Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I need help with some popups! thanks! [RESOLVED]


  • This topic is locked This topic is locked

#1
emuworld

emuworld

    Member

  • Member
  • PipPip
  • 31 posts
i GET POPUPS from:

http://certified-saf...asp?acpaarmorie
and from LOADGINWEBSITE something....
I really appreciate your help.. :tazz: ;) ;)
I have so many pop ups running in my pc, pleasse help...... Here is my hijackthis log:



Logfile of HijackThis v1.99.1
Scan saved at 11:16:15 PM, on 6/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\cmd.exe
C:\Documents and Settings\Ariel Perez Monagas\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t1msn.com.mx
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t1msn.com.mx
O2 - BHO: (no name) - {413BEDC4-C383-FB68-F131-C69FCAE0E61A} - (no file)
O2 - BHO: (no name) - {665970D9-4C05-97AD-39BD-BC47BF4BDF0E} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [KASP] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\OESpamTest.exe"
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitepyk32.exe
O4 - HKLM\..\Run: [Spyware Nuker] C:\Program Files\Spyware Nuker 2004\swn2.exe /h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKCU\..\Run: [Ltho] C:\Program Files\sder\dees.exe
O4 - HKCU\..\Run: [Vuqqio] C:\WINDOWS\System32\??ool32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15....es/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\mv0ql9d51.dll
O23 - Service: cgprrdiur - Unknown owner - C:\WINDOWS\System32\diur\cgprr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: dcxpehfaysmacn - Unknown owner - C:\WINDOWS\System32\aysmacn\dcxpehf.exe (file missing)
O23 - Service: hmmhkcboxhmdwba - Unknown owner - C:\WINDOWS\System32\xhmdwba\hmmhkcbo.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: spkwskqgrisb (MsUpdate6) - Unknown owner - C:\WINDOWS\System32\msupd6.exe (file missing)
O23 - Service: njurvymikfyf - Unknown owner - C:\WINDOWS\System32\ikfyf\njurvym.exe (file missing)
O23 - Service: ntffmbqljvjjo - Unknown owner - C:\WINDOWS\System32\qljvjjo\ntffmb.exe (file missing)
O23 - Service: pcfxmiiaku - Unknown owner - C:\WINDOWS\System32\miiaku\pcfx.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: rpemyqhr - Unknown owner - C:\WINDOWS\System32\yqhr\rpem.exe (file missing)
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: SmartLinkService (SLService) - Unknown owner - slserv.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: xabjamoaptr - Unknown owner - C:\WINDOWS\System32\moaptr\xabja.exe (file missing)
O23 - Service: yjlaidktxdllon - Unknown owner - C:\WINDOWS\System32\txdllon\yjlaidk.exe (file missing)

I READ ANOTHER POST WHERE SOMEONE HELPED A GUY WITH MY SAME PROBLEM.... HERE IS MY l2mfix log:

L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellServiceObjectDelayLoad]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\mv0ql9d51.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{1ABE9B9A-11CC-2635-981B-ED42F69CD401}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Carpetas Web"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{AE7990AC-90A2-47E8-BE13-C46B148F024D}"=""
"{D8312C30-2DE1-46D2-9FC2-D57C05182A56}"=""
"{0723E8EB-1D93-447D-909B-0278BD7BF294}"=""
"{B23D15CF-771A-4C09-85E5-6BDE03EE657A}"=""
"{529760EF-729D-411B-B679-73290A4BA966}"=""
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{6A8ECA24-5FFD-4AC6-899F-AC6A0BE6A504}"=""
"{6074612B-F984-4D7D-8475-7775D8629CD9}"=""
"{7B4F7512-F27A-43A8-ABEC-A10ED31D1BE9}"=""
"{C7936DD1-264C-4E96-A278-935EA53C2384}"=""
"{84EA885B-BFAD-442B-AD45-AE0E5CFB6032}"=""
"{B4B3001E-0F56-4E51-8250-BDE11547EC55}"="Super Ad Blocker Toolbar"
"{96EF9F72-8A02-426F-B91E-00BB9F7032BB}"=""
"{67CB615C-7FAE-4445-BC76-7621E3585099}"=""
"{9F4D7BBB-9F60-4570-BE34-CECF059D7008}"=""
"{4529B3B8-4B34-4203-A596-A4B968507218}"=""
"{03647437-058F-454B-9FD6-8A04B6E91DCE}"=""
"{1D364EA0-5EF4-4B53-ADD6-BBEE100D7355}"=""
"{DE964DE8-65B2-4334-89AE-50A93614B07E}"=""
"{E515C16B-EC41-4614-B528-5487AC7088A2}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{AE7990AC-90A2-47E8-BE13-C46B148F024D}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{AE7990AC-90A2-47E8-BE13-C46B148F024D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AE7990AC-90A2-47E8-BE13-C46B148F024D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AE7990AC-90A2-47E8-BE13-C46B148F024D}\InprocServer32]
@="C:\\WINDOWS\\system32\\mvwsock(4).dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D8312C30-2DE1-46D2-9FC2-D57C05182A56}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D8312C30-2DE1-46D2-9FC2-D57C05182A56}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D8312C30-2DE1-46D2-9FC2-D57C05182A56}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D8312C30-2DE1-46D2-9FC2-D57C05182A56}\InprocServer32]
@="C:\\WINDOWS\\system32\\PBDrSystemInformation.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0723E8EB-1D93-447D-909B-0278BD7BF294}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0723E8EB-1D93-447D-909B-0278BD7BF294}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0723E8EB-1D93-447D-909B-0278BD7BF294}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0723E8EB-1D93-447D-909B-0278BD7BF294}\InprocServer32]
@="C:\\WINDOWS\\system32\\cmfgnt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B23D15CF-771A-4C09-85E5-6BDE03EE657A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B23D15CF-771A-4C09-85E5-6BDE03EE657A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B23D15CF-771A-4C09-85E5-6BDE03EE657A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B23D15CF-771A-4C09-85E5-6BDE03EE657A}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{529760EF-729D-411B-B679-73290A4BA966}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{529760EF-729D-411B-B679-73290A4BA966}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{529760EF-729D-411B-B679-73290A4BA966}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{529760EF-729D-411B-B679-73290A4BA966}\InprocServer32]
@="C:\\WINDOWS\\system32\\imxwan.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6A8ECA24-5FFD-4AC6-899F-AC6A0BE6A504}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A8ECA24-5FFD-4AC6-899F-AC6A0BE6A504}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A8ECA24-5FFD-4AC6-899F-AC6A0BE6A504}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A8ECA24-5FFD-4AC6-899F-AC6A0BE6A504}\InprocServer32]
@="C:\\WINDOWS\\system32\\kfdusl.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6074612B-F984-4D7D-8475-7775D8629CD9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6074612B-F984-4D7D-8475-7775D8629CD9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6074612B-F984-4D7D-8475-7775D8629CD9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6074612B-F984-4D7D-8475-7775D8629CD9}\InprocServer32]
@="C:\\WINDOWS\\system32\\ptbase(3).dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7B4F7512-F27A-43A8-ABEC-A10ED31D1BE9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B4F7512-F27A-43A8-ABEC-A10ED31D1BE9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B4F7512-F27A-43A8-ABEC-A10ED31D1BE9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B4F7512-F27A-43A8-ABEC-A10ED31D1BE9}\InprocServer32]
@="C:\\WINDOWS\\system32\\sdcur32(4).dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C7936DD1-264C-4E96-A278-935EA53C2384}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C7936DD1-264C-4E96-A278-935EA53C2384}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C7936DD1-264C-4E96-A278-935EA53C2384}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C7936DD1-264C-4E96-A278-935EA53C2384}\InprocServer32]
@="C:\\WINDOWS\\system32\\iyfxexps.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{84EA885B-BFAD-442B-AD45-AE0E5CFB6032}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{84EA885B-BFAD-442B-AD45-AE0E5CFB6032}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{84EA885B-BFAD-442B-AD45-AE0E5CFB6032}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{84EA885B-BFAD-442B-AD45-AE0E5CFB6032}\InprocServer32]
@="C:\\WINDOWS\\system32\\whvdmoe2.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{96EF9F72-8A02-426F-B91E-00BB9F7032BB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{96EF9F72-8A02-426F-B91E-00BB9F7032BB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{96EF9F72-8A02-426F-B91E-00BB9F7032BB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{96EF9F72-8A02-426F-B91E-00BB9F7032BB}\InprocServer32]
@="C:\\WINDOWS\\system32\\cRtsrv(4).dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{67CB615C-7FAE-4445-BC76-7621E3585099}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{67CB615C-7FAE-4445-BC76-7621E3585099}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{67CB615C-7FAE-4445-BC76-7621E3585099}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{67CB615C-7FAE-4445-BC76-7621E3585099}\InprocServer32]
@="C:\\WINDOWS\\system32\\nqshrui(2).dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9F4D7BBB-9F60-4570-BE34-CECF059D7008}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9F4D7BBB-9F60-4570-BE34-CECF059D7008}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9F4D7BBB-9F60-4570-BE34-CECF059D7008}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9F4D7BBB-9F60-4570-BE34-CECF059D7008}\InprocServer32]
@="C:\\WINDOWS\\system32\\rDsdlg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4529B3B8-4B34-4203-A596-A4B968507218}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4529B3B8-4B34-4203-A596-A4B968507218}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4529B3B8-4B34-4203-A596-A4B968507218}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4529B3B8-4B34-4203-A596-A4B968507218}\InprocServer32]
@="C:\\WINDOWS\\system32\\mohtmler.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{03647437-058F-454B-9FD6-8A04B6E91DCE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{03647437-058F-454B-9FD6-8A04B6E91DCE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{03647437-058F-454B-9FD6-8A04B6E91DCE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{03647437-058F-454B-9FD6-8A04B6E91DCE}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1D364EA0-5EF4-4B53-ADD6-BBEE100D7355}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D364EA0-5EF4-4B53-ADD6-BBEE100D7355}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D364EA0-5EF4-4B53-ADD6-BBEE100D7355}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D364EA0-5EF4-4B53-ADD6-BBEE100D7355}\InprocServer32]
@="C:\\WINDOWS\\system32\\nydsapi(3).dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DE964DE8-65B2-4334-89AE-50A93614B07E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DE964DE8-65B2-4334-89AE-50A93614B07E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DE964DE8-65B2-4334-89AE-50A93614B07E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DE964DE8-65B2-4334-89AE-50A93614B07E}\InprocServer32]
@="C:\\WINDOWS\\system32\\xe_yuy2.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E515C16B-EC41-4614-B528-5487AC7088A2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E515C16B-EC41-4614-B528-5487AC7088A2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E515C16B-EC41-4614-B528-5487AC7088A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E515C16B-EC41-4614-B528-5487AC7088A2}\InprocServer32]
@="C:\\WINDOWS\\system32\\rlched20.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 4453-C01F

Directory of C:\WINDOWS\System32

06/14/2005 09:50 PM 234,582 ir8ml5l11.dll
06/14/2005 06:34 PM 236,091 mv0ql9d51.dll
06/13/2005 09:48 AM 235,826 lvp4097qe.dll
06/12/2005 11:08 PM 236,571 hr4s05h7e.dll
06/12/2005 06:03 PM 234,582 kt40l7hm1.dll
06/11/2005 02:20 PM 235,826 kt68l7ju1.dll
06/08/2005 09:13 AM 233,691 kidit.dll
06/06/2005 08:15 PM 233,939 g0040adqed0e0.dll
06/06/2005 08:28 AM 235,250 c2000cdmef0a0.dll
06/01/2005 03:10 PM 233,939 rzpdd.dll
05/31/2005 05:16 PM 234,473 j26mlcj11fo.dll
05/31/2005 12:17 PM 233,311 strio800.dll
05/30/2005 11:04 PM 235,256 q868liju18o8.dll
05/29/2005 01:39 PM 233,311 dnnhupnp.dll
05/29/2005 01:39 PM 233,906 hrrq0595e.dll
05/25/2005 09:17 AM 430,080 n?tepad.exe
05/25/2005 09:10 AM 430,080 ??ool32.exe
05/21/2005 09:29 AM <DIR> dllcache
05/20/2005 08:16 PM 235,487 tfkwks(3).dll
05/20/2005 08:16 PM 236,797 g0jola131d.dll
05/20/2005 08:15 PM 235,487 rhgapi(3).dll
05/20/2005 08:15 PM 233,662 p2n8lc5u1f.dll
05/11/2005 11:26 AM 235,743 n4r2le9o1h.dll
05/10/2005 08:27 PM 234,732 m0640ajqedoe0.dll
05/10/2005 06:47 PM 235,360 k880lilm18qa.dll
05/10/2005 06:25 PM 234,272 mrinsctl.dll
05/10/2005 05:25 PM 234,272 jJvaee.dll
05/10/2005 05:25 PM 234,272 iw50_32.dll
05/10/2005 03:25 PM 236,254 vrmredir.dll
05/10/2005 03:25 PM 232,852 ktn2l75o1.dll
05/09/2005 10:23 PM 236,254 i0060adsed060.dll
05/06/2005 10:19 AM 232,657 nemarta(3).dll
05/03/2005 02:29 PM 232,321 ukhisapi.dll
05/02/2005 09:44 PM 236,254 okbc16gt.dll
05/02/2005 02:32 PM 234,527 k0260afsed260.dll
05/02/2005 08:57 AM 236,254 tmkwks(3).dll
05/01/2005 05:09 PM 233,249 r66ulgj916o.dll
05/01/2005 05:08 PM 233,249 micsubs(3).dll
05/01/2005 05:07 PM 233,249 ip50_qc.dll
04/30/2005 09:07 PM 233,249 gp64l3jq1.dll
04/30/2005 11:57 AM 233,249 fp4203hoe.dll
04/30/2005 11:55 AM 233,249 zypfldr.dll
04/30/2005 11:55 AM 233,507 j8n20i5oe8.dll
04/30/2005 11:54 AM 233,249 VZ6STKIT.DLL
04/29/2005 11:33 PM 235,009 gp02l3do1.dll
04/28/2005 08:06 AM 233,492 cRtsrv(4).dll
04/25/2005 11:14 PM 233,266 m6640gjqe6oe0.dll
04/25/2005 11:01 PM 235,565 jt0607dse.dll
04/25/2005 04:46 PM 232,823 kt0ml7d11.dll
04/25/2005 04:32 PM 232,823 whvdmoe2.dll
04/25/2005 04:30 PM 234,582 mvnsl9571.dll
04/25/2005 04:27 PM 233,836 gpj0l31m1.dll
04/25/2005 04:25 PM 233,231 g8040idqe80e0.dll
04/25/2005 09:40 AM 233,205 n28o0cl3efq.dll
04/25/2005 09:29 AM 234,805 t28ulcl91fq.dll
04/25/2005 09:27 AM 233,444 dn2601fse.dll
04/25/2005 09:24 AM 233,818 hrru0599e.dll
04/24/2005 09:40 PM 235,532 hr4405hqe.dll
04/24/2005 07:49 PM 232,823 mvrml9911.dll
04/24/2005 11:26 AM 235,532 m4460ehseh460.dll
04/23/2005 10:53 PM 233,578 k8noli5318.dll
04/23/2005 10:49 PM 233,578 ptbase(3).dll
04/23/2005 09:25 PM 233,578 kfdusl.dll
04/23/2005 09:16 PM 233,578 dn6601jse.dll
04/23/2005 08:56 AM 233,578 mv42l9ho1.dll
04/19/2005 08:53 PM 233,578 en68l1ju1.dll
04/19/2005 09:24 AM 233,578 kt04l7dq1.dll
04/19/2005 09:09 AM 233,578 k4800elmehqa0.dll
04/18/2005 06:04 PM 233,578 lvro0993e.dll
04/17/2005 04:48 PM 232,897 hrn2055oe.dll
04/15/2005 09:09 AM 232,897 eaentprf.dll
04/09/2005 06:17 PM 235,313 imxwan.dll
04/09/2005 05:55 PM 235,313 mhvcrt(3).dll
04/08/2005 08:25 AM 234,893 cjseqchk.dll
04/06/2005 08:32 PM 234,336 txpmib.dll
04/06/2005 05:08 PM 234,336 hzui.dll
04/06/2005 10:12 AM 234,336 urnp(4).dll
04/06/2005 08:06 AM 234,336 wopencen.dll
04/05/2005 10:45 AM 235,089 d2j0lc1m1f.dll
04/01/2005 11:41 PM 232,664 j8l4li3q18.dll
03/22/2005 09:33 AM 234,645 irrul5991.dll
03/22/2005 09:16 AM 234,645 PBDrSystemInformation.dll
03/17/2005 02:35 PM 233,622 jt6407jqe.dll
03/17/2005 11:42 AM 233,622 szellstyle.dll
03/17/2005 09:32 AM 475 dkdsri.dll
03/16/2005 11:08 PM 233,248 dllayx(2).dll
03/16/2005 11:07 PM 233,248 dosapi(3).dll
03/16/2005 11:07 PM 232,736 dzrpsetu.dll
03/15/2005 12:47 AM 232,736 lv0s09d7e.dll
03/14/2005 05:59 PM 176,362 JfwiDi.exe
03/14/2005 04:49 PM 232,736 u8ru0i99e8.dll
03/14/2005 11:09 AM 232,736 jt8o07l3e.dll
03/12/2005 09:32 AM 232,736 mwxml3a.dll
06/21/2004 10:58 PM 190,545 bcsdvtn.dat
06/01/2004 12:43 AM <DIR> Microsoft
93 File(s) 21,830,911 bytes
2 Dir(s) 29,592,764,416 bytes free

I REALLY APRECIATE IF YOU ARE HELPING ME... thanks for real.
  • 0

Advertisements


#2
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log, and we'll clean up what's left. :tazz:

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
  • 0

#3
emuworld

emuworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Here it is...

Something else, every single time I log on to windows the Mcaffee Antivirus is DISABLE, i don't know why this is happening.... anyways thanks....

here it is :

L2Mfix 1.03

Running From:
C:\Documents and Settings\Ariel Perez Monagas\Desktop\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting up for Reboot


Starting Reboot!

C:\Documents and Settings\Ariel Perez Monagas\Desktop\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\Ariel Perez Monagas\Desktop\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 2008 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\c2000cdmef0a0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cjseqchk.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cRtsrv(4).dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\d2j0lc1m1f.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dllayx(2).dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dn2601fse.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dn2o01f3e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dn6601jse.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dnnhupnp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dosapi(3).dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dzrpsetu.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\eaentprf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en68l1ju1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fp4203hoe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\g0040adqed0e0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\g0jola131d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\g8040idqe80e0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gp02l3do1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gp64l3jq1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gpj0l31m1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hr4405hqe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hr4s05h7e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hrn2055oe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hrrq0595e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hrru0599e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hzui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\i0060adsed060.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\imxwan.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ip50_qc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irrul5991.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iw50_32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j26mlcj11fo.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j8l4li3q18.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j8n20i5oe8.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jJvaee.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jt0607dse.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jt6407jqe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jt8o07l3e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k0260afsed260.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k4800elmehqa0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k880lilm18qa.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k8noli5318.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kfdusl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kidit.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kt04l7dq1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kt0ml7d11.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kt40l7hm1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kt68l7ju1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ktn2l75o1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lv0s09d7e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvp4097qe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvro0993e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m0640ajqedoe0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m4460ehseh460.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m6640gjqe6oe0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mhvcrt(3).dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\micsubs(3).dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mrinsctl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mv42l9ho1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mvnsl9571.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mvrml9911.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mvwsock(4).dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mwxml3a.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n28o0cl3efq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n4r2le9o1h.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nemarta(3).dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\okbc16gt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\p2n8lc5u1f.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\PBDrSystemInformation.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ptbase(3).dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\q868liju18o8.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\r66ulgj916o.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rhgapi(3).dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rzpdd.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\strio800.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\szellstyle.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\t28ulcl91fq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\tfkwks(3).dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\tmkwks(3).dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\txpmib.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\u8ru0i99e8.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ukhisapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\urnp(4).dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\vrmredir.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\VZ6STKIT.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\whvdmoe2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wopencen.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\zypfldr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINDOWS\system32\c2000cdmef0a0.dll
Successfully Deleted: C:\WINDOWS\system32\c2000cdmef0a0.dll
deleting: C:\WINDOWS\system32\cjseqchk.dll
Successfully Deleted: C:\WINDOWS\system32\cjseqchk.dll
deleting: C:\WINDOWS\system32\cRtsrv(4).dll
Successfully Deleted: C:\WINDOWS\system32\cRtsrv(4).dll
deleting: C:\WINDOWS\system32\d2j0lc1m1f.dll
Successfully Deleted: C:\WINDOWS\system32\d2j0lc1m1f.dll
deleting: C:\WINDOWS\system32\dllayx(2).dll
Successfully Deleted: C:\WINDOWS\system32\dllayx(2).dll
deleting: C:\WINDOWS\system32\dn2601fse.dll
Successfully Deleted: C:\WINDOWS\system32\dn2601fse.dll
deleting: C:\WINDOWS\system32\dn2o01f3e.dll
Successfully Deleted: C:\WINDOWS\system32\dn2o01f3e.dll
deleting: C:\WINDOWS\system32\dn6601jse.dll
Successfully Deleted: C:\WINDOWS\system32\dn6601jse.dll
deleting: C:\WINDOWS\system32\dnnhupnp.dll
Successfully Deleted: C:\WINDOWS\system32\dnnhupnp.dll
deleting: C:\WINDOWS\system32\dosapi(3).dll
Successfully Deleted: C:\WINDOWS\system32\dosapi(3).dll
deleting: C:\WINDOWS\system32\dzrpsetu.dll
Successfully Deleted: C:\WINDOWS\system32\dzrpsetu.dll
deleting: C:\WINDOWS\system32\eaentprf.dll
Successfully Deleted: C:\WINDOWS\system32\eaentprf.dll
deleting: C:\WINDOWS\system32\en68l1ju1.dll
Successfully Deleted: C:\WINDOWS\system32\en68l1ju1.dll
deleting: C:\WINDOWS\system32\fp4203hoe.dll
Successfully Deleted: C:\WINDOWS\system32\fp4203hoe.dll
deleting: C:\WINDOWS\system32\g0040adqed0e0.dll
Successfully Deleted: C:\WINDOWS\system32\g0040adqed0e0.dll
deleting: C:\WINDOWS\system32\g0jola131d.dll
Successfully Deleted: C:\WINDOWS\system32\g0jola131d.dll
deleting: C:\WINDOWS\system32\g8040idqe80e0.dll
Successfully Deleted: C:\WINDOWS\system32\g8040idqe80e0.dll
deleting: C:\WINDOWS\system32\gp02l3do1.dll
Successfully Deleted: C:\WINDOWS\system32\gp02l3do1.dll
deleting: C:\WINDOWS\system32\gp64l3jq1.dll
Successfully Deleted: C:\WINDOWS\system32\gp64l3jq1.dll
deleting: C:\WINDOWS\system32\gpj0l31m1.dll
Successfully Deleted: C:\WINDOWS\system32\gpj0l31m1.dll
deleting: C:\WINDOWS\system32\hr4405hqe.dll
Successfully Deleted: C:\WINDOWS\system32\hr4405hqe.dll
deleting: C:\WINDOWS\system32\hr4s05h7e.dll
Successfully Deleted: C:\WINDOWS\system32\hr4s05h7e.dll
deleting: C:\WINDOWS\system32\hrn2055oe.dll
Successfully Deleted: C:\WINDOWS\system32\hrn2055oe.dll
deleting: C:\WINDOWS\system32\hrrq0595e.dll
Successfully Deleted: C:\WINDOWS\system32\hrrq0595e.dll
deleting: C:\WINDOWS\system32\hrru0599e.dll
Successfully Deleted: C:\WINDOWS\system32\hrru0599e.dll
deleting: C:\WINDOWS\system32\hzui.dll
Successfully Deleted: C:\WINDOWS\system32\hzui.dll
deleting: C:\WINDOWS\system32\i0060adsed060.dll
Successfully Deleted: C:\WINDOWS\system32\i0060adsed060.dll
deleting: C:\WINDOWS\system32\imxwan.dll
Successfully Deleted: C:\WINDOWS\system32\imxwan.dll
deleting: C:\WINDOWS\system32\ip50_qc.dll
Successfully Deleted: C:\WINDOWS\system32\ip50_qc.dll
deleting: C:\WINDOWS\system32\irrul5991.dll
Successfully Deleted: C:\WINDOWS\system32\irrul5991.dll
deleting: C:\WINDOWS\system32\iw50_32.dll
Successfully Deleted: C:\WINDOWS\system32\iw50_32.dll
deleting: C:\WINDOWS\system32\j26mlcj11fo.dll
Successfully Deleted: C:\WINDOWS\system32\j26mlcj11fo.dll
deleting: C:\WINDOWS\system32\j8l4li3q18.dll
Successfully Deleted: C:\WINDOWS\system32\j8l4li3q18.dll
deleting: C:\WINDOWS\system32\j8n20i5oe8.dll
Successfully Deleted: C:\WINDOWS\system32\j8n20i5oe8.dll
deleting: C:\WINDOWS\system32\jJvaee.dll
Successfully Deleted: C:\WINDOWS\system32\jJvaee.dll
deleting: C:\WINDOWS\system32\jt0607dse.dll
Successfully Deleted: C:\WINDOWS\system32\jt0607dse.dll
deleting: C:\WINDOWS\system32\jt6407jqe.dll
Successfully Deleted: C:\WINDOWS\system32\jt6407jqe.dll
deleting: C:\WINDOWS\system32\jt8o07l3e.dll
Successfully Deleted: C:\WINDOWS\system32\jt8o07l3e.dll
deleting: C:\WINDOWS\system32\k0260afsed260.dll
Successfully Deleted: C:\WINDOWS\system32\k0260afsed260.dll
deleting: C:\WINDOWS\system32\k4800elmehqa0.dll
Successfully Deleted: C:\WINDOWS\system32\k4800elmehqa0.dll
deleting: C:\WINDOWS\system32\k880lilm18qa.dll
Successfully Deleted: C:\WINDOWS\system32\k880lilm18qa.dll
deleting: C:\WINDOWS\system32\k8noli5318.dll
Successfully Deleted: C:\WINDOWS\system32\k8noli5318.dll
deleting: C:\WINDOWS\system32\kfdusl.dll
Successfully Deleted: C:\WINDOWS\system32\kfdusl.dll
deleting: C:\WINDOWS\system32\kidit.dll
Successfully Deleted: C:\WINDOWS\system32\kidit.dll
deleting: C:\WINDOWS\system32\kt04l7dq1.dll
Successfully Deleted: C:\WINDOWS\system32\kt04l7dq1.dll
deleting: C:\WINDOWS\system32\kt0ml7d11.dll
Successfully Deleted: C:\WINDOWS\system32\kt0ml7d11.dll
deleting: C:\WINDOWS\system32\kt40l7hm1.dll
Successfully Deleted: C:\WINDOWS\system32\kt40l7hm1.dll
deleting: C:\WINDOWS\system32\kt68l7ju1.dll
Successfully Deleted: C:\WINDOWS\system32\kt68l7ju1.dll
deleting: C:\WINDOWS\system32\ktn2l75o1.dll
Successfully Deleted: C:\WINDOWS\system32\ktn2l75o1.dll
deleting: C:\WINDOWS\system32\lv0s09d7e.dll
Successfully Deleted: C:\WINDOWS\system32\lv0s09d7e.dll
deleting: C:\WINDOWS\system32\lvp4097qe.dll
Successfully Deleted: C:\WINDOWS\system32\lvp4097qe.dll
deleting: C:\WINDOWS\system32\lvro0993e.dll
Successfully Deleted: C:\WINDOWS\system32\lvro0993e.dll
deleting: C:\WINDOWS\system32\m0640ajqedoe0.dll
Successfully Deleted: C:\WINDOWS\system32\m0640ajqedoe0.dll
deleting: C:\WINDOWS\system32\m4460ehseh460.dll
Successfully Deleted: C:\WINDOWS\system32\m4460ehseh460.dll
deleting: C:\WINDOWS\system32\m6640gjqe6oe0.dll
Successfully Deleted: C:\WINDOWS\system32\m6640gjqe6oe0.dll
deleting: C:\WINDOWS\system32\mhvcrt(3).dll
Successfully Deleted: C:\WINDOWS\system32\mhvcrt(3).dll
deleting: C:\WINDOWS\system32\micsubs(3).dll
Successfully Deleted: C:\WINDOWS\system32\micsubs(3).dll
deleting: C:\WINDOWS\system32\mrinsctl.dll
Successfully Deleted: C:\WINDOWS\system32\mrinsctl.dll
deleting: C:\WINDOWS\system32\mv42l9ho1.dll
Successfully Deleted: C:\WINDOWS\system32\mv42l9ho1.dll
deleting: C:\WINDOWS\system32\mvnsl9571.dll
Successfully Deleted: C:\WINDOWS\system32\mvnsl9571.dll
deleting: C:\WINDOWS\system32\mvrml9911.dll
Successfully Deleted: C:\WINDOWS\system32\mvrml9911.dll
deleting: C:\WINDOWS\system32\mvwsock(4).dll
Successfully Deleted: C:\WINDOWS\system32\mvwsock(4).dll
deleting: C:\WINDOWS\system32\mwxml3a.dll
Successfully Deleted: C:\WINDOWS\system32\mwxml3a.dll
deleting: C:\WINDOWS\system32\n28o0cl3efq.dll
Successfully Deleted: C:\WINDOWS\system32\n28o0cl3efq.dll
deleting: C:\WINDOWS\system32\n4r2le9o1h.dll
Successfully Deleted: C:\WINDOWS\system32\n4r2le9o1h.dll
deleting: C:\WINDOWS\system32\nemarta(3).dll
Successfully Deleted: C:\WINDOWS\system32\nemarta(3).dll
deleting: C:\WINDOWS\system32\okbc16gt.dll
Successfully Deleted: C:\WINDOWS\system32\okbc16gt.dll
deleting: C:\WINDOWS\system32\p2n8lc5u1f.dll
Successfully Deleted: C:\WINDOWS\system32\p2n8lc5u1f.dll
deleting: C:\WINDOWS\system32\PBDrSystemInformation.dll
Successfully Deleted: C:\WINDOWS\system32\PBDrSystemInformation.dll
deleting: C:\WINDOWS\system32\ptbase(3).dll
Successfully Deleted: C:\WINDOWS\system32\ptbase(3).dll
deleting: C:\WINDOWS\system32\q868liju18o8.dll
Successfully Deleted: C:\WINDOWS\system32\q868liju18o8.dll
deleting: C:\WINDOWS\system32\r66ulgj916o.dll
Successfully Deleted: C:\WINDOWS\system32\r66ulgj916o.dll
deleting: C:\WINDOWS\system32\rhgapi(3).dll
Successfully Deleted: C:\WINDOWS\system32\rhgapi(3).dll
deleting: C:\WINDOWS\system32\rzpdd.dll
Successfully Deleted: C:\WINDOWS\system32\rzpdd.dll
deleting: C:\WINDOWS\system32\strio800.dll
Successfully Deleted: C:\WINDOWS\system32\strio800.dll
deleting: C:\WINDOWS\system32\szellstyle.dll
Successfully Deleted: C:\WINDOWS\system32\szellstyle.dll
deleting: C:\WINDOWS\system32\t28ulcl91fq.dll
Successfully Deleted: C:\WINDOWS\system32\t28ulcl91fq.dll
deleting: C:\WINDOWS\system32\tfkwks(3).dll
Successfully Deleted: C:\WINDOWS\system32\tfkwks(3).dll
deleting: C:\WINDOWS\system32\tmkwks(3).dll
Successfully Deleted: C:\WINDOWS\system32\tmkwks(3).dll
deleting: C:\WINDOWS\system32\txpmib.dll
Successfully Deleted: C:\WINDOWS\system32\txpmib.dll
deleting: C:\WINDOWS\system32\u8ru0i99e8.dll
Successfully Deleted: C:\WINDOWS\system32\u8ru0i99e8.dll
deleting: C:\WINDOWS\system32\ukhisapi.dll
Successfully Deleted: C:\WINDOWS\system32\ukhisapi.dll
deleting: C:\WINDOWS\system32\urnp(4).dll
Successfully Deleted: C:\WINDOWS\system32\urnp(4).dll
deleting: C:\WINDOWS\system32\vrmredir.dll
Successfully Deleted: C:\WINDOWS\system32\vrmredir.dll
deleting: C:\WINDOWS\system32\VZ6STKIT.DLL
Successfully Deleted: C:\WINDOWS\system32\VZ6STKIT.DLL
deleting: C:\WINDOWS\system32\whvdmoe2.dll
Successfully Deleted: C:\WINDOWS\system32\whvdmoe2.dll
deleting: C:\WINDOWS\system32\wopencen.dll
Successfully Deleted: C:\WINDOWS\system32\wopencen.dll
deleting: C:\WINDOWS\system32\zypfldr.dll
Successfully Deleted: C:\WINDOWS\system32\zypfldr.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp


Zipping up files for submission:
adding: c2000cdmef0a0.dll (164 bytes security) (deflated 5%)
adding: cjseqchk.dll (164 bytes security) (deflated 5%)
adding: cRtsrv(4).dll (164 bytes security) (deflated 5%)
adding: d2j0lc1m1f.dll (164 bytes security) (deflated 5%)
adding: dllayx(2).dll (164 bytes security) (deflated 4%)
adding: dn2601fse.dll (164 bytes security) (deflated 5%)
adding: dn2o01f3e.dll (164 bytes security) (deflated 5%)
adding: dn6601jse.dll (164 bytes security) (deflated 5%)
adding: dnnhupnp.dll (164 bytes security) (deflated 4%)
adding: dosapi(3).dll (164 bytes security) (deflated 4%)
adding: dzrpsetu.dll (164 bytes security) (deflated 4%)
adding: eaentprf.dll (164 bytes security) (deflated 4%)
adding: en68l1ju1.dll (164 bytes security) (deflated 5%)
adding: fp4203hoe.dll (164 bytes security) (deflated 4%)
adding: g0040adqed0e0.dll (164 bytes security) (deflated 5%)
adding: g0jola131d.dll (164 bytes security) (deflated 5%)
adding: g8040idqe80e0.dll (164 bytes security) (deflated 4%)
adding: gp02l3do1.dll (164 bytes security) (deflated 5%)
adding: gp64l3jq1.dll (164 bytes security) (deflated 4%)
adding: gpj0l31m1.dll (164 bytes security) (deflated 5%)
adding: hr4405hqe.dll (164 bytes security) (deflated 5%)
adding: hr4s05h7e.dll (164 bytes security) (deflated 6%)
adding: hrn2055oe.dll (164 bytes security) (deflated 4%)
adding: hrrq0595e.dll (164 bytes security) (deflated 5%)
adding: hrru0599e.dll (164 bytes security) (deflated 5%)
adding: hzui.dll (164 bytes security) (deflated 5%)
adding: i0060adsed060.dll (164 bytes security) (deflated 6%)
adding: imxwan.dll (164 bytes security) (deflated 5%)
adding: ip50_qc.dll (164 bytes security) (deflated 4%)
adding: irrul5991.dll (164 bytes security) (deflated 5%)
adding: iw50_32.dll (164 bytes security) (deflated 4%)
adding: j26mlcj11fo.dll (164 bytes security) (deflated 5%)
adding: j8l4li3q18.dll (164 bytes security) (deflated 4%)
adding: j8n20i5oe8.dll (164 bytes security) (deflated 5%)
adding: jJvaee.dll (164 bytes security) (deflated 4%)
adding: jt0607dse.dll (164 bytes security) (deflated 5%)
adding: jt6407jqe.dll (164 bytes security) (deflated 4%)
adding: jt8o07l3e.dll (164 bytes security) (deflated 4%)
adding: k0260afsed260.dll (164 bytes security) (deflated 5%)
adding: k4800elmehqa0.dll (164 bytes security) (deflated 5%)
adding: k880lilm18qa.dll (164 bytes security) (deflated 5%)
adding: k8noli5318.dll (164 bytes security) (deflated 5%)
adding: kfdusl.dll (164 bytes security) (deflated 5%)
adding: kidit.dll (164 bytes security) (deflated 4%)
adding: kt04l7dq1.dll (164 bytes security) (deflated 5%)
adding: kt0ml7d11.dll (164 bytes security) (deflated 4%)
adding: kt40l7hm1.dll (164 bytes security) (deflated 5%)
adding: kt68l7ju1.dll (164 bytes security) (deflated 5%)
adding: ktn2l75o1.dll (164 bytes security) (deflated 4%)
adding: lv0s09d7e.dll (164 bytes security) (deflated 4%)
adding: lvp4097qe.dll (164 bytes security) (deflated 5%)
adding: lvro0993e.dll (164 bytes security) (deflated 5%)
adding: m0640ajqedoe0.dll (164 bytes security) (deflated 5%)
adding: m4460ehseh460.dll (164 bytes security) (deflated 5%)
adding: m6640gjqe6oe0.dll (164 bytes security) (deflated 4%)
adding: mhvcrt(3).dll (164 bytes security) (deflated 5%)
adding: micsubs(3).dll (164 bytes security) (deflated 4%)
adding: mrinsctl.dll (164 bytes security) (deflated 4%)
adding: mv42l9ho1.dll (164 bytes security) (deflated 5%)
adding: mvnsl9571.dll (164 bytes security) (deflated 5%)
adding: mvrml9911.dll (164 bytes security) (deflated 4%)
adding: mvwsock(4).dll (164 bytes security) (deflated 4%)
adding: mwxml3a.dll (164 bytes security) (deflated 4%)
adding: n28o0cl3efq.dll (164 bytes security) (deflated 4%)
adding: n4r2le9o1h.dll (164 bytes security) (deflated 5%)
adding: nemarta(3).dll (164 bytes security) (deflated 4%)
adding: okbc16gt.dll (164 bytes security) (deflated 6%)
adding: p2n8lc5u1f.dll (164 bytes security) (deflated 4%)
adding: PBDrSystemInformation.dll (164 bytes security) (deflated 5%)
adding: ptbase(3).dll (164 bytes security) (deflated 5%)
adding: q868liju18o8.dll (164 bytes security) (deflated 5%)
adding: r66ulgj916o.dll (164 bytes security) (deflated 4%)
adding: rhgapi(3).dll (164 bytes security) (deflated 5%)
adding: rzpdd.dll (164 bytes security) (deflated 5%)
adding: strio800.dll (164 bytes security) (deflated 4%)
adding: szellstyle.dll (164 bytes security) (deflated 4%)
adding: t28ulcl91fq.dll (164 bytes security) (deflated 5%)
adding: tfkwks(3).dll (164 bytes security) (deflated 5%)
adding: tmkwks(3).dll (164 bytes security) (deflated 6%)
adding: txpmib.dll (164 bytes security) (deflated 5%)
adding: u8ru0i99e8.dll (164 bytes security) (deflated 4%)
adding: ukhisapi.dll (164 bytes security) (deflated 4%)
adding: urnp(4).dll (164 bytes security) (deflated 5%)
adding: vrmredir.dll (164 bytes security) (deflated 6%)
adding: VZ6STKIT.DLL (164 bytes security) (deflated 4%)
adding: whvdmoe2.dll (164 bytes security) (deflated 4%)
adding: wopencen.dll (164 bytes security) (deflated 5%)
adding: zypfldr.dll (164 bytes security) (deflated 4%)
adding: guard.tmp (164 bytes security) (deflated 5%)
adding: clear.reg (164 bytes security) (deflated 69%)
adding: echo.reg (164 bytes security) (deflated 10%)
adding: direct.txt (164 bytes security) (stored 0%)
adding: lo2.txt (164 bytes security) (deflated 88%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: report.txt (164 bytes security) (deflated 71%)
adding: test.txt (164 bytes security) (deflated 83%)
adding: test2.txt (164 bytes security) (deflated 48%)
adding: test3.txt (164 bytes security) (deflated 48%)
adding: test5.txt (164 bytes security) (deflated 48%)
adding: xfind.txt (164 bytes security) (deflated 78%)
adding: backregs/03647437-058F-454B-9FD6-8A04B6E91DCE.reg (164 bytes security) (deflated 70%)
adding: backregs/0723E8EB-1D93-447D-909B-0278BD7BF294.reg (164 bytes security) (deflated 70%)
adding: backregs/1D364EA0-5EF4-4B53-ADD6-BBEE100D7355.reg (164 bytes security) (deflated 70%)
adding: backregs/4529B3B8-4B34-4203-A596-A4B968507218.reg (164 bytes security) (deflated 70%)
adding: backregs/529760EF-729D-411B-B679-73290A4BA966.reg (164 bytes security) (deflated 70%)
adding: backregs/6074612B-F984-4D7D-8475-7775D8629CD9.reg (164 bytes security) (deflated 69%)
adding: backregs/67CB615C-7FAE-4445-BC76-7621E3585099.reg (164 bytes security) (deflated 70%)
adding: backregs/6A8ECA24-5FFD-4AC6-899F-AC6A0BE6A504.reg (164 bytes security) (deflated 70%)
adding: backregs/7B4F7512-F27A-43A8-ABEC-A10ED31D1BE9.reg (164 bytes security) (deflated 70%)
adding: backregs/84EA885B-BFAD-442B-AD45-AE0E5CFB6032.reg (164 bytes security) (deflated 70%)
adding: backregs/96EF9F72-8A02-426F-B91E-00BB9F7032BB.reg (164 bytes security) (deflated 70%)
adding: backregs/9F4D7BBB-9F60-4570-BE34-CECF059D7008.reg (164 bytes security) (deflated 70%)
adding: backregs/AE7990AC-90A2-47E8-BE13-C46B148F024D.reg (164 bytes security) (deflated 69%)
adding: backregs/B23D15CF-771A-4C09-85E5-6BDE03EE657A.reg (164 bytes security) (deflated 70%)
adding: backregs/C7936DD1-264C-4E96-A278-935EA53C2384.reg (164 bytes security) (deflated 70%)
adding: backregs/D8312C30-2DE1-46D2-9FC2-D57C05182A56.reg (164 bytes security) (deflated 70%)
adding: backregs/DE964DE8-65B2-4334-89AE-50A93614B07E.reg (164 bytes security) (deflated 70%)
adding: backregs/E515C16B-EC41-4614-B528-5487AC7088A2.reg (164 bytes security) (deflated 70%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful

deleting local copy: c2000cdmef0a0.dll
deleting local copy: cjseqchk.dll
deleting local copy: cRtsrv(4).dll
deleting local copy: d2j0lc1m1f.dll
deleting local copy: dllayx(2).dll
deleting local copy: dn2601fse.dll
deleting local copy: dn2o01f3e.dll
deleting local copy: dn6601jse.dll
deleting local copy: dnnhupnp.dll
deleting local copy: dosapi(3).dll
deleting local copy: dzrpsetu.dll
deleting local copy: eaentprf.dll
deleting local copy: en68l1ju1.dll
deleting local copy: fp4203hoe.dll
deleting local copy: g0040adqed0e0.dll
deleting local copy: g0jola131d.dll
deleting local copy: g8040idqe80e0.dll
deleting local copy: gp02l3do1.dll
deleting local copy: gp64l3jq1.dll
deleting local copy: gpj0l31m1.dll
deleting local copy: hr4405hqe.dll
deleting local copy: hr4s05h7e.dll
deleting local copy: hrn2055oe.dll
deleting local copy: hrrq0595e.dll
deleting local copy: hrru0599e.dll
deleting local copy: hzui.dll
deleting local copy: i0060adsed060.dll
deleting local copy: imxwan.dll
deleting local copy: ip50_qc.dll
deleting local copy: irrul5991.dll
deleting local copy: iw50_32.dll
deleting local copy: j26mlcj11fo.dll
deleting local copy: j8l4li3q18.dll
deleting local copy: j8n20i5oe8.dll
deleting local copy: jJvaee.dll
deleting local copy: jt0607dse.dll
deleting local copy: jt6407jqe.dll
deleting local copy: jt8o07l3e.dll
deleting local copy: k0260afsed260.dll
deleting local copy: k4800elmehqa0.dll
deleting local copy: k880lilm18qa.dll
deleting local copy: k8noli5318.dll
deleting local copy: kfdusl.dll
deleting local copy: kidit.dll
deleting local copy: kt04l7dq1.dll
deleting local copy: kt0ml7d11.dll
deleting local copy: kt40l7hm1.dll
deleting local copy: kt68l7ju1.dll
deleting local copy: ktn2l75o1.dll
deleting local copy: lv0s09d7e.dll
deleting local copy: lvp4097qe.dll
deleting local copy: lvro0993e.dll
deleting local copy: m0640ajqedoe0.dll
deleting local copy: m4460ehseh460.dll
deleting local copy: m6640gjqe6oe0.dll
deleting local copy: mhvcrt(3).dll
deleting local copy: micsubs(3).dll
deleting local copy: mrinsctl.dll
deleting local copy: mv42l9ho1.dll
deleting local copy: mvnsl9571.dll
deleting local copy: mvrml9911.dll
deleting local copy: mvwsock(4).dll
deleting local copy: mwxml3a.dll
deleting local copy: n28o0cl3efq.dll
deleting local copy: n4r2le9o1h.dll
deleting local copy: nemarta(3).dll
deleting local copy: okbc16gt.dll
deleting local copy: p2n8lc5u1f.dll
deleting local copy: PBDrSystemInformation.dll
deleting local copy: ptbase(3).dll
deleting local copy: q868liju18o8.dll
deleting local copy: r66ulgj916o.dll
deleting local copy: rhgapi(3).dll
deleting local copy: rzpdd.dll
deleting local copy: strio800.dll
deleting local copy: szellstyle.dll
deleting local copy: t28ulcl91fq.dll
deleting local copy: tfkwks(3).dll
deleting local copy: tmkwks(3).dll
deleting local copy: txpmib.dll
deleting local copy: u8ru0i99e8.dll
deleting local copy: ukhisapi.dll
deleting local copy: urnp(4).dll
deleting local copy: vrmredir.dll
deleting local copy: VZ6STKIT.DLL
deleting local copy: whvdmoe2.dll
deleting local copy: wopencen.dll
deleting local copy: zypfldr.dll
deleting local copy: guard.tmp

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\c2000cdmef0a0.dll
C:\WINDOWS\system32\cjseqchk.dll
C:\WINDOWS\system32\cRtsrv(4).dll
C:\WINDOWS\system32\d2j0lc1m1f.dll
C:\WINDOWS\system32\dllayx(2).dll
C:\WINDOWS\system32\dn2601fse.dll
C:\WINDOWS\system32\dn2o01f3e.dll
C:\WINDOWS\system32\dn6601jse.dll
C:\WINDOWS\system32\dnnhupnp.dll
C:\WINDOWS\system32\dosapi(3).dll
C:\WINDOWS\system32\dzrpsetu.dll
C:\WINDOWS\system32\eaentprf.dll
C:\WINDOWS\system32\en68l1ju1.dll
C:\WINDOWS\system32\fp4203hoe.dll
C:\WINDOWS\system32\g0040adqed0e0.dll
C:\WINDOWS\system32\g0jola131d.dll
C:\WINDOWS\system32\g8040idqe80e0.dll
C:\WINDOWS\system32\gp02l3do1.dll
C:\WINDOWS\system32\gp64l3jq1.dll
C:\WINDOWS\system32\gpj0l31m1.dll
C:\WINDOWS\system32\hr4405hqe.dll
C:\WINDOWS\system32\hr4s05h7e.dll
C:\WINDOWS\system32\hrn2055oe.dll
C:\WINDOWS\system32\hrrq0595e.dll
C:\WINDOWS\system32\hrru0599e.dll
C:\WINDOWS\system32\hzui.dll
C:\WINDOWS\system32\i0060adsed060.dll
C:\WINDOWS\system32\imxwan.dll
C:\WINDOWS\system32\ip50_qc.dll
C:\WINDOWS\system32\irrul5991.dll
C:\WINDOWS\system32\iw50_32.dll
C:\WINDOWS\system32\j26mlcj11fo.dll
C:\WINDOWS\system32\j8l4li3q18.dll
C:\WINDOWS\system32\j8n20i5oe8.dll
C:\WINDOWS\system32\jJvaee.dll
C:\WINDOWS\system32\jt0607dse.dll
C:\WINDOWS\system32\jt6407jqe.dll
C:\WINDOWS\system32\jt8o07l3e.dll
C:\WINDOWS\system32\k0260afsed260.dll
C:\WINDOWS\system32\k4800elmehqa0.dll
C:\WINDOWS\system32\k880lilm18qa.dll
C:\WINDOWS\system32\k8noli5318.dll
C:\WINDOWS\system32\kfdusl.dll
C:\WINDOWS\system32\kidit.dll
C:\WINDOWS\system32\kt04l7dq1.dll
C:\WINDOWS\system32\kt0ml7d11.dll
C:\WINDOWS\system32\kt40l7hm1.dll
C:\WINDOWS\system32\kt68l7ju1.dll
C:\WINDOWS\system32\ktn2l75o1.dll
C:\WINDOWS\system32\lv0s09d7e.dll
C:\WINDOWS\system32\lvp4097qe.dll
C:\WINDOWS\system32\lvro0993e.dll
C:\WINDOWS\system32\m0640ajqedoe0.dll
C:\WINDOWS\system32\m4460ehseh460.dll
C:\WINDOWS\system32\m6640gjqe6oe0.dll
C:\WINDOWS\system32\mhvcrt(3).dll
C:\WINDOWS\system32\micsubs(3).dll
C:\WINDOWS\system32\mrinsctl.dll
C:\WINDOWS\system32\mv42l9ho1.dll
C:\WINDOWS\system32\mvnsl9571.dll
C:\WINDOWS\system32\mvrml9911.dll
C:\WINDOWS\system32\mvwsock(4).dll
C:\WINDOWS\system32\mwxml3a.dll
C:\WINDOWS\system32\n28o0cl3efq.dll
C:\WINDOWS\system32\n4r2le9o1h.dll
C:\WINDOWS\system32\nemarta(3).dll
C:\WINDOWS\system32\okbc16gt.dll
C:\WINDOWS\system32\p2n8lc5u1f.dll
C:\WINDOWS\system32\PBDrSystemInformation.dll
C:\WINDOWS\system32\ptbase(3).dll
C:\WINDOWS\system32\q868liju18o8.dll
C:\WINDOWS\system32\r66ulgj916o.dll
C:\WINDOWS\system32\rhgapi(3).dll
C:\WINDOWS\system32\rzpdd.dll
C:\WINDOWS\system32\strio800.dll
C:\WINDOWS\system32\szellstyle.dll
C:\WINDOWS\system32\t28ulcl91fq.dll
C:\WINDOWS\system32\tfkwks(3).dll
C:\WINDOWS\system32\tmkwks(3).dll
C:\WINDOWS\system32\txpmib.dll
C:\WINDOWS\system32\u8ru0i99e8.dll
C:\WINDOWS\system32\ukhisapi.dll
C:\WINDOWS\system32\urnp(4).dll
C:\WINDOWS\system32\vrmredir.dll
C:\WINDOWS\system32\VZ6STKIT.DLL
C:\WINDOWS\system32\whvdmoe2.dll
C:\WINDOWS\system32\wopencen.dll
C:\WINDOWS\system32\zypfldr.dll
C:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{AE7990AC-90A2-47E8-BE13-C46B148F024D}"=-
"{D8312C30-2DE1-46D2-9FC2-D57C05182A56}"=-
"{0723E8EB-1D93-447D-909B-0278BD7BF294}"=-
"{B23D15CF-771A-4C09-85E5-6BDE03EE657A}"=-
"{529760EF-729D-411B-B679-73290A4BA966}"=-
"{6A8ECA24-5FFD-4AC6-899F-AC6A0BE6A504}"=-
"{6074612B-F984-4D7D-8475-7775D8629CD9}"=-
"{7B4F7512-F27A-43A8-ABEC-A10ED31D1BE9}"=-
"{C7936DD1-264C-4E96-A278-935EA53C2384}"=-
"{84EA885B-BFAD-442B-AD45-AE0E5CFB6032}"=-
"{96EF9F72-8A02-426F-B91E-00BB9F7032BB}"=-
"{67CB615C-7FAE-4445-BC76-7621E3585099}"=-
"{9F4D7BBB-9F60-4570-BE34-CECF059D7008}"=-
"{4529B3B8-4B34-4203-A596-A4B968507218}"=-
"{03647437-058F-454B-9FD6-8A04B6E91DCE}"=-
"{1D364EA0-5EF4-4B53-ADD6-BBEE100D7355}"=-
"{DE964DE8-65B2-4334-89AE-50A93614B07E}"=-
"{E515C16B-EC41-4614-B528-5487AC7088A2}"=-
[-HKEY_CLASSES_ROOT\CLSID\{AE7990AC-90A2-47E8-BE13-C46B148F024D}]
[-HKEY_CLASSES_ROOT\CLSID\{D8312C30-2DE1-46D2-9FC2-D57C05182A56}]
[-HKEY_CLASSES_ROOT\CLSID\{0723E8EB-1D93-447D-909B-0278BD7BF294}]
[-HKEY_CLASSES_ROOT\CLSID\{B23D15CF-771A-4C09-85E5-6BDE03EE657A}]
[-HKEY_CLASSES_ROOT\CLSID\{529760EF-729D-411B-B679-73290A4BA966}]
[-HKEY_CLASSES_ROOT\CLSID\{6A8ECA24-5FFD-4AC6-899F-AC6A0BE6A504}]
[-HKEY_CLASSES_ROOT\CLSID\{6074612B-F984-4D7D-8475-7775D8629CD9}]
[-HKEY_CLASSES_ROOT\CLSID\{7B4F7512-F27A-43A8-ABEC-A10ED31D1BE9}]
[-HKEY_CLASSES_ROOT\CLSID\{C7936DD1-264C-4E96-A278-935EA53C2384}]
[-HKEY_CLASSES_ROOT\CLSID\{84EA885B-BFAD-442B-AD45-AE0E5CFB6032}]
[-HKEY_CLASSES_ROOT\CLSID\{96EF9F72-8A02-426F-B91E-00BB9F7032BB}]
[-HKEY_CLASSES_ROOT\CLSID\{67CB615C-7FAE-4445-BC76-7621E3585099}]
[-HKEY_CLASSES_ROOT\CLSID\{9F4D7BBB-9F60-4570-BE34-CECF059D7008}]
[-HKEY_CLASSES_ROOT\CLSID\{4529B3B8-4B34-4203-A596-A4B968507218}]
[-HKEY_CLASSES_ROOT\CLSID\{03647437-058F-454B-9FD6-8A04B6E91DCE}]
[-HKEY_CLASSES_ROOT\CLSID\{1D364EA0-5EF4-4B53-ADD6-BBEE100D7355}]
[-HKEY_CLASSES_ROOT\CLSID\{DE964DE8-65B2-4334-89AE-50A93614B07E}]
[-HKEY_CLASSES_ROOT\CLSID\{E515C16B-EC41-4614-B528-5487AC7088A2}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************




HERE IS THE HIJACKTHIS LOG:


Logfile of HijackThis v1.99.1
Scan saved at 5:57:42 PM, on 6/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\aysmacn\dcxpehf.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\WINDOWS\System32\aysmacn\dcxpehf.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Ariel Perez Monagas\My Documents\My Received Files\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Documents and Settings\Ariel Perez Monagas\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t1msn.com.mx
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t1msn.com.mx
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.DLL
O2 - BHO: (no name) - {413BEDC4-C383-FB68-F131-C69FCAE0E61A} - (no file)
O2 - BHO: (no name) - {665970D9-4C05-97AD-39BD-BC47BF4BDF0E} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [KASP] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\OESpamTest.exe"
O4 - HKLM\..\Run: [dcxpehf] C:\WINDOWS\System32\aysmacn\dcxpehf.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKCU\..\Run: [Ltho] C:\Program Files\sder\dees.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15....es/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O23 - Service: dcxpehfaysmacn - Unknown owner - C:\WINDOWS\System32\aysmacn\dcxpehf.exe
O23 - Service: hmmhkcboxhmdwba - Unknown owner - C:\WINDOWS\System32\xhmdwba\hmmhkcbo.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: spkwskqgrisb (MsUpdate6) - Unknown owner - C:\WINDOWS\System32\msupd6.exe (file missing)
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: SmartLinkService (SLService) - Unknown owner - slserv.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe



THANKS A LOT... you are very kind by reviewing my POST. :tazz:
  • 0

#4
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
It's going to take me a little while to go over your log. I'll be back as soon as possible.
  • 0

#5
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
First, I need you to right click on the desktop and go to New > Folder - click on it and name it HiJackThis. Locate HiJackThis.exe on the desktop right click on it and go to "cut", then go into the folder you just made and click "paste". This is to ensure backups are saved and accessible.

Make sure you are disconnected from the Internet and that all programs and windows are closed. Run HiJackThis. Place a check next to the following items and click FIX CHECKED:

O2 - BHO: (no name) - {413BEDC4-C383-FB68-F131-C69FCAE0E61A} - (no file)
O2 - BHO: (no name) - {665970D9-4C05-97AD-39BD-BC47BF4BDF0E} - (no file)

O4 - HKLM\..\Run: [dcxpehf] C:\WINDOWS\System32\aysmacn\dcxpehf.exe
O4 - HKCU\..\Run: [Ltho] C:\Program Files\sder\dees.exe

O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

O23 - Service: dcxpehfaysmacn - Unknown owner - C:\WINDOWS\System32\aysmacn\dcxpehf.exe
O23 - Service: hmmhkcboxhmdwba - Unknown owner - C:\WINDOWS\System32\xhmdwba\hmmhkcbo.exe
O23 - Service: spkwskqgrisb (MsUpdate6) - Unknown owner - C:\WINDOWS\System32\msupd6.exe (file missing)


Close HiJackThis.

* Please download the Killbox by Option^Explicit.

* Save it to your desktop.

* Run Killbox.exe.

* Select "Delete on Reboot".

* Copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

C:\WINDOWS\System32\aysmacn\dcxpehf.exe
C:\WINDOWS\System32\xhmdwba\hmmhkcbo.exe
C:\WINDOWS\System32\msupd6.exe
C:\Program Files\sder\dees.exe


* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "OK" at any PendingRenameOperation prompt. If your computer does not restart automatically, please restart it manually.

After your computer reboots, follow the instructions below:

Please click on the link below to download this program:
http://www.atribune....nloads/find.zip

*Download "Find.zip" to the HiJackThis folder that you made on the desktop. Make sure to Extract All Files!
*Double Click "Find.bat" and let it scan the PC, takes only seconds!
*Look back in the Folder you downloaded to (HiJackThis) and locate "Report.txt"
*Double Click "Report.txt" and Copy the contents of the log and paste it here along with a new HiJackThis log.
  • 0

#6
emuworld

emuworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Something is wrong with the FIND.BAR it says:


16 bit MS-DOS sybsystem

C:\Windwos\System32/Autoexec.nt. The system file is no suitable for running MS-DOS and Microsoft Windows Applications. Choose Close to terminate the application.


CLOSE IGNORE

If I press ignore it don't work and just opens a log with this:




Here is my HIJACKTHIS LOG:

Logfile of HijackThis v1.99.1
Scan saved at 1:45:27 PM, on 6/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Ariel Perez Monagas\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t1msn.com.mx
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t1msn.com.mx
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.DLL
O2 - BHO: (no name) - {413BEDC4-C383-FB68-F131-C69FCAE0E61A} - (no file)
O2 - BHO: (no name) - {665970D9-4C05-97AD-39BD-BC47BF4BDF0E} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [KASP] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\OESpamTest.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15....es/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: spkwskqgrisb (MsUpdate6) - Unknown owner - C:\WINDOWS\System32\msupd6.exe (file missing)
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: SmartLinkService (SLService) - Unknown owner - slserv.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


Sorry and BYE
:tazz:
Thanks a lot !

Edited by emuworld, 16 June 2005 - 11:45 AM.

  • 0

#7
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
If you have XP Home, download this file to your desktop:

http://homepage.ntlw...XPHomeFiles.exe

Double-click XPHomeFiles.exe to install the missing files.

If you have XP Prop, download this file to your desktop:

http://homepage.ntlw.../XPProfiles.exe

Double-click XPProfiles.exe to install the missing files.

After doing that please reboot your computer then run Find.bat as previously instructed.

Edited by bananafanafo, 16 June 2005 - 12:53 PM.

  • 0

#8
emuworld

emuworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Here ity is:


C:\WINDOWS\SOFTWA~1\DOWNLOAD\6CA7B3~1\
atinxbxx.sys Wed Aug 4 2004 2:29:32a A.... 31,744 31.00 K
wceusbsh.sys Wed Aug 4 2004 3:08:46a A.... 31,744 31.00 K

2 items found: 2 files, 0 directories.
Total of file sizes: 63,488 bytes 62.00 K

No matches found.


And the hijackthis log :

Logfile of HijackThis v1.99.1
Scan saved at 4:14:27 PM, on 6/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Ariel Perez Monagas\Desktop\hijackthis\HijackThis.exe
C:\Documents and Settings\Ariel Perez Monagas\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t1msn.com.mx
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t1msn.com.mx
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.DLL
O2 - BHO: (no name) - {413BEDC4-C383-FB68-F131-C69FCAE0E61A} - (no file)
O2 - BHO: (no name) - {665970D9-4C05-97AD-39BD-BC47BF4BDF0E} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [KASP] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\OESpamTest.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15....es/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: spkwskqgrisb (MsUpdate6) - Unknown owner - C:\WINDOWS\System32\msupd6.exe (file missing)
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: SmartLinkService (SLService) - Unknown owner - slserv.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

THANKS!
  • 0

#9
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the below service:

spkwskqgrisb (or MsUpdate6)

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok.

Then, download, install, and run CleanUp! (so the scan won't take as long because cleanup will clear temporary files) *NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, backup it up or move it to a permanent folder prior to running Cleanup!

Please download Ewido Security Suite
  • Install ewido security suite
  • Launch ewido, there should be a big E icon on your desktop, double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.

Once the updates are installed do the following:
  • Reboot into Safe Mode, you can do this by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Then, run Ewido.
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
  • Click on Start Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "clean", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
While still in Safe Mode, Run HijackThis. Place a check next to the following items, if found, and click FIX CHECKED:

O2 - BHO: (no name) - {413BEDC4-C383-FB68-F131-C69FCAE0E61A} - (no file)
O2 - BHO: (no name) - {665970D9-4C05-97AD-39BD-BC47BF4BDF0E} - (no file)


Close HijackThis.

Reboot into normal mode.

Then, please run this online virus scan:
ActiveScan

Save the results from ActiveScan.

I need you to post the log from Ewido, the log from ActiveScan and a new HiJackThis log into this topic.

Edited by bananafanafo, 16 June 2005 - 02:23 PM.

  • 0

#10
emuworld

emuworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I am sorry for making you wait... I've been working hard and I haven't had time to go on my pc... I am sorry again.

Well I did everything you told me to, bu the EWIDO scan sent out an error and I had to close it.... i tried 3 times and the same thing happened again. I think it deleted all the infected files... though.

Here is the ActiveScan log:



Incident Status Location

Adware:Adware/eZula No disinfected Windows Registry
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall*.exe
Adware:Adware/SaveNow No disinfected C:\WINDOWS\Downloaded Program Files\WUInst.inf
Adware:Adware/Gator No disinfected C:\WINDOWS\FT*_GEPFAH.EXE
Adware:Adware/nCase No disinfected Windows Registry
Adware:Adware/FlashTrack No disinfected C:\PROGRA~1\FlashGet\jccatch.dll
Adware:Adware/XPlugin No disinfected Windows Registry
Adware:Adware/KeenValue No disinfected C:\Program Files\Common Files\SearchUpgrader
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\System32\in10b6s.dll
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\bsx32
Adware:Adware/FavoriteMan No disinfected C:\WINDOWS\downloaded program files\ATPartners.inf
Adware:Adware/WinTools No disinfected C:\WINDOWS\System32\EDOW_AS2.EXE
Adware:Adware/AdDestroyer No disinfected C:\Documents and Settings\Ariel Perez Monagas\Start Menu\Programs\AdDestroyer
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\System32\wrapperouter.exe
Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\Bundles
Adware:Adware/DelFinMedia No disinfected Windows Registry
Adware:Adware/DealHelper No disinfected C:\WINDOWS\bundles\dealhelper.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\deskbar.ini
Adware:Adware/AdLogix No disinfected Windows Registry
Adware:Adware/Fizzle No disinfected C:\Program Files\FwBarTemp
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:Adware/WUpd No disinfected C:\Program Files\Media Pass
Adware:Adware/EliteBar No disinfected C:\WINDOWS\System32\elite???32.exe
Adware:Adware/Beginto No disinfected Windows Registry
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\System32\Aklsp.dll
Adware:Adware/BroadcastPC No disinfected Windows Registry
Adware:Adware/CommanderToolbarNo disinfected C:\WINDOWS\System32\sbb.dll
Adware:Adware/Transponder No disinfected C:\WINDOWS\inst
Adware:Adware/Comedy-Planet No disinfected Windows Registry
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Ariel Perez Monagas\Application Data\tvmknwrd.dll
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Ariel Perez Monagas\Application Data\tvmuknwrd.dll
Adware:Adware/HuntBar No disinfected C:\Program Files\Common Files\BTLINK\btlink.dll
Spyware:Spyware/BetterInet No disinfected C:\Program Files\Common Files\SearchUpgrader\clientAttempt.cfg
Adware:Adware/Thecoolbar No disinfected C:\Program Files\FwBarTemp\cohelper.exe
Adware:Adware/BroadcastPC No disinfected C:\Program Files\tvs\TVS_B.exe
Adware:Adware/BroadcastPC No disinfected C:\Program Files\tvs\tvs_clean.exe
Adware:Adware/BroadcastPC No disinfected C:\Program Files\tvs\tvs_ln.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\bundles\2504041110.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\58kd52fg.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\activeshopper.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\adl_dh.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\adl_hl.exe
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\bundles\adl_mteststub.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\AdSmartMedia_bundle.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\adv0ltc0m.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\ast_5_adsav.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\b2s-162813.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\Beryllium.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\bs5-goodyr1.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\bs5-tsrkqn.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\Century.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\CSV7P070.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\cxt_big.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\cxt_wmg.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\dealhelper.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\Decade.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\d_ic.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\e2g51.exe
Adware:Adware/Gogotools No disinfected C:\WINDOWS\bundles\gogotoolsSILAWO8pi.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\HLInstaller.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\icmedia2_56.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\ICMMedia_1cmm3d1a.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\iehost.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\installcasino.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\InvestorIntelligenceInstallWeb.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\KnNe1.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\mfsetup.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\newmb.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\new_vcm.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\NzI0MDo4OjEy.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\optimizejames.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\package8033_MARKETING5.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\pounder.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\ropbundle.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\rop_marketing_1_168.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\runsearch.exe
Adware:Adware/MyWay No disinfected C:\WINDOWS\bundles\s4Sept.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\sahagent-dectest1001.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\sahagent-seedcorn1002.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\setupactiv2.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\SetupCasino.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\setup_Incredifind_TrafficSpec.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\setup_silent_26221.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\snackman.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\ssee.exe
Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\bundles\SSK_B5.EXE
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\stlb2_seed.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\TrafficSpec8.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\vb6rt.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\vl_ezstub.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\vrinstall_icmedia.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\winversion.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\bundles\wrapperouter.exe
Adware:Adware/MyWay No disinfected C:\WINDOWS\cfgmgr51.dll
Adware:Adware/ISearch No disinfected C:\WINDOWS\delprot.ini
Adware:Adware/ISearch No disinfected C:\WINDOWS\deskbar.ini
Adware:Adware/NetPals No disinfected C:\WINDOWS\Downloaded Program Files\ATPartners.inf
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\QDow_AS2.dll
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\Downloaded Program Files\m67m.inf
Adware:Adware/WinAD No disinfected C:\WINDOWS\Downloaded Program Files\MediaPassX.dll
Adware:Adware/CWS No disinfected C:\WINDOWS\Downloaded Program Files\QDow_AS2.dll
Adware:Adware/SaveNow No disinfected C:\WINDOWS\Downloaded Program Files\WUInst.inf
Adware:Adware/Gator No disinfected C:\WINDOWS\FT1_02_0_402_GEPFAH.EXE
Adware:Adware/RelatedLinks No disinfected C:\WINDOWS\lbbho.dll
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall4_85.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38.exe
Adware:Adware/Envolo No disinfected C:\WINDOWS\QBAux.exe
Adware:Adware/SideSearch No disinfected C:\WINDOWS\sepsd.bin
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system\UpdInst.exe
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\system32\aklsp.dll
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\system32\bs51-eginwl51-vb.exe
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\system32\delfin.dll
Adware:Adware/Beginto No disinfected C:\WINDOWS\system32\desktoptraffic.exe
Virus:Trj/Agent.YE Disinfected C:\WINDOWS\system32\diur\cgprr.exe
Adware:Adware/HuntBar No disinfected C:\WINDOWS\system32\EDow_AS2.exe
Adware:Adware/EliteBar No disinfected C:\WINDOWS\system32\elitepyk32.exe
Virus:Trj/Agent.YE Disinfected C:\WINDOWS\system32\eoany\iwcxe.exe
Virus:Trj/Agent.YE Disinfected C:\WINDOWS\system32\fegju\mbvttav.exe
Adware:Adware/Gogotools No disinfected C:\WINDOWS\system32\GoGo9CP.dll
Adware:Adware/Gogotools No disinfected C:\WINDOWS\system32\gogotoolsSILAWO9pi.exe
Adware:Adware/DealHelper No disinfected C:\WINDOWS\system32\HookPopup.dll
Adware:Adware/AdLogix No disinfected C:\WINDOWS\system32\icddwf.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\system32\in10b6s.dll
Possible Virus. No disinfected C:\WINDOWS\system32\in9bDs.dll
Adware:Adware/AdLogix No disinfected C:\WINDOWS\system32\mjknnf.exe
Adware:Adware/Beginto No disinfected C:\WINDOWS\system32\nshFE.dll
Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\system32\ppvaw.dat
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\quize.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\rcsil.exe
Adware:Adware/CommanderToolbarNo disinfected C:\WINDOWS\system32\sbb.dll
Adware:Adware/DealHelper No disinfected C:\WINDOWS\system32\Uninstaller.exe
Adware:Adware/Apropos No disinfected C:\WINDOWS\system32\vertone.exe
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\system32\vidctrl\vidctrl.exe
Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\system32\vvnkuu.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\system32\winupdt.bin
Virus:Trj/Agent.YE Disinfected C:\WINDOWS\system32\wmhd\vmfmcrew.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\system32\WrapperOuter.exe
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\vepivmxe.exe




Here is the Hijackthis LOG:
Logfile of HijackThis v1.99.1
Scan saved at 1:55:16 PM, on 6/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Ariel Perez Monagas\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t1msn.com.mx
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t1msn.com.mx
O2 - BHO: (no name) - {413BEDC4-C383-FB68-F131-C69FCAE0E61A} - (no file)
O2 - BHO: (no name) - {665970D9-4C05-97AD-39BD-BC47BF4BDF0E} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [KASP] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\OESpamTest.exe"
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15....es/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - slserv.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


ONCE AGAIN SORRY for making you wait for my reply. Thanks for everything you are doing. Lov ya... :tazz:
  • 0

Advertisements


#11
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
You have a ridiculous amount of spyware on your computer.

Delete the following folders, in bold, they are all there:

C:\WINDOWS\bundles <-This one is FILLED with spyware!
C:\Program Files\Common Files\SearchUpgrader
C:\WINDOWS\bsx32
C:\Documents and Settings\Ariel Perez Monagas\Start Menu\Programs\AdDestroyer
C:\Program Files\FwBarTemp
C:\Program Files\Media Pass
C:\WINDOWS\inst
C:\WINDOWS\system32\vidctrl

Then:

* Run Killbox.exe.

* Select "Delete on Reboot".

* Copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

C:\WINDOWS\Downloaded Program Files\WUInst.inf
C:\WINDOWS\NDNuninstall*.exe
C:\WINDOWS\FT*_GEPFAH.EXE
C:\WINDOWS\System32\in10b6s.dll
C:\WINDOWS\downloaded program files\ATPartners.inf
C:\WINDOWS\System32\EDOW_AS2.EXE
C:\WINDOWS\System32\wrapperouter.exe
C:\WINDOWS\deskbar.ini
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\System32\elite???32.exe
C:\WINDOWS\System32\Aklsp.dll
C:\WINDOWS\System32\sbb.dll
C:\Documents and Settings\Ariel Perez Monagas\Application Data\tvmknwrd.dll
C:\Documents and Settings\Ariel Perez Monagas\Application Data\tvmuknwrd.dll
C:\Program Files\Common Files\BTLINK\btlink.dll
C:\Program Files\Common Files\SearchUpgrader\clientAttempt.cfg
C:\Program Files\FwBarTemp\cohelper.exe
C:\Program Files\tvs\TVS_B.exe
C:\Program Files\tvs\tvs_clean.exe
C:\Program Files\tvs\tvs_ln.exe
C:\WINDOWS\cfgmgr51.dll
C:\WINDOWS\delprot.ini
C:\WINDOWS\deskbar.ini
C:\WINDOWS\Downloaded Program Files\ATPartners.inf
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\QDow_AS2.dll
C:\WINDOWS\Downloaded Program Files\m67m.inf
C:\WINDOWS\Downloaded Program Files\MediaPassX.dll
C:\WINDOWS\Downloaded Program Files\QDow_AS2.dll
C:\WINDOWS\FT1_02_0_402_GEPFAH.EXE
C:\WINDOWS\lbbho.dll
C:\WINDOWS\NDNuninstall4_85.exe
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\QBAux.exe
C:\WINDOWS\sepsd.bin
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system\UpdInst.exe
C:\WINDOWS\system32\aklsp.dll
C:\WINDOWS\system32\bs51-eginwl51-vb.exe
C:\WINDOWS\system32\delfin.dll
C:\WINDOWS\system32\desktoptraffic.exe
C:\WINDOWS\system32\EDow_AS2.exe
C:\WINDOWS\system32\elitepyk32.exe
C:\WINDOWS\system32\GoGo9CP.dll
C:\WINDOWS\system32\gogotoolsSILAWO9pi.exe
C:\WINDOWS\system32\HookPopup.dll
C:\WINDOWS\system32\icddwf.exe
C:\WINDOWS\system32\in10b6s.dll
C:\WINDOWS\system32\in9bDs.dll
C:\WINDOWS\system32\mjknnf.exe
C:\WINDOWS\system32\nshFE.dll
C:\WINDOWS\system32\ppvaw.dat
C:\WINDOWS\system32\quize.dll
C:\WINDOWS\system32\rcsil.exe
C:\WINDOWS\system32\sbb.dll
C:\WINDOWS\system32\Uninstaller.exe
C:\WINDOWS\system32\vertone.exe
C:\WINDOWS\system32\vvnkuu.exe
C:\WINDOWS\system32\winupdt.bin
C:\WINDOWS\system32\WrapperOuter.exe
C:\WINDOWS\vepivmxe.exe


* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "OK" at any PendingRenameOperation prompt. If your computer does not restart automatically, please restart it manually.

After your computer reboots, post a new HiJackThis log.

Edited by bananafanafo, 22 June 2005 - 09:00 PM.

  • 0

#12
emuworld

emuworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Allright, here it is:


HIJACKTHIS LOG:

Logfile of HijackThis v1.99.1
Scan saved at 6:36:10 PM, on 6/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE
C:\Documents and Settings\Ariel Perez Monagas\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t1msn.com.mx
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t1msn.com.mx
O2 - BHO: (no name) - {413BEDC4-C383-FB68-F131-C69FCAE0E61A} - (no file)
O2 - BHO: (no name) - {665970D9-4C05-97AD-39BD-BC47BF4BDF0E} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [KASP] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\OESpamTest.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15....es/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - slserv.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

I did everything u told me to, thanks a lot. Waiting for more instructions... :tazz:
  • 0

#13
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Are you having any other problems?
  • 0

#14
emuworld

emuworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Well, no but my stupid Mcaffe antivirus goes DISABLE everytime i log on to windows... but anyways.... I will enable it manually. I really appreciate your effort and your help on this. I am gonna put some money in the bank to have some money in my debit card so I can send u some money by PAYPAL. Because you have been such a wonderful help. It was my pleasure .... Nice to mee you and take care. You are a a genius.
  • 0

#15
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
That's very sweet of you, thank you! It was nice to meet you as well :tazz:

Yeah, when systems gets infected with malware some infections like playing around with the virus scanners ;) If McAfee is about to run out or if it's an older version, I would actually recommend uninstalling it and installing a much better free anti-virus program called AVG

Now, I highly recommend Service Pack 2! Go to http://www.microsoft.com and click on "Windows Update" on the left, then click "Express Install" to install the latest security updates including Service Pack 2.

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definitely a must have. Three good free versions are Sygate, Kerio, and ZoneAlarm.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP