
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\program files\hpq\notebook utilities\hpwirelessmgr.exe
State: Running
Process ID: 552
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True

Unknown Service #3
Service Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Start Mode: Manual
Start Name: LocalSystem
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this ...
Service Type: Own Process
Path: c:\windows\system32\dllhost.exe /processid:{31c470a8-d205-4842-ac2a-cd97feb974af}
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

Unknown Service # 4
Service Name: vclydjwc6
Display Name: piryrmibvjlh
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\windows\system32\jqpdqycw6.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 0
Accept Pause: False
Accept Stop: False

---> End Service Listing <---

There are 81 Win32 services on this machine.
4 were unrecognized.

Script Execution Time: 13.98438 seconds.

#23
don77

Posted 09 April 2005 - 05:49 PM

Malware Expert

Retired Staff
18,526 posts

[*]Open HijackThis.
[*]Click the Config button.
[*]Click the Misc Tools button.
[*]Select Delete an NT service.
[*]Copy and paste the following into the box:
[vclydjwc6]
[*]Click Ok.

Next,
Download Pocket Killbox from. Here Paste the full file path (c:\windows\system32\jqpdqycw6.exe) in the box and click on Delete on Reboot. Next click on the button with the red circle and an X in the middle. You will get a message saying "File with be deleted on next reboot, Process and Reboot now?" Click "Yes" and post a new log when you have rebooted.
Let us know how you make out

I have to head out for a few hours may not get back on tonight, I will keep an eye out for your reply either tonight or tomorrow morning,
Don

#24
Chubbs

Posted 09 April 2005 - 06:06 PM

Member

Topic Starter
Member
31 posts

I was unable to delete the "vclydjwc6" file using HJT, said something about it was enabled.

new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 8:03:02 PM, on 4/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\rivlz.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\America Online 9.0\waol.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Documents and Settings\Lucas\Local Settings\Temp\Temporary Directory 12 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {06328303-8145-6034-ED77-7B81150E5C09} - (no file)
O2 - BHO: (no name) - {0B70B616-E0FF-B4EF-4E69-F95158E34A07} - (no file)
O2 - BHO: (no name) - {7B87130B-1FC6-D1EB-720C-73A874F8F3E4} - (no file)
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rivlz.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB741E0-4678-439D-8CB3-14008F3CFF92}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: piryrmibvjlh (vclydjwc6) - Unknown owner - C:\WINDOWS\System32\jqpdqycw6.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks for the help Don, ill get back with you tomorrow so we can get rid of this once and for all :tazz:

#25
Chubbs

Posted 09 April 2005 - 06:40 PM

Member

Topic Starter
Member
31 posts

new log, se.dll appears to be back:

Logfile of HijackThis v1.99.1
Scan saved at 8:37:42 PM, on 4/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\rivlz.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\America Online 9.0\waol.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\rundll32.exe
C:\Documents and Settings\Lucas\Local Settings\Temp\Temporary Directory 15 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Lucas\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Lucas\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {06328303-8145-6034-ED77-7B81150E5C09} - (no file)
O2 - BHO: (no name) - {0B70B616-E0FF-B4EF-4E69-F95158E34A07} - (no file)
O2 - BHO: (no name) - {7B87130B-1FC6-D1EB-720C-73A874F8F3E4} - (no file)
O2 - BHO: (no name) - {974E6099-0083-46D0-9A3E-A4017D4974C0} - C:\WINDOWS\System32\oldj.dll
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rivlz.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Lucas\LOCALS~1\Temp\se.dll,DllInstall
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB741E0-4678-439D-8CB3-14008F3CFF92}: NameServer = 205.188.146.145
O18 - Filter: text/html - {58748786-1C05-4F38-993C-F5C64392E5DD} - C:\WINDOWS\System32\oldj.dll
O18 - Filter: text/plain - {58748786-1C05-4F38-993C-F5C64392E5DD} - C:\WINDOWS\System32\oldj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: piryrmibvjlh (vclydjwc6) - Unknown owner - C:\WINDOWS\System32\jqpdqycw6.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#26
Chubbs

Posted 09 April 2005 - 06:51 PM

Member

Topic Starter
Member
31 posts

and another log after repeating a couple steps:

Logfile of HijackThis v1.99.1
Scan saved at 9:03:05 PM, on 4/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\Lucas\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Lucas\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Lucas\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {06328303-8145-6034-ED77-7B81150E5C09} - (no file)
O2 - BHO: (no name) - {0B70B616-E0FF-B4EF-4E69-F95158E34A07} - (no file)
O2 - BHO: (no name) - {7B87130B-1FC6-D1EB-720C-73A874F8F3E4} - (no file)
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rivlz.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: drnc.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB741E0-4678-439D-8CB3-14008F3CFF92}: NameServer = 205.188.146.145
O18 - Filter: text/html - {01942D82-E93C-49FF-B0F6-A69C77726150} - C:\WINDOWS\System32\oldj.dll
O18 - Filter: text/plain - {01942D82-E93C-49FF-B0F6-A69C77726150} - C:\WINDOWS\System32\oldj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: piryrmibvjlh (vclydjwc6) - Unknown owner - C:\WINDOWS\System32\jqpdqycw6.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

is it just me or do this thing come back and just rename itself?

Edited by Chubbs, 09 April 2005 - 07:05 PM.

#27
don77

Posted 09 April 2005 - 10:41 PM

Malware Expert

Retired Staff
18,526 posts

Here we go chubbs, Step 1,

Download SpSeHjfix into a folder. Disconnect from the net and Close ALL OPEN PROGRAMS. Run 'SpSeHjfix' and click on "Start Disinfection". When it's finished it will reboot your machine to finish the cleaning process. The tool creates a log of the fix which will appear in the folder.

Reboot and post a fresh HJT log and the log that was created by 'SpSeHjfix'.

we were gaining on it, We will get there

#28
Chubbs

Posted 10 April 2005 - 02:22 PM

Member

Topic Starter
Member
31 posts

hi don, im gonna run that fix for you and get a new HJT log right away

#29
Chubbs

Posted 10 April 2005 - 02:40 PM

Member

Topic Starter
Member
31 posts

new HJT log for ya, ill check back later for instructions i guess

Logfile of HijackThis v1.99.1
Scan saved at 4:36:54 PM, on 4/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\rivlz.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Documents and Settings\Lucas\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {06328303-8145-6034-ED77-7B81150E5C09} - (no file)
O2 - BHO: (no name) - {0B70B616-E0FF-B4EF-4E69-F95158E34A07} - (no file)
O2 - BHO: (no name) - {7B87130B-1FC6-D1EB-720C-73A874F8F3E4} - (no file)
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rivlz.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB741E0-4678-439D-8CB3-14008F3CFF92}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: piryrmibvjlh (vclydjwc6) - Unknown owner - C:\WINDOWS\System32\jqpdqycw6.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#30
don77

Posted 12 April 2005 - 06:32 PM

Malware Expert

Retired Staff
18,526 posts

Hi chubbs we are dealing with a couple nasty infections here,

Download FindQoologic-Narrator.zip save it to your Desktop.
http://forums.net-in...=post&id=134981

Extract (unzip) the files inside into their own folder called FindQoologic.
Open the FindQoologic folder.
Locate and double-click the Find-Qoologic.bat file to run it.
A text should open. Please post back what it has found