Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

loadingwebsite/warning pop ups


  • Please log in to reply

#16
Chubbs

Chubbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
ok....i might have messed up during copy and paste, let me try again.
as for HJT log, ill have another one for you right away :tazz:
  • 0

Advertisements


#17
Chubbs

Chubbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
repost of that log, HJT log in a minute:

L2Mfix 1.03

Running From:
C:\Program Files\Hijackthis\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting up for Reboot


Starting Reboot!

C:\Program Files\Hijackthis\l2mfix
System Rebooted!

Running From:
C:\Program Files\Hijackthis\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 208 'explorer.exe'
Killing PID 208 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1716 'rundll32.exe'
Killing PID 1716 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\6uo4svc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\alicap32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ani3d2ag.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aza2laho1d4c.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aza40ehqeh4e0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azaml5711.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azao0913e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azaql1h51.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azaslg5716.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azaslgj716o.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\bgowselc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\c4000edmeh0a0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cPis2022.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\db16gt.dLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dimrtp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dJd8thk.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dkskadp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dmmsvinn.dLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dOdrm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dpdskmgr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dysrslvr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\e4200efmeh2a0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en2ql1f51.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en2ul1f91.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en4ql1h51.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en66l1js1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en8ul1l91.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enj6l11s1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enl4l13q1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enlql1351.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enlsl1371.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enlul1391.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enn6l15s1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enpql1751.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enrol1931.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\f00olad31d0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\f2l02c3mgf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\f4j20e1oeh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\f6l02g3mg6.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fageas.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\flntext.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fn2021fmg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fn4021hmg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fp6s03j7e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fp8803lue.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fp8m03l1e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fpr2039oe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\g604lgdq160e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\g8400ihme84a0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\h0l2la3o1d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hbd.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hr2s05f7e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hrju0519e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\i042laho1d4c.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ibengine.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iijml5111.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ikv6mon.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iOsads.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ipaksie.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ipetppui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir0ml5d11.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir2ol5f31.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir42l5ho1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir4ol5h31.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir4sl5h71.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir82l5lo1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irj2l51o1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irjml5111.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irp0l57m1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irpml5711.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irpol5731.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iTsads.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ixrnonce.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j06mlaj11do.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j4p00e7meh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j86m0ij1e8o.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jadwmie.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jeproxy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jrproxy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jt4m07h1e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jt6m07j1e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jtr8079ue.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jUvacypt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k4440ehqeh4e0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k444lehq1h4e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k4lq0e35eh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k4pmle711h.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k8no0i53e8.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kddcz2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ked101a.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kedcan.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kednec95.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\knymgr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kudda.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l00u0ad9ed0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l0l60a3sed.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l0p2la7o1d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l48m0el1ehq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l4n40e5qeh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l88mlil118q.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\le2409fqe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lgeps11n.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lJp2la7o1d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lo6q09j5e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lt0027dmg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lv0609dse.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lv2409fqe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lv4209hoe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lv6q09j5e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lv8609lse.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvjm0911e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvjo0913e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvl4093qe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvr0099me.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvr4099qe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lztif12n.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\Lzwvc12n.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m0ju0a19ed.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m0nqla551d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m0rmla911d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m4460ehseh460.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m664lgjq16oe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m6julg1916.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\marui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mawsock.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mb43dmod.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mbimsg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mbmtapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mcmtapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MEOEACCT.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mhmdd.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mlaudite.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mlawt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mlsign32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mnvcrt40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mqv1_0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\msicda.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mTpistub.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\munetobj.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mxcpx32r.dLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mxrdim.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mzjava.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n04s0ah7ed4.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n2n60c5sef.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n62ulgf9162.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n6l8lg3u16.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n6n6lg5s16.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ncmsevt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nitplwiz.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nolsapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nswmsdrm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nwwmsdrm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o0lu0a39ed.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o648lghu1648.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o6nslg5716.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o6pqlg7516.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\obpdx32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\oeecnv32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\oyeaut32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\p66slgj716o.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\p68qlgl516q.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\p88q0il5e8q.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\pbintui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\pxdx5016.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\PzpOops.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\q0860alsedq60.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\q6nulg5916.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\q6pslg7716.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\qyap.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\r48slel71hq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\remps.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rkvpmsg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\s6pulg7916.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sncpack.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\snrvdeps.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sxsvcs.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sYpulg7916.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\szdoclc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\tbbyuv.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\tGpiui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\tKpi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\u0ru0a99ed.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\uhnphost.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\vphelper.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wbpns.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wgssvc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\whpns.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wnerror.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wocltui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\woerrenu.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wqerror.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wwp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wysdmoe2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wzaudsdk.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wznscard.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\xcnroll.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINDOWS\system32\6uo4svc.dll
Successfully Deleted: C:\WINDOWS\system32\6uo4svc.dll
deleting: C:\WINDOWS\system32\alicap32.dll
Successfully Deleted: C:\WINDOWS\system32\alicap32.dll
deleting: C:\WINDOWS\system32\ani3d2ag.dll
Successfully Deleted: C:\WINDOWS\system32\ani3d2ag.dll
deleting: C:\WINDOWS\system32\aza2laho1d4c.dll
Successfully Deleted: C:\WINDOWS\system32\aza2laho1d4c.dll
deleting: C:\WINDOWS\system32\aza40ehqeh4e0.dll
Successfully Deleted: C:\WINDOWS\system32\aza40ehqeh4e0.dll
deleting: C:\WINDOWS\system32\azaml5711.dll
Successfully Deleted: C:\WINDOWS\system32\azaml5711.dll
deleting: C:\WINDOWS\system32\azao0913e.dll
Successfully Deleted: C:\WINDOWS\system32\azao0913e.dll
deleting: C:\WINDOWS\system32\azaql1h51.dll
Successfully Deleted: C:\WINDOWS\system32\azaql1h51.dll
deleting: C:\WINDOWS\system32\azaslg5716.dll
Successfully Deleted: C:\WINDOWS\system32\azaslg5716.dll
deleting: C:\WINDOWS\system32\azaslgj716o.dll
Successfully Deleted: C:\WINDOWS\system32\azaslgj716o.dll
deleting: C:\WINDOWS\system32\bgowselc.dll
Successfully Deleted: C:\WINDOWS\system32\bgowselc.dll
deleting: C:\WINDOWS\system32\c4000edmeh0a0.dll
Successfully Deleted: C:\WINDOWS\system32\c4000edmeh0a0.dll
deleting: C:\WINDOWS\system32\cPis2022.dll
Successfully Deleted: C:\WINDOWS\system32\cPis2022.dll
deleting: C:\WINDOWS\system32\db16gt.dLL
Successfully Deleted: C:\WINDOWS\system32\db16gt.dLL
deleting: C:\WINDOWS\system32\dimrtp.dll
Successfully Deleted: C:\WINDOWS\system32\dimrtp.dll
deleting: C:\WINDOWS\system32\dJd8thk.dll
Successfully Deleted: C:\WINDOWS\system32\dJd8thk.dll
deleting: C:\WINDOWS\system32\dkskadp.dll
Successfully Deleted: C:\WINDOWS\system32\dkskadp.dll
deleting: C:\WINDOWS\system32\dmmsvinn.dLL
Successfully Deleted: C:\WINDOWS\system32\dmmsvinn.dLL
deleting: C:\WINDOWS\system32\dOdrm.dll
Successfully Deleted: C:\WINDOWS\system32\dOdrm.dll
deleting: C:\WINDOWS\system32\dpdskmgr.dll
Successfully Deleted: C:\WINDOWS\system32\dpdskmgr.dll
deleting: C:\WINDOWS\system32\dysrslvr.dll
Successfully Deleted: C:\WINDOWS\system32\dysrslvr.dll
deleting: C:\WINDOWS\system32\e4200efmeh2a0.dll
Successfully Deleted: C:\WINDOWS\system32\e4200efmeh2a0.dll
deleting: C:\WINDOWS\system32\en2ql1f51.dll
Successfully Deleted: C:\WINDOWS\system32\en2ql1f51.dll
deleting: C:\WINDOWS\system32\en2ul1f91.dll
Successfully Deleted: C:\WINDOWS\system32\en2ul1f91.dll
deleting: C:\WINDOWS\system32\en4ql1h51.dll
Successfully Deleted: C:\WINDOWS\system32\en4ql1h51.dll
deleting: C:\WINDOWS\system32\en66l1js1.dll
Successfully Deleted: C:\WINDOWS\system32\en66l1js1.dll
deleting: C:\WINDOWS\system32\en8ul1l91.dll
Successfully Deleted: C:\WINDOWS\system32\en8ul1l91.dll
deleting: C:\WINDOWS\system32\enj6l11s1.dll
Successfully Deleted: C:\WINDOWS\system32\enj6l11s1.dll
deleting: C:\WINDOWS\system32\enl4l13q1.dll
Successfully Deleted: C:\WINDOWS\system32\enl4l13q1.dll
deleting: C:\WINDOWS\system32\enlql1351.dll
Successfully Deleted: C:\WINDOWS\system32\enlql1351.dll
deleting: C:\WINDOWS\system32\enlsl1371.dll
Successfully Deleted: C:\WINDOWS\system32\enlsl1371.dll
deleting: C:\WINDOWS\system32\enlul1391.dll
Successfully Deleted: C:\WINDOWS\system32\enlul1391.dll
deleting: C:\WINDOWS\system32\enn6l15s1.dll
Successfully Deleted: C:\WINDOWS\system32\enn6l15s1.dll
deleting: C:\WINDOWS\system32\enpql1751.dll
Successfully Deleted: C:\WINDOWS\system32\enpql1751.dll
deleting: C:\WINDOWS\system32\enrol1931.dll
Successfully Deleted: C:\WINDOWS\system32\enrol1931.dll
deleting: C:\WINDOWS\system32\f00olad31d0.dll
Successfully Deleted: C:\WINDOWS\system32\f00olad31d0.dll
deleting: C:\WINDOWS\system32\f2l02c3mgf.dll
Successfully Deleted: C:\WINDOWS\system32\f2l02c3mgf.dll
deleting: C:\WINDOWS\system32\f4j20e1oeh.dll
Successfully Deleted: C:\WINDOWS\system32\f4j20e1oeh.dll
deleting: C:\WINDOWS\system32\f6l02g3mg6.dll
Successfully Deleted: C:\WINDOWS\system32\f6l02g3mg6.dll
deleting: C:\WINDOWS\system32\fageas.dll
Successfully Deleted: C:\WINDOWS\system32\fageas.dll
deleting: C:\WINDOWS\system32\flntext.dll
Successfully Deleted: C:\WINDOWS\system32\flntext.dll
deleting: C:\WINDOWS\system32\fn2021fmg.dll
Successfully Deleted: C:\WINDOWS\system32\fn2021fmg.dll
deleting: C:\WINDOWS\system32\fn4021hmg.dll
Successfully Deleted: C:\WINDOWS\system32\fn4021hmg.dll
deleting: C:\WINDOWS\system32\fp6s03j7e.dll
Successfully Deleted: C:\WINDOWS\system32\fp6s03j7e.dll
deleting: C:\WINDOWS\system32\fp8803lue.dll
Successfully Deleted: C:\WINDOWS\system32\fp8803lue.dll
deleting: C:\WINDOWS\system32\fp8m03l1e.dll
Successfully Deleted: C:\WINDOWS\system32\fp8m03l1e.dll
deleting: C:\WINDOWS\system32\fpr2039oe.dll
Successfully Deleted: C:\WINDOWS\system32\fpr2039oe.dll
deleting: C:\WINDOWS\system32\g604lgdq160e.dll
Successfully Deleted: C:\WINDOWS\system32\g604lgdq160e.dll
deleting: C:\WINDOWS\system32\g8400ihme84a0.dll
Successfully Deleted: C:\WINDOWS\system32\g8400ihme84a0.dll
deleting: C:\WINDOWS\system32\h0l2la3o1d.dll
Successfully Deleted: C:\WINDOWS\system32\h0l2la3o1d.dll
deleting: C:\WINDOWS\system32\hbd.dll
Successfully Deleted: C:\WINDOWS\system32\hbd.dll
deleting: C:\WINDOWS\system32\hr2s05f7e.dll
Successfully Deleted: C:\WINDOWS\system32\hr2s05f7e.dll
deleting: C:\WINDOWS\system32\hrju0519e.dll
Successfully Deleted: C:\WINDOWS\system32\hrju0519e.dll
deleting: C:\WINDOWS\system32\i042laho1d4c.dll
Successfully Deleted: C:\WINDOWS\system32\i042laho1d4c.dll
deleting: C:\WINDOWS\system32\ibengine.dll
Successfully Deleted: C:\WINDOWS\system32\ibengine.dll
deleting: C:\WINDOWS\system32\iijml5111.dll
Successfully Deleted: C:\WINDOWS\system32\iijml5111.dll
deleting: C:\WINDOWS\system32\ikv6mon.dll
Successfully Deleted: C:\WINDOWS\system32\ikv6mon.dll
deleting: C:\WINDOWS\system32\iOsads.dll
Successfully Deleted: C:\WINDOWS\system32\iOsads.dll
deleting: C:\WINDOWS\system32\ipaksie.dll
Successfully Deleted: C:\WINDOWS\system32\ipaksie.dll
deleting: C:\WINDOWS\system32\ipetppui.dll
Successfully Deleted: C:\WINDOWS\system32\ipetppui.dll
deleting: C:\WINDOWS\system32\ir0ml5d11.dll
Successfully Deleted: C:\WINDOWS\system32\ir0ml5d11.dll
deleting: C:\WINDOWS\system32\ir2ol5f31.dll
Successfully Deleted: C:\WINDOWS\system32\ir2ol5f31.dll
deleting: C:\WINDOWS\system32\ir42l5ho1.dll
Successfully Deleted: C:\WINDOWS\system32\ir42l5ho1.dll
deleting: C:\WINDOWS\system32\ir4ol5h31.dll
Successfully Deleted: C:\WINDOWS\system32\ir4ol5h31.dll
deleting: C:\WINDOWS\system32\ir4sl5h71.dll
Successfully Deleted: C:\WINDOWS\system32\ir4sl5h71.dll
deleting: C:\WINDOWS\system32\ir82l5lo1.dll
Successfully Deleted: C:\WINDOWS\system32\ir82l5lo1.dll
deleting: C:\WINDOWS\system32\irj2l51o1.dll
Successfully Deleted: C:\WINDOWS\system32\irj2l51o1.dll
deleting: C:\WINDOWS\system32\irjml5111.dll
Successfully Deleted: C:\WINDOWS\system32\irjml5111.dll
deleting: C:\WINDOWS\system32\irp0l57m1.dll
Successfully Deleted: C:\WINDOWS\system32\irp0l57m1.dll
deleting: C:\WINDOWS\system32\irpml5711.dll
Successfully Deleted: C:\WINDOWS\system32\irpml5711.dll
deleting: C:\WINDOWS\system32\irpol5731.dll
Successfully Deleted: C:\WINDOWS\system32\irpol5731.dll
deleting: C:\WINDOWS\system32\iTsads.dll
Successfully Deleted: C:\WINDOWS\system32\iTsads.dll
deleting: C:\WINDOWS\system32\ixrnonce.dll
Successfully Deleted: C:\WINDOWS\system32\ixrnonce.dll
deleting: C:\WINDOWS\system32\j06mlaj11do.dll
Successfully Deleted: C:\WINDOWS\system32\j06mlaj11do.dll
deleting: C:\WINDOWS\system32\j4p00e7meh.dll
Successfully Deleted: C:\WINDOWS\system32\j4p00e7meh.dll
deleting: C:\WINDOWS\system32\j86m0ij1e8o.dll
Successfully Deleted: C:\WINDOWS\system32\j86m0ij1e8o.dll
deleting: C:\WINDOWS\system32\jadwmie.dll
Successfully Deleted: C:\WINDOWS\system32\jadwmie.dll
deleting: C:\WINDOWS\system32\jeproxy.dll
Successfully Deleted: C:\WINDOWS\system32\jeproxy.dll
deleting: C:\WINDOWS\system32\jrproxy.dll
Successfully Deleted: C:\WINDOWS\system32\jrproxy.dll
deleting: C:\WINDOWS\system32\jt4m07h1e.dll
Successfully Deleted: C:\WINDOWS\system32\jt4m07h1e.dll
deleting: C:\WINDOWS\system32\jt6m07j1e.dll
Successfully Deleted: C:\WINDOWS\system32\jt6m07j1e.dll
deleting: C:\WINDOWS\system32\jtr8079ue.dll
Successfully Deleted: C:\WINDOWS\system32\jtr8079ue.dll
deleting: C:\WINDOWS\system32\jUvacypt.dll
Successfully Deleted: C:\WINDOWS\system32\jUvacypt.dll
deleting: C:\WINDOWS\system32\k4440ehqeh4e0.dll
Successfully Deleted: C:\WINDOWS\system32\k4440ehqeh4e0.dll
deleting: C:\WINDOWS\system32\k444lehq1h4e.dll
Successfully Deleted: C:\WINDOWS\system32\k444lehq1h4e.dll
deleting: C:\WINDOWS\system32\k4lq0e35eh.dll
Successfully Deleted: C:\WINDOWS\system32\k4lq0e35eh.dll
deleting: C:\WINDOWS\system32\k4pmle711h.dll
Successfully Deleted: C:\WINDOWS\system32\k4pmle711h.dll
deleting: C:\WINDOWS\system32\k8no0i53e8.dll
Successfully Deleted: C:\WINDOWS\system32\k8no0i53e8.dll
deleting: C:\WINDOWS\system32\kddcz2.dll
Successfully Deleted: C:\WINDOWS\system32\kddcz2.dll
deleting: C:\WINDOWS\system32\ked101a.dll
Successfully Deleted: C:\WINDOWS\system32\ked101a.dll
deleting: C:\WINDOWS\system32\kedcan.dll
Successfully Deleted: C:\WINDOWS\system32\kedcan.dll
deleting: C:\WINDOWS\system32\kednec95.dll
Successfully Deleted: C:\WINDOWS\system32\kednec95.dll
deleting: C:\WINDOWS\system32\knymgr.dll
Successfully Deleted: C:\WINDOWS\system32\knymgr.dll
deleting: C:\WINDOWS\system32\kudda.dll
Successfully Deleted: C:\WINDOWS\system32\kudda.dll
deleting: C:\WINDOWS\system32\l00u0ad9ed0.dll
Successfully Deleted: C:\WINDOWS\system32\l00u0ad9ed0.dll
deleting: C:\WINDOWS\system32\l0l60a3sed.dll
Successfully Deleted: C:\WINDOWS\system32\l0l60a3sed.dll
deleting: C:\WINDOWS\system32\l0p2la7o1d.dll
Successfully Deleted: C:\WINDOWS\system32\l0p2la7o1d.dll
deleting: C:\WINDOWS\system32\l48m0el1ehq.dll
Successfully Deleted: C:\WINDOWS\system32\l48m0el1ehq.dll
deleting: C:\WINDOWS\system32\l4n40e5qeh.dll
Successfully Deleted: C:\WINDOWS\system32\l4n40e5qeh.dll
deleting: C:\WINDOWS\system32\l88mlil118q.dll
Successfully Deleted: C:\WINDOWS\system32\l88mlil118q.dll
deleting: C:\WINDOWS\system32\le2409fqe.dll
Successfully Deleted: C:\WINDOWS\system32\le2409fqe.dll
deleting: C:\WINDOWS\system32\lgeps11n.dll
Successfully Deleted: C:\WINDOWS\system32\lgeps11n.dll
deleting: C:\WINDOWS\system32\lJp2la7o1d.dll
Successfully Deleted: C:\WINDOWS\system32\lJp2la7o1d.dll
deleting: C:\WINDOWS\system32\lo6q09j5e.dll
Successfully Deleted: C:\WINDOWS\system32\lo6q09j5e.dll
deleting: C:\WINDOWS\system32\lt0027dmg.dll
Successfully Deleted: C:\WINDOWS\system32\lt0027dmg.dll
deleting: C:\WINDOWS\system32\lv0609dse.dll
Successfully Deleted: C:\WINDOWS\system32\lv0609dse.dll
deleting: C:\WINDOWS\system32\lv2409fqe.dll
Successfully Deleted: C:\WINDOWS\system32\lv2409fqe.dll
deleting: C:\WINDOWS\system32\lv4209hoe.dll
Successfully Deleted: C:\WINDOWS\system32\lv4209hoe.dll
deleting: C:\WINDOWS\system32\lv6q09j5e.dll
Successfully Deleted: C:\WINDOWS\system32\lv6q09j5e.dll
deleting: C:\WINDOWS\system32\lv8609lse.dll
Successfully Deleted: C:\WINDOWS\system32\lv8609lse.dll
deleting: C:\WINDOWS\system32\lvjm0911e.dll
Successfully Deleted: C:\WINDOWS\system32\lvjm0911e.dll
deleting: C:\WINDOWS\system32\lvjo0913e.dll
Successfully Deleted: C:\WINDOWS\system32\lvjo0913e.dll
deleting: C:\WINDOWS\system32\lvl4093qe.dll
Successfully Deleted: C:\WINDOWS\system32\lvl4093qe.dll
deleting: C:\WINDOWS\system32\lvr0099me.dll
Successfully Deleted: C:\WINDOWS\system32\lvr0099me.dll
deleting: C:\WINDOWS\system32\lvr4099qe.dll
Successfully Deleted: C:\WINDOWS\system32\lvr4099qe.dll
deleting: C:\WINDOWS\system32\lztif12n.dll
Successfully Deleted: C:\WINDOWS\system32\lztif12n.dll
deleting: C:\WINDOWS\system32\Lzwvc12n.dll
Successfully Deleted: C:\WINDOWS\system32\Lzwvc12n.dll
deleting: C:\WINDOWS\system32\m0ju0a19ed.dll
Successfully Deleted: C:\WINDOWS\system32\m0ju0a19ed.dll
deleting: C:\WINDOWS\system32\m0nqla551d.dll
Successfully Deleted: C:\WINDOWS\system32\m0nqla551d.dll
deleting: C:\WINDOWS\system32\m0rmla911d.dll
Successfully Deleted: C:\WINDOWS\system32\m0rmla911d.dll
deleting: C:\WINDOWS\system32\m4460ehseh460.dll
Successfully Deleted: C:\WINDOWS\system32\m4460ehseh460.dll
deleting: C:\WINDOWS\system32\m664lgjq16oe.dll
Successfully Deleted: C:\WINDOWS\system32\m664lgjq16oe.dll
deleting: C:\WINDOWS\system32\m6julg1916.dll
Successfully Deleted: C:\WINDOWS\system32\m6julg1916.dll
deleting: C:\WINDOWS\system32\marui.dll
Successfully Deleted: C:\WINDOWS\system32\marui.dll
deleting: C:\WINDOWS\system32\mawsock.dll
Successfully Deleted: C:\WINDOWS\system32\mawsock.dll
deleting: C:\WINDOWS\system32\mb43dmod.dll
Successfully Deleted: C:\WINDOWS\system32\mb43dmod.dll
deleting: C:\WINDOWS\system32\mbimsg.dll
Successfully Deleted: C:\WINDOWS\system32\mbimsg.dll
deleting: C:\WINDOWS\system32\mbmtapi.dll
Successfully Deleted: C:\WINDOWS\system32\mbmtapi.dll
deleting: C:\WINDOWS\system32\mcmtapi.dll
Successfully Deleted: C:\WINDOWS\system32\mcmtapi.dll
deleting: C:\WINDOWS\system32\MEOEACCT.DLL
Successfully Deleted: C:\WINDOWS\system32\MEOEACCT.DLL
deleting: C:\WINDOWS\system32\mhmdd.dll
Successfully Deleted: C:\WINDOWS\system32\mhmdd.dll
deleting: C:\WINDOWS\system32\mlaudite.dll
Successfully Deleted: C:\WINDOWS\system32\mlaudite.dll
deleting: C:\WINDOWS\system32\mlawt.dll
Successfully Deleted: C:\WINDOWS\system32\mlawt.dll
deleting: C:\WINDOWS\system32\mlsign32.dll
Successfully Deleted: C:\WINDOWS\system32\mlsign32.dll
deleting: C:\WINDOWS\system32\mnvcrt40.dll
Successfully Deleted: C:\WINDOWS\system32\mnvcrt40.dll
deleting: C:\WINDOWS\system32\mqv1_0.dll
Successfully Deleted: C:\WINDOWS\system32\mqv1_0.dll
deleting: C:\WINDOWS\system32\msicda.dll
Successfully Deleted: C:\WINDOWS\system32\msicda.dll
deleting: C:\WINDOWS\system32\mTpistub.dll
Successfully Deleted: C:\WINDOWS\system32\mTpistub.dll
deleting: C:\WINDOWS\system32\munetobj.dll
Successfully Deleted: C:\WINDOWS\system32\munetobj.dll
deleting: C:\WINDOWS\system32\mxcpx32r.dLL
Successfully Deleted: C:\WINDOWS\system32\mxcpx32r.dLL
deleting: C:\WINDOWS\system32\mxrdim.dll
Successfully Deleted: C:\WINDOWS\system32\mxrdim.dll
deleting: C:\WINDOWS\system32\mzjava.dll
Successfully Deleted: C:\WINDOWS\system32\mzjava.dll
deleting: C:\WINDOWS\system32\n04s0ah7ed4.dll
Successfully Deleted: C:\WINDOWS\system32\n04s0ah7ed4.dll
deleting: C:\WINDOWS\system32\n2n60c5sef.dll
Successfully Deleted: C:\WINDOWS\system32\n2n60c5sef.dll
deleting: C:\WINDOWS\system32\n62ulgf9162.dll
Successfully Deleted: C:\WINDOWS\system32\n62ulgf9162.dll
deleting: C:\WINDOWS\system32\n6l8lg3u16.dll
Successfully Deleted: C:\WINDOWS\system32\n6l8lg3u16.dll
deleting: C:\WINDOWS\system32\n6n6lg5s16.dll
Successfully Deleted: C:\WINDOWS\system32\n6n6lg5s16.dll
deleting: C:\WINDOWS\system32\ncmsevt.dll
Successfully Deleted: C:\WINDOWS\system32\ncmsevt.dll
deleting: C:\WINDOWS\system32\nitplwiz.dll
Successfully Deleted: C:\WINDOWS\system32\nitplwiz.dll
deleting: C:\WINDOWS\system32\nolsapi.dll
Successfully Deleted: C:\WINDOWS\system32\nolsapi.dll
deleting: C:\WINDOWS\system32\nswmsdrm.dll
Successfully Deleted: C:\WINDOWS\system32\nswmsdrm.dll
deleting: C:\WINDOWS\system32\nwwmsdrm.dll
Successfully Deleted: C:\WINDOWS\system32\nwwmsdrm.dll
deleting: C:\WINDOWS\system32\o0lu0a39ed.dll
Successfully Deleted: C:\WINDOWS\system32\o0lu0a39ed.dll
deleting: C:\WINDOWS\system32\o648lghu1648.dll
Successfully Deleted: C:\WINDOWS\system32\o648lghu1648.dll
deleting: C:\WINDOWS\system32\o6nslg5716.dll
Successfully Deleted: C:\WINDOWS\system32\o6nslg5716.dll
deleting: C:\WINDOWS\system32\o6pqlg7516.dll
Successfully Deleted: C:\WINDOWS\system32\o6pqlg7516.dll
deleting: C:\WINDOWS\system32\obpdx32.dll
Successfully Deleted: C:\WINDOWS\system32\obpdx32.dll
deleting: C:\WINDOWS\system32\oeecnv32.dll
Successfully Deleted: C:\WINDOWS\system32\oeecnv32.dll
deleting: C:\WINDOWS\system32\oyeaut32.dll
Successfully Deleted: C:\WINDOWS\system32\oyeaut32.dll
deleting: C:\WINDOWS\system32\p66slgj716o.dll
Successfully Deleted: C:\WINDOWS\system32\p66slgj716o.dll
deleting: C:\WINDOWS\system32\p68qlgl516q.dll
Successfully Deleted: C:\WINDOWS\system32\p68qlgl516q.dll
deleting: C:\WINDOWS\system32\p88q0il5e8q.dll
Successfully Deleted: C:\WINDOWS\system32\p88q0il5e8q.dll
deleting: C:\WINDOWS\system32\pbintui.dll
Successfully Deleted: C:\WINDOWS\system32\pbintui.dll
deleting: C:\WINDOWS\system32\pxdx5016.dll
Successfully Deleted: C:\WINDOWS\system32\pxdx5016.dll
deleting: C:\WINDOWS\system32\PzpOops.dll
Successfully Deleted: C:\WINDOWS\system32\PzpOops.dll
deleting: C:\WINDOWS\system32\q0860alsedq60.dll
Successfully Deleted: C:\WINDOWS\system32\q0860alsedq60.dll
deleting: C:\WINDOWS\system32\q6nulg5916.dll
Successfully Deleted: C:\WINDOWS\system32\q6nulg5916.dll
deleting: C:\WINDOWS\system32\q6pslg7716.dll
Successfully Deleted: C:\WINDOWS\system32\q6pslg7716.dll
deleting: C:\WINDOWS\system32\qyap.dll
Successfully Deleted: C:\WINDOWS\system32\qyap.dll
deleting: C:\WINDOWS\system32\r48slel71hq.dll
Successfully Deleted: C:\WINDOWS\system32\r48slel71hq.dll
deleting: C:\WINDOWS\system32\remps.dll
Successfully Deleted: C:\WINDOWS\system32\remps.dll
deleting: C:\WINDOWS\system32\rkvpmsg.dll
Successfully Deleted: C:\WINDOWS\system32\rkvpmsg.dll
deleting: C:\WINDOWS\system32\s6pulg7916.dll
Successfully Deleted: C:\WINDOWS\system32\s6pulg7916.dll
deleting: C:\WINDOWS\system32\sncpack.dll
Successfully Deleted: C:\WINDOWS\system32\sncpack.dll
deleting: C:\WINDOWS\system32\snrvdeps.dll
Successfully Deleted: C:\WINDOWS\system32\snrvdeps.dll
deleting: C:\WINDOWS\system32\sxsvcs.dll
Successfully Deleted: C:\WINDOWS\system32\sxsvcs.dll
deleting: C:\WINDOWS\system32\sYpulg7916.dll
Successfully Deleted: C:\WINDOWS\system32\sYpulg7916.dll
deleting: C:\WINDOWS\system32\szdoclc.dll
Successfully Deleted: C:\WINDOWS\system32\szdoclc.dll
deleting: C:\WINDOWS\system32\tbbyuv.dll
Successfully Deleted: C:\WINDOWS\system32\tbbyuv.dll
deleting: C:\WINDOWS\system32\tGpiui.dll
Successfully Deleted: C:\WINDOWS\system32\tGpiui.dll
deleting: C:\WINDOWS\system32\tKpi.dll
Successfully Deleted: C:\WINDOWS\system32\tKpi.dll
deleting: C:\WINDOWS\system32\u0ru0a99ed.dll
Successfully Deleted: C:\WINDOWS\system32\u0ru0a99ed.dll
deleting: C:\WINDOWS\system32\uhnphost.dll
Successfully Deleted: C:\WINDOWS\system32\uhnphost.dll
deleting: C:\WINDOWS\system32\vphelper.dll
Successfully Deleted: C:\WINDOWS\system32\vphelper.dll
deleting: C:\WINDOWS\system32\wbpns.dll
Successfully Deleted: C:\WINDOWS\system32\wbpns.dll
deleting: C:\WINDOWS\system32\wgssvc.dll
Successfully Deleted: C:\WINDOWS\system32\wgssvc.dll
deleting: C:\WINDOWS\system32\whpns.dll
Successfully Deleted: C:\WINDOWS\system32\whpns.dll
deleting: C:\WINDOWS\system32\wnerror.dll
Successfully Deleted: C:\WINDOWS\system32\wnerror.dll
deleting: C:\WINDOWS\system32\wocltui.dll
Successfully Deleted: C:\WINDOWS\system32\wocltui.dll
deleting: C:\WINDOWS\system32\woerrenu.dll
Successfully Deleted: C:\WINDOWS\system32\woerrenu.dll
deleting: C:\WINDOWS\system32\wqerror.dll
Successfully Deleted: C:\WINDOWS\system32\wqerror.dll
deleting: C:\WINDOWS\system32\wwp.dll
Successfully Deleted: C:\WINDOWS\system32\wwp.dll
deleting: C:\WINDOWS\system32\wysdmoe2.dll
Successfully Deleted: C:\WINDOWS\system32\wysdmoe2.dll
deleting: C:\WINDOWS\system32\wzaudsdk.dll
Successfully Deleted: C:\WINDOWS\system32\wzaudsdk.dll
deleting: C:\WINDOWS\system32\wznscard.dll
Successfully Deleted: C:\WINDOWS\system32\wznscard.dll
deleting: C:\WINDOWS\system32\xcnroll.dll
Successfully Deleted: C:\WINDOWS\system32\xcnroll.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp

Desktop.ini sucessfully removed

Zipping up files for submission:
adding: 6uo4svc.dll (104 bytes security) (deflated 5%)
adding: alicap32.dll (104 bytes security) (deflated 4%)
adding: ani3d2ag.dll (104 bytes security) (deflated 5%)
adding: aza2laho1d4c.dll (104 bytes security) (deflated 5%)
adding: aza40ehqeh4e0.dll (104 bytes security) (deflated 4%)
adding: azaml5711.dll (104 bytes security) (deflated 4%)
adding: azao0913e.dll (104 bytes security) (deflated 4%)
adding: azaql1h51.dll (104 bytes security) (deflated 5%)
adding: azaslg5716.dll (104 bytes security) (deflated 4%)
adding: azaslgj716o.dll (104 bytes security) (deflated 4%)
adding: bgowselc.dll (104 bytes security) (deflated 5%)
adding: c4000edmeh0a0.dll (104 bytes security) (deflated 4%)
adding: cPis2022.dll (104 bytes security) (deflated 5%)
adding: db16gt.dLL (104 bytes security) (deflated 4%)
adding: dimrtp.dll (104 bytes security) (deflated 4%)
adding: dJd8thk.dll (104 bytes security) (deflated 4%)
adding: dkskadp.dll (104 bytes security) (deflated 4%)
adding: dmmsvinn.dLL (104 bytes security) (deflated 4%)
adding: dOdrm.dll (104 bytes security) (deflated 4%)
adding: dpdskmgr.dll (104 bytes security) (deflated 4%)
adding: dysrslvr.dll (104 bytes security) (deflated 4%)
adding: e4200efmeh2a0.dll (104 bytes security) (deflated 4%)
adding: en2ql1f51.dll (104 bytes security) (deflated 4%)
adding: en2ul1f91.dll (104 bytes security) (deflated 5%)
adding: en4ql1h51.dll (104 bytes security) (deflated 5%)
adding: en66l1js1.dll (104 bytes security) (deflated 5%)
adding: en8ul1l91.dll (104 bytes security) (deflated 4%)
adding: enj6l11s1.dll (104 bytes security) (deflated 4%)
adding: enl4l13q1.dll (104 bytes security) (deflated 4%)
adding: enlql1351.dll (104 bytes security) (deflated 4%)
adding: enlsl1371.dll (104 bytes security) (deflated 4%)
adding: enlul1391.dll (104 bytes security) (deflated 5%)
adding: enn6l15s1.dll (104 bytes security) (deflated 4%)
adding: enpql1751.dll (104 bytes security) (deflated 5%)
adding: enrol1931.dll (104 bytes security) (deflated 4%)
adding: f00olad31d0.dll (104 bytes security) (deflated 4%)
adding: f2l02c3mgf.dll (104 bytes security) (deflated 5%)
adding: f4j20e1oeh.dll (104 bytes security) (deflated 4%)
adding: f6l02g3mg6.dll (104 bytes security) (deflated 4%)
adding: fageas.dll (104 bytes security) (deflated 5%)
adding: flntext.dll (104 bytes security) (deflated 4%)
adding: fn2021fmg.dll (104 bytes security) (deflated 4%)
adding: fn4021hmg.dll (104 bytes security) (deflated 5%)
adding: fp6s03j7e.dll (104 bytes security) (deflated 4%)
adding: fp8803lue.dll (104 bytes security) (deflated 5%)
adding: fp8m03l1e.dll (104 bytes security) (deflated 5%)
adding: fpr2039oe.dll (104 bytes security) (deflated 4%)
adding: g604lgdq160e.dll (104 bytes security) (deflated 4%)
adding: g8400ihme84a0.dll (104 bytes security) (deflated 5%)
adding: h0l2la3o1d.dll (104 bytes security) (deflated 4%)
adding: hbd.dll (104 bytes security) (deflated 4%)
adding: hr2s05f7e.dll (104 bytes security) (deflated 4%)
adding: hrju0519e.dll (104 bytes security) (deflated 5%)
adding: i042laho1d4c.dll (104 bytes security) (deflated 5%)
adding: ibengine.dll (104 bytes security) (deflated 4%)
adding: iijml5111.dll (104 bytes security) (deflated 4%)
adding: ikv6mon.dll (104 bytes security) (deflated 5%)
adding: iOsads.dll (104 bytes security) (deflated 4%)
adding: ipaksie.dll (104 bytes security) (deflated 4%)
adding: ipetppui.dll (104 bytes security) (deflated 4%)
adding: ir0ml5d11.dll (104 bytes security) (deflated 5%)
adding: ir2ol5f31.dll (104 bytes security) (deflated 5%)
adding: ir42l5ho1.dll (104 bytes security) (deflated 5%)
adding: ir4ol5h31.dll (104 bytes security) (deflated 5%)
adding: ir4sl5h71.dll (104 bytes security) (deflated 4%)
adding: ir82l5lo1.dll (104 bytes security) (deflated 5%)
adding: irj2l51o1.dll (104 bytes security) (deflated 4%)
adding: irjml5111.dll (104 bytes security) (deflated 5%)
adding: irp0l57m1.dll (104 bytes security) (deflated 5%)
adding: irpml5711.dll (104 bytes security) (deflated 4%)
adding: irpol5731.dll (104 bytes security) (deflated 5%)
adding: iTsads.dll (104 bytes security) (deflated 5%)
adding: ixrnonce.dll (104 bytes security) (deflated 5%)
adding: j06mlaj11do.dll (104 bytes security) (deflated 4%)
adding: j4p00e7meh.dll (104 bytes security) (deflated 4%)
adding: j86m0ij1e8o.dll (104 bytes security) (deflated 5%)
adding: jadwmie.dll (104 bytes security) (deflated 4%)
adding: jeproxy.dll (104 bytes security) (deflated 5%)
adding: jrproxy.dll (104 bytes security) (deflated 4%)
adding: jt4m07h1e.dll (104 bytes security) (deflated 5%)
adding: jt6m07j1e.dll (104 bytes security) (deflated 5%)
adding: jtr8079ue.dll (104 bytes security) (deflated 5%)
adding: jUvacypt.dll (104 bytes security) (deflated 5%)
adding: k4440ehqeh4e0.dll (104 bytes security) (deflated 5%)
adding: k444lehq1h4e.dll (104 bytes security) (deflated 4%)
adding: k4lq0e35eh.dll (104 bytes security) (deflated 4%)
adding: k4pmle711h.dll (104 bytes security) (deflated 4%)
adding: k8no0i53e8.dll (104 bytes security) (deflated 4%)
adding: kddcz2.dll (104 bytes security) (deflated 4%)
adding: ked101a.dll (104 bytes security) (deflated 5%)
adding: kedcan.dll (104 bytes security) (deflated 4%)
adding: kednec95.dll (104 bytes security) (deflated 4%)
adding: knymgr.dll (104 bytes security) (deflated 4%)
adding: kudda.dll (104 bytes security) (deflated 4%)
adding: l00u0ad9ed0.dll (104 bytes security) (deflated 4%)
adding: l0l60a3sed.dll (104 bytes security) (deflated 4%)
adding: l0p2la7o1d.dll (104 bytes security) (deflated 4%)
adding: l48m0el1ehq.dll (104 bytes security) (deflated 5%)
adding: l4n40e5qeh.dll (104 bytes security) (deflated 5%)
adding: l88mlil118q.dll (104 bytes security) (deflated 4%)
adding: le2409fqe.dll (104 bytes security) (deflated 4%)
adding: lgeps11n.dll (104 bytes security) (deflated 5%)
adding: lJp2la7o1d.dll (104 bytes security) (deflated 4%)
adding: lo6q09j5e.dll (104 bytes security) (deflated 4%)
adding: lt0027dmg.dll (104 bytes security) (deflated 4%)
adding: lv0609dse.dll (104 bytes security) (deflated 5%)
adding: lv2409fqe.dll (104 bytes security) (deflated 5%)
adding: lv4209hoe.dll (104 bytes security) (deflated 4%)
adding: lv6q09j5e.dll (104 bytes security) (deflated 5%)
adding: lv8609lse.dll (104 bytes security) (deflated 5%)
adding: lvjm0911e.dll (104 bytes security) (deflated 5%)
adding: lvjo0913e.dll (104 bytes security) (deflated 4%)
adding: lvl4093qe.dll (104 bytes security) (deflated 4%)
adding: lvr0099me.dll (104 bytes security) (deflated 4%)
adding: lvr4099qe.dll (104 bytes security) (deflated 4%)
adding: lztif12n.dll (104 bytes security) (deflated 4%)
adding: Lzwvc12n.dll (104 bytes security) (deflated 4%)
adding: m0ju0a19ed.dll (104 bytes security) (deflated 5%)
adding: m0nqla551d.dll (104 bytes security) (deflated 4%)
adding: m0rmla911d.dll (104 bytes security) (deflated 4%)
adding: m4460ehseh460.dll (104 bytes security) (deflated 5%)
adding: m664lgjq16oe.dll (104 bytes security) (deflated 5%)
adding: m6julg1916.dll (104 bytes security) (deflated 5%)
adding: marui.dll (104 bytes security) (deflated 4%)
adding: mawsock.dll (104 bytes security) (deflated 4%)
adding: mb43dmod.dll (104 bytes security) (deflated 5%)
adding: mbimsg.dll (104 bytes security) (deflated 5%)
adding: mbmtapi.dll (104 bytes security) (deflated 4%)
adding: mcmtapi.dll (104 bytes security) (deflated 4%)
adding: MEOEACCT.DLL (104 bytes security) (deflated 5%)
adding: mhmdd.dll (104 bytes security) (deflated 4%)
adding: mlaudite.dll (104 bytes security) (deflated 5%)
adding: mlawt.dll (104 bytes security) (deflated 4%)
adding: mlsign32.dll (104 bytes security) (deflated 4%)
adding: mnvcrt40.dll (104 bytes security) (deflated 4%)
adding: mqv1_0.dll (104 bytes security) (deflated 5%)
adding: msicda.dll (104 bytes security) (deflated 4%)
adding: mTpistub.dll (104 bytes security) (deflated 4%)
adding: munetobj.dll (104 bytes security) (deflated 4%)
adding: mxcpx32r.dLL (104 bytes security) (deflated 4%)
adding: mxrdim.dll (104 bytes security) (deflated 5%)
adding: mzjava.dll (104 bytes security) (deflated 4%)
adding: n04s0ah7ed4.dll (104 bytes security) (deflated 5%)
adding: n2n60c5sef.dll (104 bytes security) (deflated 5%)
adding: n62ulgf9162.dll (104 bytes security) (deflated 4%)
adding: n6l8lg3u16.dll (104 bytes security) (deflated 5%)
adding: n6n6lg5s16.dll (104 bytes security) (deflated 5%)
adding: ncmsevt.dll (104 bytes security) (deflated 4%)
adding: nitplwiz.dll (104 bytes security) (deflated 4%)
adding: nolsapi.dll (104 bytes security) (deflated 4%)
adding: nswmsdrm.dll (104 bytes security) (deflated 5%)
adding: nwwmsdrm.dll (104 bytes security) (deflated 4%)
adding: o0lu0a39ed.dll (104 bytes security) (deflated 5%)
adding: o648lghu1648.dll (104 bytes security) (deflated 5%)
adding: o6nslg5716.dll (104 bytes security) (deflated 4%)
adding: o6pqlg7516.dll (104 bytes security) (deflated 5%)
adding: obpdx32.dll (104 bytes security) (deflated 4%)
adding: oeecnv32.dll (104 bytes security) (deflated 4%)
adding: oyeaut32.dll (104 bytes security) (deflated 4%)
adding: p66slgj716o.dll (104 bytes security) (deflated 5%)
adding: p68qlgl516q.dll (104 bytes security) (deflated 5%)
adding: p88q0il5e8q.dll (104 bytes security) (deflated 5%)
adding: pbintui.dll (104 bytes security) (deflated 4%)
adding: pxdx5016.dll (104 bytes security) (deflated 4%)
adding: PzpOops.dll (104 bytes security) (deflated 4%)
adding: q0860alsedq60.dll (104 bytes security) (deflated 5%)
adding: q6nulg5916.dll (104 bytes security) (deflated 5%)
adding: q6pslg7716.dll (104 bytes security) (deflated 5%)
adding: qyap.dll (104 bytes security) (deflated 4%)
adding: r48slel71hq.dll (104 bytes security) (deflated 4%)
adding: remps.dll (104 bytes security) (deflated 4%)
adding: rkvpmsg.dll (104 bytes security) (deflated 4%)
adding: s6pulg7916.dll (104 bytes security) (deflated 5%)
adding: sncpack.dll (104 bytes security) (deflated 4%)
adding: snrvdeps.dll (104 bytes security) (deflated 4%)
adding: sxsvcs.dll (104 bytes security) (deflated 4%)
adding: sYpulg7916.dll (104 bytes security) (deflated 4%)
adding: szdoclc.dll (104 bytes security) (deflated 4%)
adding: tbbyuv.dll (104 bytes security) (deflated 4%)
adding: tGpiui.dll (104 bytes security) (deflated 4%)
adding: tKpi.dll (104 bytes security) (deflated 4%)
adding: u0ru0a99ed.dll (104 bytes security) (deflated 5%)
adding: uhnphost.dll (104 bytes security) (deflated 4%)
adding: vphelper.dll (104 bytes security) (deflated 5%)
adding: wbpns.dll (104 bytes security) (deflated 4%)
adding: wgssvc.dll (104 bytes security) (deflated 4%)
adding: whpns.dll (104 bytes security) (deflated 4%)
adding: wnerror.dll (104 bytes security) (deflated 4%)
adding: wocltui.dll (104 bytes security) (deflated 4%)
adding: woerrenu.dll (104 bytes security) (deflated 4%)
adding: wqerror.dll (104 bytes security) (deflated 4%)
adding: wwp.dll (104 bytes security) (deflated 4%)
adding: wysdmoe2.dll (104 bytes security) (deflated 4%)
adding: wzaudsdk.dll (104 bytes security) (deflated 4%)
adding: wznscard.dll (104 bytes security) (deflated 4%)
adding: xcnroll.dll (104 bytes security) (deflated 4%)
adding: guard.tmp (104 bytes security) (deflated 4%)
adding: clear.reg (104 bytes security) (deflated 37%)
adding: echo.reg (104 bytes security) (deflated 5%)
adding: desktop.ini (104 bytes security) (deflated 15%)
adding: direct.txt (104 bytes security) (stored 0%)
adding: lo2.txt (104 bytes security) (deflated 90%)
adding: readme.txt (104 bytes security) (deflated 49%)
adding: report.txt (104 bytes security) (deflated 69%)
adding: test.txt (104 bytes security) (deflated 86%)
adding: test2.txt (104 bytes security) (deflated 17%)
adding: test3.txt (104 bytes security) (deflated 17%)
adding: test5.txt (104 bytes security) (deflated 17%)
adding: xfind.txt (104 bytes security) (deflated 81%)
adding: backregs/8B4D2AB3-DE50-4473-B67F-20B239B6A3A6.reg (104 bytes security) (deflated 70%)
adding: backregs/CDFA0DDD-2FCD-4C65-A1B6-08DA5DD46CF4.reg (104 bytes security) (deflated 70%)
adding: backregs/shell.reg (104 bytes security) (deflated 73%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivil
  • 0

#18
Chubbs

Chubbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 6:59:10 PM, on 4/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rivlz.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Documents and Settings\Lucas\Local Settings\Temp\Temporary Directory 7 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {06328303-8145-6034-ED77-7B81150E5C09} - (no file)
O2 - BHO: (no name) - {0B70B616-E0FF-B4EF-4E69-F95158E34A07} - (no file)
O2 - BHO: (no name) - {7B87130B-1FC6-D1EB-720C-73A874F8F3E4} - (no file)
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rivlz.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB741E0-4678-439D-8CB3-14008F3CFF92}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: piryrmibvjlh (vclydjwc6) - Unknown owner - C:\WINDOWS\System32\jqpdqycw6.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#19
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Ok, we are getting there,
Do you have any programs you disabled from your start ups ?
Next,
I really need you to create a new folder for HJT and move it into it please,
Next,
Please open HJT> Click on the Config button> Click >Misc. Tools > Click > Open Process manager> Highlight “

rivlz.exe
jqpdqycw6.exe
“ >Click> Kill process>
Next click the scan button and put a check mark next to the following, close all open windows , Click “ Fix Checked”
O2 - BHO: (no name) - {06328303-8145-6034-ED77-7B81150E5C09} - (no file)
O2 - BHO: (no name) - {0B70B616-E0FF-B4EF-4E69-F95158E34A07} - (no file)
O2 - BHO: (no name) - {7B87130B-1FC6-D1EB-720C-73A874F8F3E4} - (no file)
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rivlz.exe
O23 - Service: piryrmibvjlh (vclydjwc6) - Unknown owner - C:\WINDOWS\System32\jqpdqycw6.exe (file missing)

Reboot to safe mode ( by tapping the F8 key on start up ) make sure you can view all hidden folders/files View Hidden Folders search for and delete the following in BOLD

C:\WINDOWS\System32\rivlz.exe
C:\WINDOWS\System32\jqpdqycw6.exe


Restart your computer, restart HJT and post back a fresh log
  • 0

#20
Chubbs

Chubbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
last time i rebooted in safe mode and checked system32 folder these 2 files were not there:

C:\WINDOWS\System32\rivlz.exe
C:\WINDOWS\System32\jqpdqycw6.exe

rivlz.exe may not be there because i deleted it earlier in the day to try and stop it from opening, as for the j one, i dont know, havent seen it before.
anyways, ill get u that log
  • 0

#21
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Tell you what do 1 more thing for me as well please.

Download and run Service Filter:[list]
[list]
[*]Please download ServiceFilter.
[*]Unzip ServiceFilter.zip to a convenient folder like C:\ServiceFilter.
[*]Navigate to where you unzipped it and double-click on ServiceFilter.vbs.
[*]If you have an active anti-virus it might prevent the script from starting. Please allow the script to run.
[*]It will open a text file (POST_THIS.TXT) that lists all of the irregular services.
[*]Press Ctrl + A simultaneously to select all of the text.
[*]Copy and paste the whole thing into your next post.
[*]A copy of POST_THIS.TXT is saved to where ServiceFilter.vbs was saved just in case you accidentally close out of it.
  • 0

#22
Chubbs

Chubbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
here is HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:33:18 PM, on 4/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\rivlz.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Documents and Settings\Lucas\Local Settings\Temp\Temporary Directory 10 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {06328303-8145-6034-ED77-7B81150E5C09} - (no file)
O2 - BHO: (no name) - {0B70B616-E0FF-B4EF-4E69-F95158E34A07} - (no file)
O2 - BHO: (no name) - {7B87130B-1FC6-D1EB-720C-73A874F8F3E4} - (no file)
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rivlz.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB741E0-4678-439D-8CB3-14008F3CFF92}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: piryrmibvjlh (vclydjwc6) - Unknown owner - C:\WINDOWS\System32\jqpdqycw6.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


log of the other thing:

The script did not recognize the services listed below.
This does not mean that they are a problem.

To copy the entire contents of this document for posting:
At the top of this window click "Edit" then "Select All"
Next click "Edit" again then "Copy"
Now right click in the forum post box then click "Paste"

########################################

ServiceFilter 1.1
by rand1038

Microsoft Windows XP Home Edition
Version: 5.1.2600 Service Pack 1
Apr 9, 2005 7:18:36 PM


---> Begin Service Listing <---

Unknown Service # 1
Service Name: HPConfig
Display Name: HP Configuration Interface Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\windows\system32\hpconfig.exe
State: Running
Process ID: 512
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True

Unknown Service # 2
Service Name: HPWirelessMgr
Display Name: HPWirelessMgr
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\program files\hpq\notebook utilities\hpwirelessmgr.exe
State: Running
Process ID: 552
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True

Unknown Service #3
Service Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Start Mode: Manual
Start Name: LocalSystem
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this ...
Service Type: Own Process
Path: c:\windows\system32\dllhost.exe /processid:{31c470a8-d205-4842-ac2a-cd97feb974af}
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

Unknown Service # 4
Service Name: vclydjwc6
Display Name: piryrmibvjlh
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\windows\system32\jqpdqycw6.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 0
Accept Pause: False
Accept Stop: False

---> End Service Listing <---

There are 81 Win32 services on this machine.
4 were unrecognized.

Script Execution Time: 13.98438 seconds.
  • 0

#23
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
[*]Open HijackThis.
[*]Click the Config button.
[*]Click the Misc Tools button.
[*]Select Delete an NT service.
[*]Copy and paste the following into the box:
[vclydjwc6]
[*]Click Ok.


Next,
Download Pocket Killbox from. Here Paste the full file path (c:\windows\system32\jqpdqycw6.exe) in the box and click on Delete on Reboot. Next click on the button with the red circle and an X in the middle. You will get a message saying "File with be deleted on next reboot, Process and Reboot now?" Click "Yes" and post a new log when you have rebooted.
Let us know how you make out


I have to head out for a few hours may not get back on tonight, I will keep an eye out for your reply either tonight or tomorrow morning,
Don
  • 0

#24
Chubbs

Chubbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I was unable to delete the "vclydjwc6" file using HJT, said something about it was enabled.

new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 8:03:02 PM, on 4/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\rivlz.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\America Online 9.0\waol.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Documents and Settings\Lucas\Local Settings\Temp\Temporary Directory 12 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {06328303-8145-6034-ED77-7B81150E5C09} - (no file)
O2 - BHO: (no name) - {0B70B616-E0FF-B4EF-4E69-F95158E34A07} - (no file)
O2 - BHO: (no name) - {7B87130B-1FC6-D1EB-720C-73A874F8F3E4} - (no file)
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rivlz.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB741E0-4678-439D-8CB3-14008F3CFF92}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: piryrmibvjlh (vclydjwc6) - Unknown owner - C:\WINDOWS\System32\jqpdqycw6.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks for the help Don, ill get back with you tomorrow so we can get rid of this once and for all :tazz:
  • 0

#25
Chubbs

Chubbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
new log, se.dll appears to be back:

Logfile of HijackThis v1.99.1
Scan saved at 8:37:42 PM, on 4/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\rivlz.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\America Online 9.0\waol.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\rundll32.exe
C:\Documents and Settings\Lucas\Local Settings\Temp\Temporary Directory 15 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Lucas\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Lucas\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {06328303-8145-6034-ED77-7B81150E5C09} - (no file)
O2 - BHO: (no name) - {0B70B616-E0FF-B4EF-4E69-F95158E34A07} - (no file)
O2 - BHO: (no name) - {7B87130B-1FC6-D1EB-720C-73A874F8F3E4} - (no file)
O2 - BHO: (no name) - {974E6099-0083-46D0-9A3E-A4017D4974C0} - C:\WINDOWS\System32\oldj.dll
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rivlz.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Lucas\LOCALS~1\Temp\se.dll,DllInstall
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB741E0-4678-439D-8CB3-14008F3CFF92}: NameServer = 205.188.146.145
O18 - Filter: text/html - {58748786-1C05-4F38-993C-F5C64392E5DD} - C:\WINDOWS\System32\oldj.dll
O18 - Filter: text/plain - {58748786-1C05-4F38-993C-F5C64392E5DD} - C:\WINDOWS\System32\oldj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: piryrmibvjlh (vclydjwc6) - Unknown owner - C:\WINDOWS\System32\jqpdqycw6.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements


#26
Chubbs

Chubbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
and another log after repeating a couple steps:

Logfile of HijackThis v1.99.1
Scan saved at 9:03:05 PM, on 4/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\Lucas\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Lucas\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Lucas\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {06328303-8145-6034-ED77-7B81150E5C09} - (no file)
O2 - BHO: (no name) - {0B70B616-E0FF-B4EF-4E69-F95158E34A07} - (no file)
O2 - BHO: (no name) - {7B87130B-1FC6-D1EB-720C-73A874F8F3E4} - (no file)
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rivlz.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: drnc.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB741E0-4678-439D-8CB3-14008F3CFF92}: NameServer = 205.188.146.145
O18 - Filter: text/html - {01942D82-E93C-49FF-B0F6-A69C77726150} - C:\WINDOWS\System32\oldj.dll
O18 - Filter: text/plain - {01942D82-E93C-49FF-B0F6-A69C77726150} - C:\WINDOWS\System32\oldj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: piryrmibvjlh (vclydjwc6) - Unknown owner - C:\WINDOWS\System32\jqpdqycw6.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe




is it just me or do this thing come back and just rename itself?

Edited by Chubbs, 09 April 2005 - 07:05 PM.

  • 0

#27
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Here we go chubbs, Step 1,

Download SpSeHjfix into a folder. Disconnect from the net and Close ALL OPEN PROGRAMS. Run 'SpSeHjfix' and click on "Start Disinfection". When it's finished it will reboot your machine to finish the cleaning process. The tool creates a log of the fix which will appear in the folder.

Reboot and post a fresh HJT log and the log that was created by 'SpSeHjfix'.


we were gaining on it, We will get there
  • 0

#28
Chubbs

Chubbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
hi don, im gonna run that fix for you and get a new HJT log right away
  • 0

#29
Chubbs

Chubbs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
new HJT log for ya, ill check back later for instructions i guess

Logfile of HijackThis v1.99.1
Scan saved at 4:36:54 PM, on 4/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\rivlz.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Documents and Settings\Lucas\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {06328303-8145-6034-ED77-7B81150E5C09} - (no file)
O2 - BHO: (no name) - {0B70B616-E0FF-B4EF-4E69-F95158E34A07} - (no file)
O2 - BHO: (no name) - {7B87130B-1FC6-D1EB-720C-73A874F8F3E4} - (no file)
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rivlz.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB741E0-4678-439D-8CB3-14008F3CFF92}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: piryrmibvjlh (vclydjwc6) - Unknown owner - C:\WINDOWS\System32\jqpdqycw6.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#30
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi chubbs we are dealing with a couple nasty infections here,

Download FindQoologic-Narrator.zip save it to your Desktop.
http://forums.net-in...=post&id=134981

Extract (unzip) the files inside into their own folder called FindQoologic.
Open the FindQoologic folder.
Locate and double-click the Find-Qoologic.bat file to run it.
A text should open. Please post back what it has found
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP