Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Problems with WinMixer Popups and Others. [CLOSED]

Started by Unreal Vibration , Aug 06 2005 10:26 PM

  • This topic is locked This topic is locked

#1
Unreal Vibration
Posted 06 August 2005 - 10:26 PM

Unreal Vibration

    Member

  • Member
  • PipPip
  • 24 posts
I've been having problems with WinMixer pop-ups and other pop-ups. Not only do I need help removing those from my computer, but, as I have friends whom constantly put more on it, I need help preventing these and new forms of malware from getting on my computer. Here's my HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:22:19 PM, on 8/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\SysCheckBop32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\WINDOWS\win32097181578529.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\vidctrl\vidctrl.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Documents and Settings\user\My Documents\Kai\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

C:\WINDOWS\about.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

C:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -

C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!

\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common

Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1

\SNDMon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1

\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01

\bin\jusched.exe
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft

AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common

Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN

Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\jljabl.exe reg_run
O4 - HKLM\..\Run: [win32097181578529] C:\WINDOWS\win32097181578529.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [sys101815785297] C:\WINDOWS\sys101815785297.exe
O4 - HKLM\..\Run: [tsvcin] C:\WINDOWS\system32\n20050308.EXE
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe"

/startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program

Files\America Online 9.0\aoltray.exe
O4 - Global Startup: ncnp.exe.tcf
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel

present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM

Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1

\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1

\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program

Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program

Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} -

C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-

000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-

00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -

C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-

B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-

0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} -
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) -

http://messenger.zon...ds.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient

Class) -

http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)

- http://messenger.zon...er.cab28578.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -

http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -

http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient

Class) -

http://messenger.zon...nt.cab28578.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

http://messenger.zon...ro.cab32846.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) -

http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -

http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)

- http://messenger.zon...wn.cab28578.cab
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32

\aza0lc5m1f.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. -

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program

Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America

Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
  • 0

Advertisements

#2
Michelle
Posted 07 August 2005 - 12:32 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Welcome to Geeks to Go!

Please rescan with HiJackThis and when the notepad opens up go up to "Format" and uncheck "Word Wrap, then copy and paste the log into this topic. It's too difficult to read the way it is :tazz:
  • 0

#3
Unreal Vibration
Posted 07 August 2005 - 12:46 AM

Unreal Vibration

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ah, sorry about that. Here you go:

Logfile of HijackThis v1.99.1
Scan saved at 1:46:17 AM, on 8/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\SysCheckBop32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\WINDOWS\win32097181578529.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\vidctrl\vidctrl.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Documents and Settings\user\My Documents\Kai\HiJackThis\HijackThis.exe
C:\Program Files\AIM\aim.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\jljabl.exe reg_run
O4 - HKLM\..\Run: [win32097181578529] C:\WINDOWS\win32097181578529.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [sys101815785297] C:\WINDOWS\sys101815785297.exe
O4 - HKLM\..\Run: [tsvcin] C:\WINDOWS\system32\n20050308.EXE
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: ncnp.exe.tcf
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} -
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zon...ds.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28578.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28578.cab
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\aza0lc5m1f.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
  • 0

#4
Michelle
Posted 07 August 2005 - 12:48 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Much better, thank you :tazz:

Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
  • 0

#5
Unreal Vibration
Posted 07 August 2005 - 01:02 AM

Unreal Vibration

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here's the log I got:

L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Dynamic Directory]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\aza0lc5m1f.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{CFB75B5C-EBB6-02C8-2B89-C94AC170E8A4}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{0837F88E-C69A-4C8F-9326-2F3C3D2781F0}"=""
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{883EDE4C-283B-45DA-A68E-5996A0493E20}"=""
"{7E72F542-53C8-41AB-ADB9-9A9A80EED415}"=""
"{73CE59FE-2D5D-4F9E-8B96-FB49458C4987}"=""
"{AC0022F9-443C-497E-BBA3-5562D9967198}"=""
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"="TrojanHunter Menu Shell Extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{883EDE4C-283B-45DA-A68E-5996A0493E20}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{883EDE4C-283B-45DA-A68E-5996A0493E20}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{883EDE4C-283B-45DA-A68E-5996A0493E20}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{883EDE4C-283B-45DA-A68E-5996A0493E20}\InprocServer32]
@="C:\\WINDOWS\\system32\\szellstyle.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{73CE59FE-2D5D-4F9E-8B96-FB49458C4987}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{73CE59FE-2D5D-4F9E-8B96-FB49458C4987}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{73CE59FE-2D5D-4F9E-8B96-FB49458C4987}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{73CE59FE-2D5D-4F9E-8B96-FB49458C4987}\InprocServer32]
@="C:\\WINDOWS\\system32\\pqmas.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{AC0022F9-443C-497E-BBA3-5562D9967198}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AC0022F9-443C-497E-BBA3-5562D9967198}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AC0022F9-443C-497E-BBA3-5562D9967198}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AC0022F9-443C-497E-BBA3-5562D9967198}\InprocServer32]
@="C:\\WINDOWS\\system32\\dRd8thk.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
Locate .tmp files:
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 6C3A-AF51

Directory of C:\WINDOWS\System32

08/06/2005 11:11 PM 235,247 dRd8thk.dll
08/06/2005 11:10 PM 235,247 mv24l9fq1.dll
08/06/2005 10:08 PM 235,247 aza0lc5m1f.dll
08/06/2005 08:15 AM 233,709 jtjo0713e.dll
08/05/2005 09:32 PM 235,276 kt6ql7j51.dll
08/05/2005 08:58 PM 235,529 gp0ql3d51.dll
08/05/2005 03:04 AM 0 fppm0371e.dll
08/05/2005 12:43 AM 233,977 k8620ijoe8oc0.dll
08/04/2005 09:32 PM 234,092 aza007jme.dll
08/04/2005 09:28 AM 233,709 k444lehq1h4e.dll
08/04/2005 06:19 AM 235,480 kt68l7ju1.dll
08/03/2005 09:42 PM 236,300 m0280afued280.dll
08/03/2005 12:30 PM 235,480 p44uleh91h4.dll
08/02/2005 06:57 AM 236,830 l2p2lc7o1f.dll
08/01/2005 05:22 AM 234,767 jt4607hse.dll
07/31/2005 05:47 AM 233,723 t8r8li9u18.dll
07/30/2005 09:38 PM 236,392 mv0sl9d71.dll
07/29/2005 09:01 PM 234,730 e2200cfmef2a0.dll
07/28/2005 09:40 PM 236,719 mv8ul9l91.dll
07/28/2005 05:49 AM 233,796 aza8ledu1h08.dll
07/27/2005 11:17 AM 234,021 symsg.dll
07/27/2005 10:59 AM 235,496 irp4l57q1.dll
07/25/2005 11:40 AM 234,021 irj6l51s1.dll
07/25/2005 06:50 AM 233,363 en20l1fm1.dll
07/25/2005 03:34 AM 234,792 azaml3111.dll
07/24/2005 03:37 PM 233,248 lvno0953e.dll
07/22/2005 10:30 AM 233,248 cbprops.dll
07/22/2005 10:29 AM 233,248 WHVCORE2.DLL
07/22/2005 09:30 AM 233,248 syrrun.dll
07/22/2005 09:29 AM 233,248 qnut.dll
07/22/2005 09:27 AM 235,010 mjcbase.dll
07/13/2005 03:05 PM 401,408 hbtdu.exe
06/23/2005 10:44 AM <DIR> DLLCACHE
04/13/2005 09:19 AM 234,393 dnn8015ue.dll
04/13/2005 09:02 AM 232,806 fplo0333e.dll
04/12/2005 10:24 AM 232,806 h2n0lc5m1f.dll
04/11/2005 04:07 PM 232,806 azao03j3e.dll
04/11/2005 03:38 PM 232,806 fpn2035oe.dll
04/11/2005 03:01 PM 235,563 ktl2l73o1.dll
04/11/2005 02:07 PM 232,709 s0pu0a79ed.dll
04/11/2005 01:57 PM 232,686 hr2u05f9e.dll
04/11/2005 09:50 AM 235,544 k6pmlg7116.dll
04/11/2005 08:07 AM 233,172 t6r8lg9u16.dll
04/10/2005 11:27 PM 232,616 r48s0el7ehq.dll
04/10/2005 06:32 AM 235,548 s0880aluedq80.dll
04/09/2005 08:40 AM 232,937 i624lgfq162e.dll
04/09/2005 08:32 AM 232,719 t6r80g9ue6.dll
04/09/2005 01:34 AM 235,544 MYRCLR40.DLL
04/09/2005 12:22 AM 233,015 j60slgd7160.dll
04/07/2005 05:36 PM 232,789 jt0s07d7e.dll
04/07/2005 05:36 PM 236,115 dnpq0175e.dll
04/07/2005 02:46 AM 235,544 CZC.DLL
04/07/2005 02:44 AM 235,544 k2nolc531f.dll
04/05/2005 11:41 AM 235,544 mnjet40.dll
04/05/2005 11:36 AM 235,544 aza801due.dll
04/04/2005 03:18 PM 233,187 q8nuli5918.dll
04/03/2005 02:33 AM 232,929 h0j4la1q1d.dll
04/02/2005 01:14 PM 236,031 jt8407lqe.dll
04/02/2005 11:00 AM 236,173 lv2609fse.dll
04/02/2005 09:31 AM 233,231 afferror.dll
04/02/2005 09:31 AM 234,985 o4nsle571h.dll
04/02/2005 07:56 AM 234,611 n08olal31dq.dll
04/02/2005 07:17 AM 235,318 azasl1771.dll
04/02/2005 07:09 AM 234,987 o6nslg5716.dll
04/01/2005 10:56 PM 233,720 lv8409lqe.dll
04/01/2005 10:35 PM 235,530 nqtshell.dll
04/01/2005 10:35 PM 232,623 s8rs0i97e8.dll
04/01/2005 07:03 AM 235,893 fp6o03j3e.dll
03/31/2005 04:25 PM 233,195 p24ulch91f4.dll
03/31/2005 04:17 PM 233,070 r2r6lc9s1f.dll
03/31/2005 04:00 PM 233,069 enr6l19s1.dll
03/31/2005 02:45 AM 233,573 enp2l17o1.dll
03/30/2005 11:55 AM 233,874 dn0o01d3e.dll
03/30/2005 03:16 AM 234,921 j84olih3184.dll
03/29/2005 09:50 AM 234,374 dn0801due.dll
03/29/2005 04:09 AM 233,985 aza00g9me6.dll
03/29/2005 02:59 AM 233,099 n4l8le3u1h.dll
03/28/2005 11:28 PM 235,317 dwmsrpcn.dll
03/28/2005 11:28 PM 235,714 jtro0793e.dll
03/28/2005 10:41 PM 234,373 n24slch71f4.dll
03/28/2005 08:58 PM 234,954 ktpul7791.dll
03/28/2005 08:58 PM 234,373 dtound.dll
03/28/2005 08:58 PM 235,473 d00mlad11d0.dll
03/28/2005 02:26 AM 235,176 fp0803due.dll
03/28/2005 01:59 AM 234,373 grkrsrc.dll
03/27/2005 08:59 PM 234,794 p28qlcl51fq.dll
03/27/2005 08:49 PM 234,451 mvl2l93o1.dll
03/27/2005 05:27 PM 233,606 o4ro0e93eh.dll
03/27/2005 05:10 PM 232,783 enl8l13u1.dll
03/27/2005 04:58 PM 232,783 Ioetwh32.dll
03/27/2005 04:19 PM 232,783 MBPISTUB.DLL
03/27/2005 04:19 PM 233,870 kt80l7lm1.dll
03/27/2005 01:55 PM 233,528 hr4s05h7e.dll
03/27/2005 01:26 PM 233,386 fp0603dse.dll
03/27/2005 10:46 AM 234,689 l60ulgd9160.dll
03/27/2005 10:24 AM 234,780 ktrul7991.dll
03/27/2005 08:51 AM 232,783 k408ledu1h08.dll
03/27/2005 01:59 AM 232,783 i6240gfqe62e0.dll
03/27/2005 01:48 AM 232,783 aza20gloe6qc0.dll
03/27/2005 01:41 AM 235,659 dn2001fme.dll
03/26/2005 09:54 PM 232,671 t4r80e9ueh.dll
03/26/2005 08:02 PM 233,179 m0jula191d.dll
03/26/2005 07:49 PM 233,212 aza6lajs1do6.dll
03/26/2005 06:04 PM 233,242 f6l02g3mg6.dll
03/26/2005 05:42 PM 235,871 f2j20c1oef.dll
03/26/2005 04:40 AM 235,659 gpl8l33u1.dll
03/26/2005 04:22 AM 235,659 l46o0ej3eho.dll
03/25/2005 11:11 PM 235,659 enpsl1771.dll
03/25/2005 05:35 PM 235,659 gplol3331.dll
03/25/2005 10:17 AM 235,659 l0l6la3s1d.dll
03/25/2005 04:07 AM 232,899 jt8207loe.dll
03/24/2005 12:57 PM 235,659 mmoert2.dll
03/24/2005 12:34 PM 236,105 i042laho1d4c.dll
03/24/2005 07:05 AM 236,165 h60q0gd5e60.dll
03/24/2005 06:58 AM 233,016 ir8ql5l51.dll
03/24/2005 01:46 AM 234,965 k4440ehqeh4e0.dll
03/22/2005 05:25 PM 235,718 gpn0l35m1.dll
03/22/2005 05:25 PM 234,965 SympleRegistry.dll
03/22/2005 05:25 PM 235,752 jt8s07l7e.dll
03/22/2005 04:35 PM 235,017 h2n00c5mef.dll
03/22/2005 08:14 AM 235,127 lvj8091ue.dll
03/21/2005 10:30 AM 234,965 szellstyle.dll
03/21/2005 10:08 AM 234,965 aelui.dll
03/20/2005 11:02 PM 236,287 aza0lgdm160a.dll
03/20/2005 09:51 AM 236,000 irl0l53m1.dll
03/20/2005 04:57 AM 233,330 aza8l79u1.dll
03/19/2005 10:03 PM 235,358 fpro0393e.dll
03/19/2005 08:50 PM 235,921 q6nu0g59e6.dll
03/19/2005 07:13 PM 233,206 aza6lihs1846.dll
03/19/2005 06:58 PM 235,316 dnno0153e.dll
03/19/2005 06:50 PM 235,032 jt6007jme.dll
03/19/2005 05:56 AM 235,767 k2080cduef080.dll
03/18/2005 09:43 PM 235,407 k2440chqef4e0.dll
03/18/2005 09:34 PM 235,971 c600lgdm160a.dll
03/18/2005 09:27 PM 236,063 l8r0li9m18.dll
03/18/2005 08:32 PM 233,218 t88ulil918q.dll
03/18/2005 07:10 PM 233,172 ktr8l79u1.dll
03/18/2005 04:39 PM 233,235 e2202cfmgf2a2.dll
03/18/2005 12:19 PM 232,976 h40qled51h0.dll
03/18/2005 11:09 AM 236,215 j0n2la5o1d.dll
03/17/2005 06:09 PM 235,748 hp0023dmg.dll
03/17/2005 02:06 PM 234,965 nptlogon.dll
03/17/2005 01:38 PM 233,366 avycfilt.dll
03/17/2005 01:35 PM 235,286 n88o0il3e8q.dll
03/17/2005 01:03 PM 235,948 o2660cjsefo60.dll
03/17/2005 12:48 PM 235,433 jt4m07h1e.dll
03/17/2005 12:32 PM 233,039 enl6l13s1.dll
03/17/2005 11:01 AM 236,094 k480lelm1hqa.dll
03/17/2005 05:20 AM 234,818 j22q0cf5ef2.dll
03/16/2005 09:47 AM 234,818 gsu32.dll
03/16/2005 03:44 AM 234,957 o6ns0g57e6.dll
03/15/2005 04:40 PM 234,395 kt4ml7h11.dll
03/15/2005 03:59 PM 234,973 ir2sl5f71.dll
03/15/2005 01:52 PM 234,000 fuscomex.dll
03/15/2005 01:52 PM 235,600 i006lads1d06.dll
03/15/2005 01:38 PM 233,338 mH640gjqe6oe0.dll
03/15/2005 01:36 PM 234,000 n06q0aj5edo.dll
03/15/2005 11:28 AM 233,030 cxsetacl.dll
03/15/2005 11:00 AM 233,878 o8480ihue8480.dll
03/15/2005 10:45 AM 233,030 notcfgx.dll
03/15/2005 02:50 AM 235,660 irpml5711.dll
03/15/2005 01:53 AM 233,179 enjul1191.dll
03/15/2005 01:02 AM 233,656 VFA256.DLL
03/15/2005 01:02 AM 234,472 l6j80g1ue6.dll
03/15/2005 12:57 AM 232,965 hgui.dll
03/15/2005 12:46 AM 232,965 porpnsp.dll
03/15/2005 12:37 AM 232,965 lvcalsec.dll
03/15/2005 12:29 AM 232,965 KUDRO.DLL
03/15/2005 12:28 AM 232,965 fp2s03f7e.dll
03/15/2005 12:19 AM 232,965 AWNPS.dll
03/15/2005 12:17 AM 232,965 dnr8019ue.dll
03/14/2005 11:24 PM 232,965 iWlmrem.dll
03/14/2005 09:24 PM 234,782 ktj8l71u1.dll
03/14/2005 08:02 PM 232,803 m6820gloe6qc0.dll
03/14/2005 04:44 PM 233,560 jtns0757e.dll
03/14/2005 04:04 PM 234,277 mv6ul9j91.dll
03/14/2005 04:04 PM 233,170 jt6o07j3e.dll
03/14/2005 03:54 PM 232,736 inengine.dll
03/14/2005 12:19 PM 234,714 s8puli7918.dll
03/14/2005 11:34 AM 232,736 k8pmli7118.dll
03/14/2005 10:46 AM 232,736 m846lihs1846.dll
03/14/2005 10:43 AM 234,478 azau0if9e82.dll
03/13/2005 05:29 PM 232,736 mxorcl32.dll
02/20/2005 09:54 AM 224,943 ktnsl7571.dll
02/19/2005 08:55 AM 224,943 n6p4lg7q16.dll
02/19/2005 07:34 AM 224,943 n82u0if9e82.dll
02/19/2005 07:30 AM 223,016 i242lcho1f4c.dll
02/16/2005 07:26 AM 225,675 mvp6l97s1.dll
02/15/2005 02:44 PM 222,596 aza40ajqedoe0.dll
02/15/2005 05:35 AM 222,740 i460lejm1hoa.dll
02/14/2005 04:12 PM 223,180 ir4ul5h91.dll
02/14/2005 01:01 PM 225,675 s288lclu1fq8.dll
02/13/2005 11:27 PM 223,038 o066lajs1do6.dll
02/13/2005 10:10 AM 225,675 l6r00g9me6.dll
02/13/2005 10:06 AM 225,675 ktp6l77s1.dll
02/12/2005 01:21 PM 225,675 m6640gjqe6oe0.dll
02/12/2005 01:18 PM 223,021 jtpo0773e.dll
02/11/2005 06:28 AM 224,967 gpjml3111.dll
02/09/2005 06:46 AM 226,096 mv2ml9f11.dll
02/09/2005 06:21 AM 224,967 s4pule791h.dll
02/08/2005 05:42 AM 224,967 n2l8lc3u1f.dll
02/07/2005 09:58 PM 224,967 f00olad31d0.dll
02/07/2005 09:55 PM 224,967 hr0205doe.dll
02/07/2005 11:57 AM 224,967 l6r0lg9m16.dll
02/07/2005 11:53 AM 225,309 gp48l3hu1.dll
02/06/2005 09:37 PM 225,292 aza40i9qe8.dll
02/06/2005 02:59 AM 225,923 aza60ahsed460.dll
02/06/2005 02:41 AM 224,967 l64q0gh5e64.dll
02/05/2005 03:53 PM 223,137 mvn8l95u1.dll
02/05/2005 05:39 AM 224,530 ir40l5hm1.dll
02/04/2005 04:06 PM 223,058 ktpql7751.dll
02/04/2005 02:19 AM 223,058 ir26l5fs1.dll
02/04/2005 02:09 AM 225,718 i6nmlg5116.dll
02/02/2005 01:23 PM 225,718 MBC40.DLL
02/02/2005 01:20 PM 225,718 k2lqlc351f.dll
02/01/2005 10:18 PM 225,718 m0460ahsed460.dll
01/31/2005 03:47 PM 224,439 enlql1351.dll
01/30/2005 07:44 AM 225,454 irj0l51m1.dll
01/30/2005 06:22 AM 224,439 mvlml9311.dll
01/30/2005 06:14 AM 224,439 g6040gdqe60e0.dll
01/30/2005 04:53 AM 224,439 p8r40i9qe8.dll
01/29/2005 11:55 PM 224,439 m6julg1916.dll
01/29/2005 11:52 PM 224,439 mv8ol9l31.dll
01/29/2005 08:33 AM 224,439 ktp0l77m1.dll
01/29/2005 05:17 AM 224,439 l68m0gl1e6q.dll
01/27/2005 03:21 PM 224,439 PKFLBMSG.DLL
01/26/2005 11:42 PM 226,123 r86ulij918o.dll
01/26/2005 10:26 PM 226,123 CRC.DLL
01/26/2005 10:12 PM 224,685 djvenum.dll
01/26/2005 09:43 PM 225,468 ctcdll.dll
01/26/2005 08:09 AM 224,685 dwmclien.dll
01/26/2005 04:24 AM 224,685 f22m0cf1ef2.dll
01/24/2005 07:27 PM 224,685 fp6203joe.dll
01/24/2005 07:15 PM 224,685 lvps0977e.dll
01/24/2005 08:16 AM 224,685 hrpq0575e.dll
01/24/2005 07:46 AM 224,685 i4jq0e15eh.dll
01/23/2005 03:20 PM 224,685 mv06l9ds1.dll
01/22/2005 03:58 AM 224,685 enp6l17s1.dll
01/21/2005 09:50 PM 224,685 lvn8095ue.dll
01/20/2005 08:58 PM 222,793 hpl0233mg.dll
01/20/2005 08:01 AM 224,591 s8rsli9718.dll
01/20/2005 07:43 AM 225,847 ir84l5lq1.dll
01/19/2005 10:30 PM 222,865 g4jole131h.dll
01/19/2005 05:39 PM 225,847 oobc32.dll
01/19/2005 05:32 PM 226,178 dddmo.dll
01/19/2005 02:04 PM 225,847 smnsapi.dll
01/19/2005 01:22 PM 225,847 oCkley.dll
01/19/2005 01:22 PM 222,760 ir0ml5d11.dll
01/19/2005 12:49 PM 225,847 acsldp.dll
01/19/2005 12:47 PM 225,847 c400ledm1h0a.dll
01/19/2005 12:03 PM 225,847 MFIOLE16.DLL
01/17/2005 07:08 PM 225,847 dnp6017se.dll
01/16/2005 05:03 PM 225,847 hr6s05j7e.dll
01/16/2005 04:58 PM 225,847 k2lq0c35ef.dll
01/16/2005 12:18 PM 225,847 n0p40a7qed.dll
01/16/2005 12:13 PM 226,222 m6ls0g37e6.dll
01/15/2005 08:24 PM 223,889 irj8l51u1.dll
01/15/2005 02:01 PM 222,563 xzidvfw.dll
01/14/2005 02:14 PM 222,563 hrrq0595e.dll
01/14/2005 12:55 PM 222,563 lvjs0917e.dll
01/14/2005 12:50 PM 222,563 c200lcdm1f0a.dll
01/14/2005 06:53 AM 223,397 l06o0aj3edo.dll
01/14/2005 12:24 AM 222,563 AGTIVEDS.DLL
01/13/2005 10:23 PM 225,801 czyptsvc.dll
01/13/2005 08:36 PM 222,544 fpp6037se.dll
01/13/2005 08:16 PM 226,145 SGDPAPI.DLL
01/13/2005 07:24 PM 225,801 fzsext32.dll
01/13/2005 04:22 AM 224,958 MRCONF.DLL
01/12/2005 05:20 PM 225,114 i6nm0g51e6.dll
01/12/2005 04:49 PM 222,894 gppol3731.dll
01/12/2005 04:25 PM 224,958 p8n8li5u18.dll
01/11/2005 08:07 AM 224,958 dn8801lue.dll
01/10/2005 04:46 AM 224,958 KYDHEPT.DLL
01/09/2005 03:16 PM 224,958 k880lilm18qa.dll
01/08/2005 08:49 PM 224,958 aza4ladq1d0e.dll
01/08/2005 08:38 PM 224,958 i642lgho164c.dll
01/08/2005 02:20 AM 225,088 g0lm0a31ed.dll
01/07/2005 07:48 AM 223,219 m2nqlc551f.dll
01/05/2005 06:17 AM 224,866 m0640ajqedoe0.dll
01/04/2005 05:57 AM 224,531 o8roli9318.dll
01/02/2005 03:30 AM 222,685 dnpm0171e.dll
01/02/2005 02:20 AM 222,778 fpr0039me.dll
01/01/2005 06:12 PM 223,030 hr4o05h3e.dll
01/01/2005 05:48 PM 225,173 ir4ol5h31.dll
01/01/2005 05:21 PM 224,632 mvr8l99u1.dll
01/01/2005 03:40 PM 225,173 dn4q01h5e.dll
01/01/2005 03:24 PM 225,985 gpnol3531.dll
01/01/2005 01:35 PM 224,632 g004ladq1d0e.dll
01/01/2005 03:25 AM 225,198 i442leho1h4c.dll
02/04/2004 01:41 PM <DIR> Microsoft
288 File(s) 66,395,966 bytes
2 Dir(s) 1,384,046,592 bytes free
  • 0

#6
Michelle
Posted 07 August 2005 - 01:16 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Wow, that's a long list of files...

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log, and we'll clean up what's left. :tazz:

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
  • 0

#7
Unreal Vibration
Posted 07 August 2005 - 01:36 AM

Unreal Vibration

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
All right. Here the two go:

L2Mfix 1.03a

Running From:
C:\Documents and Settings\user\Desktop\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting up for Reboot


Starting Reboot!

C:\Documents and Settings\user\Desktop\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\user\Desktop\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1544 'explorer.exe'
Killing PID 1544 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 160 'rundll32.exe'
Killing PID 160 'rundll32.exe'
Killing PID 404 'rundll32.exe'
Killing PID 576 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\acsldp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aelui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\afferror.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\AGTIVEDS.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\avycfilt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\AWNPS.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aza007jme.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aza00g9me6.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aza0lgdm160a.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aza20gloe6qc0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aza40ajqedoe0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aza40i9qe8.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aza4ladq1d0e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aza60ahsed460.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aza6lajs1do6.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aza6lihs1846.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aza801due.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aza8l79u1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aza8ledu1h08.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azaml3111.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azao03j3e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azasl1771.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azau0if9e82.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\c200lcdm1f0a.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\c400ledm1h0a.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\c600lgdm160a.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cbprops.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\CRC.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ctcdll.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cxsetacl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\CZC.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\czyptsvc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\d00mlad11d0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dddmo.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\djvenum.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dltmsft.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dn0801due.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dn0o01d3e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dn2001fme.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dn4q01h5e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dn8801lue.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dnn8015ue.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dnno0153e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dnp6017se.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dnpm0171e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dnpq0175e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dnr8019ue.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dRd8thk.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dtound.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dwmclien.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dwmsrpcn.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\e2200cfmef2a0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\e2202cfmgf2a2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en20l1fm1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en66l1js1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en8ol1l31.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enjul1191.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enl6l13s1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enl8l13u1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enlql1351.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enp2l17o1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enp6l17s1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enpsl1771.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enr6l19s1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\f00olad31d0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\f22m0cf1ef2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\f2j20c1oef.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\f6l02g3mg6.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fp0603dse.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fp0803due.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fp2s03f7e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fp6203joe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fp6o03j3e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fplo0333e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fpn2035oe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fpp6037se.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fpr0039me.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fpro0393e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fuscomex.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fzsext32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\g004ladq1d0e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\g0lm0a31ed.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\g4jole131h.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\g6040gdqe60e0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gp0ql3d51.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gp48l3hu1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gpjml3111.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gpl8l33u1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gplol3331.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gpn0l35m1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gpnol3531.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gppol3731.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\grkrsrc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gsu32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\h0j4la1q1d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\h2n00c5mef.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\h2n0lc5m1f.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\h40qled51h0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\h60q0gd5e60.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\h62olgf3162.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hgui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hp0023dmg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hpl0233mg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hr0205doe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hr2u05f9e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hr4o05h3e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hr4s05h7e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hr6s05j7e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hrpq0575e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hrrq0595e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\i006lads1d06.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\i042laho1d4c.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\i242lcho1f4c.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\i442leho1h4c.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\i460lejm1hoa.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\i4jq0e15eh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\i6240gfqe62e0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\i624lgfq162e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\i642lgho164c.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\i6nm0g51e6.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\i6nmlg5116.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\inengine.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\Ioetwh32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir0ml5d11.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir26l5fs1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir2sl5f71.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir40l5hm1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir4ol5h31.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir4ul5h91.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir84l5lq1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir8ql5l51.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irj0l51m1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irj6l51s1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irj8l51u1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irl0l53m1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irp4l57q1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irpml5711.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iWlmrem.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j0n2la5o1d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j22q0cf5ef2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j60slgd7160.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j84olih3184.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jt0s07d7e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jt4607hse.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jt4m07h1e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jt6007jme.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jt6o07j3e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jt8207loe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jt8407lqe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jt8s07l7e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jtjo0713e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jtns0757e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jtpo0773e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jtro0793e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k2080cduef080.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k2440chqef4e0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k2lq0c35ef.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k2lqlc351f.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k2nolc531f.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k408ledu1h08.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k4440ehqeh4e0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k444lehq1h4e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k480lelm1hqa.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k6pmlg7116.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k8620ijoe8oc0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k880lilm18qa.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k8pmli7118.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kt4ml7h11.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kt68l7ju1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kt6ql7j51.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kt80l7lm1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ktj8l71u1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ktl2l73o1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ktnsl7571.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ktp0l77m1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ktp6l77s1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ktpql7751.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ktpul7791.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ktr8l79u1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ktrul7991.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\KUDRO.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\KYDHEPT.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l06o0aj3edo.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l0l6la3s1d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l2p2lc7o1f.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l46o0ej3eho.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l60ulgd9160.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l64q0gh5e64.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l68m0gl1e6q.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l6j80g1ue6.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l6r00g9me6.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l6r0lg9m16.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l8r0li9m18.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lv2609fse.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lv8409lqe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvcalsec.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvj8091ue.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvjs0917e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvn8095ue.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvno0953e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvps0977e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m0280afued280.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m0460ahsed460.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m0640ajqedoe0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m0jula191d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m2nqlc551f.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m6640gjqe6oe0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m6820gloe6qc0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m6julg1916.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m6ls0g37e6.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m846lihs1846.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MBC40.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MBPISTUB.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MFIOLE16.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mH640gjqe6oe0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mjcbase.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mmoert2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mnjet40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MRCONF.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mv06l9ds1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mv0sl9d71.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mv24l9fq1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mv2ml9f11.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mv6ul9j91.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mv8ol9l31.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mv8ul9l91.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mvl2l93o1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mvlml9311.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mvn8l95u1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mvp6l97s1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mvr8l99u1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mxorcl32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MYRCLR40.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n06q0aj5edo.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n08olal31dq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n0p40a7qed.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n24slch71f4.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n2l8lc3u1f.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n4l8le3u1h.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n6p4lg7q16.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n82u0if9e82.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n88o0il3e8q.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\notcfgx.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nptlogon.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nqtshell.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o066lajs1do6.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o0pqla751d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o2660cjsefo60.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o4nsle571h.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o4ro0e93eh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o6ns0g57e6.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o6nslg5716.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o8480ihue8480.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o8roli9318.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\oCkley.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\oobc32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\p24ulch91f4.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\p28qlcl51fq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\p44uleh91h4.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\p8n8li5u18.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\p8r40i9qe8.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\PKFLBMSG.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\porpnsp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\q6nu0g59e6.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\q8nuli5918.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\qnut.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\r2r6lc9s1f.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\r48s0el7ehq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\r86ulij918o.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\s0880aluedq80.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\s0pu0a79ed.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\s288lclu1fq8.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\s4pule791h.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\s8puli7918.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\s8rs0i97e8.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\s8rsli9718.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\SGDPAPI.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\smnsapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\SympleRegistry.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\symsg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\syrrun.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\szellstyle.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\t4r80e9ueh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\t6r80g9ue6.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\t6r8lg9u16.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\t88ulil918q.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\t8r8li9u18.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\VFA256.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\WHVCORE2.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\xzidvfw.dll
1 file(s) copied.
deleting: C:\WINDOWS\system32\acsldp.dll
Successfully Deleted: C:\WINDOWS\system32\acsldp.dll
deleting: C:\WINDOWS\system32\aelui.dll
Successfully Deleted: C:\WINDOWS\system32\aelui.dll
deleting: C:\WINDOWS\system32\afferror.dll
Successfully Deleted: C:\WINDOWS\system32\afferror.dll
deleting: C:\WINDOWS\system32\AGTIVEDS.DLL
Successfully Deleted: C:\WINDOWS\system32\AGTIVEDS.DLL
deleting: C:\WINDOWS\system32\avycfilt.dll
Successfully Deleted: C:\WINDOWS\system32\avycfilt.dll
deleting: C:\WINDOWS\system32\AWNPS.dll
Successfully Deleted: C:\WINDOWS\system32\AWNPS.dll
deleting: C:\WINDOWS\system32\aza007jme.dll
Successfully Deleted: C:\WINDOWS\system32\aza007jme.dll
deleting: C:\WINDOWS\system32\aza00g9me6.dll
Successfully Deleted: C:\WINDOWS\system32\aza00g9me6.dll
deleting: C:\WINDOWS\system32\aza0lgdm160a.dll
Successfully Deleted: C:\WINDOWS\system32\aza0lgdm160a.dll
deleting: C:\WINDOWS\system32\aza20gloe6qc0.dll
Successfully Deleted: C:\WINDOWS\system32\aza20gloe6qc0.dll
deleting: C:\WINDOWS\system32\aza40ajqedoe0.dll
Successfully Deleted: C:\WINDOWS\system32\aza40ajqedoe0.dll
deleting: C:\WINDOWS\system32\aza40i9qe8.dll
Successfully Deleted: C:\WINDOWS\system32\aza40i9qe8.dll
deleting: C:\WINDOWS\system32\aza4ladq1d0e.dll
Successfully Deleted: C:\WINDOWS\system32\aza4ladq1d0e.dll
deleting: C:\WINDOWS\system32\aza60ahsed460.dll
Successfully Deleted: C:\WINDOWS\system32\aza60ahsed460.dll
deleting: C:\WINDOWS\system32\aza6lajs1do6.dll
Successfully Deleted: C:\WINDOWS\system32\aza6lajs1do6.dll
deleting: C:\WINDOWS\system32\aza6lihs1846.dll
Successfully Deleted: C:\WINDOWS\system32\aza6lihs1846.dll
deleting: C:\WINDOWS\system32\aza801due.dll
Successfully Deleted: C:\WINDOWS\system32\aza801due.dll
deleting: C:\WINDOWS\system32\aza8l79u1.dll
Successfully Deleted: C:\WINDOWS\system32\aza8l79u1.dll
deleting: C:\WINDOWS\system32\aza8ledu1h08.dll
Successfully Deleted: C:\WINDOWS\system32\aza8ledu1h08.dll
deleting: C:\WINDOWS\system32\azaml3111.dll
Successfully Deleted: C:\WINDOWS\system32\azaml3111.dll
deleting: C:\WINDOWS\system32\azao03j3e.dll
Successfully Deleted: C:\WINDOWS\system32\azao03j3e.dll
deleting: C:\WINDOWS\system32\azasl1771.dll
Successfully Deleted: C:\WINDOWS\system32\azasl1771.dll
deleting: C:\WINDOWS\system32\azau0if9e82.dll
Successfully Deleted: C:\WINDOWS\system32\azau0if9e82.dll
deleting: C:\WINDOWS\system32\c200lcdm1f0a.dll
Successfully Deleted: C:\WINDOWS\system32\c200lcdm1f0a.dll
deleting: C:\WINDOWS\system32\c400ledm1h0a.dll
Successfully Deleted: C:\WINDOWS\system32\c400ledm1h0a.dll
deleting: C:\WINDOWS\system32\c600lgdm160a.dll
Successfully Deleted: C:\WINDOWS\system32\c600lgdm160a.dll
deleting: C:\WINDOWS\system32\cbprops.dll
Successfully Deleted: C:\WINDOWS\system32\cbprops.dll
deleting: C:\WINDOWS\system32\CRC.DLL
Successfully Deleted: C:\WINDOWS\system32\CRC.DLL
deleting: C:\WINDOWS\system32\ctcdll.dll
Successfully Deleted: C:\WINDOWS\system32\ctcdll.dll
deleting: C:\WINDOWS\system32\cxsetacl.dll
Successfully Deleted: C:\WINDOWS\system32\cxsetacl.dll
deleting: C:\WINDOWS\system32\CZC.DLL
Successfully Deleted: C:\WINDOWS\system32\CZC.DLL
deleting: C:\WINDOWS\system32\czyptsvc.dll
Successfully Deleted: C:\WINDOWS\system32\czyptsvc.dll
deleting: C:\WINDOWS\system32\d00mlad11d0.dll
Successfully Deleted: C:\WINDOWS\system32\d00mlad11d0.dll
deleting: C:\WINDOWS\system32\dddmo.dll
Successfully Deleted: C:\WINDOWS\system32\dddmo.dll
deleting: C:\WINDOWS\system32\djvenum.dll
Successfully Deleted: C:\WINDOWS\system32\djvenum.dll
deleting: C:\WINDOWS\system32\dltmsft.dll
Successfully Deleted: C:\WINDOWS\system32\dltmsft.dll
deleting: C:\WINDOWS\system32\dn0801due.dll
Successfully Deleted: C:\WINDOWS\system32\dn0801due.dll
deleting: C:\WINDOWS\system32\dn0o01d3e.dll
Successfully Deleted: C:\WINDOWS\system32\dn0o01d3e.dll
deleting: C:\WINDOWS\system32\dn2001fme.dll
Successfully Deleted: C:\WINDOWS\system32\dn2001fme.dll
deleting: C:\WINDOWS\system32\dn4q01h5e.dll
Successfully Deleted: C:\WINDOWS\system32\dn4q01h5e.dll
deleting: C:\WINDOWS\system32\dn8801lue.dll
Successfully Deleted: C:\WINDOWS\system32\dn8801lue.dll
deleting: C:\WINDOWS\system32\dnn8015ue.dll
Successfully Deleted: C:\WINDOWS\system32\dnn8015ue.dll
deleting: C:\WINDOWS\system32\dnno0153e.dll
Successfully Deleted: C:\WINDOWS\system32\dnno0153e.dll
deleting: C:\WINDOWS\system32\dnp6017se.dll
Successfully Deleted: C:\WINDOWS\system32\dnp6017se.dll
deleting: C:\WINDOWS\system32\dnpm0171e.dll
Successfully Deleted: C:\WINDOWS\system32\dnpm0171e.dll
deleting: C:\WINDOWS\system32\dnpq0175e.dll
Successfully Deleted: C:\WINDOWS\system32\dnpq0175e.dll
deleting: C:\WINDOWS\system32\dnr8019ue.dll
Successfully Deleted: C:\WINDOWS\system32\dnr8019ue.dll
deleting: C:\WINDOWS\system32\dRd8thk.dll
Successfully Deleted: C:\WINDOWS\system32\dRd8thk.dll
deleting: C:\WINDOWS\system32\dtound.dll
Successfully Deleted: C:\WINDOWS\system32\dtound.dll
deleting: C:\WINDOWS\system32\dwmclien.dll
Successfully Deleted: C:\WINDOWS\system32\dwmclien.dll
deleting: C:\WINDOWS\system32\dwmsrpcn.dll
Successfully Deleted: C:\WINDOWS\system32\dwmsrpcn.dll
deleting: C:\WINDOWS\system32\e2200cfmef2a0.dll
Successfully Deleted: C:\WINDOWS\system32\e2200cfmef2a0.dll
deleting: C:\WINDOWS\system32\e2202cfmgf2a2.dll
Successfully Deleted: C:\WINDOWS\system32\e2202cfmgf2a2.dll
deleting: C:\WINDOWS\system32\en20l1fm1.dll
Successfully Deleted: C:\WINDOWS\system32\en20l1fm1.dll
deleting: C:\WINDOWS\system32\en66l1js1.dll
Successfully Deleted: C:\WINDOWS\system32\en66l1js1.dll
deleting: C:\WINDOWS\system32\en8ol1l31.dll
Successfully Deleted: C:\WINDOWS\system32\en8ol1l31.dll
deleting: C:\WINDOWS\system32\enjul1191.dll
Successfully Deleted: C:\WINDOWS\system32\enjul1191.dll
deleting: C:\WINDOWS\system32\enl6l13s1.dll
Successfully Deleted: C:\WINDOWS\system32\enl6l13s1.dll
deleting: C:\WINDOWS\system32\enl8l13u1.dll
Successfully Deleted: C:\WINDOWS\system32\enl8l13u1.dll
deleting: C:\WINDOWS\system32\enlql1351.dll
Successfully Deleted: C:\WINDOWS\system32\enlql1351.dll
deleting: C:\WINDOWS\system32\enp2l17o1.dll
Successfully Deleted: C:\WINDOWS\system32\enp2l17o1.dll
deleting: C:\WINDOWS\system32\enp6l17s1.dll
Successfully Deleted: C:\WINDOWS\system32\enp6l17s1.dll
deleting: C:\WINDOWS\system32\enpsl1771.dll
Successfully Deleted: C:\WINDOWS\system32\enpsl1771.dll
deleting: C:\WINDOWS\system32\enr6l19s1.dll
Successfully Deleted: C:\WINDOWS\system32\enr6l19s1.dll
deleting: C:\WINDOWS\system32\f00olad31d0.dll
Successfully Deleted: C:\WINDOWS\system32\f00olad31d0.dll
deleting: C:\WINDOWS\system32\f22m0cf1ef2.dll
Successfully Deleted: C:\WINDOWS\system32\f22m0cf1ef2.dll
deleting: C:\WINDOWS\system32\f2j20c1oef.dll
Successfully Deleted: C:\WINDOWS\system32\f2j20c1oef.dll
deleting: C:\WINDOWS\system32\f6l02g3mg6.dll
Successfully Deleted: C:\WINDOWS\system32\f6l02g3mg6.dll
deleting: C:\WINDOWS\system32\fp0603dse.dll
Successfully Deleted: C:\WINDOWS\system32\fp0603dse.dll
deleting: C:\WINDOWS\system32\fp0803due.dll
Successfully Deleted: C:\WINDOWS\system32\fp0803due.dll
deleting: C:\WINDOWS\system32\fp2s03f7e.dll
Successfully Deleted: C:\WINDOWS\system32\fp2s03f7e.dll
deleting: C:\WINDOWS\system32\fp6203joe.dll
Successfully Deleted: C:\WINDOWS\system32\fp6203joe.dll
deleting: C:\WINDOWS\system32\fp6o03j3e.dll
Successfully Deleted: C:\WINDOWS\system32\fp6o03j3e.dll
deleting: C:\WINDOWS\system32\fplo0333e.dll
Successfully Deleted: C:\WINDOWS\system32\fplo0333e.dll
deleting: C:\WINDOWS\system32\fpn2035oe.dll
Successfully Deleted: C:\WINDOWS\system32\fpn2035oe.dll
deleting: C:\WINDOWS\system32\fpp6037se.dll
Successfully Deleted: C:\WINDOWS\system32\fpp6037se.dll
deleting: C:\WINDOWS\system32\fpr0039me.dll
Successfully Deleted: C:\WINDOWS\system32\fpr0039me.dll
deleting: C:\WINDOWS\system32\fpro0393e.dll
Successfully Deleted: C:\WINDOWS\system32\fpro0393e.dll
deleting: C:\WINDOWS\system32\fuscomex.dll
Successfully Deleted: C:\WINDOWS\system32\fuscomex.dll
deleting: C:\WINDOWS\system32\fzsext32.dll
Successfully Deleted: C:\WINDOWS\system32\fzsext32.dll
deleting: C:\WINDOWS\system32\g004ladq1d0e.dll
Successfully Deleted: C:\WINDOWS\system32\g004ladq1d0e.dll
deleting: C:\WINDOWS\system32\g0lm0a31ed.dll
Successfully Deleted: C:\WINDOWS\system32\g0lm0a31ed.dll
deleting: C:\WINDOWS\system32\g4jole131h.dll
Successfully Deleted: C:\WINDOWS\system32\g4jole131h.dll
deleting: C:\WINDOWS\system32\g6040gdqe60e0.dll
Successfully Deleted: C:\WINDOWS\system32\g6040gdqe60e0.dll
deleting: C:\WINDOWS\system32\gp0ql3d51.dll
Successfully Deleted: C:\WINDOWS\system32\gp0ql3d51.dll
deleting: C:\WINDOWS\system32\gp48l3hu1.dll
Successfully Deleted: C:\WINDOWS\system32\gp48l3hu1.dll
deleting: C:\WINDOWS\system32\gpjml3111.dll
Successfully Deleted: C:\WINDOWS\system32\gpjml3111.dll
deleting: C:\WINDOWS\system32\gpl8l33u1.dll
Successfully Deleted: C:\WINDOWS\system32\gpl8l33u1.dll
deleting: C:\WINDOWS\system32\gplol3331.dll
Successfully Deleted: C:\WINDOWS\system32\gplol3331.dll
deleting: C:\WINDOWS\system32\gpn0l35m1.dll
Successfully Deleted: C:\WINDOWS\system32\gpn0l35m1.dll
deleting: C:\WINDOWS\system32\gpnol3531.dll
Successfully Deleted: C:\WINDOWS\system32\gpnol3531.dll
deleting: C:\WINDOWS\system32\gppol3731.dll
Successfully Deleted: C:\WINDOWS\system32\gppol3731.dll
deleting: C:\WINDOWS\system32\grkrsrc.dll
Successfully Deleted: C:\WINDOWS\system32\grkrsrc.dll
deleting: C:\WINDOWS\system32\gsu32.dll
Successfully Deleted: C:\WINDOWS\system32\gsu32.dll
deleting: C:\WINDOWS\system32\h0j4la1q1d.dll
Successfully Deleted: C:\WINDOWS\system32\h0j4la1q1d.dll
deleting: C:\WINDOWS\system32\h2n00c5mef.dll
Successfully Deleted: C:\WINDOWS\system32\h2n00c5mef.dll
deleting: C:\WINDOWS\system32\h2n0lc5m1f.dll
Successfully Deleted: C:\WINDOWS\system32\h2n0lc5m1f.dll
deleting: C:\WINDOWS\system32\h40qled51h0.dll
Successfully Deleted: C:\WINDOWS\system32\h40qled51h0.dll
deleting: C:\WINDOWS\system32\h60q0gd5e60.dll
Successfully Deleted: C:\WINDOWS\system32\h60q0gd5e60.dll
deleting: C:\WINDOWS\system32\h62olgf3162.dll
Successfully Deleted: C:\WINDOWS\system32\h62olgf3162.dll
deleting: C:\WINDOWS\system32\hgui.dll
Successfully Deleted: C:\WINDOWS\system32\hgui.dll
deleting: C:\WINDOWS\system32\hp0023dmg.dll
Successfully Deleted: C:\WINDOWS\system32\hp0023dmg.dll
deleting: C:\WINDOWS\system32\hpl0233mg.dll
Successfully Deleted: C:\WINDOWS\system32\hpl0233mg.dll
deleting: C:\WINDOWS\system32\hr0205doe.dll
Successfully Deleted: C:\WINDOWS\system32\hr0205doe.dll
deleting: C:\WINDOWS\system32\hr2u05f9e.dll
Successfully Deleted: C:\WINDOWS\system32\hr2u05f9e.dll
deleting: C:\WINDOWS\system32\hr4o05h3e.dll
Successfully Deleted: C:\WINDOWS\system32\hr4o05h3e.dll
deleting: C:\WINDOWS\system32\hr4s05h7e.dll
Successfully Deleted: C:\WINDOWS\system32\hr4s05h7e.dll
deleting: C:\WINDOWS\system32\hr6s05j7e.dll
Successfully Deleted: C:\WINDOWS\system32\hr6s05j7e.dll
deleting: C:\WINDOWS\system32\hrpq0575e.dll
Successfully Deleted: C:\WINDOWS\system32\hrpq0575e.dll
deleting: C:\WINDOWS\system32\hrrq0595e.dll
Successfully Deleted: C:\WINDOWS\system32\hrrq0595e.dll
deleting: C:\WINDOWS\system32\i006lads1d06.dll
Successfully Deleted: C:\WINDOWS\system32\i006lads1d06.dll
deleting: C:\WINDOWS\system32\i042laho1d4c.dll
Successfully Deleted: C:\WINDOWS\system32\i042laho1d4c.dll
deleting: C:\WINDOWS\system32\i242lcho1f4c.dll
Successfully Deleted: C:\WINDOWS\system32\i242lcho1f4c.dll
deleting: C:\WINDOWS\system32\i442leho1h4c.dll
Successfully Deleted: C:\WINDOWS\system32\i442leho1h4c.dll
deleting: C:\WINDOWS\system32\i460lejm1hoa.dll
Successfully Deleted: C:\WINDOWS\system32\i460lejm1hoa.dll
deleting: C:\WINDOWS\system32\i4jq0e15eh.dll
Successfully Deleted: C:\WINDOWS\system32\i4jq0e15eh.dll
deleting: C:\WINDOWS\system32\i6240gfqe62e0.dll
Successfully Deleted: C:\WINDOWS\system32\i6240gfqe62e0.dll
deleting: C:\WINDOWS\system32\i624lgfq162e.dll
Successfully Deleted: C:\WINDOWS\system32\i624lgfq162e.dll
deleting: C:\WINDOWS\system32\i642lgho164c.dll
Successfully Deleted: C:\WINDOWS\system32\i642lgho164c.dll
deleting: C:\WINDOWS\system32\i6nm0g51e6.dll
Successfully Deleted: C:\WINDOWS\system32\i6nm0g51e6.dll
deleting: C:\WINDOWS\system32\i6nmlg5116.dll
Successfully Deleted: C:\WINDOWS\system32\i6nmlg5116.dll
deleting: C:\WINDOWS\system32\inengine.dll
Successfully Deleted: C:\WINDOWS\system32\inengine.dll
deleting: C:\WINDOWS\system32\Ioetwh32.dll
Successfully Deleted: C:\WINDOWS\system32\Ioetwh32.dll
deleting: C:\WINDOWS\system32\ir0ml5d11.dll
Successfully Deleted: C:\WINDOWS\system32\ir0ml5d11.dll
deleting: C:\WINDOWS\system32\ir26l5fs1.dll
Successfully Deleted: C:\WINDOWS\system32\ir26l5fs1.dll
deleting: C:\WINDOWS\system32\ir2sl5f71.dll
Successfully Deleted: C:\WINDOWS\system32\ir2sl5f71.dll
deleting: C:\WINDOWS\system32\ir40l5hm1.dll
Successfully Deleted: C:\WINDOWS\system32\ir40l5hm1.dll
deleting: C:\WINDOWS\system32\ir4ol5h31.dll
Successfully Deleted: C:\WINDOWS\system32\ir4ol5h31.dll
deleting: C:\WINDOWS\system32\ir4ul5h91.dll
Successfully Deleted: C:\WINDOWS\system32\ir4ul5h91.dll
deleting: C:\WINDOWS\system32\ir84l5lq1.dll
Successfully Deleted: C:\WINDOWS\system32\ir84l5lq1.dll
deleting: C:\WINDOWS\system32\ir8ql5l51.dll
Successfully Deleted: C:\WINDOWS\system32\ir8ql5l51.dll
deleting: C:\WINDOWS\system32\irj0l51m1.dll
Successfully Deleted: C:\WINDOWS\system32\irj0l51m1.dll
deleting: C:\WINDOWS\system32\irj6l51s1.dll
Successfully Deleted: C:\WINDOWS\system32\irj6l51s1.dll
deleting: C:\WINDOWS\system32\irj8l51u1.dll
Successfully Deleted: C:\WINDOWS\system32\irj8l51u1.dll
deleting: C:\WINDOWS\system32\irl0l53m1.dll
Successfully Deleted: C:\WINDOWS\system32\irl0l53m1.dll
deleting: C:\WINDOWS\system32\irp4l57q1.dll
Successfully Deleted: C:\WINDOWS\system32\irp4l57q1.dll
deleting: C:\WINDOWS\system32\irpml5711.dll
Successfully Deleted: C:\WINDOWS\system32\irpml5711.dll
deleting: C:\WINDOWS\system32\iWlmrem.dll
Successfully Deleted: C:\WINDOWS\system32\iWlmrem.dll
deleting: C:\WINDOWS\system32\j0n2la5o1d.dll
Successfully Deleted: C:\WINDOWS\system32\j0n2la5o1d.dll
deleting: C:\WINDOWS\system32\j22q0cf5ef2.dll
Successfully Deleted: C:\WINDOWS\system32\j22q0cf5ef2.dll
deleting: C:\WINDOWS\system32\j60slgd7160.dll
Successfully Deleted: C:\WINDOWS\system32\j60slgd7160.dll
deleting: C:\WINDOWS\system32\j84olih3184.dll
Successfully Deleted: C:\WINDOWS\system32\j84olih3184.dll
deleting: C:\WINDOWS\system32\jt0s07d7e.dll
Successfully Deleted: C:\WINDOWS\system32\jt0s07d7e.dll
deleting: C:\WINDOWS\system32\jt4607hse.dll
Successfully Deleted: C:\WINDOWS\system32\jt4607hse.dll
deleting: C:\WINDOWS\system32\jt4m07h1e.dll
Successfully Deleted: C:\WINDOWS\system32\jt4m07h1e.dll
deleting: C:\WINDOWS\system32\jt6007jme.dll
Successfully Deleted: C:\WINDOWS\system32\jt6007jme.dll
deleting: C:\WINDOWS\system32\jt6o07j3e.dll
Successfully Deleted: C:\WINDOWS\system32\jt6o07j3e.dll
deleting: C:\WINDOWS\system32\jt8207loe.dll
Successfully Deleted: C:\WINDOWS\system32\jt8207loe.dll
deleting: C:\WINDOWS\system32\jt8407lqe.dll
Successfully Deleted: C:\WINDOWS\system32\jt8407lqe.dll
deleting: C:\WINDOWS\system32\jt8s07l7e.dll
Successfully Deleted: C:\WINDOWS\system32\jt8s07l7e.dll
deleting: C:\WINDOWS\system32\jtjo0713e.dll
Successfully Deleted: C:\WINDOWS\system32\jtjo0713e.dll
deleting: C:\WINDOWS\system32\jtns0757e.dll
Successfully Deleted: C:\WINDOWS\system32\jtns0757e.dll
deleting: C:\WINDOWS\system32\jtpo0773e.dll
Successfully Deleted: C:\WINDOWS\system32\jtpo0773e.dll
deleting: C:\WINDOWS\system32\jtro0793e.dll
Successfully Deleted: C:\WINDOWS\system32\jtro0793e.dll
deleting: C:\WINDOWS\system32\k2080cduef080.dll
Successfully Deleted: C:\WINDOWS\system32\k2080cduef080.dll
deleting: C:\WINDOWS\system32\k2440chqef4e0.dll
Successfully Deleted: C:\WINDOWS\system32\k2440chqef4e0.dll
deleting: C:\WINDOWS\system32\k2lq0c35ef.dll
Successfully Deleted: C:\WINDOWS\system32\k2lq0c35ef.dll
deleting: C:\WINDOWS\system32\k2lqlc351f.dll
Successfully Deleted: C:\WINDOWS\system32\k2lqlc351f.dll
deleting: C:\WINDOWS\system32\k2nolc531f.dll
Successfully Deleted: C:\WINDOWS\system32\k2nolc531f.dll
deleting: C:\WINDOWS\system32\k408ledu1h08.dll
Successfully Deleted: C:\WINDOWS\system32\k408ledu1h08.dll
deleting: C:\WINDOWS\system32\k4440ehqeh4e0.dll
Successfully Deleted: C:\WINDOWS\system32\k4440ehqeh4e0.dll
deleting: C:\WINDOWS\system32\k444lehq1h4e.dll
Successfully Deleted: C:\WINDOWS\system32\k444lehq1h4e.dll
deleting: C:\WINDOWS\system32\k480lelm1hqa.dll
Successfully Deleted: C:\WINDOWS\system32\k480lelm1hqa.dll
deleting: C:\WINDOWS\system32\k6pmlg7116.dll
Successfully Deleted: C:\WINDOWS\system32\k6pmlg7116.dll
deleting: C:\WINDOWS\system32\k8620ijoe8oc0.dll
Successfully Deleted: C:\WINDOWS\system32\k8620ijoe8oc0.dll
deleting: C:\WINDOWS\system32\k880lilm18qa.dll
Successfully Deleted: C:\WINDOWS\system32\k880lilm18qa.dll
deleting: C:\WINDOWS\system32\k8pmli7118.dll
Successfully Deleted: C:\WINDOWS\system32\k8pmli7118.dll
deleting: C:\WINDOWS\system32\kt4ml7h11.dll
Successfully Deleted: C:\WINDOWS\system32\kt4ml7h11.dll
deleting: C:\WINDOWS\system32\kt68l7ju1.dll
Successfully Deleted: C:\WINDOWS\system32\kt68l7ju1.dll
deleting: C:\WINDOWS\system32\kt6ql7j51.dll
Successfully Deleted: C:\WINDOWS\system32\kt6ql7j51.dll
deleting: C:\WINDOWS\system32\kt80l7lm1.dll
Successfully Deleted: C:\WINDOWS\system32\kt80l7lm1.dll
deleting: C:\WINDOWS\system32\ktj8l71u1.dll
Successfully Deleted: C:\WINDOWS\system32\ktj8l71u1.dll
deleting: C:\WINDOWS\system32\ktl2l73o1.dll
Successfully Deleted: C:\WINDOWS\system32\ktl2l73o1.dll
deleting: C:\WINDOWS\system32\ktnsl7571.dll
Successfully Deleted: C:\WINDOWS\system32\ktnsl7571.dll
deleting: C:\WINDOWS\system32\ktp0l77m1.dll
Successfully Deleted: C:\WINDOWS\system32\ktp0l77m1.dll
deleting: C:\WINDOWS\system32\ktp6l77s1.dll
Successfully Deleted: C:\WINDOWS\system32\ktp6l77s1.dll
deleting: C:\WINDOWS\system32\ktpql7751.dll
Successfully Deleted: C:\WINDOWS\system32\ktpql7751.dll
deleting: C:\WINDOWS\system32\ktpul7791.dll
Successfully Deleted: C:\WINDOWS\system32\ktpul7791.dll
deleting: C:\WINDOWS\system32\ktr8l79u1.dll
Successfully Deleted: C:\WINDOWS\system32\ktr8l79u1.dll
deleting: C:\WINDOWS\system32\ktrul7991.dll
Successfully Deleted: C:\WINDOWS\system32\ktrul7991.dll
deleting: C:\WINDOWS\system32\KUDRO.DLL
Successfully Deleted: C:\WINDOWS\system32\KUDRO.DLL
deleting: C:\WINDOWS\system32\KYDHEPT.DLL
Successfully Deleted: C:\WINDOWS\system32\KYDHEPT.DLL
deleting: C:\WINDOWS\system32\l06o0aj3edo.dll
Successfully Deleted: C:\WINDOWS\system32\l06o0aj3edo.dll
deleting: C:\WINDOWS\system32\l0l6la3s1d.dll
Successfully Deleted: C:\WINDOWS\system32\l0l6la3s1d.dll
deleting: C:\WINDOWS\system32\l2p2lc7o1f.dll
Successfully Deleted: C:\WINDOWS\system32\l2p2lc7o1f.dll
deleting: C:\WINDOWS\system32\l46o0ej3eho.dll
Successfully Deleted: C:\WINDOWS\system32\l46o0ej3eho.dll
deleting: C:\WINDOWS\system32\l60ulgd9160.dll
Successfully Deleted: C:\WINDOWS\system32\l60ulgd9160.dll
deleting: C:\WINDOWS\system32\l64q0gh5e64.dll
Successfully Deleted: C:\WINDOWS\system32\l64q0gh5e64.dll
deleting: C:\WINDOWS\system32\l68m0gl1e6q.dll
Successfully Deleted: C:\WINDOWS\system32\l68m0gl1e6q.dll
deleting: C:\WINDOWS\system32\l6j80g1ue6.dll
Successfully Deleted: C:\WINDOWS\system32\l6j80g1ue6.dll
deleting: C:\WINDOWS\system32\l6r00g9me6.dll
Successfully Deleted: C:\WINDOWS\system32\l6r00g9me6.dll
deleting: C:\WINDOWS\system32\l6r0lg9m16.dll
Successfully Deleted: C:\WINDOWS\system32\l6r0lg9m16.dll
deleting: C:\WINDOWS\system32\l8r0li9m18.dll
Successfully Deleted: C:\WINDOWS\system32\l8r0li9m18.dll
deleting: C:\WINDOWS\system32\lv2609fse.dll
Successfully Deleted: C:\WINDOWS\system32\lv2609fse.dll
deleting: C:\WINDOWS\system32\lv8409lqe.dll
Successfully Deleted: C:\WINDOWS\system32\lv8409lqe.dll
deleting: C:\WINDOWS\system32\lvcalsec.dll
Successfully Deleted: C:\WINDOWS\system32\lvcalsec.dll
deleting: C:\WINDOWS\system32\lvj8091ue.dll
Successfully Deleted: C:\WINDOWS\system32\lvj8091ue.dll
deleting: C:\WINDOWS\system32\lvjs0917e.dll
Successfully Deleted: C:\WINDOWS\system32\lvjs0917e.dll
deleting: C:\WINDOWS\system32\lvn8095ue.dll
Successfully Deleted: C:\WINDOWS\system32\lvn8095ue.dll
deleting: C:\WINDOWS\system32\lvno0953e.dll
Successfully Deleted: C:\WINDOWS\system32\lvno0953e.dll
deleting: C:\WINDOWS\system32\lvps0977e.dll
Successfully Deleted: C:\WINDOWS\system32\lvps0977e.dll
deleting: C:\WINDOWS\system32\m0280afued280.dll
Successfully Deleted: C:\WINDOWS\system32\m0280afued280.dll
deleting: C:\WINDOWS\system32\m0460ahsed460.dll
Successfully Deleted: C:\WINDOWS\system32\m0460ahsed460.dll
deleting: C:\WINDOWS\system32\m0640ajqedoe0.dll
Successfully Deleted: C:\WINDOWS\system32\m0640ajqedoe0.dll
deleting: C:\WINDOWS\system32\m0jula191d.dll
Successfully Deleted: C:\WINDOWS\system32\m0jula191d.dll
deleting: C:\WINDOWS\system32\m2nqlc551f.dll
Successfully Deleted: C:\WINDOWS\system32\m2nqlc551f.dll
deleting: C:\WINDOWS\system32\m6640gjqe6oe0.dll
Successfully Deleted: C:\WINDOWS\system32\m6640gjqe6oe0.dll
deleting: C:\WINDOWS\system32\m6820gloe6qc0.dll
Successfully Deleted: C:\WINDOWS\system32\m6820gloe6qc0.dll
deleting: C:\WINDOWS\system32\m6julg1916.dll
Successfully Deleted: C:\WINDOWS\system32\m6julg1916.dll
deleting: C:\WINDOWS\system32\m6ls0g37e6.dll
Successfully Deleted: C:\WINDOWS\system32\m6ls0g37e6.dll
deleting: C:\WINDOWS\system32\m846lihs1846.dll
Successfully Deleted: C:\WINDOWS\system32\m846lihs1846.dll
deleting: C:\WINDOWS\system32\MBC40.DLL
Successfully Deleted: C:\WINDOWS\system32\MBC40.DLL
deleting: C:\WINDOWS\system32\MBPISTUB.DLL
Successfully Deleted: C:\WINDOWS\system32\MBPISTUB.DLL
deleting: C:\WINDOWS\system32\MFIOLE16.DLL
Successfully Deleted: C:\WINDOWS\system32\MFIOLE16.DLL
deleting: C:\WINDOWS\system32\mH640gjqe6oe0.dll
Successfully Deleted: C:\WINDOWS\system32\mH640gjqe6oe0.dll
deleting: C:\WINDOWS\system32\mjcbase.dll
Successfully Deleted: C:\WINDOWS\system32\mjcbase.dll
deleting: C:\WINDOWS\system32\mmoert2.dll
Successfully Deleted: C:\WINDOWS\system32\mmoert2.dll
deleting: C:\WINDOWS\system32\mnjet40.dll
Successfully Deleted: C:\WINDOWS\system32\mnjet40.dll
deleting: C:\WINDOWS\system32\MRCONF.DLL
Successfully Deleted: C:\WINDOWS\system32\MRCONF.DLL
deleting: C:\WINDOWS\system32\mv06l9ds1.dll
Successfully Deleted: C:\WINDOWS\system32\mv06l9ds1.dll
deleting: C:\WINDOWS\system32\mv0sl9d71.dll
Successfully Deleted: C:\WINDOWS\system32\mv0sl9d71.dll
deleting: C:\WINDOWS\system32\mv24l9fq1.dll
Successfully Deleted: C:\WINDOWS\system32\mv24l9fq1.dll
deleting: C:\WINDOWS\system32\mv2ml9f11.dll
Successfully Deleted: C:\WINDOWS\system32\mv2ml9f11.dll
deleting: C:\WINDOWS\system32\mv6ul9j91.dll
Successfully Deleted: C:\WINDOWS\system32\mv6ul9j91.dll
deleting: C:\WINDOWS\system32\mv8ol9l31.dll
Successfully Deleted: C:\WINDOWS\system32\mv8ol9l31.dll
deleting: C:\WINDOWS\system32\mv8ul9l91.dll
Successfully Deleted: C:\WINDOWS\system32\mv8ul9l91.dll
deleting: C:\WINDOWS\system32\mvl2l93o1.dll
Successfully Deleted: C:\WINDOWS\system32\mvl2l93o1.dll
deleting: C:\WINDOWS\system32\mvlml9311.dll
Successfully Deleted: C:\WINDOWS\system32\mvlml9311.dll
deleting: C:\WINDOWS\system32\mvn8l95u1.dll
Successfully Deleted: C:\WINDOWS\system32\mvn8l95u1.dll
deleting: C:\WINDOWS\system32\mvp6l97s1.dll
Successfully Deleted: C:\WINDOWS\system32\mvp6l97s1.dll
deleting: C:\WINDOWS\system32\mvr8l99u1.dll
Successfully Deleted: C:\WINDOWS\system32\mvr8l99u1.dll
deleting: C:\WINDOWS\system32\mxorcl32.dll
Successfully Deleted: C:\WINDOWS\system32\mxorcl32.dll
deleting: C:\WINDOWS\system32\MYRCLR40.DLL
Successfully Deleted: C:\WINDOWS\system32\MYRCLR40.DLL
deleting: C:\WINDOWS\system32\n06q0aj5edo.dll
Successfully Deleted: C:\WINDOWS\system32\n06q0aj5edo.dll
deleting: C:\WINDOWS\system32\n08olal31dq.dll
Successfully Deleted: C:\WINDOWS\s
  • 0

#8
Unreal Vibration
Posted 07 August 2005 - 01:44 AM

Unreal Vibration

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I had no idea that some of it was cut off; here's the rest (as exactly from where the last post left off):

ystem32\n08olal31dq.dll
deleting: C:\WINDOWS\system32\n0p40a7qed.dll
Successfully Deleted: C:\WINDOWS\system32\n0p40a7qed.dll
deleting: C:\WINDOWS\system32\n24slch71f4.dll
Successfully Deleted: C:\WINDOWS\system32\n24slch71f4.dll
deleting: C:\WINDOWS\system32\n2l8lc3u1f.dll
Successfully Deleted: C:\WINDOWS\system32\n2l8lc3u1f.dll
deleting: C:\WINDOWS\system32\n4l8le3u1h.dll
Successfully Deleted: C:\WINDOWS\system32\n4l8le3u1h.dll
deleting: C:\WINDOWS\system32\n6p4lg7q16.dll
Successfully Deleted: C:\WINDOWS\system32\n6p4lg7q16.dll
deleting: C:\WINDOWS\system32\n82u0if9e82.dll
Successfully Deleted: C:\WINDOWS\system32\n82u0if9e82.dll
deleting: C:\WINDOWS\system32\n88o0il3e8q.dll
Successfully Deleted: C:\WINDOWS\system32\n88o0il3e8q.dll
deleting: C:\WINDOWS\system32\notcfgx.dll
Successfully Deleted: C:\WINDOWS\system32\notcfgx.dll
deleting: C:\WINDOWS\system32\nptlogon.dll
Successfully Deleted: C:\WINDOWS\system32\nptlogon.dll
deleting: C:\WINDOWS\system32\nqtshell.dll
Successfully Deleted: C:\WINDOWS\system32\nqtshell.dll
deleting: C:\WINDOWS\system32\o066lajs1do6.dll
Successfully Deleted: C:\WINDOWS\system32\o066lajs1do6.dll
deleting: C:\WINDOWS\system32\o0pqla751d.dll
Successfully Deleted: C:\WINDOWS\system32\o0pqla751d.dll
deleting: C:\WINDOWS\system32\o2660cjsefo60.dll
Successfully Deleted: C:\WINDOWS\system32\o2660cjsefo60.dll
deleting: C:\WINDOWS\system32\o4nsle571h.dll
Successfully Deleted: C:\WINDOWS\system32\o4nsle571h.dll
deleting: C:\WINDOWS\system32\o4ro0e93eh.dll
Successfully Deleted: C:\WINDOWS\system32\o4ro0e93eh.dll
deleting: C:\WINDOWS\system32\o6ns0g57e6.dll
Successfully Deleted: C:\WINDOWS\system32\o6ns0g57e6.dll
deleting: C:\WINDOWS\system32\o6nslg5716.dll
Successfully Deleted: C:\WINDOWS\system32\o6nslg5716.dll
deleting: C:\WINDOWS\system32\o8480ihue8480.dll
Successfully Deleted: C:\WINDOWS\system32\o8480ihue8480.dll
deleting: C:\WINDOWS\system32\o8roli9318.dll
Successfully Deleted: C:\WINDOWS\system32\o8roli9318.dll
deleting: C:\WINDOWS\system32\oCkley.dll
Successfully Deleted: C:\WINDOWS\system32\oCkley.dll
deleting: C:\WINDOWS\system32\oobc32.dll
Successfully Deleted: C:\WINDOWS\system32\oobc32.dll
deleting: C:\WINDOWS\system32\p24ulch91f4.dll
Successfully Deleted: C:\WINDOWS\system32\p24ulch91f4.dll
deleting: C:\WINDOWS\system32\p28qlcl51fq.dll
Successfully Deleted: C:\WINDOWS\system32\p28qlcl51fq.dll
deleting: C:\WINDOWS\system32\p44uleh91h4.dll
Successfully Deleted: C:\WINDOWS\system32\p44uleh91h4.dll
deleting: C:\WINDOWS\system32\p8n8li5u18.dll
Successfully Deleted: C:\WINDOWS\system32\p8n8li5u18.dll
deleting: C:\WINDOWS\system32\p8r40i9qe8.dll
Successfully Deleted: C:\WINDOWS\system32\p8r40i9qe8.dll
deleting: C:\WINDOWS\system32\PKFLBMSG.DLL
Successfully Deleted: C:\WINDOWS\system32\PKFLBMSG.DLL
deleting: C:\WINDOWS\system32\porpnsp.dll
Successfully Deleted: C:\WINDOWS\system32\porpnsp.dll
deleting: C:\WINDOWS\system32\q6nu0g59e6.dll
Successfully Deleted: C:\WINDOWS\system32\q6nu0g59e6.dll
deleting: C:\WINDOWS\system32\q8nuli5918.dll
Successfully Deleted: C:\WINDOWS\system32\q8nuli5918.dll
deleting: C:\WINDOWS\system32\qnut.dll
Successfully Deleted: C:\WINDOWS\system32\qnut.dll
deleting: C:\WINDOWS\system32\r2r6lc9s1f.dll
Successfully Deleted: C:\WINDOWS\system32\r2r6lc9s1f.dll
deleting: C:\WINDOWS\system32\r48s0el7ehq.dll
Successfully Deleted: C:\WINDOWS\system32\r48s0el7ehq.dll
deleting: C:\WINDOWS\system32\r86ulij918o.dll
Successfully Deleted: C:\WINDOWS\system32\r86ulij918o.dll
deleting: C:\WINDOWS\system32\s0880aluedq80.dll
Successfully Deleted: C:\WINDOWS\system32\s0880aluedq80.dll
deleting: C:\WINDOWS\system32\s0pu0a79ed.dll
Successfully Deleted: C:\WINDOWS\system32\s0pu0a79ed.dll
deleting: C:\WINDOWS\system32\s288lclu1fq8.dll
Successfully Deleted: C:\WINDOWS\system32\s288lclu1fq8.dll
deleting: C:\WINDOWS\system32\s4pule791h.dll
Successfully Deleted: C:\WINDOWS\system32\s4pule791h.dll
deleting: C:\WINDOWS\system32\s8puli7918.dll
Successfully Deleted: C:\WINDOWS\system32\s8puli7918.dll
deleting: C:\WINDOWS\system32\s8rs0i97e8.dll
Successfully Deleted: C:\WINDOWS\system32\s8rs0i97e8.dll
deleting: C:\WINDOWS\system32\s8rsli9718.dll
Successfully Deleted: C:\WINDOWS\system32\s8rsli9718.dll
deleting: C:\WINDOWS\system32\SGDPAPI.DLL
Successfully Deleted: C:\WINDOWS\system32\SGDPAPI.DLL
deleting: C:\WINDOWS\system32\smnsapi.dll
Successfully Deleted: C:\WINDOWS\system32\smnsapi.dll
deleting: C:\WINDOWS\system32\SympleRegistry.dll
Successfully Deleted: C:\WINDOWS\system32\SympleRegistry.dll
deleting: C:\WINDOWS\system32\symsg.dll
Successfully Deleted: C:\WINDOWS\system32\symsg.dll
deleting: C:\WINDOWS\system32\syrrun.dll
Successfully Deleted: C:\WINDOWS\system32\syrrun.dll
deleting: C:\WINDOWS\system32\szellstyle.dll
Successfully Deleted: C:\WINDOWS\system32\szellstyle.dll
deleting: C:\WINDOWS\system32\t4r80e9ueh.dll
Successfully Deleted: C:\WINDOWS\system32\t4r80e9ueh.dll
deleting: C:\WINDOWS\system32\t6r80g9ue6.dll
Successfully Deleted: C:\WINDOWS\system32\t6r80g9ue6.dll
deleting: C:\WINDOWS\system32\t6r8lg9u16.dll
Successfully Deleted: C:\WINDOWS\system32\t6r8lg9u16.dll
deleting: C:\WINDOWS\system32\t88ulil918q.dll
Successfully Deleted: C:\WINDOWS\system32\t88ulil918q.dll
deleting: C:\WINDOWS\system32\t8r8li9u18.dll
Successfully Deleted: C:\WINDOWS\system32\t8r8li9u18.dll
deleting: C:\WINDOWS\system32\VFA256.DLL
Successfully Deleted: C:\WINDOWS\system32\VFA256.DLL
deleting: C:\WINDOWS\system32\WHVCORE2.DLL
Successfully Deleted: C:\WINDOWS\system32\WHVCORE2.DLL
deleting: C:\WINDOWS\system32\xzidvfw.dll
Successfully Deleted: C:\WINDOWS\system32\xzidvfw.dll

Desktop.ini sucessfully removed

Zipping up files for submission:
adding: acsldp.dll (164 bytes security) (deflated 5%)
adding: aelui.dll (164 bytes security) (deflated 5%)
adding: afferror.dll (164 bytes security) (deflated 4%)
adding: AGTIVEDS.DLL (164 bytes security) (deflated 3%)
adding: avycfilt.dll (164 bytes security) (deflated 4%)
adding: AWNPS.dll (164 bytes security) (deflated 4%)
adding: aza007jme.dll (164 bytes security) (deflated 5%)
adding: aza00g9me6.dll (164 bytes security) (deflated 5%)
adding: aza0lgdm160a.dll (164 bytes security) (deflated 5%)
adding: aza20gloe6qc0.dll (164 bytes security) (deflated 4%)
adding: aza40ajqedoe0.dll (164 bytes security) (deflated 3%)
adding: aza40i9qe8.dll (164 bytes security) (deflated 5%)
adding: aza4ladq1d0e.dll (164 bytes security) (deflated 4%)
adding: aza60ahsed460.dll (164 bytes security) (deflated 5%)
adding: aza6lajs1do6.dll (164 bytes security) (deflated 4%)
adding: aza6lihs1846.dll (164 bytes security) (deflated 4%)
adding: aza801due.dll (164 bytes security) (deflated 5%)
adding: aza8l79u1.dll (164 bytes security) (deflated 4%)
adding: aza8ledu1h08.dll (164 bytes security) (deflated 4%)
adding: azaml3111.dll (164 bytes security) (deflated 5%)
adding: azao03j3e.dll (164 bytes security) (deflated 4%)
adding: azasl1771.dll (164 bytes security) (deflated 5%)
adding: azau0if9e82.dll (164 bytes security) (deflated 5%)
adding: c200lcdm1f0a.dll (164 bytes security) (deflated 3%)
adding: c400ledm1h0a.dll (164 bytes security) (deflated 5%)
adding: c600lgdm160a.dll (164 bytes security) (deflated 5%)
adding: cbprops.dll (164 bytes security) (deflated 4%)
adding: CRC.DLL (164 bytes security) (deflated 5%)
adding: ctcdll.dll (164 bytes security) (deflated 5%)
adding: cxsetacl.dll (164 bytes security) (deflated 4%)
adding: CZC.DLL (164 bytes security) (deflated 5%)
adding: czyptsvc.dll (164 bytes security) (deflated 5%)
adding: d00mlad11d0.dll (164 bytes security) (deflated 5%)
adding: dddmo.dll (164 bytes security) (deflated 5%)
adding: djvenum.dll (164 bytes security) (deflated 4%)
adding: dltmsft.dll (164 bytes security) (deflated 5%)
adding: dn0801due.dll (164 bytes security) (deflated 5%)
adding: dn0o01d3e.dll (164 bytes security) (deflated 5%)
adding: dn2001fme.dll (164 bytes security) (deflated 5%)
adding: dn4q01h5e.dll (164 bytes security) (deflated 4%)
adding: dn8801lue.dll (164 bytes security) (deflated 4%)
adding: dnn8015ue.dll (164 bytes security) (deflated 5%)
adding: dnno0153e.dll (164 bytes security) (deflated 5%)
adding: dnp6017se.dll (164 bytes security) (deflated 5%)
adding: dnpm0171e.dll (164 bytes security) (deflated 3%)
adding: dnpq0175e.dll (164 bytes security) (deflated 6%)
adding: dnr8019ue.dll (164 bytes security) (deflated 4%)
adding: dRd8thk.dll (164 bytes security) (deflated 5%)
adding: dtound.dll (164 bytes security) (deflated 5%)
adding: dwmclien.dll (164 bytes security) (deflated 4%)
adding: dwmsrpcn.dll (164 bytes security) (deflated 5%)
adding: e2200cfmef2a0.dll (164 bytes security) (deflated 5%)
adding: e2202cfmgf2a2.dll (164 bytes security) (deflated 4%)
adding: en20l1fm1.dll (164 bytes security) (deflated 4%)
adding: en66l1js1.dll (164 bytes security) (deflated 4%)
adding: en8ol1l31.dll (164 bytes security) (deflated 4%)
adding: enjul1191.dll (164 bytes security) (deflated 4%)
adding: enl6l13s1.dll (164 bytes security) (deflated 4%)
adding: enl8l13u1.dll (164 bytes security) (deflated 4%)
adding: enlql1351.dll (164 bytes security) (deflated 4%)
adding: enp2l17o1.dll (164 bytes security) (deflated 5%)
adding: enp6l17s1.dll (164 bytes security) (deflated 4%)
adding: enpsl1771.dll (164 bytes security) (deflated 5%)
adding: enr6l19s1.dll (164 bytes security) (deflated 4%)
adding: f00olad31d0.dll (164 bytes security) (deflated 4%)
adding: f22m0cf1ef2.dll (164 bytes security) (deflated 4%)
adding: f2j20c1oef.dll (164 bytes security) (deflated 5%)
adding: f6l02g3mg6.dll (164 bytes security) (deflated 4%)
adding: fp0603dse.dll (164 bytes security) (deflated 4%)
adding: fp0803due.dll (164 bytes security) (deflated 5%)
adding: fp2s03f7e.dll (164 bytes security) (deflated 4%)
adding: fp6203joe.dll (164 bytes security) (deflated 4%)
adding: fp6o03j3e.dll (164 bytes security) (deflated 5%)
adding: fplo0333e.dll (164 bytes security) (deflated 4%)
adding: fpn2035oe.dll (164 bytes security) (deflated 4%)
adding: fpp6037se.dll (164 bytes security) (deflated 3%)
adding: fpr0039me.dll (164 bytes security) (deflated 3%)
adding: fpro0393e.dll (164 bytes security) (deflated 5%)
adding: fuscomex.dll (164 bytes security) (deflated 5%)
adding: fzsext32.dll (164 bytes security) (deflated 5%)
adding: g004ladq1d0e.dll (164 bytes security) (deflated 4%)
adding: g0lm0a31ed.dll (164 bytes security) (deflated 4%)
adding: g4jole131h.dll (164 bytes security) (deflated 3%)
adding: g6040gdqe60e0.dll (164 bytes security) (deflated 4%)
adding: gp0ql3d51.dll (164 bytes security) (deflated 5%)
adding: gp48l3hu1.dll (164 bytes security) (deflated 5%)
adding: gpjml3111.dll (164 bytes security) (deflated 4%)
adding: gpl8l33u1.dll (164 bytes security) (deflated 5%)
adding: gplol3331.dll (164 bytes security) (deflated 5%)
adding: gpn0l35m1.dll (164 bytes security) (deflated 5%)
adding: gpnol3531.dll (164 bytes security) (deflated 5%)
adding: gppol3731.dll (164 bytes security) (deflated 3%)
adding: grkrsrc.dll (164 bytes security) (deflated 5%)
adding: gsu32.dll (164 bytes security) (deflated 5%)
adding: h0j4la1q1d.dll (164 bytes security) (deflated 4%)
adding: h2n00c5mef.dll (164 bytes security) (deflated 5%)
adding: h2n0lc5m1f.dll (164 bytes security) (deflated 4%)
adding: h40qled51h0.dll (164 bytes security) (deflated 4%)
adding: h60q0gd5e60.dll (164 bytes security) (deflated 5%)
adding: h62olgf3162.dll (164 bytes security) (deflated 4%)
adding: hgui.dll (164 bytes security) (deflated 4%)
adding: hp0023dmg.dll (164 bytes security) (deflated 5%)
adding: hpl0233mg.dll (164 bytes security) (deflated 3%)
adding: hr0205doe.dll (164 bytes security) (deflated 4%)
adding: hr2u05f9e.dll (164 bytes security) (deflated 4%)
adding: hr4o05h3e.dll (164 bytes security) (deflated 4%)
adding: hr4s05h7e.dll (164 bytes security) (deflated 5%)
adding: hr6s05j7e.dll (164 bytes security) (deflated 5%)
adding: hrpq0575e.dll (164 bytes security) (deflated 4%)
adding: hrrq0595e.dll (164 bytes security) (deflated 3%)
adding: i006lads1d06.dll (164 bytes security) (deflated 5%)
adding: i042laho1d4c.dll (164 bytes security) (deflated 5%)
adding: i242lcho1f4c.dll (164 bytes security) (deflated 4%)
adding: i442leho1h4c.dll (164 bytes security) (deflated 4%)
adding: i460lejm1hoa.dll (164 bytes security) (deflated 3%)
adding: i4jq0e15eh.dll (164 bytes security) (deflated 4%)
adding: i6240gfqe62e0.dll (164 bytes security) (deflated 4%)
adding: i624lgfq162e.dll (164 bytes security) (deflated 4%)
adding: i642lgho164c.dll (164 bytes security) (deflated 4%)
adding: i6nm0g51e6.dll (164 bytes security) (deflated 4%)
adding: i6nmlg5116.dll (164 bytes security) (deflated 5%)
adding: inengine.dll (164 bytes security) (deflated 4%)
adding: Ioetwh32.dll (164 bytes security) (deflated 4%)
adding: ir0ml5d11.dll (164 bytes security) (deflated 3%)
adding: ir26l5fs1.dll (164 bytes security) (deflated 4%)
adding: ir2sl5f71.dll (164 bytes security) (deflated 5%)
adding: ir40l5hm1.dll (164 bytes security) (deflated 4%)
adding: ir4ol5h31.dll (164 bytes security) (deflated 4%)
adding: ir4ul5h91.dll (164 bytes security) (deflated 4%)
adding: ir84l5lq1.dll (164 bytes security) (deflated 5%)
adding: ir8ql5l51.dll (164 bytes security) (deflated 4%)
adding: irj0l51m1.dll (164 bytes security) (deflated 5%)
adding: irj6l51s1.dll (164 bytes security) (deflated 5%)
adding: irj8l51u1.dll (164 bytes security) (deflated 4%)
adding: irl0l53m1.dll (164 bytes security) (deflated 5%)
adding: irp4l57q1.dll (164 bytes security) (deflated 5%)
adding: irpml5711.dll (164 bytes security) (deflated 5%)
adding: iWlmrem.dll (164 bytes security) (deflated 4%)
adding: j0n2la5o1d.dll (164 bytes security) (deflated 5%)
adding: j22q0cf5ef2.dll (164 bytes security) (deflated 5%)
adding: j60slgd7160.dll (164 bytes security) (deflated 4%)
adding: j84olih3184.dll (164 bytes security) (deflated 5%)
adding: jt0s07d7e.dll (164 bytes security) (deflated 4%)
adding: jt4607hse.dll (164 bytes security) (deflated 5%)
adding: jt4m07h1e.dll (164 bytes security) (deflated 5%)
adding: jt6007jme.dll (164 bytes security) (deflated 5%)
adding: jt6o07j3e.dll (164 bytes security) (deflated 4%)
adding: jt8207loe.dll (164 bytes security) (deflated 4%)
adding: jt8407lqe.dll (164 bytes security) (deflated 6%)
adding: jt8s07l7e.dll (164 bytes security) (deflated 5%)
adding: jtjo0713e.dll (164 bytes security) (deflated 4%)
adding: jtns0757e.dll (164 bytes security) (deflated 5%)
adding: jtpo0773e.dll (164 bytes security) (deflated 4%)
adding: jtro0793e.dll (164 bytes security) (deflated 5%)
adding: k2080cduef080.dll (164 bytes security) (deflated 5%)
adding: k2440chqef4e0.dll (164 bytes security) (deflated 5%)
adding: k2lq0c35ef.dll (164 bytes security) (deflated 5%)
adding: k2lqlc351f.dll (164 bytes security) (deflated 5%)
adding: k2nolc531f.dll (164 bytes security) (deflated 5%)
adding: k408ledu1h08.dll (164 bytes security) (deflated 4%)
adding: k4440ehqeh4e0.dll (164 bytes security) (deflated 5%)
adding: k444lehq1h4e.dll (164 bytes security) (deflated 4%)
adding: k480lelm1hqa.dll (164 bytes security) (deflated 5%)
adding: k6pmlg7116.dll (164 bytes security) (deflated 5%)
adding: k8620ijoe8oc0.dll (164 bytes security) (deflated 5%)
adding: k880lilm18qa.dll (164 bytes security) (deflated 4%)
adding: k8pmli7118.dll (164 bytes security) (deflated 4%)
adding: kt4ml7h11.dll (164 bytes security) (deflated 5%)
adding: kt68l7ju1.dll (164 bytes security) (deflated 5%)
adding: kt6ql7j51.dll (164 bytes security) (deflated 5%)
adding: kt80l7lm1.dll (164 bytes security) (deflated 5%)
adding: ktj8l71u1.dll (164 bytes security) (deflated 5%)
adding: ktl2l73o1.dll (164 bytes security) (deflated 5%)
adding: ktnsl7571.dll (164 bytes security) (deflated 4%)
adding: ktp0l77m1.dll (164 bytes security) (deflated 4%)
adding: ktp6l77s1.dll (164 bytes security) (deflated 5%)
adding: ktpql7751.dll (164 bytes security) (deflated 4%)
adding: ktpul7791.dll (164 bytes security) (deflated 5%)
adding: ktr8l79u1.dll (164 bytes security) (deflated 4%)
adding: ktrul7991.dll (164 bytes security) (deflated 5%)
adding: KUDRO.DLL (164 bytes security) (deflated 4%)
adding: KYDHEPT.DLL (164 bytes security) (deflated 4%)
adding: l06o0aj3edo.dll (164 bytes security) (deflated 4%)
adding: l0l6la3s1d.dll (164 bytes security) (deflated 5%)
adding: l2p2lc7o1f.dll (164 bytes security) (deflated 6%)
adding: l46o0ej3eho.dll (164 bytes security) (deflated 5%)
adding: l60ulgd9160.dll (164 bytes security) (deflated 5%)
adding: l64q0gh5e64.dll (164 bytes security) (deflated 4%)
adding: l68m0gl1e6q.dll (164 bytes security) (deflated 4%)
adding: l6j80g1ue6.dll (164 bytes security) (deflated 5%)
adding: l6r00g9me6.dll (164 bytes security) (deflated 5%)
adding: l6r0lg9m16.dll (164 bytes security) (deflated 4%)
adding: l8r0li9m18.dll (164 bytes security) (deflated 5%)
adding: lv2609fse.dll (164 bytes security) (deflated 6%)
adding: lv8409lqe.dll (164 bytes security) (deflated 5%)
adding: lvcalsec.dll (164 bytes security) (deflated 4%)
adding: lvj8091ue.dll (164 bytes security) (deflated 5%)
adding: lvjs0917e.dll (164 bytes security) (deflated 3%)
adding: lvn8095ue.dll (164 bytes security) (deflated 4%)
adding: lvno0953e.dll (164 bytes security) (deflated 4%)
adding: lvps0977e.dll (164 bytes security) (deflated 4%)
adding: m0280afued280.dll (164 bytes security) (deflated 5%)
adding: m0460ahsed460.dll (164 bytes security) (deflated 5%)
adding: m0640ajqedoe0.dll (164 bytes security) (deflated 4%)
adding: m0jula191d.dll (164 bytes security) (deflated 4%)
adding: m2nqlc551f.dll (164 bytes security) (deflated 4%)
adding: m6640gjqe6oe0.dll (164 bytes security) (deflated 5%)
adding: m6820gloe6qc0.dll (164 bytes security) (deflated 4%)
adding: m6julg1916.dll (164 bytes security) (deflated 4%)
adding: m6ls0g37e6.dll (164 bytes security) (deflated 5%)
adding: m846lihs1846.dll (164 bytes security) (deflated 4%)
adding: MBC40.DLL (164 bytes security) (deflated 5%)
adding: MBPISTUB.DLL (164 bytes security) (deflated 4%)
adding: MFIOLE16.DLL (164 bytes security) (deflated 5%)
adding: mH640gjqe6oe0.dll (164 bytes security) (deflated 4%)
adding: mjcbase.dll (164 bytes security) (deflated 5%)
adding: mmoert2.dll (164 bytes security) (deflated 5%)
adding: mnjet40.dll (164 bytes security) (deflated 5%)
adding: MRCONF.DLL (164 bytes security) (deflated 4%)
adding: mv06l9ds1.dll (164 bytes security) (deflated 4%)
adding: mv0sl9d71.dll (164 bytes security) (deflated 5%)
adding: mv24l9fq1.dll (164 bytes security) (deflated 5%)
adding: mv2ml9f11.dll (164 bytes security) (deflated 5%)
adding: mv6ul9j91.dll (164 bytes security) (deflated 5%)
adding: mv8ol9l31.dll (164 bytes security) (deflated 4%)
adding: mv8ul9l91.dll (164 bytes security) (deflated 6%)
adding: mvl2l93o1.dll (164 bytes security) (deflated 5%)
adding: mvlml9311.dll (164 bytes security) (deflated 4%)
adding: mvn8l95u1.dll (164 bytes security) (deflated 4%)
adding: mvp6l97s1.dll (164 bytes security) (deflated 5%)
adding: mvr8l99u1.dll (164 bytes security) (deflated 4%)
adding: mxorcl32.dll (164 bytes security) (deflated 4%)
adding: MYRCLR40.DLL (164 bytes security) (deflated 5%)
adding: n06q0aj5edo.dll (164 bytes security) (deflated 5%)
adding: n08olal31dq.dll (164 bytes security) (deflated 5%)
adding: n0p40a7qed.dll (164 bytes security) (deflated 5%)
adding: n24slch71f4.dll (164 bytes security) (deflated 5%)
adding: n2l8lc3u1f.dll (164 bytes security) (deflated 4%)
adding: n4l8le3u1h.dll (164 bytes security) (deflated 4%)
adding: n6p4lg7q16.dll (164 bytes security) (deflated 4%)
adding: n82u0if9e82.dll (164 bytes security) (deflated 4%)
adding: n88o0il3e8q.dll (164 bytes security) (deflated 5%)
adding: notcfgx.dll (164 bytes security) (deflated 4%)
adding: nptlogon.dll (164 bytes security) (deflated 5%)
adding: nqtshell.dll (164 bytes security) (deflated 5%)
adding: o066lajs1do6.dll (164 bytes security) (deflated 4%)
adding: o0pqla751d.dll (164 bytes security) (deflated 5%)
adding: o2660cjsefo60.dll (164 bytes security) (deflated 5%)
adding: o4nsle571h.dll (164 bytes security) (deflated 5%)
adding: o4ro0e93eh.dll (164 bytes security) (deflated 5%)
adding: o6ns0g57e6.dll (164 bytes security) (deflated 5%)
adding: o6nslg5716.dll (164 bytes security) (deflated 5%)
adding: o8480ihue8480.dll (164 bytes security) (deflated 5%)
adding: o8roli9318.dll (164 bytes security) (deflated 4%)
adding: oCkley.dll (164 bytes security) (deflated 5%)
adding: oobc32.dll (164 bytes security) (deflated 5%)
adding: p24ulch91f4.dll (164 bytes security) (deflated 4%)
adding: p28qlcl51fq.dll (164 bytes security) (deflated 5%)
adding: p44uleh91h4.dll (164 bytes security) (deflated 5%)
adding: p8n8li5u18.dll (164 bytes security) (deflated 4%)
adding: p8r40i9qe8.dll (164 bytes security) (deflated 4%)
adding: PKFLBMSG.DLL (164 bytes security) (deflated 4%)
adding: porpnsp.dll (164 bytes security) (deflated 4%)
adding: q6nu0g59e6.dll (164 bytes security) (deflated 5%)
adding: q8nuli5918.dll (164 bytes security) (deflated 4%)
adding: qnut.dll (164 bytes security) (deflated 4%)
adding: r2r6lc9s1f.dll (164 bytes security) (deflated 4%)
adding: r48s0el7ehq.dll (164 bytes security) (deflated 4%)
adding: r86ulij918o.dll (164 bytes security) (deflated 5%)
adding: s0880aluedq80.dll (164 bytes security) (deflated 5%)
adding: s0pu0a79ed.dll (164 bytes security) (deflated 4%)
adding: s288lclu1fq8.dll (164 bytes security) (deflated 5%)
adding: s4pule791h.dll (164 bytes security) (deflated 4%)
adding: s8puli7918.dll (164 bytes security) (deflated 5%)
adding: s8rs0i97e8.dll (164 bytes security) (deflated 4%)
adding: s8rsli9718.dll (164 bytes security) (deflated 4%)
adding: SGDPAPI.DLL (164 bytes security) (deflated 5%)
adding: smnsapi.dll (164 bytes security) (deflated 5%)
adding: SympleRegistry.dll (164 bytes security) (deflated 5%)
adding: symsg.dll (164 bytes security) (deflated 5%)
adding: syrrun.dll (164 bytes security) (deflated 4%)
adding: szellstyle.dll (164 bytes security) (deflated 5%)
adding: t4r80e9ueh.dll (164 bytes security) (deflated 4%)
adding: t6r80g9ue6.dll (164 bytes security) (deflated 4%)
adding: t6r8lg9u16.dll (164 bytes security) (deflated 4%)
adding: t88ulil918q.dll (164 bytes security) (deflated 4%)
adding: t8r8li9u18.dll (164 bytes security) (deflated 4%)
adding: VFA256.DLL (164 bytes security) (deflated 5%)
adding: WHVCORE2.DLL (164 bytes security) (deflated 4%)
adding: xzidvfw.dll (164 bytes security) (deflated 3%)
adding: clear.reg (164 bytes security) (deflated 55%)
adding: echo.reg (164 bytes security) (deflated 9%)
adding: desktop.ini (164 bytes security) (deflated 15%)
adding: direct.txt (164 bytes security) (stored 0%)
adding: lo2.txt (164 bytes security) (deflated 90%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: report.txt (164 bytes security) (deflated 68%)
adding: test.txt (164 bytes security) (deflated 85%)
adding: test2.txt (164 bytes security) (deflated 37%)
adding: test3.txt (164 bytes security) (deflated 37%)
adding: test5.txt (164 bytes security) (deflated 37%)
adding: xfind.txt (164 bytes security) (deflated 81%)
adding: backregs/73CE59FE-2D5D-4F9E-8B96-FB49458C4987.reg (164 bytes security) (deflated 70%)
adding: backregs/883EDE4C-283B-45DA-A68E-5996A0493E20.reg (164 bytes security) (deflated 70%)
adding: backregs/AC0022F9-443C-497E-BBA3-5562D9967198.reg (164 bytes security) (deflated 70%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful

deleting local copy: acsldp.dll
deleting local copy: aelui.dll
deleting local copy: afferror.dll
deleting local copy: AGTIVEDS.DLL
deleting local copy: avycfilt.dll
deleting local copy: AWNPS.dll
deleting local copy: aza007jme.dll
deleting local copy: aza00g9me6.dll
deleting local copy: aza0lgdm160a.dll
deleting local copy: aza20gloe6qc0.dll
deleting local copy: aza40ajqedoe0.dll
deleting local copy: aza40i9qe8.dll
deleting local copy: aza4ladq1d0e.dll
deleting local copy: aza60ahsed460.dll
deleting local copy: aza6lajs1do6.dll
deleting local copy: aza6lihs1846.dll
deleting local copy: aza801due.dll
deleting local copy: aza8l79u1.dll
deleting local copy: aza8ledu1h08.dll
deleting local copy: azaml3111.dll
deleting local copy: azao03j3e.dll
deleting local copy: azasl1771.dll
deleting local copy: azau0if9e82.dll
deleting local copy: c200lcdm1f0a.dll
deleting local copy: c400ledm1h0a.dll
deleting local copy: c600lgdm160a.dll
deleting local copy: cbprops.dll
deleting local copy: CRC.DLL
deleting local copy: ctcdll.dll
deleting local copy: cxsetacl.dll
deleting local copy: CZC.DLL
deleting local copy: czyptsvc.dll
deleting local copy: d00mlad11d0.dll
deleting local copy: dddmo.dll
deleting local copy: djvenum.dll
deleting local copy: dltmsft.dll
deleting local copy: dn0801due.dll
deleting local copy: dn0o01d3e.dll
deleting local copy: dn2001fme.dll
deleting local copy: dn4q01h5e.dll
deleting local copy: dn8801lue.dll
deleting local copy: dnn8015ue.dll
deleting local copy: dnno0153e.dll
deleting local copy: dnp6017se.dll
deleting local copy: dnpm0171e.dll
deleting local copy: dnpq0175e.dll
deleting local copy: dnr8019ue.dll
deleting local copy: dRd8thk.dll
deleting local copy: dtound.dll
deleting local copy: dwmclien.dll
deleting local copy: dwmsrpcn.dll
deleting local copy: e2200cfmef2a0.dll
deleting local copy: e2202cfmgf2a2.dll
deleting local copy: en20l1fm1.dll
deleting local copy: en66l1js1.dll
deleting local copy: en8ol1l31.dll
deleting local copy: enjul1191.dll
deleting local copy: enl6l13s1.dll
deleting local copy: enl8l13u1.dll
deleting local copy: enlql1351.dll
deleting local copy: enp2l17o1.dll
deleting local copy: enp6l17s1.dll
deleting local copy: enpsl1771.dll
deleting local copy: enr6l19s1.dll
deleting local copy: f00olad31d0.dll
deleting local copy: f22m0cf1ef2.dll
deleting local copy: f2j20c1oef.dll
deleting local copy: f6l02g3mg6.dll
deleting local copy: fp0603dse.dll
deleting local copy: fp0803due.dll
deleting local copy: fp2s03f7e.dll
deleting local copy: fp6203joe.dll
deleting local copy: fp6o03j3e.dll
deleting local copy: fplo0333e.dll
deleting local copy: fpn2035oe.dll
deleting local copy: fpp6037se.dll
deleting local copy: fpr0039me.dll
deleting local copy: fpro0393e.dll
deleting local copy: fuscomex.dll
deleting local copy: fzsext32.dll
deleting local copy: g004ladq1d0e.dll
deleting local copy: g0lm0a31ed.dll
deleting local copy: g4jole131h.dll
deleting local copy: g6040gdqe60e0.dll
deleting local copy: gp0ql3d51.dll
deleting local copy: gp48l3hu1.dll
deleting local copy: gpjml3111.dll
deleting local copy: gpl8l33u1.dll
deleting local copy: gplol3331.dll
deleting local copy: gpn0l35m1.dll
deleting local copy: gpnol3531.dll
deleting local copy: gppol3731.dll
deleting local copy: grkrsrc.dll
deleting local copy: gsu32.dll
deleting local copy: h0j4la1q1d.dll
deleting local copy: h2n00c5mef.dll
deleting local copy: h2n0lc5m1f.dll
deleting local copy: h40qled51h0.dll
deleting local copy: h60q0gd5e60.dll
deleting local copy: h62olgf3162.dll
deleting local copy: hgui.dll
deleting local copy: hp0023dmg.dll
deleting local copy: hpl0233mg.dll
deleting local copy: hr0205doe.dll
deleting local copy: hr2u05f9e.dll
deleting local copy: hr4o05h3e.dll
deleting local copy: hr4s05h7e.dll
deleting local copy: hr6s05j7e.dll
deleting local copy: hrpq0575e.dll
deleting local copy: hrrq0595e.dll
deleting local copy: i006lads1d06.dll
deleting local copy: i042laho1d4c.dll
deleting local copy: i242lcho1f4c.dll
deleting local copy: i442leho1h4c.dll
deleting local copy: i460lejm1hoa.dll
deleting local copy: i4jq0e15eh.dll
deleting local copy: i6240gfqe62e0.dll
deleting local copy: i624lgfq162e.dll
deleting local copy: i642lgho164c.dll
deleting local copy: i6nm0g51e6.dll
deleting local copy: i6nmlg5116.dll
deleting local copy: inengine.dll
deleting local copy: Ioetwh32.dll
deleting local copy: ir0ml5d11.dll
deleting local copy: ir26l5fs1.dll
deleting local copy: ir2sl5f71.dll
deleting local copy: ir40l5hm1.dll
deleting local copy: ir4ol5h31.dll
deleting local copy: ir4ul5h91.dll
deleting local copy: ir84l5lq1.dll
deleting local copy: ir8ql5l51.dll
deleting local copy: irj0l51m1.dll
deleting local copy: irj6l51s1.dll
deleting local copy: irj8l51u1.dll
deleting local copy: irl0l53m1.dll
deleting local copy: irp4l57q1.dll
deleting local copy: irpml5711.dll
deleting local copy: iWlmrem.dll
deleting local copy: j0n2la5o1d.dll
deleting local copy: j22q0cf5ef2.dll
deleting local copy: j60slgd7160.dll
deleting local copy: j84olih3184.dll
deleting local copy: jt0s07d7e.dll
deleting local copy: jt4607hse.dll
deleting local copy: jt4m07h1e.dll
deleting local copy: jt6007jme.dll
deleting local copy: jt6o07j3e.dll
deleting local copy: jt8207loe.dll
deleting local copy: jt8407lqe.dll
deleting local copy: jt8s07l7e.dll
deleting local copy: jtjo0713e.dll
deleting local copy: jtns0757e.dll
deleting local copy: jtpo0773e.dll
deleting local copy: jtro0793e.dll
deleting local copy: k2080cduef080.dll
deleting local copy: k2440chqef4e0.dll
deleting local copy: k2lq0c35ef.dll
deleting local copy: k2lqlc351f.dll
deleting local copy: k2nolc531f.dll
deleting local copy: k408ledu1h08.dll
deleting local copy: k4440ehqeh4e0.dll
deleting local copy: k444lehq1h4e.dll
deleting local copy: k480lelm1hqa.dll
deleting local copy: k6pmlg7116.dll
deleting local copy: k8620ijoe8oc0.dll
deleting local copy: k880lilm18qa.dll
deleting local copy: k8pmli7118.dll
deleting local copy: kt4ml7h11.dll
deleting local copy: kt68l7ju1.dll
deleting local copy: kt6ql7j51.dll
deleting local copy: kt80l7lm1.dll
deleting local copy: ktj8l71u1.dll
deleting local copy: ktl2l73o1.dll
deleting local copy: ktnsl7571.dll
deleting local copy: ktp0l77m1.dll
deleting local copy: ktp6l77s1.dll
deleting local copy: ktpql7751.dll
deleting local copy: ktpul7791.dll
deleting local copy: ktr8l79u1.dll
deleting local copy: ktrul7991.dll
deleting local copy: KUDRO.DLL
deleting local copy: KYDHEPT.DLL
deleting local copy: l06o0aj3edo.dll
deleting local copy: l0l6la3s1d.dll
deleting local copy: l2p2lc7o1f.dll
deleting local copy: l46o0ej3eho.dll
deleting local copy: l60ulgd9160.dll
deleting local copy: l64q0gh5e64.dll
deleting local copy: l68m0gl1e6q.dll
deleting local copy: l6j80g1ue6.dll
deleting local copy: l6r00g9me6.dll
deleting local copy: l6r0lg9m16.dll
deleting local copy: l8r0li9m18.dll
deleting local copy: lv2609fse.dll
deleting local copy: lv8409lqe.dll
deleting local copy: lvcalsec.dll
deleting local copy: lvj8091ue.dll
deleting local copy: lvjs0917e.dll
deleting local copy: lvn8095ue.dll
deleting local copy: lvno0953e.dll
deleting local copy: lvps0977e.dll
deleting local copy: m0280afued280.dll
deleting local copy: m0460ahsed460.dll
deleting local copy: m0640ajqedoe0.dll
deleting local copy: m0jula191d.dll
deleting local copy: m2nqlc551f.dll
deleting local copy: m6640gjqe6oe0.dll
deleting local copy: m6820gloe6qc0.dll
deleting local copy: m6julg1916.dll
deleting local copy: m6ls0g37e6.dll
deleting local copy: m846lihs1846.dll
deleting local copy: MBC40.DLL
deleting local copy: MBPISTUB.DLL
deleting local copy: MFIOLE16.DLL
deleting local copy: mH640gjqe6oe0.dll
deleting local copy: mjcbase.dll
deleting local copy: mmoert2.dll
deleting local copy: mnjet40.dll
deleting local copy: MRCONF.DLL
deleting local copy: mv06l9ds1.dll
deleting local copy: mv0sl9d71.dll
deleting local copy: mv24l9fq1.dll
deleting local copy: mv2ml9f11.dll
deleting local copy: mv6ul9j91.dll
deleting local copy: mv8ol9l31.dll
deleting local copy: mv8ul9l91.dll
deleting local copy: mvl2l93o1.dll
deleting local copy: mvlml9311.dll
deleting local copy: mvn8l95u1.dll
deleting local copy: mvp6l97s1.dll
deleting local copy: mvr8l99u1.dll
deleting local copy: mxorcl32.dll
deleting local copy: MYRCLR40.DLL
deleting local copy: n06q0aj5edo.dll
deleting local copy: n08olal31dq.dll
deleting local copy: n0p40a7qed.dll
deleting local copy: n24slch71f4.dll
deleting local copy: n2l8lc3u1f.dll
deleting local copy: n4l8le3u1h.dll
deleting local copy: n6p4lg7q16.dll
deleting local copy: n82u0if9e82.dll
deleting local copy: n88o0il3e8q.dll
deleting local copy: notcfgx.dll
deleting local copy: nptlogon.dll
deleting local copy: nqtshell.dll
deleting local copy: o066lajs1do6.dll
deleting local copy: o0pqla751d.dll
deleting local copy: o2660cjsefo60.dll
deleting local copy: o4nsle571h.dll
deleting local copy: o4ro0e93eh.dll
deleting local copy: o6ns0g57e6.dll
deleting local copy: o6nslg5716.dll
deleting local copy: o8480ihue8480.dll
deleting local copy: o8roli9318.dll
deleting local copy: oCkley.dll
deleting local copy: oobc32.dll
deleting local copy: p24ulch91f4.dll
deleting local copy: p28qlcl51fq.dll
deleting local copy: p44uleh91h4.dll
deleting local copy: p8n8li5u18.dll
deleting local copy: p8r40i9qe8.dll
deleting local copy: PKFLBMSG.DLL
deleting local copy: porpnsp.dll
deleting local copy: q6nu0g59e6.dll
deleting local copy: q8nuli5918.dll
deleting local copy: qnut.dll
deleting local copy: r2r6lc9s1f.dll
deleting local copy: r48s0el7ehq.dll
deleting local copy: r86ulij918o.dll
deleting local copy: s0880aluedq80.dll
deleting local copy: s0pu0a79ed.dll
deleting local copy: s288lclu1fq8.dll
deleting local copy: s4pule791h.dll
deleting local copy: s8puli7918.dll
deleting local copy: s8rs0i97e8.dll
deleting local copy: s8rsli9718.dll
deleting local copy: SGDPAPI.DLL
deleting local copy: smnsapi.dll
deleting local copy: SympleRegistry.dll
deleting local copy: symsg.dll
deleting local copy: syrrun.dll
deleting local copy: szellstyle.dll
deleting local copy: t4r80e9ueh.dll
deleting local copy: t6r80g9ue6.dll
deleting local copy: t6r8lg9u16.dll
deleting local copy: t88ulil918q.dll
deleting local copy: t8r8li9u18.dll
deleting local copy: VFA256.DLL
deleting local copy: WHVCORE2.DLL
deleting local copy: xzidvfw.dll
  • 0

#9
Unreal Vibration
Posted 07 August 2005 - 01:45 AM

Unreal Vibration

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\acsldp.dll
C:\WINDOWS\system32\aelui.dll
C:\WINDOWS\system32\afferror.dll
C:\WINDOWS\system32\AGTIVEDS.DLL
C:\WINDOWS\system32\avycfilt.dll
C:\WINDOWS\system32\AWNPS.dll
C:\WINDOWS\system32\aza007jme.dll
C:\WINDOWS\system32\aza00g9me6.dll
C:\WINDOWS\system32\aza0lgdm160a.dll
C:\WINDOWS\system32\aza20gloe6qc0.dll
C:\WINDOWS\system32\aza40ajqedoe0.dll
C:\WINDOWS\system32\aza40i9qe8.dll
C:\WINDOWS\system32\aza4ladq1d0e.dll
C:\WINDOWS\system32\aza60ahsed460.dll
C:\WINDOWS\system32\aza6lajs1do6.dll
C:\WINDOWS\system32\aza6lihs1846.dll
C:\WINDOWS\system32\aza801due.dll
C:\WINDOWS\system32\aza8l79u1.dll
C:\WINDOWS\system32\aza8ledu1h08.dll
C:\WINDOWS\system32\azaml3111.dll
C:\WINDOWS\system32\azao03j3e.dll
C:\WINDOWS\system32\azasl1771.dll
C:\WINDOWS\system32\azau0if9e82.dll
C:\WINDOWS\system32\c200lcdm1f0a.dll
C:\WINDOWS\system32\c400ledm1h0a.dll
C:\WINDOWS\system32\c600lgdm160a.dll
C:\WINDOWS\system32\cbprops.dll
C:\WINDOWS\system32\CRC.DLL
C:\WINDOWS\system32\ctcdll.dll
C:\WINDOWS\system32\cxsetacl.dll
C:\WINDOWS\system32\CZC.DLL
C:\WINDOWS\system32\czyptsvc.dll
C:\WINDOWS\system32\d00mlad11d0.dll
C:\WINDOWS\system32\dddmo.dll
C:\WINDOWS\system32\djvenum.dll
C:\WINDOWS\system32\dltmsft.dll
C:\WINDOWS\system32\dn0801due.dll
C:\WINDOWS\system32\dn0o01d3e.dll
C:\WINDOWS\system32\dn2001fme.dll
C:\WINDOWS\system32\dn4q01h5e.dll
C:\WINDOWS\system32\dn8801lue.dll
C:\WINDOWS\system32\dnn8015ue.dll
C:\WINDOWS\system32\dnno0153e.dll
C:\WINDOWS\system32\dnp6017se.dll
C:\WINDOWS\system32\dnpm0171e.dll
C:\WINDOWS\system32\dnpq0175e.dll
C:\WINDOWS\system32\dnr8019ue.dll
C:\WINDOWS\system32\dRd8thk.dll
C:\WINDOWS\system32\dtound.dll
C:\WINDOWS\system32\dwmclien.dll
C:\WINDOWS\system32\dwmsrpcn.dll
C:\WINDOWS\system32\e2200cfmef2a0.dll
C:\WINDOWS\system32\e2202cfmgf2a2.dll
C:\WINDOWS\system32\en20l1fm1.dll
C:\WINDOWS\system32\en66l1js1.dll
C:\WINDOWS\system32\en8ol1l31.dll
C:\WINDOWS\system32\enjul1191.dll
C:\WINDOWS\system32\enl6l13s1.dll
C:\WINDOWS\system32\enl8l13u1.dll
C:\WINDOWS\system32\enlql1351.dll
C:\WINDOWS\system32\enp2l17o1.dll
C:\WINDOWS\system32\enp6l17s1.dll
C:\WINDOWS\system32\enpsl1771.dll
C:\WINDOWS\system32\enr6l19s1.dll
C:\WINDOWS\system32\f00olad31d0.dll
C:\WINDOWS\system32\f22m0cf1ef2.dll
C:\WINDOWS\system32\f2j20c1oef.dll
C:\WINDOWS\system32\f6l02g3mg6.dll
C:\WINDOWS\system32\fp0603dse.dll
C:\WINDOWS\system32\fp0803due.dll
C:\WINDOWS\system32\fp2s03f7e.dll
C:\WINDOWS\system32\fp6203joe.dll
C:\WINDOWS\system32\fp6o03j3e.dll
C:\WINDOWS\system32\fplo0333e.dll
C:\WINDOWS\system32\fpn2035oe.dll
C:\WINDOWS\system32\fpp6037se.dll
C:\WINDOWS\system32\fpr0039me.dll
C:\WINDOWS\system32\fpro0393e.dll
C:\WINDOWS\system32\fuscomex.dll
C:\WINDOWS\system32\fzsext32.dll
C:\WINDOWS\system32\g004ladq1d0e.dll
C:\WINDOWS\system32\g0lm0a31ed.dll
C:\WINDOWS\system32\g4jole131h.dll
C:\WINDOWS\system32\g6040gdqe60e0.dll
C:\WINDOWS\system32\gp0ql3d51.dll
C:\WINDOWS\system32\gp48l3hu1.dll
C:\WINDOWS\system32\gpjml3111.dll
C:\WINDOWS\system32\gpl8l33u1.dll
C:\WINDOWS\system32\gplol3331.dll
C:\WINDOWS\system32\gpn0l35m1.dll
C:\WINDOWS\system32\gpnol3531.dll
C:\WINDOWS\system32\gppol3731.dll
C:\WINDOWS\system32\grkrsrc.dll
C:\WINDOWS\system32\gsu32.dll
C:\WINDOWS\system32\h0j4la1q1d.dll
C:\WINDOWS\system32\h2n00c5mef.dll
C:\WINDOWS\system32\h2n0lc5m1f.dll
C:\WINDOWS\system32\h40qled51h0.dll
C:\WINDOWS\system32\h60q0gd5e60.dll
C:\WINDOWS\system32\h62olgf3162.dll
C:\WINDOWS\system32\hgui.dll
C:\WINDOWS\system32\hp0023dmg.dll
C:\WINDOWS\system32\hpl0233mg.dll
C:\WINDOWS\system32\hr0205doe.dll
C:\WINDOWS\system32\hr2u05f9e.dll
C:\WINDOWS\system32\hr4o05h3e.dll
C:\WINDOWS\system32\hr4s05h7e.dll
C:\WINDOWS\system32\hr6s05j7e.dll
C:\WINDOWS\system32\hrpq0575e.dll
C:\WINDOWS\system32\hrrq0595e.dll
C:\WINDOWS\system32\i006lads1d06.dll
C:\WINDOWS\system32\i042laho1d4c.dll
C:\WINDOWS\system32\i242lcho1f4c.dll
C:\WINDOWS\system32\i442leho1h4c.dll
C:\WINDOWS\system32\i460lejm1hoa.dll
C:\WINDOWS\system32\i4jq0e15eh.dll
C:\WINDOWS\system32\i6240gfqe62e0.dll
C:\WINDOWS\system32\i624lgfq162e.dll
C:\WINDOWS\system32\i642lgho164c.dll
C:\WINDOWS\system32\i6nm0g51e6.dll
C:\WINDOWS\system32\i6nmlg5116.dll
C:\WINDOWS\system32\inengine.dll
C:\WINDOWS\system32\Ioetwh32.dll
C:\WINDOWS\system32\ir0ml5d11.dll
C:\WINDOWS\system32\ir26l5fs1.dll
C:\WINDOWS\system32\ir2sl5f71.dll
C:\WINDOWS\system32\ir40l5hm1.dll
C:\WINDOWS\system32\ir4ol5h31.dll
C:\WINDOWS\system32\ir4ul5h91.dll
C:\WINDOWS\system32\ir84l5lq1.dll
C:\WINDOWS\system32\ir8ql5l51.dll
C:\WINDOWS\system32\irj0l51m1.dll
C:\WINDOWS\system32\irj6l51s1.dll
C:\WINDOWS\system32\irj8l51u1.dll
C:\WINDOWS\system32\irl0l53m1.dll
C:\WINDOWS\system32\irp4l57q1.dll
C:\WINDOWS\system32\irpml5711.dll
C:\WINDOWS\system32\iWlmrem.dll
C:\WINDOWS\system32\j0n2la5o1d.dll
C:\WINDOWS\system32\j22q0cf5ef2.dll
C:\WINDOWS\system32\j60slgd7160.dll
C:\WINDOWS\system32\j84olih3184.dll
C:\WINDOWS\system32\jt0s07d7e.dll
C:\WINDOWS\system32\jt4607hse.dll
C:\WINDOWS\system32\jt4m07h1e.dll
C:\WINDOWS\system32\jt6007jme.dll
C:\WINDOWS\system32\jt6o07j3e.dll
C:\WINDOWS\system32\jt8207loe.dll
C:\WINDOWS\system32\jt8407lqe.dll
C:\WINDOWS\system32\jt8s07l7e.dll
C:\WINDOWS\system32\jtjo0713e.dll
C:\WINDOWS\system32\jtns0757e.dll
C:\WINDOWS\system32\jtpo0773e.dll
C:\WINDOWS\system32\jtro0793e.dll
C:\WINDOWS\system32\k2080cduef080.dll
C:\WINDOWS\system32\k2440chqef4e0.dll
C:\WINDOWS\system32\k2lq0c35ef.dll
C:\WINDOWS\system32\k2lqlc351f.dll
C:\WINDOWS\system32\k2nolc531f.dll
C:\WINDOWS\system32\k408ledu1h08.dll
C:\WINDOWS\system32\k4440ehqeh4e0.dll
C:\WINDOWS\system32\k444lehq1h4e.dll
C:\WINDOWS\system32\k480lelm1hqa.dll
C:\WINDOWS\system32\k6pmlg7116.dll
C:\WINDOWS\system32\k8620ijoe8oc0.dll
C:\WINDOWS\system32\k880lilm18qa.dll
C:\WINDOWS\system32\k8pmli7118.dll
C:\WINDOWS\system32\kt4ml7h11.dll
C:\WINDOWS\system32\kt68l7ju1.dll
C:\WINDOWS\system32\kt6ql7j51.dll
C:\WINDOWS\system32\kt80l7lm1.dll
C:\WINDOWS\system32\ktj8l71u1.dll
C:\WINDOWS\system32\ktl2l73o1.dll
C:\WINDOWS\system32\ktnsl7571.dll
C:\WINDOWS\system32\ktp0l77m1.dll
C:\WINDOWS\system32\ktp6l77s1.dll
C:\WINDOWS\system32\ktpql7751.dll
C:\WINDOWS\system32\ktpul7791.dll
C:\WINDOWS\system32\ktr8l79u1.dll
C:\WINDOWS\system32\ktrul7991.dll
C:\WINDOWS\system32\KUDRO.DLL
C:\WINDOWS\system32\KYDHEPT.DLL
C:\WINDOWS\system32\l06o0aj3edo.dll
C:\WINDOWS\system32\l0l6la3s1d.dll
C:\WINDOWS\system32\l2p2lc7o1f.dll
C:\WINDOWS\system32\l46o0ej3eho.dll
C:\WINDOWS\system32\l60ulgd9160.dll
C:\WINDOWS\system32\l64q0gh5e64.dll
C:\WINDOWS\system32\l68m0gl1e6q.dll
C:\WINDOWS\system32\l6j80g1ue6.dll
C:\WINDOWS\system32\l6r00g9me6.dll
C:\WINDOWS\system32\l6r0lg9m16.dll
C:\WINDOWS\system32\l8r0li9m18.dll
C:\WINDOWS\system32\lv2609fse.dll
C:\WINDOWS\system32\lv8409lqe.dll
C:\WINDOWS\system32\lvcalsec.dll
C:\WINDOWS\system32\lvj8091ue.dll
C:\WINDOWS\system32\lvjs0917e.dll
C:\WINDOWS\system32\lvn8095ue.dll
C:\WINDOWS\system32\lvno0953e.dll
C:\WINDOWS\system32\lvps0977e.dll
C:\WINDOWS\system32\m0280afued280.dll
C:\WINDOWS\system32\m0460ahsed460.dll
C:\WINDOWS\system32\m0640ajqedoe0.dll
C:\WINDOWS\system32\m0jula191d.dll
C:\WINDOWS\system32\m2nqlc551f.dll
C:\WINDOWS\system32\m6640gjqe6oe0.dll
C:\WINDOWS\system32\m6820gloe6qc0.dll
C:\WINDOWS\system32\m6julg1916.dll
C:\WINDOWS\system32\m6ls0g37e6.dll
C:\WINDOWS\system32\m846lihs1846.dll
C:\WINDOWS\system32\MBC40.DLL
C:\WINDOWS\system32\MBPISTUB.DLL
C:\WINDOWS\system32\MFIOLE16.DLL
C:\WINDOWS\system32\mH640gjqe6oe0.dll
C:\WINDOWS\system32\mjcbase.dll
C:\WINDOWS\system32\mmoert2.dll
C:\WINDOWS\system32\mnjet40.dll
C:\WINDOWS\system32\MRCONF.DLL
C:\WINDOWS\system32\mv06l9ds1.dll
C:\WINDOWS\system32\mv0sl9d71.dll
C:\WINDOWS\system32\mv24l9fq1.dll
C:\WINDOWS\system32\mv2ml9f11.dll
C:\WINDOWS\system32\mv6ul9j91.dll
C:\WINDOWS\system32\mv8ol9l31.dll
C:\WINDOWS\system32\mv8ul9l91.dll
C:\WINDOWS\system32\mvl2l93o1.dll
C:\WINDOWS\system32\mvlml9311.dll
C:\WINDOWS\system32\mvn8l95u1.dll
C:\WINDOWS\system32\mvp6l97s1.dll
C:\WINDOWS\system32\mvr8l99u1.dll
C:\WINDOWS\system32\mxorcl32.dll
C:\WINDOWS\system32\MYRCLR40.DLL
C:\WINDOWS\system32\n06q0aj5edo.dll
C:\WINDOWS\system32\n08olal31dq.dll
C:\WINDOWS\system32\n0p40a7qed.dll
C:\WINDOWS\system32\n24slch71f4.dll
C:\WINDOWS\system32\n2l8lc3u1f.dll
C:\WINDOWS\system32\n4l8le3u1h.dll
C:\WINDOWS\system32\n6p4lg7q16.dll
C:\WINDOWS\system32\n82u0if9e82.dll
C:\WINDOWS\system32\n88o0il3e8q.dll
C:\WINDOWS\system32\notcfgx.dll
C:\WINDOWS\system32\nptlogon.dll
C:\WINDOWS\system32\nqtshell.dll
C:\WINDOWS\system32\o066lajs1do6.dll
C:\WINDOWS\system32\o0pqla751d.dll
C:\WINDOWS\system32\o2660cjsefo60.dll
C:\WINDOWS\system32\o4nsle571h.dll
C:\WINDOWS\system32\o4ro0e93eh.dll
C:\WINDOWS\system32\o6ns0g57e6.dll
C:\WINDOWS\system32\o6nslg5716.dll
C:\WINDOWS\system32\o8480ihue8480.dll
C:\WINDOWS\system32\o8roli9318.dll
C:\WINDOWS\system32\oCkley.dll
C:\WINDOWS\system32\oobc32.dll
C:\WINDOWS\system32\p24ulch91f4.dll
C:\WINDOWS\system32\p28qlcl51fq.dll
C:\WINDOWS\system32\p44uleh91h4.dll
C:\WINDOWS\system32\p8n8li5u18.dll
C:\WINDOWS\system32\p8r40i9qe8.dll
C:\WINDOWS\system32\PKFLBMSG.DLL
C:\WINDOWS\system32\porpnsp.dll
C:\WINDOWS\system32\q6nu0g59e6.dll
C:\WINDOWS\system32\q8nuli5918.dll
C:\WINDOWS\system32\qnut.dll
C:\WINDOWS\system32\r2r6lc9s1f.dll
C:\WINDOWS\system32\r48s0el7ehq.dll
C:\WINDOWS\system32\r86ulij918o.dll
C:\WINDOWS\system32\s0880aluedq80.dll
C:\WINDOWS\system32\s0pu0a79ed.dll
C:\WINDOWS\system32\s288lclu1fq8.dll
C:\WINDOWS\system32\s4pule791h.dll
C:\WINDOWS\system32\s8puli7918.dll
C:\WINDOWS\system32\s8rs0i97e8.dll
C:\WINDOWS\system32\s8rsli9718.dll
C:\WINDOWS\system32\SGDPAPI.DLL
C:\WINDOWS\system32\smnsapi.dll
C:\WINDOWS\system32\SympleRegistry.dll
C:\WINDOWS\system32\symsg.dll
C:\WINDOWS\system32\syrrun.dll
C:\WINDOWS\system32\szellstyle.dll
C:\WINDOWS\system32\t4r80e9ueh.dll
C:\WINDOWS\system32\t6r80g9ue6.dll
C:\WINDOWS\system32\t6r8lg9u16.dll
C:\WINDOWS\system32\t88ulil918q.dll
C:\WINDOWS\system32\t8r8li9u18.dll
C:\WINDOWS\system32\VFA256.DLL
C:\WINDOWS\system32\WHVCORE2.DLL
C:\WINDOWS\system32\xzidvfw.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0837F88E-C69A-4C8F-9326-2F3C3D2781F0}"=-
"{883EDE4C-283B-45DA-A68E-5996A0493E20}"=-
"{7E72F542-53C8-41AB-ADB9-9A9A80EED415}"=-
"{73CE59FE-2D5D-4F9E-8B96-FB49458C4987}"=-
"{AC0022F9-443C-497E-BBA3-5562D9967198}"=-
[-HKEY_CLASSES_ROOT\CLSID\{0837F88E-C69A-4C8F-9326-2F3C3D2781F0}]
[-HKEY_CLASSES_ROOT\CLSID\{883EDE4C-283B-45DA-A68E-5996A0493E20}]
[-HKEY_CLASSES_ROOT\CLSID\{7E72F542-53C8-41AB-ADB9-9A9A80EED415}]
[-HKEY_CLASSES_ROOT\CLSID\{73CE59FE-2D5D-4F9E-8B96-FB49458C4987}]
[-HKEY_CLASSES_ROOT\CLSID\{AC0022F9-443C-497E-BBA3-5562D9967198}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
<IDone>{151300BB-66F6-4ACE-AAF5-45ADF57ADF6E}</IDone>
<IDtwo>VT00</IDtwo>
<VERSION>200</VERSION>
****************************************************************************

  • 0

#10
Unreal Vibration
Posted 07 August 2005 - 01:46 AM

Unreal Vibration

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
And here's the new HiJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 2:34:10 AM, on 8/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\SysCheckBop32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\WINDOWS\win32097181578529.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\vidctrl\vidctrl.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Documents and Settings\user\My Documents\Kai\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\jljabl.exe reg_run
O4 - HKLM\..\Run: [win32097181578529] C:\WINDOWS\win32097181578529.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [sys101815785297] C:\WINDOWS\sys101815785297.exe
O4 - HKLM\..\Run: [tsvcin] C:\WINDOWS\system32\n20050308.EXE
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: ncnp.exe.tcf
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} -
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zon...ds.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28578.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28578.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
  • 0

Advertisements

#11
Michelle
Posted 07 August 2005 - 02:55 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
First, download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, if it does go ahead and reboot.

Important note: When you run the program below, Ewido, it is extremely important that it be done in Safe Mode and that you do not run any other programs/open any windows, or do anything on the system while the scan is running!

Then, please download Ewido Security Suite
  • Install ewido security suite
  • Launch ewido, there should be a big E icon on your desktop, double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.

Once the updates are installed do the following:
  • Reboot into Safe Mode, you can do this by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
  • Now open Ewido Security Suite.
  • Click on scanner
  • Click Complete System Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "remove", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
  • Exit Ewido
Reboot into normal mode.

After your computer reboot, run HijackThis. Place a check next to the following items, if found, and click FIX CHECKED:

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\jljabl.exe reg_run
O4 - HKLM\..\Run: [win32097181578529] C:\WINDOWS\win32097181578529.exe
O4 - HKLM\..\Run: [sys101815785297] C:\WINDOWS\sys101815785297.exe
O4 - HKLM\..\Run: [tsvcin] C:\WINDOWS\system32\n20050308.EXE
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - Global Startup: ncnp.exe.tcf

O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} -
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} -

Close HiJackThis.

Set your system to SHOW HIDDEN FILES

Delete the following files/folders, if present:

C:\WINDOWS\system32\jljabl.exe
C:\WINDOWS\win32097181578529.exe
C:\WINDOWS\sys101815785297.exe
C:\WINDOWS\system32\n20050308.EXE
C:\WINDOWS\system32\nsvsvc <-folder
Start > Search for this file: ncnp.exe.tcf
C:\WINDOWS\about.htm

Then, please run this online virus scan:
ActiveScan

Save the results from ActiveScan.

I need you to post the log from Ewido, the log from ActiveScan and a new HiJackThis log into this topic.

Edited by bananafanafo, 07 August 2005 - 02:57 AM.

  • 0

#12
Unreal Vibration
Posted 07 August 2005 - 07:54 AM

Unreal Vibration

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ugh, everytime I try to run the Search function, it says "A file that is needed to run Search Companion cannot be found. You may need to run setup."
  • 0

#13
Michelle
Posted 07 August 2005 - 01:39 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ok, that's fine, we will fix that later, please continue with the rest of the instructions. :tazz:
  • 0

#14
Unreal Vibration
Posted 10 August 2005 - 11:54 PM

Unreal Vibration

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Sorry for the long delay (I was away from home). Here are the results:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:41:10 AM, 8/7/2005
+ Report-Checksum: 904FAC68

+ Scan result:

C:\Documents and Settings\user\Desktop\spyware cleaners\New Folder (7)\backups\backup-20050727-105748-109-ncnp.exe.tcf -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Documents and Settings\user\My Documents\Unzipped\ybuddy2_build25[1]\ybuddy2_build25\The Y Buddy v2.exe -> Not-A-Virus.Flooder.VB.bs : Cleaned with backup
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.Delfin : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\0B252916-18BF-4A9E-9E30-FC58AB\C8FFD6F0-3476-49CD-90EA-3195EA -> TrojanDownloader.Braidupdate.d : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\15255A1F-CA9A-4081-9101-20926B\ED40A759-6826-4678-BDEE-DD8F60 -> Spyware.Delfin : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1FDAB5FB-C6D2-4AEA-8F7C-49D440\B51CC0A1-7502-498D-BA48-64BCCF -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2DF94917-0B51-4220-BD04-D8CCB2\FF6BCFD6-FC33-4D73-BEE1-8584E6 -> Spyware.Delfin : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3048D733-025F-4238-A016-189945\11B698AA-ADE5-4B44-832A-680996 -> Spyware.Delfin : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3048D733-025F-4238-A016-189945\4C130CC4-9D37-402A-B661-D23BC9 -> Spyware.Delfin : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3048D733-025F-4238-A016-189945\E77D4420-5EA5-49BE-9F10-91DA9C -> Spyware.Delfin : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\372ECB15-4331-49D1-B68D-8DE875\80EF12A9-923A-43CD-B4CB-2DC43A -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3C1AF243-E6FB-4889-8455-18EF50\C2E22AF6-F25F-4EC7-BD32-5FFECB -> Spyware.Delfin : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3D93DF01-233D-4A1F-A248-9768FE\4E4D45AC-A4E7-41E4-B6C3-44F21E -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\48D0764F-FB3E-4B5B-80F6-01575C\FBD223FD-D6EC-4B8F-A9B4-D17AD5 -> Spyware.iSearch : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\5348C4BC-AE99-4BB6-839D-9B17E5\DE0B33BD-E0E0-403B-AB3D-CD5B40 -> Spyware.Beginto : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\80DE2363-55CE-494D-B033-5D78B1\9FD2E8A5-0084-4CB4-BD0B-4F04DE -> Spyware.Delfin : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\964DD054-3E65-44D5-B536-0F53DB\70DD8145-CA37-4CD4-BF87-35B06B -> TrojanDownloader.Small.abd : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A0579541-EBB6-41F8-A969-6B2578\FB575ED9-A2CE-4DE2-A115-33DA47 -> Spyware.iSearch : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A3A87661-9513-4658-99FD-6F3BD2\48DBF24F-5B15-4C04-882B-E100C0 -> Spyware.Delfin : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\BBA37253-6214-46B2-9F67-DDD7EC\3B203435-D917-4C9C-83CF-77E4C9 -> TrojanDownloader.Small.abd : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C30CCBED-E89B-4EF9-8140-D24B99\074CC891-6F76-454A-B563-9FDF03 -> Adware.eZula : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C30CCBED-E89B-4EF9-8140-D24B99\7FAB4EEF-4BE7-422C-834A-09B7A9 -> TrojanDownloader.OneClickSearch.k : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C30CCBED-E89B-4EF9-8140-D24B99\FB225F44-726C-4906-95F8-8C57CA -> Adware.eZula : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\DB989F05-CB4D-437F-A712-B617EF\EED69AB1-AE37-42B5-9D2E-959E8C -> Spyware.Delfin : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E10C25B6-33B0-4CDA-BA5B-9D33CF\207B8B3B-DCC3-419E-A045-2BE929 -> Spyware.SurfSide : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F66C0732-737A-481E-86B7-58BBAB\B993CC73-6AA0-4C03-82B1-D1BDA5 -> Spyware.VirtualBouncer : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F9805739-554B-48E8-827A-942476\4AE374AA-E84D-45CB-8C3B-13105E -> Spyware.VirtualBouncer : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F9805739-554B-48E8-827A-942476\885146B8-54D0-4D36-B513-6B38DF -> Spyware.VirtualBouncer : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F9805739-554B-48E8-827A-942476\FAACF8D1-8838-4AA6-BE48-B31E10 -> Spyware.VirtualBouncer : Cleaned with backup
C:\Program Files\Mozilla Firefox\extensions\{2bafa858-4ff3-4207-822e-ef46d1b431de}\chrome\isearch.jar/content/isearch/isearch.js -> Spyware.iSearch : Error during cleaning
C:\Program Files\rdso\eetu.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\WINDOWS\icont.exe -> Spyware.AdURL : Cleaned with backup
C:\WINDOWS\SYSTEM\UpdInst.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\bqbrmqr.exe.tcf -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\SYSTEM32\Cache\EDow_AS2.exe.tcf -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\SYSTEM32\Cache\HLInstaller.exe.tcf -> Spyware.iSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\Cache\MTE1NTA6ODoxMg.exe.tcf -> Spyware.iSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\Cache\omi.exe -> TrojanDropper.Agent.hn : Cleaned with backup
C:\WINDOWS\SYSTEM32\Cache\pop.exe.tcf -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\SYSTEM32\Cache\trafficgen-fran.exe -> Spyware.HotSearchBar.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\Cache\trgen_fran-162813.exe -> Spyware.HotSearchBar.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\conres.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\SYSTEM32\datadx.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\SYSTEM32\dwdjhwj.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\SYSTEM32\goldnew2b.dll -> TrojanDropper.Miewer.f : Cleaned with backup
C:\WINDOWS\SYSTEM32\jljabl.exe.tcf -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\SYSTEM32\KHDIT142.DLL.tcf -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\KNDHE220.DLL.tcf -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\midad.dll -> TrojanDownloader.Miewer.a : Cleaned with backup
C:\WINDOWS\SYSTEM32\msnimk.gif -> Spyware.Ipend : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsvsvc\nsvs.dll.tcf -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsvsvc\nsvsvc.exe.tcf -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\SYSTEM32\pypbk.dat -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\SYSTEM32\supdate.dll.tcf -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\SYSTEM32\tintel.dll.tcf -> Trojan.Zapchast : Cleaned with backup
C:\WINDOWS\SYSTEM32\u2ru0c99ef.dll.tcf -> Spyware.Look2Me : Cleaned with backup
E:\KaZaA\TopSearch.dll -> Spyware.TopSearch : Cleaned with backup


::Report End



Incident Status Location

Spyware:spyware/surfsidekick No disinfected C:\Documents and Settings\user\Application Data\Sskknwrd.dll
Hacktool:Hacktool/Processor No disinfected C:\Documents and Settings\user\Desktop\l2mfix\Process.exe
Hacktool:Hacktool/Processor No disinfected C:\Documents and Settings\user\Desktop\l2mfix.exe[Process.exe]
Adware:adware/iedriver No disinfected C:\Documents and Settings\user\Favorites\Get out of Debt!.url
Possible Virus. No disinfected C:\Program Files\2Wire\sy_apps\dllupdate.exe
Hacktool:Hacktool/Processor No disinfected C:\Program Files\Common Files\mozilla.org\GRE\1.7.1_2004070721\l2mfix\Process.exe
Adware:Adware/AdDestroyer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\64B9EB82-A950-4CA1-A680-E826B5\444C2FDE-4968-4E3D-A337-6CC5D0
Adware:Adware/AdDestroyer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\79E2E733-4CDC-4AEC-952C-EACE1E\90F72362-D454-4717-9592-D913C6
Spyware:Spyware/SurfSideKick No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E10C25B6-33B0-4CDA-BA5B-9D33CF\A8B6CEF4-531F-4EC0-A638-D11035
Adware:Adware/AdDestroyer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F66C0732-737A-481E-86B7-58BBAB\494FB11E-63E7-49F6-A4B2-FF8DC0
Adware:Adware/ISearch No disinfected C:\Program Files\Mozilla Firefox\extensions\{2bafa858-4ff3-4207-822e-ef46d1b431de}\chrome\isearch.jar[isearch.js]
Possible Virus. No disinfected C:\Program Files\PCFlashBang\fd.dll
Possible Virus. No disinfected C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe
Adware:adware/isearch No disinfected C:\WINDOWS\deskbar.ini
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\mm63.INF
Adware:Adware/WinAD No disinfected C:\WINDOWS\Downloaded Program Files\PrevAdX.dll
Adware:adware/kz515 No disinfected C:\WINDOWS\INF\kz515.inf
Adware:adware/sidesearch No disinfected C:\WINDOWS\sepsd.bin
Virus:Trj/SCBop.B Disinfected C:\WINDOWS\SysCheckBop32.exe
Adware:Adware/MyBHOSpy No disinfected C:\WINDOWS\SYSTEM32\415511dd.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM32\a95kfrhe.ini
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM32\abasa5jrp.ini
Adware:adware/savenow No disinfected C:\WINDOWS\SYSTEM32\ap2nqrd4.dat
Adware:adware/sahagent No disinfected C:\WINDOWS\SYSTEM32\bqrufs5f.dat
Adware:Adware/nCase No disinfected C:\WINDOWS\SYSTEM32\Cache\180SAInstaller.exe
Virus:Trj/TSUpdate.A Disinfected C:\WINDOWS\SYSTEM32\Cache\AMEX_54.exe
Adware:Adware/Beginto No disinfected C:\WINDOWS\SYSTEM32\Cache\b2s-537466.exe
Virus:Trj/Multidropper.UO Disinfected C:\WINDOWS\SYSTEM32\Cache\Kyongju.exe
Virus:Trj/SCBop.B Disinfected C:\WINDOWS\SYSTEM32\Cache\setup.exe
Virus:Trj/Downloader.BJF Disinfected C:\WINDOWS\SYSTEM32\Cache\skh2.exe
Possible Virus. No disinfected C:\WINDOWS\SYSTEM32\Cache\VCM Q installer_282_190.exe.tcf
Spyware:Spyware/CouponAge No disinfected C:\WINDOWS\SYSTEM32\docore.dll.tcf
Spyware:Spyware/CouponAge No disinfected C:\WINDOWS\SYSTEM32\dosync.dll.tcf
Virus:Trj/Qhost.Y Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20050129-100231.backup
Virus:Trj/Qhost.Y Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20050129-100232.backup
Virus:Trj/Qhost.Y Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20050129-100254.backup
Adware:Adware/PurityScan No disinfected C:\WINDOWS\SYSTEM32\hbtdu.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM32\hochkaod3.ini
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\SYSTEM32\mscgdc.dll
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\SYSTEM32\msiaih.dll
Adware:Adware/Hotoffers No disinfected C:\WINDOWS\SYSTEM32\msodae.dll
Adware:Adware/FlashBang No disinfected C:\WINDOWS\SYSTEM32\PCFlashBangUninstall.exe
Virus:Trj/Dropper.GZ Disinfected C:\WINDOWS\SYSTEM32\PwrSrchP1.dll
Adware:Adware/PurityScan No disinfected C:\WINDOWS\SYSTEM32\sdwl.dll
Adware:Adware/PurityScan No disinfected C:\WINDOWS\SYSTEM32\Shex.exe
Adware:adware/powersearch No disinfected C:\WINDOWS\SYSTEM32\stlb2.xml
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM32\u6f6uftuc.ini
Adware:Adware/Imibar No disinfected C:\WINDOWS\ttext.dll
Spyware:spyware/adclicker No disinfected C:\WINDOWS\usta33.ini

Logfile of HijackThis v1.99.1
Scan saved at 12:53:10 AM, on 8/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\sys021578529718.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\WordPerfect Office 11\Programs\wpwin11.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Documents and Settings\user\My Documents\Kai\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [sys021578529718] C:\WINDOWS\sys021578529718.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [sys101815785297] C:\WINDOWS\sys101815785297.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} -
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zon...ds.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28578.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28578.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
  • 0

#15
Michelle
Posted 11 August 2005 - 12:11 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Please disable Microsoft anti-spyware and SpyBot Teatimer otherwise they will interfere:

Disable MSAS:
Open Microsoft AntiSpyware.
Click on Tools, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck: Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck: Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware

Disable Teatimer:
* Open Spybot.
* Click MODE, then check ADVANCED MODE, click YES
* Click TOOLS > RESIDENT.
* Uncheck Teatimer.
* Click ALLOW CHANGE.
* We will enable Teatimer after your system is clean

* Please download the Killbox by Option^Explicit.

* Save it to your desktop.

* Run Killbox.exe.

* Select "Delete on Reboot".

* Copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

C:\Documents and Settings\user\Application Data\Sskknwrd.dll
C:\Program Files\2Wire\sy_apps\dllupdate.exe
C:\Program Files\Mozilla Firefox\extensions\{2bafa858-4ff3-4207-822e-ef46d1b431de}\chrome\isearch.jar
C:\Program Files\PCFlashBang\fd.dll
C:\WINDOWS\deskbar.ini
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\mm63.INF
C:\WINDOWS\Downloaded Program Files\PrevAdX.dll
C:\WINDOWS\INF\kz515.inf
C:\WINDOWS\sepsd.bin
C:\WINDOWS\SysCheckBop32.exe
C:\WINDOWS\SYSTEM32\415511dd.dll
C:\WINDOWS\SYSTEM32\a95kfrhe.ini
C:\WINDOWS\SYSTEM32\abasa5jrp.ini
C:\WINDOWS\SYSTEM32\ap2nqrd4.dat
C:\WINDOWS\SYSTEM32\bqrufs5f.dat
C:\WINDOWS\SYSTEM32\Cache\180SAInstaller.exe
C:\WINDOWS\SYSTEM32\Cache\AMEX_54.exe
C:\WINDOWS\SYSTEM32\Cache\b2s-537466.exe
C:\WINDOWS\SYSTEM32\Cache\Kyongju.exe
C:\WINDOWS\SYSTEM32\Cache\setup.exe
C:\WINDOWS\SYSTEM32\Cache\skh2.exe
C:\WINDOWS\SYSTEM32\Cache\VCM Q installer_282_190.exe.tcf
C:\WINDOWS\SYSTEM32\docore.dll.tcf
C:\WINDOWS\SYSTEM32\dosync.dll.tcf
C:\WINDOWS\SYSTEM32\hbtdu.exe
C:\WINDOWS\SYSTEM32\hochkaod3.ini
C:\WINDOWS\SYSTEM32\mscgdc.dll
C:\WINDOWS\SYSTEM32\msiaih.dll
C:\WINDOWS\SYSTEM32\msodae.dll
C:\WINDOWS\SYSTEM32\PCFlashBangUninstall.exe
C:\WINDOWS\SYSTEM32\PwrSrchP1.dll
C:\WINDOWS\SYSTEM32\sdwl.dll
C:\WINDOWS\SYSTEM32\Shex.exe
C:\WINDOWS\SYSTEM32\stlb2.xml
C:\WINDOWS\SYSTEM32\u6f6uftuc.ini
C:\WINDOWS\ttext.dll
C:\WINDOWS\usta33.ini
C:\WINDOWS\about.htm
C:\WINDOWS\sys021578529718.exe

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. If your computer does not restart automatically, please restart it manually.

After your computer reboots, run HijackThis. Place a check next to the following items, if found, and click FIX CHECKED:

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [sys021578529718] C:\WINDOWS\sys021578529718.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [sys101815785297] C:\WINDOWS\sys101815785297.exe

O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} -

Delete the following out of your favorites:

C:\Documents and Settings\user\Favorites\Get out of Debt!.url

Rescan with HiJackthis and post the new log.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP