Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Dr. Watson error My Comp, My Net, Explorer [RESOLVED]

Started by CiscOsys311 , May 27 2005 09:31 AM

  • This topic is locked This topic is locked

#1
CiscOsys311
Posted 27 May 2005 - 09:31 AM

CiscOsys311

    New Member

  • Member
  • Pip
  • 4 posts
My system crashes everytime I access My Computer, My Networks, Internet Explorer and Control Panel. Internet Explorer crashes but does not give me the Dr Watson Postmortem error. :tazz:


I went through the FAQ before posting. I use Trend Micro, Clean Up, CWsheddaer and Microsoft Anti-Spy Beta. My systems is running Windows XP Home edition AMD 1800+ and AIW 7500 Vid Card. Here is my LOG FILE from HIJACK.



Logfile of HijackThis v1.99.1
Scan saved at 11:24:53 AM, on 5/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe
C:\Program Files\WUSB54G Wireless-G Adapter\WUSB54G.exe
C:\WINDOWS\javafx.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mspe32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\unzipped\framxpro\FreeRAM XP Pro 1.40.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Documents and Settings\Michael\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rxwqz.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qedel.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xsnsg.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rxwqz.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rxwqz.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6F9CC14B-7380-08A6-2E2D-D4E1289E7FBE} - C:\WINDOWS\msjw.dll
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll (file missing)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [mspe32.exe] C:\WINDOWS\system32\mspe32.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\unzipped\framxpro\FreeRAM XP Pro 1.40.exe" -win
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...89/sdcregie.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.easports....py/iesnoopy.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.co...file=stamps.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E080A34-1631-4874-B90A-2F7972468C05}: NameServer = 192.168.1.1
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
O23 - Service: WUSB54GSVC - Unknown owner - C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe" "WUSB54G.exe (file missing)
O23 - Service: Workstation NetLogon Service (%AF夶À¨) - Unknown
  • 0

Advertisements

#2
greyknight17
Posted 27 May 2005 - 11:09 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
The last line seems to be cut off a little. But you should see what entry to fix (see below) in the services.msc part.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Download AboutBuster http://www.greyknigh...AboutBuster.zip and unzip it to a folder on your the Desktop. Run AboutBuster and click OK. Click Update and then Check For Update to see if there are any updates. Close the program now.

Reboot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers.

Go to Start->Run and type in services.msc and hit OK. Then look for Workstation NetLogon Service (%AFå and double click on it. Click on the Stop button and under Startup type, choose Disabled.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rxwqz.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qedel.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xsnsg.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rxwqz.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rxwqz.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {6F9CC14B-7380-08A6-2E2D-D4E1289E7FBE} - C:\WINDOWS\msjw.dll
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [mspe32.exe] C:\WINDOWS\system32\mspe32.exe
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O23 - Service: Workstation NetLogon Service (%AFå

Run AboutBuster and click OK. Click Start->OK and then follow the rest of the prompts to scan (choose Yes/OK for all). It will ask you if you want a second scan, choose Yes. Save the log file and post it here.

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\WINDOWS\javafx.exe
C:\WINDOWS\msjw.dll
C:\WINDOWS\system32\AlxTB1.dll
C:\WINDOWS\system32\mspe32.exe

Reboot into Normal Mode run a new HijackThis scan. Save the log file and post it here.
  • 0

#3
CiscOsys311
Posted 27 May 2005 - 12:31 PM

CiscOsys311

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thank you for your quick response, I went ahead and ran through all the steps you gave me. The computer seems to be working better already. I am going to test it more after I send this.... Thanks for your help. Let me know if there are any more steps I should be taking.

Thanks

Scanned at: 2:13:50 PM on: 5/27/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 26


Removed Data Streams:
C:\WINDOWS\addbi32.dll:jsphy
C:\WINDOWS\addfz32.dll:zfcsg
C:\WINDOWS\anaaq.dll:grfzb
C:\WINDOWS\apiji.exe:xjusc
C:\WINDOWS\appjv.exe:gqeqe
C:\WINDOWS\bttji.dll:wqewr
C:\WINDOWS\cbxtc.dll:iofpg
C:\WINDOWS\cfpxy.dat:bpqub
C:\WINDOWS\cfpxy.dat:bpqub
C:\WINDOWS\cgueo.dat:ltkmc
C:\WINDOWS\comsetup.log:hofvm
C:\WINDOWS\crda.dll:shxag
C:\WINDOWS\d3pb32.dll:ngfbo
C:\WINDOWS\dqdel.dat:pjngw
C:\WINDOWS\dzblu.dll:ogwlo
C:\WINDOWS\esbrb.dll:risbf
C:\WINDOWS\esbrb.dll:risbf
C:\WINDOWS\fabxro.dat:xmplg
C:\WINDOWS\fzato.dat:intev
C:\WINDOWS\goahn.dll:drtqq
C:\WINDOWS\hjsze.dat:inudh
C:\WINDOWS\ielz32.dll:jiejj
C:\WINDOWS\jxjyy.dll:nigep
C:\WINDOWS\KB842773.log:djhsb
C:\WINDOWS\khxwgk.dat:fhjhp
C:\WINDOWS\lzuoc.dll:lvozt
C:\WINDOWS\mqvmq.dat:noxni
C:\WINDOWS\msdfmap.ini:kaiyr
C:\WINDOWS\msgsocm.log:rjwrm
C:\WINDOWS\msnt32.dll:vcljo
C:\WINDOWS\msxxc.dll:ncewi
C:\WINDOWS\msxxc.dll:ncewi
C:\WINDOWS\mzdzy.log:croom
C:\WINDOWS\nwabb.dll:ficzo
C:\WINDOWS\oigkj.dll:gllzc
C:\WINDOWS\ojjkv.dll:zedne
C:\WINDOWS\ramdh.dat:qqerm
C:\WINDOWS\SBWIN.INI:cksnu
C:\WINDOWS\sdkuu.dll:zyxll
C:\WINDOWS\sdkuu.dll:zyxll
C:\WINDOWS\sfcxr.dat:fdpxr
C:\WINDOWS\sryfv.dat:kinqb
C:\WINDOWS\ssphq.dat:rsvaf
C:\WINDOWS\stdzj.log:djgvd
C:\WINDOWS\stdzj.log:djgvd
C:\WINDOWS\svcpack.log:jknfh
C:\WINDOWS\syszi.dll:nqfqo
C:\WINDOWS\tjdzx.dat:iixid
C:\WINDOWS\tomws.dat:gjbyp
C:\WINDOWS\ufdti.log:uadba
C:\WINDOWS\uinst001.exe:xutrw
C:\WINDOWS\unbluo.dat:uoaaj
C:\WINDOWS\vumgk.dll:mtekr
C:\WINDOWS\vzlxj.dat:fmwxl
C:\WINDOWS\winwj.dll:yalfj
C:\WINDOWS\winwj.dll:yalfj
C:\WINDOWS\woqdu.dat:erelz
C:\WINDOWS\xeiox.dll:qzcde
C:\WINDOWS\xiucl.dll:iavjy
C:\WINDOWS\xmyoz.dat:bbgwa
C:\WINDOWS\ynfbz.dll:jugwu
C:\WINDOWS\zhkbv.dll:nvejk
C:\WINDOWS\zzrhqo.dat:knahg
C:\WINDOWS\_default.pif:zrewk


Removed 2 Random Key Entries
Removed! : C:\WINDOWS\agfbd.dat
Removed! : C:\WINDOWS\ahnvz.dll
Removed! : C:\WINDOWS\anaaq.dll
Removed! : C:\WINDOWS\avvcw.dat
Removed! : C:\WINDOWS\avzxf.dll
Removed! : C:\WINDOWS\bdnsa.dll
Removed! : C:\WINDOWS\bflts.dat
Removed! : C:\WINDOWS\bhirh.dat
Removed! : C:\WINDOWS\bnhce.dat
Removed! : C:\WINDOWS\bttji.dll
Removed! : C:\WINDOWS\bwjgo.dll
Removed! : C:\WINDOWS\bwmwc.dll
Removed! : C:\WINDOWS\byyod.dat
Removed! : C:\WINDOWS\cbxtc.dll
Removed! : C:\WINDOWS\ccybi.dll
Removed! : C:\WINDOWS\cfpxy.dat
Removed! : C:\WINDOWS\cfuux.dll
Removed! : C:\WINDOWS\cgenk.dll
Removed! : C:\WINDOWS\cgueo.dat
Removed! : C:\WINDOWS\chtkn.dat
Removed! : C:\WINDOWS\cojbi.dat
Removed! : C:\WINDOWS\cpbsh.dat
Removed! : C:\WINDOWS\cspam.dat
Removed! : C:\WINDOWS\dcsuj.dat
Removed! : C:\WINDOWS\dfxtm.dat
Removed! : C:\WINDOWS\dhinu.dat
Removed! : C:\WINDOWS\djrys.dat
Removed! : C:\WINDOWS\dqdel.dat
Removed! : C:\WINDOWS\drutc.dat
Removed! : C:\WINDOWS\dtgnk.dll
Removed! : C:\WINDOWS\dtlpg.dll
Removed! : C:\WINDOWS\dxpgf.dll
Removed! : C:\WINDOWS\dzblu.dll
Removed! : C:\WINDOWS\efncu.dat
Removed! : C:\WINDOWS\egfqm.dat
Removed! : C:\WINDOWS\eihqy.dat
Removed! : C:\WINDOWS\eiveu.dll
Removed! : C:\WINDOWS\ekxev.dll
Removed! : C:\WINDOWS\elpil.dll
Removed! : C:\WINDOWS\elxqi.dat
Removed! : C:\WINDOWS\emtdj.dll
Removed! : C:\WINDOWS\erdpo.dll
Removed! : C:\WINDOWS\esbrb.dll
Removed! : C:\WINDOWS\eueqx.dll
Removed! : C:\WINDOWS\exmjp.dll
Removed! : C:\WINDOWS\ezqzv.dat
Removed! : C:\WINDOWS\fgtpm.dll
Removed! : C:\WINDOWS\fjvbf.dat
Removed! : C:\WINDOWS\fkwrt.dat
Removed! : C:\WINDOWS\fkxff.dll
Removed! : C:\WINDOWS\fuiqb.dat
Removed! : C:\WINDOWS\fzato.dat
Removed! : C:\WINDOWS\ggrdu.dat
Removed! : C:\WINDOWS\goahn.dll
Removed! : C:\WINDOWS\gosyi.dat
Removed! : C:\WINDOWS\gpmkv.dll
Removed! : C:\WINDOWS\groyy.dll
Removed! : C:\WINDOWS\gsghp.dat
Removed! : C:\WINDOWS\gvong.dat
Removed! : C:\WINDOWS\gxqsh.dll
Removed! : C:\WINDOWS\gziwo.dat
Removed! : C:\WINDOWS\heehi.dat
Removed! : C:\WINDOWS\hfuhq.dll
Removed! : C:\WINDOWS\hhyay.dat
Removed! : C:\WINDOWS\hirhw.dll
Removed! : C:\WINDOWS\hjsze.dat
Removed! : C:\WINDOWS\hmldy.dll
Removed! : C:\WINDOWS\hnhom.dll
Removed! : C:\WINDOWS\hoiya.dat
Removed! : C:\WINDOWS\hokig.dll
Removed! : C:\WINDOWS\httwo.dat
Removed! : C:\WINDOWS\hvvix.dll
Removed! : C:\WINDOWS\ighvf.dat
Removed! : C:\WINDOWS\igrsc.dat
Removed! : C:\WINDOWS\ijvuj.dll
Removed! : C:\WINDOWS\imaht.dat
Removed! : C:\WINDOWS\iorjt.dat
Removed! : C:\WINDOWS\isovk.dat
Removed! : C:\WINDOWS\iuvhh.dat
Removed! : C:\WINDOWS\iwszl.dll
Removed! : C:\WINDOWS\iyafh.dat
Removed! : C:\WINDOWS\izerg.dat
Removed! : C:\WINDOWS\izkrg.dll
Removed! : C:\WINDOWS\izyvn.dat
Removed! : C:\WINDOWS\jbkba.dll
Removed! : C:\WINDOWS\jbyci.dat
Removed! : C:\WINDOWS\jhfuv.dll
Removed! : C:\WINDOWS\jjlpy.dll
Removed! : C:\WINDOWS\jlhml.dat
Removed! : C:\WINDOWS\jmbvb.dll
Removed! : C:\WINDOWS\jnbhd.dll
Removed! : C:\WINDOWS\jqmci.dat
Removed! : C:\WINDOWS\jrjti.dat
Removed! : C:\WINDOWS\jxjyy.dll
Removed! : C:\WINDOWS\kcnxn.dll
Removed! : C:\WINDOWS\kcoiu.dll
Removed! : C:\WINDOWS\kfeww.dat
Removed! : C:\WINDOWS\kictf.dat
Removed! : C:\WINDOWS\klfws.dll
Removed! : C:\WINDOWS\kmtgc.dll
Removed! : C:\WINDOWS\kohfm.dat
Removed! : C:\WINDOWS\komle.dll
Removed! : C:\WINDOWS\kqytx.dat
Removed! : C:\WINDOWS\ksykt.dat
Removed! : C:\WINDOWS\kuara.dll
Removed! : C:\WINDOWS\kwxqh.dat
Removed! : C:\WINDOWS\lajnr.dll
Removed! : C:\WINDOWS\lhmli.dll
Removed! : C:\WINDOWS\lhvpu.dat
Removed! : C:\WINDOWS\liyxq.dat
Removed! : C:\WINDOWS\lqhmf.dat
Removed! : C:\WINDOWS\lxmiy.dat
Removed! : C:\WINDOWS\lzuoc.dll
Removed! : C:\WINDOWS\maofi.dat
Removed! : C:\WINDOWS\mhrcj.dll
Removed! : C:\WINDOWS\mhtwz.dll
Removed! : C:\WINDOWS\mqvmq.dat
Removed! : C:\WINDOWS\mrffp.dat
Removed! : C:\WINDOWS\msxxc.dll
Removed! : C:\WINDOWS\muxux.dll
Removed! : C:\WINDOWS\naiga.dll
Removed! : C:\WINDOWS\nceug.dat
Removed! : C:\WINDOWS\ncroo.dll
Removed! : C:\WINDOWS\nkcep.dll
Removed! : C:\WINDOWS\nmfqc.dat
Removed! : C:\WINDOWS\nqiko.dll
Removed! : C:\WINDOWS\nreql.dat
Removed! : C:\WINDOWS\nrutt.dll
Removed! : C:\WINDOWS\nwabb.dll
Removed! : C:\WINDOWS\ohwda.dat
Removed! : C:\WINDOWS\oigkj.dll
Removed! : C:\WINDOWS\ojcjy.dat
Removed! : C:\WINDOWS\ojfsq.dll
Removed! : C:\WINDOWS\ojjkv.dll
Removed! : C:\WINDOWS\oqdll.dll
Removed! : C:\WINDOWS\oqrdv.dat
Removed! : C:\WINDOWS\oropx.dll
Removed! : C:\WINDOWS\oumrl.dat
Removed! : C:\WINDOWS\ozzjm.dll
Removed! : C:\WINDOWS\pfwrt.dll
Removed! : C:\WINDOWS\pfzkp.dll
Removed! : C:\WINDOWS\pnrut.dat
Removed! : C:\WINDOWS\pqsso.dat
Removed! : C:\WINDOWS\pwbmq.dll
Removed! : C:\WINDOWS\pzvbx.dll
Removed! : C:\WINDOWS\qejke.dat
Removed! : C:\WINDOWS\qfcqw.dll
Removed! : C:\WINDOWS\qfjls.dat
Removed! : C:\WINDOWS\qgmfz.dll
Removed! : C:\WINDOWS\qllme.dll
Removed! : C:\WINDOWS\qneri.dat
Removed! : C:\WINDOWS\qobob.dat
Removed! : C:\WINDOWS\qqyvq.dll
Removed! : C:\WINDOWS\qrbcw.dll
Removed! : C:\WINDOWS\qykgz.dat
Removed! : C:\WINDOWS\ramdh.dat
Removed! : C:\WINDOWS\rddwj.dll
Removed! : C:\WINDOWS\refrm.dat
Removed! : C:\WINDOWS\rewgy.dll
Removed! : C:\WINDOWS\rfggb.dll
Removed! : C:\WINDOWS\rhotf.dll
Removed! : C:\WINDOWS\rhtzr.dll
Removed! : C:\WINDOWS\rljjy.dll
Removed! : C:\WINDOWS\rltpd.dat
Removed! : C:\WINDOWS\rpisw.dll
Removed! : C:\WINDOWS\rqjvf.dll
Removed! : C:\WINDOWS\rqriu.dll
Removed! : C:\WINDOWS\rrqab.dll
Removed! : C:\WINDOWS\rvdxb.dat
Removed! : C:\WINDOWS\rzbau.dat
Removed! : C:\WINDOWS\sdkuu.dll
Removed! : C:\WINDOWS\setru.dat
Removed! : C:\WINDOWS\sfcxr.dat
Removed! : C:\WINDOWS\sgrrl.dat
Removed! : C:\WINDOWS\sjcif.dll
Removed! : C:\WINDOWS\skzgk.dat
Removed! : C:\WINDOWS\snpdh.dat
Removed! : C:\WINDOWS\sryfv.dat
Removed! : C:\WINDOWS\ssphq.dat
Removed! : C:\WINDOWS\stjgv.dll
Removed! : C:\WINDOWS\swmrg.dat
Removed! : C:\WINDOWS\sxpyg.dat
Removed! : C:\WINDOWS\tiokg.dll
Removed! : C:\WINDOWS\tjdzx.dat
Removed! : C:\WINDOWS\tomws.dat
Removed! : C:\WINDOWS\tpejy.dat
Removed! : C:\WINDOWS\trbny.dll
Removed! : C:\WINDOWS\tuhnq.dll
Removed! : C:\WINDOWS\tujdz.dll
Removed! : C:\WINDOWS\twoad.dll
Removed! : C:\WINDOWS\txhuf.dll
Removed! : C:\WINDOWS\uajwt.dll
Removed! : C:\WINDOWS\uaxfl.dll
Removed! : C:\WINDOWS\udjpt.dat
Removed! : C:\WINDOWS\uhuoj.dll
Removed! : C:\WINDOWS\uiqbt.dll
Removed! : C:\WINDOWS\ujyaw.dat
Removed! : C:\WINDOWS\uljwh.dll
Removed! : C:\WINDOWS\uoliw.dll
Removed! : C:\WINDOWS\uopqz.dll
Removed! : C:\WINDOWS\upbnv.dll
Removed! : C:\WINDOWS\uppzw.dll
Removed! : C:\WINDOWS\uptkh.dll
Removed! : C:\WINDOWS\usalv.dll
Removed! : C:\WINDOWS\uuely.dll
Removed! : C:\WINDOWS\uvhhd.dll
Removed! : C:\WINDOWS\uxiei.dll
Removed! : C:\WINDOWS\uzqsa.dat
Removed! : C:\WINDOWS\vdmcb.dat
Removed! : C:\WINDOWS\vfmto.dat
Removed! : C:\WINDOWS\vgtmb.dll
Removed! : C:\WINDOWS\vmvkt.dat
Removed! : C:\WINDOWS\vumgk.dll
Removed! : C:\WINDOWS\vvyey.dll
Removed! : C:\WINDOWS\vzlxj.dat
Removed! : C:\WINDOWS\wbwag.dat
Removed! : C:\WINDOWS\wignf.dll
Removed! : C:\WINDOWS\wmrgx.dll
Removed! : C:\WINDOWS\wopun.dll
Removed! : C:\WINDOWS\woqdu.dat
Removed! : C:\WINDOWS\wrrxz.dll
Removed! : C:\WINDOWS\wsarw.dll
Removed! : C:\WINDOWS\wsykf.dll
Removed! : C:\WINDOWS\wvawz.dll
Removed! : C:\WINDOWS\wvrre.dat
Removed! : C:\WINDOWS\wvvne.dll
Removed! : C:\WINDOWS\wyhgq.dat
Removed! : C:\WINDOWS\wzhwr.dll
Removed! : C:\WINDOWS\xbauc.dat
Removed! : C:\WINDOWS\xbvkj.dll
Removed! : C:\WINDOWS\xczgd.dat
Removed! : C:\WINDOWS\xeiox.dll
Removed! : C:\WINDOWS\xiboq.dll
Removed! : C:\WINDOWS\xifpj.dll
Removed! : C:\WINDOWS\xiucl.dll
Removed! : C:\WINDOWS\xjyrd.dll
Removed! : C:\WINDOWS\xmvci.dll
Removed! : C:\WINDOWS\xmyoz.dat
Removed! : C:\WINDOWS\xqswc.dll
Removed! : C:\WINDOWS\xrynh.dll
Removed! : C:\WINDOWS\xykij.dll
Removed! : C:\WINDOWS\yakia.dat
Removed! : C:\WINDOWS\yakia.dll
Removed! : C:\WINDOWS\yciod.dll
Removed! : C:\WINDOWS\ycksk.dll
Removed! : C:\WINDOWS\ykfbs.dll
Removed! : C:\WINDOWS\ymzww.dll
Removed! : C:\WINDOWS\ynfbz.dll
Removed! : C:\WINDOWS\yxnda.dat
Removed! : C:\WINDOWS\yzkzd.dll
Removed! : C:\WINDOWS\zakxt.dll
Removed! : C:\WINDOWS\zayqo.dll
Removed! : C:\WINDOWS\zcucl.dat
Removed! : C:\WINDOWS\zdzyq.dll
Removed! : C:\WINDOWS\zgemt.dll
Removed! : C:\WINDOWS\zhkbv.dll
Removed! : C:\WINDOWS\zkepn.dat
Removed! : C:\WINDOWS\zreoi.dll
Removed! : C:\WINDOWS\zrlpw.dll
Removed! : C:\WINDOWS\zrykz.dll
Removed! : C:\WINDOWS\ztvtk.dat
Removed! : C:\WINDOWS\zxylz.dll
Removed! : C:\WINDOWS\system32\aauwf.dat
Removed! : C:\WINDOWS\system32\abbmv.dll
Removed! : C:\WINDOWS\system32\abciy.dll
Removed! : C:\WINDOWS\system32\accic.dat
Removed! : C:\WINDOWS\system32\adqjc.dat
Removed! : C:\WINDOWS\system32\agfxz.dll
Removed! : C:\WINDOWS\system32\aonyy.dll
Removed! : C:\WINDOWS\system32\aqkvq.dll
Removed! : C:\WINDOWS\system32\avfzq.dat
Removed! : C:\WINDOWS\system32\avkjx.dll
Removed! : C:\WINDOWS\system32\avuxu.dat
Removed! : C:\WINDOWS\system32\awpae.dll
Removed! : C:\WINDOWS\system32\bewsb.dll
Removed! : C:\WINDOWS\system32\biopy.dat
Removed! : C:\WINDOWS\system32\bobeh.dll
Removed! : C:\WINDOWS\system32\bobxp.dat
Removed! : C:\WINDOWS\system32\btegp.dll
Removed! : C:\WINDOWS\system32\caegc.dll
Removed! : C:\WINDOWS\system32\cajko.dll
Removed! : C:\WINDOWS\system32\calxo.dll
Removed! : C:\WINDOWS\system32\ccdpf.dll
Removed! : C:\WINDOWS\system32\ccign.dat
Removed! : C:\WINDOWS\system32\cfurk.dll
Removed! : C:\WINDOWS\system32\cozny.dat
Removed! : C:\WINDOWS\system32\cqdqn.dll
Removed! : C:\WINDOWS\system32\ctdwk.dll
Removed! : C:\WINDOWS\system32\cyayz.dll
Removed! : C:\WINDOWS\system32\dacoi.dat
Removed! : C:\WINDOWS\system32\darmv.dat
Removed! : C:\WINDOWS\system32\dbfay.dat
Removed! : C:\WINDOWS\system32\dcuxg.dat
Removed! : C:\WINDOWS\system32\dkwfz.dat
Removed! : C:\WINDOWS\system32\dkxgx.dll
Removed! : C:\WINDOWS\system32\dqczb.dll
Removed! : C:\WINDOWS\system32\dtkht.dll
Removed! : C:\WINDOWS\system32\dvffb.dll
Removed! : C:\WINDOWS\system32\dycnw.dat
Removed! : C:\WINDOWS\system32\dytdt.dat
Removed! : C:\WINDOWS\system32\eavhe.dat
Removed! : C:\WINDOWS\system32\ecjzk.dll
Removed! : C:\WINDOWS\system32\eeyqc.dll
Removed! : C:\WINDOWS\system32\eiaik.dat
Removed! : C:\WINDOWS\system32\eiirx.dat
Removed! : C:\WINDOWS\system32\eijyw.dat
Removed! : C:\WINDOWS\system32\ekbjo.dll
Removed! : C:\WINDOWS\system32\ekgxk.dll
Removed! : C:\WINDOWS\system32\ekhnr.dll
Removed! : C:\WINDOWS\system32\eknfk.dll
Removed! : C:\WINDOWS\system32\elgiy.dll
Removed! : C:\WINDOWS\system32\embcc.dll
Removed! : C:\WINDOWS\system32\eoonc.dat
Removed! : C:\WINDOWS\system32\esazv.dll
Removed! : C:\WINDOWS\system32\eskkl.dat
Removed! : C:\WINDOWS\system32\fbvtz.dll
Removed! : C:\WINDOWS\system32\fcawi.dll
Removed! : C:\WINDOWS\system32\fcjlv.dat
Removed! : C:\WINDOWS\system32\fdbgj.dat
Removed! : C:\WINDOWS\system32\fddtl.dll
Removed! : C:\WINDOWS\system32\fdhcv.dat
Removed! : C:\WINDOWS\system32\fflqw.dat
Removed! : C:\WINDOWS\system32\fhalq.dll
Removed! : C:\WINDOWS\system32\fhxbe.dat
Removed! : C:\WINDOWS\system32\fszud.dll
Removed! : C:\WINDOWS\system32\fwnzs.dll
Removed! : C:\WINDOWS\system32\gbgjn.dat
Removed! : C:\WINDOWS\system32\gbxtf.dll
Removed! : C:\WINDOWS\system32\gjgnq.dll
Removed! : C:\WINDOWS\system32\glzny.dat
Removed! : C:\WINDOWS\system32\grnvj.dll
Removed! : C:\WINDOWS\system32\gtggd.dll
Removed! : C:\WINDOWS\system32\gywxf.dll
Removed! : C:\WINDOWS\system32\hcajk.dat
Removed! : C:\WINDOWS\system32\hfqqo.dll
Removed! : C:\WINDOWS\system32\hjhbj.dat
Removed! : C:\WINDOWS\system32\hjlkx.dll
Removed! : C:\WINDOWS\system32\hjxxt.dll
Removed! : C:\WINDOWS\system32\hlhth.dat
Removed! : C:\WINDOWS\system32\hniju.dat
Removed! : C:\WINDOWS\system32\hoyxv.dat
Removed! : C:\WINDOWS\system32\hrrjv.dll
Removed! : C:\WINDOWS\system32\hspan.dll
Removed! : C:\WINDOWS\system32\huozs.dat
Removed! : C:\WINDOWS\system32\huumc.dat
Removed! : C:\WINDOWS\system32\hvejw.dll
Removed! : C:\WINDOWS\system32\hvnhs.dll
Removed! : C:\WINDOWS\system32\hvzdc.dll
Removed! : C:\WINDOWS\system32\hzfss.dll
Removed! : C:\WINDOWS\system32\iadcv.dll
Removed! : C:\WINDOWS\system32\ibews.dat
Removed! : C:\WINDOWS\system32\icmvl.dll
Removed! : C:\WINDOWS\system32\icrvi.dat
Removed! : C:\WINDOWS\system32\icxto.dll
Removed! : C:\WINDOWS\system32\idyqp.dll
Removed! : C:\WINDOWS\system32\iegqy.dll
Removed! : C:\WINDOWS\system32\ifcqm.dll
Removed! : C:\WINDOWS\system32\ihnal.dll
Removed! : C:\WINDOWS\system32\ihxdv.dll
Removed! : C:\WINDOWS\system32\iixhq.dat
Removed! : C:\WINDOWS\system32\ikuxu.dll
Removed! : C:\WINDOWS\system32\insye.dll
Removed! : C:\WINDOWS\system32\itiui.dll
Removed! : C:\WINDOWS\system32\iuspx.dat
Removed! : C:\WINDOWS\system32\iwqrw.dat
Removed! : C:\WINDOWS\system32\iyodz.dat
Removed! : C:\WINDOWS\system32\iyodz.dll
Removed! : C:\WINDOWS\system32\izeca.dll
Removed! : C:\WINDOWS\system32\jargk.dll
Removed! : C:\WINDOWS\system32\jinzf.dat
Removed! : C:\WINDOWS\system32\jkwns.dll
Removed! : C:\WINDOWS\system32\jodug.dll
Removed! : C:\WINDOWS\system32\jompz.dll
Removed! : C:\WINDOWS\system32\jqgzr.dll
Removed! : C:\WINDOWS\system32\jtzcv.dll
Removed! : C:\WINDOWS\system32\jvhqb.dat
Removed! : C:\WINDOWS\system32\jwutn.dat
Removed! : C:\WINDOWS\system32\jwzqb.dat
Removed! : C:\WINDOWS\system32\jxfjw.dat
Removed! : C:\WINDOWS\system32\jxxkm.dll
Removed! : C:\WINDOWS\system32\jymxp.dat
Removed! : C:\WINDOWS\system32\jywzv.dat
Removed! : C:\WINDOWS\system32\kdfau.dll
Removed! : C:\WINDOWS\system32\kjfyc.dat
Removed! : C:\WINDOWS\system32\kkvue.dll
Removed! : C:\WINDOWS\system32\ktkzx.dat
Removed! : C:\WINDOWS\system32\kxbue.dat
Removed! : C:\WINDOWS\system32\kzkmv.dll
Removed! : C:\WINDOWS\system32\kzwaf.dat
Removed! : C:\WINDOWS\system32\lbhoq.dat
Removed! : C:\WINDOWS\system32\lbnmh.dll
Removed! : C:\WINDOWS\system32\lekgx.dat
Removed! : C:\WINDOWS\system32\lgdfl.dat
Removed! : C:\WINDOWS\system32\lhszz.dll
Removed! : C:\WINDOWS\system32\lhthf.dll
Removed! : C:\WINDOWS\system32\lhuaq.dll
Removed! : C:\WINDOWS\system32\linoi.dll
Removed! : C:\WINDOWS\system32\ljnzz.dat
Removed! : C:\WINDOWS\system32\lldee.dll
Removed! : C:\WINDOWS\system32\lncuf.dll
Removed! : C:\WINDOWS\system32\lnncj.dll
Removed! : C:\WINDOWS\system32\lsjrw.dll
Removed! : C:\WINDOWS\system32\ltbsu.dll
Removed! : C:\WINDOWS\system32\ltdat.dll
Removed! : C:\WINDOWS\system32\lurpl.dll
Removed! : C:\WINDOWS\system32\lzrva.dat
Removed! : C:\WINDOWS\system32\mbqsx.dll
Removed! : C:\WINDOWS\system32\mmeeq.dll
Removed! : C:\WINDOWS\system32\mrrvz.dll
Removed! : C:\WINDOWS\system32\mtccg.dat
Removed! : C:\WINDOWS\system32\muuqs.dll
Removed! : C:\WINDOWS\system32\nbtha.dll
Removed! : C:\WINDOWS\system32\ndfuu.dat
Removed! : C:\WINDOWS\system32\ngxeh.dll
Removed! : C:\WINDOWS\system32\niegd.dat
Removed! : C:\WINDOWS\system32\nkmgr.dll
Removed! : C:\WINDOWS\system32\nlgyy.dat
Removed! : C:\WINDOWS\system32\npnrr.dll
Removed! : C:\WINDOWS\system32\nptih.dat
Removed! : C:\WINDOWS\system32\ofaga.dll
Removed! : C:\WINDOWS\system32\ogwhi.dat
Removed! : C:\WINDOWS\system32\oprkt.dll
Removed! : C:\WINDOWS\system32\oskan.dll
Removed! : C:\WINDOWS\system32\ouprn.dll
Removed! : C:\WINDOWS\system32\ovjxj.dat
Removed! : C:\WINDOWS\system32\pbexg.dll
Removed! : C:\WINDOWS\system32\phquq.dat
Removed! : C:\WINDOWS\system32\phylo.dat
Removed! : C:\WINDOWS\system32\pivof.dat
Removed! : C:\WINDOWS\system32\pkinq.dll
Removed! : C:\WINDOWS\system32\pluvy.dll
Removed! : C:\WINDOWS\system32\psexw.dat
Removed! : C:\WINDOWS\system32\pxcfx.dat
Removed! : C:\WINDOWS\system32\pzlls.dll
Removed! : C:\WINDOWS\system32\qazaq.dat
Removed! : C:\WINDOWS\system32\qfgyj.dll
Removed! : C:\WINDOWS\system32\qhabo.dll
Removed! : C:\WINDOWS\system32\qhfqq.dat
Removed! : C:\WINDOWS\system32\qhhjx.dat
Removed! : C:\WINDOWS\system32\qlqdv.dat
Removed! : C:\WINDOWS\system32\qnblk.dll
Removed! : C:\WINDOWS\system32\qneig.dll
Removed! : C:\WINDOWS\system32\qoofh.dat
Removed! : C:\WINDOWS\system32\qqhab.dat
Removed! : C:\WINDOWS\system32\qystf.dat
Removed! : C:\WINDOWS\system32\rdhsg.dll
Removed! : C:\WINDOWS\system32\refsg.dll
Removed! : C:\WINDOWS\system32\relkp.dll
Removed! : C:\WINDOWS\system32\rhvej.dat
Removed! : C:\WINDOWS\system32\risgk.dll
Removed! : C:\WINDOWS\system32\rjjns.dat
Removed! : C:\WINDOWS\system32\rjtfw.dll
Removed! : C:\WINDOWS\system32\rnwak.dat
Removed! : C:\WINDOWS\system32\rpond.dat
Removed! : C:\WINDOWS\system32\rujbf.dat
Removed! : C:\WINDOWS\system32\rxfdi.dat
Removed! : C:\WINDOWS\system32\rypnd.dat
Removed! : C:\WINDOWS\system32\sayau.dat
Removed! : C:\WINDOWS\system32\sbeml.dat
Removed! : C:\WINDOWS\system32\sbgmy.dll
Removed! : C:\WINDOWS\system32\sevdw.dll
Removed! : C:\WINDOWS\system32\sexwu.dll
Removed! : C:\WINDOWS\system32\shlts.dat
Removed! : C:\WINDOWS\system32\skrlt.dat
Removed! : C:\WINDOWS\system32\smpoc.dat
Removed! : C:\WINDOWS\system32\spllx.dll
Removed! : C:\WINDOWS\system32\stgpe.dat
Removed! : C:\WINDOWS\system32\swzgf.dat
Removed! : C:\WINDOWS\system32\tdaed.dll
Removed! : C:\WINDOWS\system32\telnj.dll
Removed! : C:\WINDOWS\system32\tfbsv.dat
Removed! : C:\WINDOWS\system32\tgtmv.dat
Removed! : C:\WINDOWS\system32\tiwci.dat
Removed! : C:\WINDOWS\system32\tkchk.dll
Removed! : C:\WINDOWS\system32\tqhzc.dll
Removed! : C:\WINDOWS\system32\trdzq.dat
Removed! : C:\WINDOWS\system32\ttdcf.dat
Removed! : C:\WINDOWS\system32\ttrbp.dll
Removed! : C:\WINDOWS\system32\tuzcf.dat
Removed! : C:\WINDOWS\system32\twgqe.dat
Removed! : C:\WINDOWS\system32\tywto.dat
Removed! : C:\WINDOWS\system32\ubwax.dll
Removed! : C:\WINDOWS\system32\ucibi.dll
Removed! : C:\WINDOWS\system32\uctko.dat
Removed! : C:\WINDOWS\system32\ugrfq.dll
Removed! : C:\WINDOWS\system32\uhqft.dll
Removed! : C:\WINDOWS\system32\uhsqc.dll
Removed! : C:\WINDOWS\system32\upalg.dat
Removed! : C:\WINDOWS\system32\uspxu.dll
Removed! : C:\WINDOWS\system32\uwwsl.dat
Removed! : C:\WINDOWS\system32\uxoep.dll
Removed! : C:\WINDOWS\system32\vdmxc.dat
Removed! : C:\WINDOWS\system32\vgyjm.dat
Removed! : C:\WINDOWS\system32\vklwt.dll
Removed! : C:\WINDOWS\system32\vkvml.dll
Removed! : C:\WINDOWS\system32\vsutl.dll
Removed! : C:\WINDOWS\system32\vtihf.dll
Removed! : C:\WINDOWS\system32\vvorr.dat
Removed! : C:\WINDOWS\system32\vvxkd.dat
Removed! : C:\WINDOWS\system32\wepsl.dll
Removed! : C:\WINDOWS\system32\wivsz.dat
Removed! : C:\WINDOWS\system32\wiyfe.dll
Removed! : C:\WINDOWS\system32\wjgzj.dat
Removed! : C:\WINDOWS\system32\wjjyz.dll
Removed! : C:\WINDOWS\system32\wkqrt.dll
Removed! : C:\WINDOWS\system32\wnvvq.dat
Removed! : C:\WINDOWS\system32\wpkin.dat
Removed! : C:\WINDOWS\system32\wriiy.dat
Removed! : C:\WINDOWS\system32\wrtvq.dat
Removed! : C:\WINDOWS\system32\wtqoj.dat
Removed! : C:\WINDOWS\system32\wuebw.dat
Removed! : C:\WINDOWS\system32\wwnpm.dat
Removed! : C:\WINDOWS\system32\xcfxu.dll
Removed! : C:\WINDOWS\system32\xdsah.dll
Removed! : C:\WINDOWS\system32\xeozg.dat
Removed! : C:\WINDOWS\system32\xgaqb.dll
Removed! : C:\WINDOWS\system32\xgvff.dat
Removed! : C:\WINDOWS\system32\xhdrw.dll
Removed! : C:\WINDOWS\system32\xhsjx.dat
Removed! : C:\WINDOWS\system32\xiqpg.dat
Removed! : C:\WINDOWS\system32\xmxwl.dat
Removed! : C:\WINDOWS\system32\xoetp.dat
Removed! : C:\WINDOWS\system32\xpnev.dll
Removed! : C:\WINDOWS\system32\xrmib.dll
Removed! : C:\WINDOWS\system32\xzknz.dll
Removed! : C:\WINDOWS\system32\yehxt.dll
Removed! : C:\WINDOWS\system32\yfdqm.dat
Removed! : C:\WINDOWS\system32\yglgj.dat
Removed! : C:\WINDOWS\system32\ygmdw.dll
Removed! : C:\WINDOWS\system32\ynijz.dat
Removed! : C:\WINDOWS\system32\yoajs.dll
Removed! : C:\WINDOWS\system32\yovbb.dll
Removed! : C:\WINDOWS\system32\ypfzk.dat
Removed! : C:\WINDOWS\system32\yqooz.dll
Removed! : C:\WINDOWS\system32\yrazh.dat
Removed! : C:\WINDOWS\system32\ytdpo.dat
Removed! : C:\WINDOWS\system32\yuopm.dat
Removed! : C:\WINDOWS\system32\zaqrh.dat
Removed! : C:\WINDOWS\system32\zhhhy.dll
Removed! : C:\WINDOWS\system32\zilom.dat
Removed! : C:\WINDOWS\system32\znavw.dat
Removed! : C:\WINDOWS\system32\zsakj.dat
Removed! : C:\WINDOWS\system32\zvmyn.dat
Removed! : C:\WINDOWS\system32\zvybh.dat
Removed! : C:\WINDOWS\system32\zwafy.dll
Removed! : C:\WINDOWS\system32\zysdl.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 26


Removed Data Streams:
C:\WINDOWS\addbi32.dll:jsphy
C:\WINDOWS\addfz32.dll:zfcsg
C:\WINDOWS\anaaq.dll:grfzb
C:\WINDOWS\apiji.exe:xjusc
C:\WINDOWS\appjv.exe:gqeqe
C:\WINDOWS\bttji.dll:wqewr
C:\WINDOWS\cbxtc.dll:iofpg
C:\WINDOWS\cfpxy.dat:bpqub
C:\WINDOWS\cfpxy.dat:bpqub
C:\WINDOWS\cgueo.dat:ltkmc
C:\WINDOWS\comsetup.log:hofvm
C:\WINDOWS\crda.dll:shxag
C:\WINDOWS\d3pb32.dll:ngfbo
C:\WINDOWS\dqdel.dat:pjngw
C:\WINDOWS\dzblu.dll:ogwlo
C:\WINDOWS\esbrb.dll:risbf
C:\WINDOWS\esbrb.dll:risbf
C:\WINDOWS\fabxro.dat:xmplg
C:\WINDOWS\fzato.dat:intev
C:\WINDOWS\goahn.dll:drtqq
C:\WINDOWS\hjsze.dat:inudh
C:\WINDOWS\ielz32.dll:jiejj
C:\WINDOWS\jxjyy.dll:nigep
C:\WINDOWS\KB842773.log:djhsb
C:\WINDOWS\khxwgk.dat:fhjhp
C:\WINDOWS\lzuoc.dll:lvozt
C:\WINDOWS\mqvmq.dat:noxni
C:\WINDOWS\msdfmap.ini:kaiyr
C:\WINDOWS\msgsocm.log:rjwrm
C:\WINDOWS\msnt32.dll:vcljo
C:\WINDOWS\msxxc.dll:ncewi
C:\WINDOWS\msxxc.dll:ncewi
C:\WINDOWS\mzdzy.log:croom
C:\WINDOWS\nwabb.dll:ficzo
C:\WINDOWS\oigkj.dll:gllzc
C:\WINDOWS\ojjkv.dll:zedne
C:\WINDOWS\ramdh.dat:qqerm
C:\WINDOWS\SBWIN.INI:cksnu
C:\WINDOWS\sdkuu.dll:zyxll
C:\WINDOWS\sdkuu.dll:zyxll
C:\WINDOWS\sfcxr.dat:fdpxr
C:\WINDOWS\sryfv.dat:kinqb
C:\WINDOWS\ssphq.dat:rsvaf
C:\WINDOWS\stdzj.log:djgvd
C:\WINDOWS\stdzj.log:djgvd
C:\WINDOWS\svcpack.log:jknfh
C:\WINDOWS\syszi.dll:nqfqo
C:\WINDOWS\tjdzx.dat:iixid
C:\WINDOWS\tomws.dat:gjbyp
C:\WINDOWS\ufdti.log:uadba
C:\WINDOWS\uinst001.exe:xutrw
C:\WINDOWS\unbluo.dat:uoaaj
C:\WINDOWS\vumgk.dll:mtekr
C:\WINDOWS\vzlxj.dat:fmwxl
C:\WINDOWS\winwj.dll:yalfj
C:\WINDOWS\winwj.dll:yalfj
C:\WINDOWS\woqdu.dat:erelz
C:\WINDOWS\xeiox.dll:qzcde
C:\WINDOWS\xiucl.dll:iavjy
C:\WINDOWS\xmyoz.dat:bbgwa
C:\WINDOWS\ynfbz.dll:jugwu
C:\WINDOWS\zhkbv.dll:nvejk
C:\WINDOWS\zzrhqo.dat:knahg
C:\WINDOWS\_default.pif:zrewk


Attempted Clean Of Temp folder.
Pages Reset... Done!




Logfile of HijackThis v1.99.1
Scan saved at 2:26:25 PM, on 5/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe
C:\Program Files\WUSB54G Wireless-G Adapter\WUSB54G.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\unzipped\framxpro\FreeRAM XP Pro 1.40.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Michael\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\unzipped\framxpro\FreeRAM XP Pro 1.40.exe" -win
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...89/sdcregie.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.easports....py/iesnoopy.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.co...file=stamps.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E080A34-1631-4874-B90A-2F7972468C05}: NameServer = 192.168.1.1
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
O23 - Service: WUSB54GSVC - Unknown owner - C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe" "WUSB54G.exe (file missing)
  • 0

#4
greyknight17
Posted 27 May 2005 - 12:56 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Perfect, that removed a bunch of stuff there. Good job :tazz:

Your log is clean.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer and uncheck the same box to enable System Restore.

Make sure to get the latest updates for Windows and Internet Explorer at http://v5.windowsupd...t.aspx?ln=en-us.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#5
greyknight17
Posted 20 June 2005 - 07:01 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP