Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

My problems! [CLOSED]

Started by Sinneth , Aug 02 2005 07:22 PM

This topic is locked

#1
Sinneth

Posted 02 August 2005 - 07:22 PM

Member

Member
14 posts

Here's my HijackThis log. Copy and pasted below. See any problems? :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 8:19:42 PM, on 8/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\runservice.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Prevx Home\PXAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\etb\pokapoka62.exe
C:\Program Files\Prevx Home\SAGUI.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\2Wire Wireless\Client Manager\CmTWO.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Serina\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystemService] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [PrevxHome] C:\Program Files\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [ptshxc] C:\WINDOWS\system32\ptshxc.exe
O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = C:\Program Files\2Wire Wireless\Client Manager\CmTWO.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gatew...r/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...96/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094272765368
O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab31267.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\mniole32.dll
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\dnvx_xx11.dll
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\maltus40.dll
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\dVdramp.dll
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\dVdramp.dll
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\dVdramp.dll
O20 - Winlogon Notify: Run- - C:\WINDOWS\system32\wpsdmoe.dll
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\wsbclnt.dll
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\wpsdmoe.dll
O20 - Winlogon Notify: RunWindowsUpdate - C:\WINDOWS\system32\wsbclnt.dll
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\dVdramp.dll
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\dnvx_xx11.dll
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\wsbclnt.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\mniole32.dll
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\mniole32.dll
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\maltus40.dll
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\wsbclnt.dll
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\dVdramp.dll
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\dVdramp.dll
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\wpsdmoe.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\dnvx_xx11.dll
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\dVdramp.dll
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\mniole32.dll
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\wpsdmoe.dll
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\maltus40.dll
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\maltus40.dll
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\wpsdmoe.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\dnvx_xx11.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Program Files\Prevx Home\PXAgent.exe" -f (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

#2
Armodeluxe

Posted 06 August 2005 - 03:11 PM

Member 2k

Retired Staff
2,744 posts

Hi Sinneth, welcome to GeeksToGo

We need to disable your Microsoft AntiSpyware and Prevx Real-time Protection as they may interfere with the fixes that we need to make.

Open Microsoft AntiSpyware.
Click on Tools, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

For Prevx:

Right click on the Prevx icon on your system tray and choose Show Management Console.

On the Management Console click the Protection Level drop-down menu.

You will see three levels:

Maximum

Off

User Defined

To disable all protection set the level to Off. You will receive a prompt asking "You are about to change your security settings. Do you wish to continue?" Click Yes.

Click the X on the upper right hand corner to exit the Management console. Once we are done cleaning up, you can repeat the steps setting the level this time to Maximum in order to reenable protection.

Please download VundoFix.zip to your desktop.

Double-click VundoFix.zip and extract it to your C:\ directory.
Copy the instructions below and paste them into Notepad for reference.
- All other windows need to be closed while doing this fix!
Navigate to the new folder C:\VundoFix
Double click on KillVundo.bat
- When it starts running it will tell you that you need an active internet connection then ask you to press any key once you do.
Please press any key to continue.
Wait for HiJackThis to open.
When HiJackThis opens, click Do a system scan only. Place a check next to the following items, if found:O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\mniole32.dll
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\dnvx_xx11.dll
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\maltus40.dll
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\dVdramp.dll
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\dVdramp.dll
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\dVdramp.dll
O20 - Winlogon Notify: Run- - C:\WINDOWS\system32\wpsdmoe.dll
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\wsbclnt.dll
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\wpsdmoe.dll
O20 - Winlogon Notify: RunWindowsUpdate - C:\WINDOWS\system32\wsbclnt.dll
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\dVdramp.dll
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\dnvx_xx11.dll
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\wsbclnt.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\mniole32.dll
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\mniole32.dll
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\maltus40.dll
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\wsbclnt.dll
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\dVdramp.dll
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\dVdramp.dll
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\wpsdmoe.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\dnvx_xx11.dll
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\dVdramp.dll
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\mniole32.dll
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\wpsdmoe.dll
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\maltus40.dll
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\maltus40.dll
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\wpsdmoe.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\dnvx_xx11.dll
Once they all have a check next to them, click the FIX CHECKED button, then close HiJackThis.

You will once again be prompted to press any key. Upon doing so this time you will receive a "Blue Screen Of Death". Don't worry, this is normal! Let the computer reboot. If it doesn't boot straight to windows, manually turn the computer off and then back on.

Once the computer is rebooted post a new HiJackThis log as well as the contents of vundofix.txt which can be found in this folder: C:\VundoFix

Regards,

Armodeluxe

#3
Sinneth

Posted 08 August 2005 - 05:34 AM

Member

Topic Starter
Member
14 posts

Okay, here's an updated post. My windows kept shutting down so it took me a while to get it going again.

HIJACK THIS LOG!

Logfile of HijackThis v1.99.1
Scan saved at 6:29:36 AM, on 8/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\runservice.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Prevx Home\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Prevx Home\SAGUI.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Serina\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [PrevxHome] C:\Program Files\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...96/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123388870171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123389025765
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab31267.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\mHorc32r.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Program Files\Prevx Home\PXAgent.exe" -f (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

Here's my Vundo Log
I think this is the right one..

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Suspending PID 376 'smss.exe'
Threads [380]Error 0x6 : The handle is invalid.

[384]Error 0x6 : The handle is invalid.

[388]Error 0x6 : The handle is invalid.

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1416 'explorer.exe'
Killing PID 1416 'explorer.exe'
Killing PID 1416 'explorer.exe'
Killing PID 1416 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Error, Cannot find a process with an image name of rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 632 'winlogon.exe'
Error 0x6 : The handle is invalid.

#4
Armodeluxe

Posted 08 August 2005 - 07:09 PM

Member 2k

Retired Staff
2,744 posts

You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

#5
Sinneth

Posted 09 August 2005 - 08:29 AM

Member

Topic Starter
Member
14 posts

New log from L2MFix

L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\mHorc32r.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{8B5891FD-DFBB-13B4-9DDF-125FD0BE8B1C}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
"{3E1800E8-40CF-443D-910C-8E38C2B47412}"=""
"{EB47FF00-225E-11D2-9E1D-00A0C9AB0EEE}"="eLicense Control"
"{6EE51AA0-77A0-11D7-B4E1-000347126E46}"="Window Washer Shredding Utility"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{F3139C8D-0A75-42C1-869A-B05F8ADFA639}"=""
"{33B7EC4A-34D8-4F99-A825-4DA4860E04B6}"=""
"{DE6AAA57-4861-4F56-8A35-1A7A717A70DA}"=""
"{741DBF95-BB7F-494A-B87D-50A3855E36C6}"=""
"{17C8162F-728F-4FFB-8765-91665B00363E}"=""
"{672B74EB-F0C2-4C38-A5A2-FE3EDFA42CE4}"=""
"{E2EB9B1C-CC9F-449A-8802-9DB08998C092}"=""
"{50DD6BBF-2D17-4A40-86AF-268705E12E62}"=""
"{2F32B82F-DF30-4929-98A0-3901CDBB05F6}"=""
"{CFC882A0-9598-42F9-BCEF-B820A7EB6061}"=""
"{09A31D8B-74F0-4DC8-AF2C-4640B3CAD980}"=""
"{950D873C-50F9-4F4C-9EA7-EED965C946E7}"=""
"{5E34E395-EB13-482A-8395-D7F26B14EC2C}"=""
"{41E030BE-D43E-473F-9C0B-85F2D9B4C3E6}"=""
"{C08088D7-3F40-4476-BFCB-6F7D596BC1C9}"=""
"{D36850D6-9B78-47FE-BB7D-DF5CCF7AB9F8}"=""
"{57120FA4-B9AD-4D87-9206-258D6FEA4FD5}"=""
"{133A7557-2769-4353-BB48-719047FA2412}"=""
"{C4FCC0F7-968F-4206-B0BA-F945E3902578}"=""
"{EBE989F8-C89D-4185-973C-CEE278850736}"=""
"{6F4B4AFB-C026-4DAA-9DB6-52CB6AC64CA2}"=""
"{503A1DF1-F888-4480-9FA9-DC0BDCB2394C}"=""
"{05635F56-EEC2-4242-A18B-B670BDEA8736}"=""
"{725BF285-A513-45F1-83F4-BC6EE53B469B}"=""
"{499F62F6-E716-4668-8C0B-89466CEF11E7}"=""
"{69703885-3A92-4F61-841E-3CFFEE8E03CD}"=""
"{3016CE98-9FD8-4B71-92C5-9307ABE65346}"=""
"{4E672DEF-1AE3-4F02-B2F7-D33741B1EB50}"=""
"{95DD6770-9BA3-4B8E-8342-3AFE5E728155}"=""
"{FB93308A-7C28-439A-A25E-067C65309A33}"=""
"{C24C250A-B532-4624-8FA2-85B469023538}"=""
"{2EDF08F3-86F5-4DCA-AF0F-1C2F0648495F}"=""
"{2AF712EB-0970-4C13-AC63-409E5CFC58D8}"=""
"{8F9ADEB7-6563-4C5D-8032-16656F3943C5}"=""
"{0A3C0042-33CA-4350-9847-31596FFEB0CA}"=""
"{B78D8457-4978-45ED-93DE-20B700ADFEBD}"=""
"{DA34A60E-55C7-45A4-A1DC-1290F1A6858C}"=""
"{454194DC-06D8-43B5-A8F7-C8E1150B4B93}"=""
"{DCF86C45-ADBC-440B-AB21-4C8DBD0FA730}"=""
"{6978ECDA-840C-4993-8BD0-4B34E7CA83AD}"=""
"{DB86CE92-BE79-4E3D-94EC-1899AB07F871}"=""
"{485F353C-B9D0-4555-B50E-1007C9FCC836}"=""
"{E45ED14A-DAEF-4DEA-AA95-9E71D1F8DA7B}"=""
"{3CEB7005-61CB-41BB-8B49-FD6C68E6C3B9}"=""
"{E75CA258-148F-4A12-90EE-844044E7D5F6}"=""
"{680F4CFA-2562-414C-A650-377D2A49F28B}"=""
"{B0DB42A0-3210-4BE1-831E-8D18FC208277}"=""
"{A74D40E1-89E4-434E-9C71-68F3F59B7828}"=""
"{25A78658-D183-488B-995C-EAE1CFE79DB8}"=""
"{B15D0E26-E19B-4922-A1FB-91A25FF922D4}"=""
"{0A379BEC-0D59-4E82-836D-7D2C98B5DAD7}"=""
"{5676ED92-F1E0-4028-A101-A2EB6B7ED34E}"=""
"{7B6BD7B2-CA01-4369-B8EC-5D1E653BACE0}"=""
"{FF205FAE-F4AE-4DE0-A6E5-4B65445B863D}"=""
"{89D6AF9B-265F-4DBE-89C6-2A6C20159D25}"=""
"{83446514-0BA8-449A-84B0-45CB568C750C}"=""
"{FCC84B38-E730-44E5-958F-FCB4D22B1BBA}"=""
"{80134428-A671-4688-A91E-0532492AA617}"=""
"{AC07BBBD-408E-40D4-AE7F-ED56DA5B134F}"=""
"{7C4F0BF6-64AD-4D4A-AE84-C9D8F9046EB4}"=""
"{AD18DD69-64BE-433C-8937-07ABF4EFDB56}"=""
"{17F2818E-2773-4DAA-9A70-AAD16EEB919E}"=""
"{FE39228D-152C-4F53-9285-230A63C94A94}"=""
"{FCD365A4-1502-487A-9C31-812D7AA24372}"=""
"{02D29CF2-B70D-4BDD-B2F0-F03A48AC09D4}"=""
"{EEF4757C-6DA2-4932-B00B-40B5FE158AC9}"=""
"{26C2D313-DF0D-45D3-AF2B-14707131B5C6}"=""
"{9C0F4A7D-8CC0-4C29-964E-A1BDD4878AC1}"=""
"{FD2AAB80-578B-4821-99ED-EBB5868FE716}"=""
"{AB06F02D-1B18-4FE1-85C1-93BE5504750B}"=""
"{25D4E42E-F4EF-4F78-A483-0A097685E912}"=""
"{F4305487-59B2-4B2D-AE4C-883165CC2ED6}"=""
"{7903E7D2-0377-4C88-A2EE-B6C36D8867FC}"=""
"{6281CC99-1610-46B7-8782-29B9AE1AA4EF}"=""
"{725FC790-7D24-48DE-B1E9-DA7C1D4F646B}"=""
"{6D19AD37-F357-4306-8106-07FFAAD6574B}"=""
"{9EDAA608-8226-4120-8011-435BE671B82B}"=""
"{EFB87B96-9331-4CA2-AC27-E78B9D53A9E8}"=""
"{337AF8F8-1D08-4857-9E6A-BE4C5128BFDF}"=""
"{55E9B090-62FA-42C3-A9C8-1B40026B9561}"=""
"{9BEFA318-3E72-49E3-BCAD-078E121EE7B1}"=""
"{D77B0C68-88CC-480F-A3B9-266C835C3C2E}"=""
"{9BCB6D3B-058D-4B31-B4D8-B79E5F635115}"=""
"{C5E400E0-7377-4C30-8845-C548FE54F651}"=""
"{DA52BC84-3308-43BD-95AC-0BD89609A24B}"=""
"{F752B3A7-3C73-4647-91EB-B60768B0A626}"=""
"{D725BBAF-3CED-469E-8D7D-21C80EB12B2A}"=""
"{0F716940-7E4A-4530-83D8-1DAE43DDD33E}"=""
"{0641D419-9A43-4630-BFF6-F78AC461CA6A}"=""
"{751E41FF-4A41-49AB-8E55-E6AFCD1F9B0E}"=""
"{C2EDACC1-AAF4-4AD0-9FB1-0F8A30E552E2}"=""
"{ACF63754-B391-4872-B287-8C5131752B73}"=""
"{7D56C1A0-55CA-4408-A792-391EA8624984}"=""
"{52994999-6E99-4180-8A7B-275E93A3D7A8}"=""
"{CE7B0973-520E-4B8C-B9FF-F314F8AF0805}"=""
"{CAB4D461-C616-4C1B-9C28-4EC97DA38957}"=""
"{2070998F-EA9C-42BF-AF63-1016C60EEE8F}"=""
"{24A96605-A667-4E27-AD8F-6E3B8F84FC64}"=""
"{901C5DE3-47F0-48C8-A729-1776F73B9FB7}"=""
"{71728851-B3A9-40D9-9816-901B41B065FC}"=""
"{7CD7473C-6991-4283-8AE5-DE21146AF522}"=""
"{1873E03A-C72D-4C3E-90C1-C972155E9C2A}"=""
"{A985C06F-6566-4193-9E0E-CCF5D66CBFFE}"=""
"{0A28C392-48F0-40BB-9CA5-858882546B1B}"=""
"{63675599-85CD-408B-9473-E5EABBE9BDB5}"=""
"{93A2C456-1D19-442F-ACB7-549D38082A7A}"=""
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{8D9094A5-49FA-4BF1-A765-DE980F79FA23}"=""
"{6DE4ED15-794B-4C38-A6AF-11FAD0FF9C84}"=""
"{4E955CA9-52CB-4E58-B939-36C240F722F7}"=""
"{46BACF91-07BA-447B-9BD5-A380C3B70FB9}"=""
"{6E8E41ED-C73E-4404-BFF3-FB3AF59C3D8B}"=""
"{3640747E-4825-4BC5-9D23-725E13BC3FAA}"=""
"{CA017700-8C64-49EA-A9DC-831F7450722C}"=""
"{B4DF4180-C9EA-4015-8E09-000592427C94}"=""
"{93501513-8F33-454C-8A0D-514FD7ABC59D}"=""
"{0DF932C1-D837-40A5-A594-85F0E29BD248}"=""
"{E09C60E3-4588-46F4-A30F-43B0F6FA6E1F}"=""
"{392B9F6A-4DF8-4AF6-AF6B-816980E9C501}"=""
"{AD2E4614-E0B3-4CD2-9E62-93093217529B}"=""
"{95B8CA72-9728-4A1A-8EFD-8C6E3F80BD10}"=""
"{0DDA5766-C603-4E5E-ACBB-A67EEFA832C2}"=""
"{7E71EEFC-EF3A-4049-95F9-B0B79D890861}"=""
"{52637B54-1197-40CD-844E-2CF802486BD6}"=""
"{A70EE258-76D3-4D02-8CAF-CD12487443DC}"=""
"{1B40B52E-BC47-417F-88BE-AD08D04F6CE4}"=""
"{93E3688C-4BC5-4279-B230-74FF87561724}"=""
"{7CF637EC-9C19-450D-A349-F50DC4D34985}"=""
"{609749B6-39E3-41A2-876C-2AEDD5C58E40}"=""
"{4C1958D3-A199-41B7-B969-B8D738099E6B}"=""
"{B463156C-D641-4A72-B1B3-A349F039D32E}"=""
"{0F37F216-69F9-4273-B558-AF96C5102CB7}"=""
"{73DAD75A-6088-4ADE-AA31-035439CA2BBF}"=""
"{BC519B3B-E35A-4E37-ADE7-A9A9C827C21D}"=""
"{A01317E0-9078-45EC-A602-76FDDB402CC3}"=""
"{F5255645-F842-4350-B857-E55033199872}"=""
"{5877AADA-63E1-467A-92B8-014A4991ED6C}"=""
"{A5ECD015-9768-48A4-8E20-075FEA344583}"=""
"{92249663-AA19-436D-A3DD-B387EA58A789}"=""
"{9FFE8D45-FA5A-4399-9BE8-BBF31E6C7686}"=""
"{9C0516D3-DC58-4780-B75F-223735D774CF}"=""
"{D6D69E2A-28AB-412E-A50B-D61D193C8F91}"=""
"{2A34A532-B18A-42DB-9E6A-3FA359C1DD39}"=""
"{652BE803-5C64-4FD1-80BA-864250256C75}"=""
"{57B86BC4-B3E1-442A-A67D-2CE9B715D541}"=""
"{D52F4FE6-1D41-4B30-9677-0AD2D36EBA52}"=""
"{B733267F-6237-4AB9-AFAD-B506039247AA}"=""
"{9581EE9E-39BA-4E45-8939-B966E42AE7AE}"=""
"{5F7FC924-9038-43C0-B52E-06088C1DEC46}"=""
"{552624D2-C323-4A62-A2F2-98429EA98F6A}"=""
"{CA37C5DE-6809-4D4E-8DB2-E8EEA8D527F6}"=""
"{4B671BFD-3518-44E5-B166-A35DBB3006EE}"=""
"{B4022738-06A3-4C46-ADF4-885E2C3C694F}"=""
"{2BB65E23-6216-40CB-BFCD-3F0A77D477E6}"=""
"{9748F8FB-76A2-41F6-9CE0-194D8EFF7936}"=""
"{730579EA-7C32-4848-9D23-DE9BA3FC4AE4}"=""
"{708DFA58-5583-4A29-943A-AF6274F6171D}"=""
"{C7172240-21C0-44D7-931B-B810FED04EF5}"=""
"{8AEA71D5-A48D-4096-8C73-07E9C293866E}"=""
"{7ECD44B2-5943-47CC-9187-169410146EED}"=""
"{F10AC041-CC15-4DDF-9B39-B7645B48E251}"=""
"{1FFA7FCB-2401-48BE-B991-8F07FAC413A3}"=""
"{7C91F581-E3CC-4BF3-90B7-CEC3EB802718}"=""
"{09707ECB-08C1-4EF8-B738-F821C81F24D9}"=""
"{C31B3F95-D76B-4DCB-8B7C-CCEFB9BBC5D0}"=""
"{9BAB6C03-0DC1-4398-A0B0-C72D3175F573}"=""
"{37B72414-0357-417C-B5A9-5E65A4DF53B2}"=""
"{4A3B53E2-88B0-4ED9-BBC7-62E0042B89C2}"=""
"{BCEF97C3-743B-4F94-A70D-B061FE10837F}"=""
"{291F130F-93FD-4C1E-8E49-D52CD216E424}"=""
"{8675FEBA-63B5-486A-BCB8-66EB4C7FAD65}"=""
"{208E1601-9306-424C-A649-38C6E6734036}"=""
"{A0855D72-2523-4D6B-B968-992D6B1087C9}"=""
"{C0AA1E25-FC6F-417B-803C-C1F2273E72D2}"=""
"{25B0F89E-56F9-4D80-83EB-7F7C28795A0E}"=""
"{196A52E1-CC81-4DDB-84F9-965319F6757D}"=""
"{64488D05-67CF-45C1-864D-235D4574C5A1}"=""
"{8FEA68A4-A698-47E0-9FE7-77054A41B627}"=""
"{13256FC1-795E-4730-B5F1-E4A68B2B03E2}"=""
"{223F887D-4F06-4014-8E1A-E8849E321982}"=""
"{9427BA88-7A9C-408F-AC69-86D8CBCB0CD0}"=""
"{EC1EC9CB-8405-4A8A-8FE4-07C1755E60A2}"=""
"{B1A114F1-1104-4DD0-A5B8-AE183BDF144E}"=""
"{FB7C3FFF-64FF-453D-A4CD-62637161FD0A}"=""
"{50C19087-206D-4B28-839C-F288B3C2BAF7}"=""
"{A29FB7F1-E9A7-4BEE-A2CA-480309A66565}"=""
"{D18E4316-9D17-4E43-977D-AFC883BDBCB6}"=""
"{1E4D005B-2BE1-4462-A478-D56F08926DE5}"=""
"{F2F66C76-DA7C-46C9-B3F2-A35A77DE62EE}"=""
"{AEA3CE67-FED2-47BB-A0A1-3F55B96FF6C1}"=""
"{06BB5E0A-882A-4CDA-89E1-B218DED18B24}"=""
"{A67FD0F9-1DC8-463E-A87B-FC5A11BD05D7}"=""
"{5FCA9265-18D3-4A54-86C0-5BD0BE69631E}"=""
"{CC4D0282-4199-4D9F-AEAE-794823239C79}"=""
"{EFB0ED51-841B-44D9-B452-7DA0538C1020}"=""
"{6CDE6B3A-14C1-4207-869B-7AFD1E122E87}"=""
"{FA001ED4-069A-44B6-A017-8A004A46924D}"=""
"{F13B8F54-4957-4ECA-BBEE-794441A6FC49}"=""
"{B5F77BD6-928A-4D0B-B838-CB29DB6262F4}"=""
"{C300CD03-3544-4C61-BB52-814C5320C235}"=""
"{62A87278-27CE-46F2-940D-E5ECF57CE5F4}"=""
"{13ABD5B5-F143-4CA1-B5FA-9F652D00E24E}"=""
"{1A61BF3A-AABD-4AE9-A4F2-C24E49E6A5DB}"=""
"{4590752B-2517-48CF-8425-572BD7C1FCF3}"=""
"{FBB0FCD2-F4D8-4430-904B-A6534B197143}"=""
"{46EA5B42-D994-40ED-8707-D30EBBC09DB1}"=""
"{32FAD6EB-CD81-4C2C-80E3-9C2C8E85987B}"=""
"{B8684034-F47F-4C08-B499-397C31C5A5B8}"=""
"{A1E980F2-BB48-44A0-B4F6-3809DD506EB7}"=""
"{BDCF2A96-CBE7-48DF-9559-9310215C04C5}"=""
"{821BA52D-634D-49B9-91CD-4765407FE782}"=""
"{AFA424E1-FB70-4EEB-A9E3-A413224EB873}"=""
"{E523F59E-8ADA-4450-B733-F102D875B0A7}"=""
"{16FE2454-CDBF-438F-90D0-8D8B8736CD30}"=""
"{4701FA79-C402-4310-9D93-975E0E37D5BB}"=""
"{3DFB3493-DFA4-474F-BABF-8B72D49CA4CA}"=""
"{9C7FDF2E-0ECE-4BEB-B18B-24E1410A0702}"=""
"{89BEEB5C-F3EA-4063-8552-F3E2863C7FDF}"=""
"{FB3F4BA8-DF24-4A57-92EA-94305D879D77}"=""
"{76BE185B-AB7C-4A67-A681-D1E937C9B42C}"=""
"{FE690264-0903-4F99-BE17-0E235C0DCB11}"=""
"{8AAAC7BC-AE9F-4DAA-844E-87019AC72EFF}"=""
"{84D1EA47-37B8-4A79-9091-3942DA253D83}"=""
"{ABCF21CD-D4AA-4519-93B2-D5F403B4EE89}"=""
"{65F5238C-B4F2-4280-A361-C93B6A95C300}"=""
"{BDBB666E-72BD-4FB5-83AD-B5E30F9BCBE6}"=""
"{9687D4B2-83E1-4B44-B82A-400D7C66A46A}"=""
"{18CE89E8-A1EF-4505-8595-11C0E78F1DA0}"=""
"{E273FF93-8AA0-4825-9E37-38E1D0EA8E3C}"=""
"{5FC467ED-7409-46C4-A65C-CA282AF59B50}"=""
"{6B2D4FCF-EA0B-426E-BC57-E180E2B805B4}"=""
"{9159E651-D867-4C3F-816B-11A12EEB4761}"=""
"{AA4D616C-3A36-4224-9754-937ACB74C9FA}"=""
"{DCF28BF4-7037-48C0-9D2F-F2BB347E04CC}"=""
"{E1328ABC-DDD3-41B0-9656-F4DEAB58B3DA}"=""
"{11294D86-608E-4E6C-A240-2ACCAA3E8A30}"=""
"{F6857E96-1E9D-459B-8A48-27C87774E8AA}"=""
"{99072CA3-EA03-4B83-8544-AF09BE415F1A}"=""
"{7B5BF8C7-34DE-417D-AFBC-16433E38BD61}"=""
"{9F358D53-F454-497D-BA95-1BD98E1C3E09}"=""
"{981A6C3A-7316-4450-B51A-71A9FABE9E1A}"=""
"{BAA8E1B3-0CE1-4984-AC8D-810CE7CFADAF}"=""
"{52B5409E-5C83-4003-A41C-9905502BEF8B}"=""
"{52A25D1E-A105-4A08-A682-766C8DB9BC4E}"=""
"{C99EE671-DBB9-4F39-AF2E-5038AC983D26}"=""
"{61966428-2703-45B4-A4BE-1C1E7D94FDAF}"=""
"{B3789761-63C5-4A97-A33D-A944DA60DBDD}"=""
"{6DF8A121-42A6-4349-9027-692400D1540A}"=""
"{28D8EA61-9E18-438D-822B-9285A73683CD}"=""
"{46697267-8351-4D97-BBB5-3F0945C2706B}"=""
"{FFF6678A-9751-4061-BCDB-0CD3FEBAFCBD}"=""
"{2E186F0D-282D-4972-9E90-541014892AA8}"=""
"{3FD6C9F9-7720-4F89-9452-233D30E4ACBB}"=""
"{91B853CC-2443-4F36-A99B-5CBC41E7A0F6}"=""
"{C69BD94B-B703-45DE-8AC9-475133A8D575}"=""
"{0023CD80-26AA-4583-B11A-BFD0CF8508B7}"=""
"{864111EB-F67A-4CDB-9B4C-558C40C78D0F}"=""
"{553EBE9F-1AC7-48AD-820E-9650D42DF501}"=""
"{816002C9-4ADE-4BB5-B688-214C057AF1C8}"=""
"{049CE8A0-74B6-4E9F-9B8F-5A0C3423F492}"=""
"{2464D381-5A11-4CAA-B62F-C47EF8030A62}"=""
"{A140B282-718B-4D92-A623-635955AAA3B1}"=""
"{948C31E4-160A-40AB-84B5-3F1735F1113B}"=""
"{9456C02E-C745-4B98-9C94-3ECD8609049D}"=""
"{52FB723F-CF2A-4FFC-8BAA-45430971D87A}"=""
"{0C07CE96-F7CD-4318-8758-795740B99228}"=""
"{E374D0B3-E6BD-4565-ADF0-A9DE5A835AF7}"=""
"{A3B9AA96-3098-4D34-868D-826E8B8B3845}"=""
"{2B7FBC0C-9084-453C-8F1B-F21D9A62B0E2}"=""
"{A110A62C-F184-4410-B266-6BD4DA139579}"=""
"{E8A0F9DA-D633-4C17-B5DE-FD3CBC598A43}"=""
"{6605BC64-401E-4FF2-8B81-B10624B57604}"=""
"{D8C180FF-6DB0-4891-81C6-3F258F2FA178}"=""
"{CBF83BD2-4BDF-4B1B-8549-DE130326775D}"=""
"{D2DCD4A0-F20E-4C15-A005-A8AE10552CC8}"=""
"{0AD2F7FC-0676-4F6A-AB0C-AD0F689EB5B1}"=""
"{7FCC7D74-62C0-4695-9BB0-BB00F6FE95AA}"=""
"{520AA93E-FF52-42F1-84C3-B09A8C800DA3}"=""
"{F741E6F5-CED3-4150-9487-9988C4740D82}"=""
"{B903DBD2-CC2D-4F08-9E11-0B0B8C5A6A19}"=""
"{82B006C5-7CB0-45D9-96F2-0ACD9A89085C}"=""
"{9BDF1BE7-7CEA-4879-A36E-229176EF4BEE}"=""
"{C2D6363C-8D31-4158-A559-6C52562940F2}"=""
"{8E9D6AC2-218A-4992-8069-4270CE6B2F63}"=""
"{43E4A8F5-3C39-4E5E-9EAE-526DE37D09A7}"=""
"{D4619D9E-5E06-4087-BFA1-A34B036C52FA}"=""
"{F2EB6CBF-8CD8-49F8-B3BD-6C6E2DB9D2ED}"=""
"{97815401-CA85-4771-8B95-CB8D6A4EAD54}"=""
"{9638FB40-BF32-4085-9656-DFBBA4F478C0}"=""
"{39DD21F0-6E74-4677-B31C-E9A31214E824}"=""
"{A4D4A842-0661-4AF5-9837-455BE1024B41}"=""
"{7EC8D4CC-186C-43B2-BE3D-69B338C0C677}"=""
"{6A26E8AC-B9E6-4FD7-95DD-FC30B2A63674}"=""
"{3F3F99B8-D622-43D7-950F-31C8131FB0F4}"=""
"{A4BC4CB2-EA60-4772-91F4-A13874CF6197}"=""
"{14B24E60-3FAC-4DDB-BABA-639D6A3BFFE6}"=""
"{93250343-7042-4B82-AF93-251BAE92EB88}"=""
"{50D96AC5-E79A-4EB3-8A62-88A372FB8D61}"=""
"{A7586F87-D65C-4A68-9A2A-9522893A8816}"=""
"{824AE954-1F57-4D38-A20F-F8D6EC05BCBE}"=""
"{35519213-6BBD-4C38-9433-44AC0BA861C0}"=""
"{497907F7-E2C5-4404-A237-0257B2FF2D39}"=""
"{B10E5AFB-1613-4998-9092-E673FA76509A}"=""
"{910D1AE9-280E-49DB-B4E7-DFD819D7BF25}"=""
"{007B3F3D-8D3C-4C86-B166-634421574CA1}"=""
"{6718A649-9207-460B-AB6D-580ED991FAE7}"=""
"{3E46D1BA-2848-402A-9CD7-98D46AEE1711}"=""
"{D5A78F19-F456-4A6A-AC3B-B9EA71B34851}"=""
"{173B2105-6FE6-4C9B-BBB4-BB20157287B2}"=""
"{4A62065D-4ED7-4CEF-81EB-0010C4C48AD0}"=""
"{3541815F-C050-40E9-8D72-557AD4CD7329}"=""
"{9632207E-C93C-4B77-9BEC-C61488A8F586}"=""
"{58451D60-7E5D-48AA-9462-4ACF3AA3D491}"=""
"{CA34E16F-8808-4D33-944E-19DF3CFB1D52}"=""
"{2D13A676-56FA-4BC5-AF13-AF2F83DC1128}"=""
"{7BE37482-4618-4DC2-A113-5F37A70D2361}"=""
"{9A08B7F4-3AEF-43CD-8326-CF4FA343555F}"=""
"{6305E052-9815-41AD-8A8A-EA867B3D6160}"=""
"{DD030C20-40F2-4E85-96F4-0A85B051C682}"=""
"{33DF60A4-CBDF-4066-AD3C-B71D348D47AD}"=""
"{A8AF58E8-BA6A-4B0C-83E9-90197A8B74B7}"=""
"{63522C28-720B-4F6D-85BB-22CC16C61CE5}"=""
"{17FB9E47-1FB2-4DD4-83B3-17A1A96F0A6F}"=""
"{3CFD241D-055D-4BC7-8A3B-4E0CCD8328AA}"=""
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"="TrojanHunter Menu Shell Extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3E1800E8-40CF-443D-910C-8E38C2B47412}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3E1800E8-40CF-443D-910C-8E38C2B47412}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3E1800E8-40CF-443D-910C-8E38C2B47412}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3E1800E8-40CF-443D-910C-8E38C2B47412}\InprocServer32]
@="C:\\WINDOWS\\system32\\itrop.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F3139C8D-0A75-42C1-869A-B05F8ADFA639}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F3139C8D-0A75-42C1-869A-B05F8ADFA639}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F3139C8D-0A75-42C1-869A-B05F8ADFA639}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F3139C8D-0A75-42C1-869A-B05F8ADFA639}\InprocServer32]
@="C:\\WINDOWS\\system32\\wznnls.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{33B7EC4A-34D8-4F99-A825-4DA4860E04B6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{33B7EC4A-34D8-4F99-A825-4DA4860E04B6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{33B7EC4A-34D8-4F99-A825-4DA4860E04B6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{33B7EC4A-34D8-4F99-A825-4DA4860E04B6}\InprocServer32]
@="C:\\WINDOWS\\system32\\snobject.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DE6AAA57-4861-4F56-8A35-1A7A717A70DA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DE6AAA57-4861-4F56-8A35-1A7A717A70DA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DE6AAA57-4861-4F56-8A35-1A7A717A70DA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DE6AAA57-4861-4F56-8A35-1A7A717A70DA}\InprocServer32]
@="C:\\WINDOWS\\system32\\wsbclnt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{741DBF95-BB7F-494A-B87D-50A3855E36C6}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{741DBF95-BB7F-494A-B87D-50A3855E36C6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{741DBF95-BB7F-494A-B87D-50A3855E36C6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{741DBF95-BB7F-494A-B87D-50A3855E36C6}\InprocServer32]
@="C:\\WINDOWS\\system32\\mniole32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{17C8162F-728F-4FFB-8765-91665B00363E}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{17C8162F-728F-4FFB-8765-91665B00363E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{17C8162F-728F-4FFB-8765-91665B00363E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{17C8162F-728F-4FFB-8765-91665B00363E}\InprocServer32]
@="C:\\WINDOWS\\system32\\wpsdmoe.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{672B74EB-F0C2-4C38-A5A2-FE3EDFA42CE4}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{672B74EB-F0C2-4C38-A5A2-FE3EDFA42CE4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{672B74EB-F0C2-4C38-A5A2-FE3EDFA42CE4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{672B74EB-F0C2-4C38-A5A2-FE3EDFA42CE4}\InprocServer32]
@="C:\\WINDOWS\\system32\\maltus40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E2EB9B1C-CC9F-449A-8802-9DB08998C092}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{E2EB9B1C-CC9F-449A-8802-9DB08998C092}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E2EB9B1C-CC9F-449A-8802-9DB08998C092}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E2EB9B1C-CC9F-449A-8802-9DB08998C092}\InprocServer32]
@="C:\\WINDOWS\\system32\\dnvx_xx11.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{50DD6BBF-2D17-4A40-86AF-268705E12E62}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{50DD6BBF-2D17-4A40-86AF-268705E12E62}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{50DD6BBF-2D17-4A40-86AF-268705E12E62}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{50DD6BBF-2D17-4A40-86AF-268705E12E62}\InprocServer32]
@="C:\\WINDOWS\\system32\\dVdramp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2F32B82F-DF30-4929-98A0-3901CDBB05F6}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{2F32B82F-DF30-4929-98A0-3901CDBB05F6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F32B82F-DF30-4929-98A0-3901CDBB05F6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F32B82F-DF30-4929-98A0-3901CDBB05F6}\InprocServer32]
@="C:\\WINDOWS\\system32\\wccdlg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CFC882A0-9598-42F9-BCEF-B820A7EB6061}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CFC882A0-9598-42F9-BCEF-B820A7EB6061}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CFC882A0-9598-42F9-BCEF-B820A7EB6061}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CFC882A0-9598-42F9-BCEF-B820A7EB6061}\InprocServer32]
@="C:\\WINDOWS\\system32\\dWvclnt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{09A31D8B-74F0-4DC8-AF2C-4640B3CAD980}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09A31D8B-74F0-4DC8-AF2C-4640B3CAD980}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09A31D8B-74F0-4DC8-AF2C-4640B3CAD980}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09A31D8B-74F0-4DC8-AF2C-4640B3CAD980}\InprocServer32]
@="C:\\WINDOWS\\system32\\dqskperf.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{950D873C-50F9-4F4C-9EA7-EED965C946E7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{950D873C-50F9-4F4C-9EA7-EED965C946E7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{950D873C-50F9-4F4C-9EA7-EED965C946E7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{950D873C-50F9-4F4C-9EA7-EED965C946E7}\InprocServer32]
@="C:\\WINDOWS\\system32\\dacpcsvc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5E34E395-EB13-482A-8395-D7F26B14EC2C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5E34E395-EB13-482A-8395-D7F26B14EC2C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5E34E395-EB13-482A-8395-D7F26B14EC2C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5E34E395-EB13-482A-8395-D7F26B14EC2C}\InprocServer32]
@="C:\\WINDOWS\\system32\\dymap.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{41E030BE-D43E-473F-9C0B-85F2D9B4C3E6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{41E030BE-D43E-473F-9C0B-85F2D9B4C3E6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{41E030BE-D43E-473F-9C0B-85F2D9B4C3E6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{41E030BE-D43E-473F-9C0B-85F2D9B4C3E6}\InprocServer32]
@="C:\\WINDOWS\\system32\\dqvx_xx11.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C08088D7-3F40-4476-BFCB-6F7D596BC1C9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C08088D7-3F40-4476-BFCB-6F7D596BC1C9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C08088D7-3F40-4476-BFCB-6F7D596BC1C9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C08088D7-3F40-4476-BFCB-6F7D596BC1C9}\InprocServer32]
@="C:\\WINDOWS\\system32\\dkstyle.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D36850D6-9B78-47FE-BB7D-DF5CCF7AB9F8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D36850D6-9B78-47FE-BB7D-DF5CCF7AB9F8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D36850D6-9B78-47FE-BB7D-DF5CCF7AB9F8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D36850D6-9B78-47FE-BB7D-DF5CCF7AB9F8}\InprocServer32]
@="C:\\WINDOWS\\system32\\dhnhpast.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{57120FA4-B9AD-4D87-9206-258D6FEA4FD5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{57120FA4-B9AD-4D87-9206-258D6FEA4FD5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{57120FA4-B9AD-4D87-9206-258D6FEA4FD5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{57120FA4-B9AD-4D87-9206-258D6FEA4FD5}\InprocServer32]
@="C:\\WINDOWS\\system32\\mpwebdvd.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{133A7557-2769-4353-BB48-719047FA2412}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{133A7557-2769-4353-BB48-719047FA2412}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{133A7557-2769-4353-BB48-719047FA2412}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{133A7557-2769-4353-BB48-719047FA2412}\InprocServer32]
@="C:\\WINDOWS\\system32\\mxxml3.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C4FCC0F7-968F-4206-B0BA-F945E3902578}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C4FCC0F7-968F-4206-B0BA-F945E3902578}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C4FCC0F7-968F-4206-B0BA-F945E3902578}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C4FCC0F7-968F-4206-B0BA-F945E3902578}\InprocServer32]
@="C:\\WINDOWS\\system32\\mexoci.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EBE989F8-C89D-4185-973C-CEE278850736}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EBE989F8-C89D-4185-973C-CEE278850736}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EBE989F8-C89D-4185-973C-CEE278850736}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EBE989F8-C89D-4185-973C-CEE278850736}\InprocServer32]
@="C:\\WINDOWS\\system32\\McPMSNSv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6F4B4AFB-C026-4DAA-9DB6-52CB6AC64CA2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6F4B4AFB-C026-4DAA-9DB6-52CB6AC64CA2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6F4B4AFB-C026-4DAA-9DB6-52CB6AC64CA2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6F4B4AFB-C026-4DAA-9DB6-52CB6AC64CA2}\InprocServer32]
@="C:\\WINDOWS\\system32\\nbdenb32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{503A1DF1-F888-4480-9FA9-DC0BDCB2394C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{503A1DF1-F888-4480-9FA9-DC0BDCB2394C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{503A1DF1-F888-4480-9FA9-DC0BDCB2394C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{503A1DF1-F888-4480-9FA9-DC0BDCB2394C}\InprocServer32]
@="C:\\WINDOWS\\system32\\ngevtmsg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{05635F56-EEC2-4242-A18B-B670BDEA8736}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{05635F56-EEC2-4242-A18B-B670BDEA8736}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{05635F56-EEC2-4242-A18B-B670BDEA8736}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{05635F56-EEC2-4242-A18B-B670BDEA8736}\InprocServer32]
@="C:\\WINDOWS\\system32\\nlshrui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{725BF285-A513-45F1-83F4-BC6EE53B469B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{725BF285-A513-45F1-83F4-BC6EE53B469B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{725BF285-A513-45F1-83F4-BC6EE53B469B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{725BF285-A513-45F1-83F4-BC6EE53B469B}\InprocServer32]
@="C:\\WINDOWS\\system32\\tebyuv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{499F62F6-E716-4668-8C0B-89466CEF11E7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{499F62F6-E716-4668-8C0B-89466CEF11E7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{499F62F6-E716-4668-8C0B-89466CEF11E7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{499F62F6-E716-4668-8C0B-89466CEF11E7}\InprocServer32]
@="C:\\WINDOWS\\system32\\tbddd.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{69703885-3A92-4F61-841E-3CFFEE8E03CD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{69703885-3A92-4F61-841E-3CFFEE8E03CD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{69703885-3A92-4F61-841E-3CFFEE8E03CD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{69703885-3A92-4F61-841E-3CFFEE8E03CD}\InprocServer32]
@="C:\\WINDOWS\\system32\\uyhisapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3016CE98-9FD8-4B71-92C5-9307ABE65346}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3016CE98-9FD8-4B71-92C5-9307ABE65346}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3016CE98-9FD8-4B71-92C5-9307ABE65346}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3016CE98-9FD8-4B71-92C5-9307ABE65346}\InprocServer32]
@="C:\\WINDOWS\\system32\\ugicows.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4E672DEF-1AE3-4F02-B2F7-D33741B1EB50}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4E672DEF-1AE3-4F02-B2F7-D33741B1EB50}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4E672DEF-1AE3-4F02-B2F7-D33741B1EB50}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4E672DEF-1AE3-4F02-B2F7-D33741B1EB50}\InprocServer32]
@="C:\\WINDOWS\\system32\\udrar.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{95DD6770-9BA3-4B8E-8342-3AFE5E728155}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{95DD6770-9BA3-4B8E-8342-3AFE5E728155}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{95DD6770-9BA3-4B8E-8342-3AFE5E728155}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{95DD6770-9BA3-4B8E-8342-3AFE5E728155}\InprocServer32]
@="C:\\WINDOWS\\system32\\ull.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FB93308A-7C28-439A-A25E-067C65309A33}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FB93308A-7C28-439A-A25E-067C65309A33}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FB93308A-7C28-439A-A25E-067C65309A33}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FB93308A-7C28-439A-A25E-067C65309A33}\InprocServer32]
@="C:\\WINDOWS\\system32\\ukrcntra.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C24C250A-B532-4624-8FA2-85B469023538}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C24C250A-B532-4624-8FA2-85B469023538}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C24C250A-B532-4624-8FA2-85B469023538}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C24C250A-B532-4624-8FA2-85B469023538}\InprocServer32]
@="C:\\WINDOWS\\system32\\iasso.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2EDF08F3-86F5-4DCA-AF0F-1C2F0648495F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2EDF08F3-86F5-4DCA-AF0F-1C2F0648495F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2EDF08F3-86F5-4DCA-AF0F-1C2F0648495F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2EDF08F3-86F5-4DCA-AF0F-1C2F0648495F}\InprocServer32]
@="C:\\WINDOWS\\system32\\ixengine.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2AF712EB-0970-4C13-AC63-409E5CFC58D8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2AF712EB-0970-4C13-AC63-409E5CFC58D8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2AF712EB-0970-4C13-AC63-409E5CFC58D8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2AF712EB-0970-4C13-AC63-409E5CFC58D8}\InprocServer32]
@="C:\\WINDOWS\\system32\\imrop.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8F9ADEB7-6563-4C5D-8032-16656F3943C5}]
@="&q

#6
Armodeluxe

Posted 09 August 2005 - 05:05 PM

Member 2k

Retired Staff
2,744 posts

Please disable Microsoft AntiSpyware and Prevx protection features and don't activate them back until I give you the OK.

Open Microsoft AntiSpyware.
Click on Tools, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

For Prevx:

Right click on the Prevx icon on your system tray and choose Show Management Console.

On the Management Console click the Protection Level drop-down menu.

You will see three levels:

Maximum

Off

User Defined

To disable all protection set the level to Off. You will receive a prompt asking "You are about to change your security settings. Do you wish to continue?" Click Yes.

Click the X on the upper right hand corner to exit the Management console.

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log, and we'll clean up what's left. :tazz:

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

#7
Sinneth

Posted 10 August 2005 - 12:45 PM

Member

Topic Starter
Member
14 posts

Okay, did what you asked! Here's my L2m log:

L2Mfix 1.03a

Running From:
C:\Documents and Settings\Serina\Desktop\l2mfix

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

Setting registry permissions:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry

Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

Setting up for Reboot

Starting Reboot!

C:\Documents and Settings\Serina\Desktop\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\Serina\Desktop\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1228 'explorer.exe'
Killing PID 1228 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1644 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\abl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\abl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\acifile.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\acifile.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\adferror.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\adferror.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aeferror.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aeferror.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aetapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aetapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aFaamon.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aFaamon.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aFd.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aFd.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\Afdiodev.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\Afdiodev.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\agctres.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\agctres.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\agwav.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\agwav.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ahctres.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ahctres.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aMd.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aMd.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aql71.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aql71.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\asctres.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\asctres.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\Asdiodev.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\Asdiodev.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\asisynth.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\asisynth.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\atferror.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\atferror.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\atsmsext.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\atsmsext.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aVaamon.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aVaamon.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\Awdiodev.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\Awdiodev.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\awptif.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\awptif.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\Aydiodev.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\Aydiodev.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azlui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azlui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\bcowselc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\bcowselc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\bdowsewm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\bdowsewm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\beowselc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\beowselc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\beowser.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\beowser.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\bfowsewm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\bfowsewm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\bnotvid.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\bnotvid.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\bPtmeter.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\bPtmeter.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\buowsewm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\buowsewm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\bwtsprx2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\bwtsprx2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\camres.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\camres.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\camuid.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\camuid.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\casetacl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\casetacl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cbrtc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cbrtc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ccmuid.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ccmuid.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cdbcatq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cdbcatq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cel3d32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cel3d32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cgmrepl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cgmrepl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\chypt32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\chypt32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\chyptui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\chyptui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cJtsrvps.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cJtsrvps.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cktdll.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cktdll.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cLrds.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cLrds.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cMpesnpn.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cMpesnpn.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cPbcatq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cPbcatq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cppbk32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cppbk32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cqvfat.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cqvfat.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\CRDBUIRoxio.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\CRDBUIRoxio.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cTbview.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cTbview.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ctvfat.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ctvfat.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cumdlg32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cumdlg32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cvbcatex.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cvbcatex.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cxmuid.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cxmuid.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cyadmin.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cyadmin.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cymdlg32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cymdlg32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\czlbact.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\czlbact.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\czmrepl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\czmrepl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\czral.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\czral.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\czyptui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\czyptui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dacpcsvc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dacpcsvc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\danet.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\danet.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\davx_xx07.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\davx_xx07.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\degeng.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\degeng.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\demv2clt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\demv2clt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dEvclnt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dEvclnt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dewave.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dewave.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dFtaclen.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dFtaclen.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dgnput8.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dgnput8.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dgskmon.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dgskmon.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dhnetlib.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dhnetlib.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dhnhpast.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dhnhpast.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dHtaclen.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dHtaclen.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dimsrpcn.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dimsrpcn.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dirgui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dirgui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\disshlex.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\disshlex.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\divenum.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\divenum.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dJd9.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dJd9.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\djiman32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\djiman32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dkstyle.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dkstyle.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dlskadp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dlskadp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dlskperf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dlskperf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dnvxdec_0411.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dnvxdec_0411.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dnvx_xx11.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dnvx_xx11.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\doghelp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\doghelp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\donet.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\donet.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dorgres.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dorgres.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dpdskres.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dpdskres.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dqskperf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dqskperf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dqvxdec_040c.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dqvxdec_040c.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dqvx_xx11.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dqvx_xx11.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\drnetlib.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\drnetlib.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\drsetup.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\drsetup.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dsnwsock.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dsnwsock.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dtnetlib.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dtnetlib.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dukquota.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dukquota.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dVdramp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dVdramp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dvrawex.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dvrawex.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dWvclnt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dWvclnt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dXdim700.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dXdim700.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dxrgui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dxrgui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dyeml.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dyeml.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dymap.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dymap.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dynhpast.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dynhpast.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dysshlex.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dysshlex.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dYvclnt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dYvclnt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dzkquota.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dzkquota.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dzrpsetu.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dzrpsetu.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\eecdec.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\eecdec.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ement97.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ement97.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fpclient.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fpclient.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fsntext.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fsntext.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fusrch.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fusrch.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\GACollection.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\GACollection.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gdmf32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gdmf32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\GIFSPidGen.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\GIFSPidGen.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\GPFSPidGen.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\GPFSPidGen.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\GQFSPidGen.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\GQFSPidGen.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\GXARAspi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\GXARAspi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hjui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hjui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hkui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hkui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hmui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hmui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hstpapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hstpapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hutpapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hutpapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\huui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\huui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hwui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hwui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hzdserv.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hzdserv.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hzui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hzui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iaetcomm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iaetcomm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iaitpki.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iaitpki.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iasso.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iasso.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ibfxeud.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ibfxeud.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iclogmsg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iclogmsg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iCssam.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iCssam.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\idrtprio.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\idrtprio.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iehlpapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iehlpapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iElmgdev.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iElmgdev.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iEsads.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iEsads.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\IFETWH32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\IFETWH32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\igakui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\igakui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\igsetup.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\igsetup.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iguv_32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iguv_32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ihnathlp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ihnathlp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ihss.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ihss.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iirop.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iirop.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iis.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iis.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\IJETWH32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\IJETWH32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iJlmrem.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iJlmrem.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ijm32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ijm32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ikrop.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ikrop.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ikss.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ikss.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iKssvcs.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iKssvcs.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\imrop.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\imrop.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iNlmgdev.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iNlmgdev.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iowphbk.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iowphbk.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ipfxres.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ipfxres.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ipuv_32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ipuv_32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iQsrecst.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iQsrecst.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iQssdo.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iQssdo.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iQssvcs.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iQssvcs.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iswphbk.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iswphbk.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\itaapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\itaapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iuetpp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iuetpp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iurop.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iurop.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iVitpki.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iVitpki.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ivm32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ivm32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iVssam.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iVssam.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iwdkcs32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iwdkcs32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iwss.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iwss.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iwxpromn.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iwxpromn.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ixengine.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ixengine.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iXssam.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iXssam.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iYlmgdev.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iYlmgdev.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iYssam.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iYssam.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jabexec.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jabexec.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jdt500.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jdt500.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jDvaprxy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jDvaprxy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jfmd400.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jfmd400.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jhcript.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jhcript.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jKvaprxy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jKvaprxy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jlproxy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jlproxy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jLvaprxy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jLvaprxy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jNvaprxy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jNvaprxy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jRvaprxy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jRvaprxy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jxaw400.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jxaw400.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jXvaprxy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jXvaprxy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kadfc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kadfc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kCdfc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kCdfc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kcdinmal.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kcdinmal.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kcdusr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kcdusr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kddfc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kddfc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kddhela3.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kddhela3.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kedla.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kedla.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kedlv1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kedlv1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\khdpl1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\khdpl1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\khdpo.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\khdpo.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\khdsf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\khdsf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kid101c.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kid101c.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kidbe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kidbe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kidbr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kidbr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kjdfi1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kjdfi1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kjdlv1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kjdlv1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kkd101b.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kkd101b.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kkdsmsno.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kkdsmsno.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kldbene.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kldbene.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kldca.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kldca.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kldcan.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kldcan.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kndsf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kndsf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kodcr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kodcr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kpdnec.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kpdnec.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kpdno.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kpdno.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kpdru1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kpdru1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kpdtuq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kpdtuq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kpduk.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kpduk.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kqdcan.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kqdcan.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kqdlv1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kqdlv1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\krdbe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\krdbe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\krdusx.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\krdusx.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ksdfr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ksdfr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ksdit.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ksdit.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ksdmaori.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ksdmaori.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ktdfc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ktdfc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ktdfi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ktdfi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kudfc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kudfc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kvd101b.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kvd101b.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kvdlt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kvdlt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kwdlv.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kwdlv.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kwdmlt48.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kwdmlt48.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kxddv.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kxddv.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kxdmlt47.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kxdmlt47.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kxdsl1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kxdsl1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kxuser.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kxuser.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kydlv1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kydlv1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kyuser.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kyuser.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kzdbe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kzdbe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ldcdll.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ldcdll.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ln32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ln32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lradperf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lradperf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lrcdll.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lrcdll.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lurhelp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lurhelp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvexpand.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvexpand.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lYngwrbk.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lYngwrbk.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\maftedit.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\maftedit.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\maiavi32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\maiavi32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\maiole32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\maiole32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\maltus40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\maltus40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\maorc32r.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\maorc32r.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mavcp71.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mavcp71.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\maxmlr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\maxmlr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mbc42.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mbc42.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mbcshext.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mbcshext.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MbGDMgr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MbGDMgr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mbiseq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mbiseq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mbtext40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mbtext40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mbtime.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mbtime.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mcdadiag.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mcdadiag.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mcexch40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mcexch40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\McPMSNSv.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\McPMSNSv.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\md4fil32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\md4fil32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mdexch40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mdexch40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mdr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mdr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mec40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mec40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\meiole32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\meiole32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mejdbc10.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mejdbc10.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mer2c.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mer2c.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mexoci.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mexoci.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mfrddm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mfrddm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mftext40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mftext40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mgminst.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mgminst.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mgrdim.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mgrdim.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mgstkprp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mgstkprp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mhihnd.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mhihnd.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mHorc32r.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mHorc32r.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mhxmlr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mhxmlr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mic40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mic40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mistkprp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mistkprp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mivbvm50.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mivbvm50.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mjhcp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mjhcp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mjvcp50.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mjvcp50.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mkcshext.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mkcshext.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mkrecr40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mkrecr40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mliole32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mliole32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mLtask.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mLtask.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mlxlegih.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mlxlegih.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mmvcp50.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mmvcp50.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mniole32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mniole32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mnsystem.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mnsystem.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mNtask.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mNtask.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mnxoci.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mnxoci.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mocndmgr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mocndmgr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\moidle.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\moidle.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mor2cenu.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mor2cenu.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\morle32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\morle32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mpc40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mpc40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mpc42u.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mpc42u.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mpwebdvd.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mpwebdvd.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mqc42.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mqc42.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mqcpx32r.dLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mqcpx32r.dLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mqdadiag.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mqdadiag.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mqwmdmsp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mqwmdmsp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mriseq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mriseq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mt4fil32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mt4fil32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mtang.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mtang.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mtimsg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mtimsg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mudadiag.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mudadiag.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mvaudite.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mvaudite.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mvdtclog.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mvdtclog.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mvidntld.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mvidntld.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mwidntld.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mwidntld.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mwimsg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mwimsg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mwmxsdk.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mwmxsdk.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mwrddm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mwrddm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mXtask.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mXtask.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mxvidctl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mxvidctl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mxwmdmsp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mxwmdmsp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mxxml3.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mxxml3.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mydart.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mydart.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\myhgrcoi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\myhgrcoi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\myimsg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\myimsg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\myiole16.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\myiole16.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mymxsdk.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mymxsdk.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MyPMSNSv.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MyPMSNSv.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\myrdim.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\myrdim.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mysign32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mysign32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mywmdmsp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mywmdmsp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mzc71.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mzc71.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mzglibnt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mzglibnt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mzhtml.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mzhtml.dll
1 file(s) copie

#8
Armodeluxe

Posted 10 August 2005 - 04:56 PM

Member 2k

Retired Staff
2,744 posts

That is not the complete log. If it's not fitting in one post, you can post the rest in a second and even if need be, a third post. Please find the point where it cut off and post the rest, no need to post the section you posted already again. I need to see what it deleted, if it did. Also please post a new HijackThis log.

Thank you.

#9
Sinneth

Posted 10 August 2005 - 05:56 PM

Member

Topic Starter
Member
14 posts

It actually was a very huge list of things that were deleted. So I added it as an attatchment. Hopefully that'll work, and here's my new HIJACK this log!:

Logfile of HijackThis v1.99.1
Scan saved at 6:55:04 PM, on 8/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\runservice.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Prevx Home\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Prevx Home\SAGUI.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\WINDOWS\system32\karlru.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Serina\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PrevxHome] C:\Program Files\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\karlru.exe reg_run
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...96/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123388870171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123389025765
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab31267.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Program Files\Prevx Home\PXAgent.exe" -f (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

Okay, Sorry about not showing the whole thing, hehe I didnt realize how big it was. Hopefully this is good enough info for you! And thank you for helping me!

Attached Files

log.txt 344.77KB 172 downloads

#10
Armodeluxe

Posted 10 August 2005 - 06:57 PM

Member 2k

Retired Staff
2,744 posts

Good job.

The main culprit, look2me is hopefully gone, but it downloaded other stuff before it went down. Now we have to take care of those.

You may want to print or save these instructions on Notepad as this fix will be made in safe mode and you won't have access to this page. Once again, I hope you're still keeping the active protections of MSAS and Perevx off.

First, download and install CleanUp! but do not run it yet.
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Please download Ewido Security Suite (do NOT run it yet!)

Install ewido security suite
Launch ewido, there should be a big E icon on your desktop, double-click it.
The program will prompt you to update click the OK button
The program will now go to the main screen
You will need to update ewido to the latest definition files.
On the left hand side of the main screen click update
Click on Start
The update will start and a progress bar will show the updates being installed
After the updates are installed, exit Ewido

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Once in Safe Mode:

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.

If Cleanup! asks if you want to reboot, click NO

Open Ewido

Click on scanner
Click Complete System Scan
Let the program scan the machine

While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "remove", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

Click Save report
Save the report to your desktop
Exit Ewido

Run HijackThis and click scan. Put a check next to these if found:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\karlru.exe reg_run

Close all windows except HijackThis and click Fix Checked.

Navigate to and delete these files in bold if found:

C:\WINDOWS\ttupt.exe
C:\WINDOWS\system32\karlru.exe

Reboot into normal mode.

Then, please run this online virus scan:
ActiveScan

*Save the results from ActiveScan!

Copy the results from ActiveScan and paste them here along with a new HiJackThis log and the report from Ewido.

#11
Sinneth

Posted 12 August 2005 - 06:30 PM

Member

Topic Starter
Member
14 posts

Sorry for the delay! Work has bogged me down like a dog! Anyways, here's my HIJACK THIS LOG! WEE!

Logfile of HijackThis v1.99.1
Scan saved at 7:25:34 PM, on 8/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\runservice.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Prevx Home\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Prevx Home\SAGUI.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Serina\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PrevxHome] C:\Program Files\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\karlru.exe reg_run
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...96/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123388870171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123389025765
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab31267.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Program Files\Prevx Home\PXAgent.exe" -f (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

And I'm attaching the others. That karlu thingy wont go away!
I think those are the right ones, can't wait to hear from you! Quick update, my computer isn't loading windows slow, its moving like clockwork! Thank you so much for that, its been a royal pain! Oh yes, no more random reboots either, hee!

Attached Files

Activescan.txt 173.92KB 137 downloads
Scan_report_20050811.txt.txt 162.04KB 81 downloads

#12
Armodeluxe

Posted 12 August 2005 - 10:53 PM

Member 2k

Retired Staff
2,744 posts

Hi Sinneth

Good to hear of the improvements

Ewido report claims to have gotten rid of karlru, but I'd like to make sure if nothing is bringing the files back or it's only the registry entries not going. Let's see what is lurking in the background. Then we shall rid of them in one go :tazz:

[*]Download WinPFind

Right Click the Zip Folder and Select "Extract All"
Extract it somewhere you will remember like the Desktop
Dont do anything with it yet!

[*]Download Track qoo

Save it somewhere you will remember like the Desktop

[/list]
Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe

Click "Start Scan"
It will scan the entire System, so please be patient!
Once the Scan is Complete
Go to the WinPFind folder
Locate WinPFind.txt
Place those results in the next post!

Reboot back to Normal Mode!

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind!

#13
Armodeluxe

Posted 26 August 2005 - 07:10 PM

Member 2k

Retired Staff
2,744 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.