Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

WinFixer - Please Help! [RESOLVED]

Started by richl , Aug 17 2005 05:44 AM

  • This topic is locked This topic is locked

#1
richl
Posted 17 August 2005 - 05:44 AM

richl

    Member

  • Member
  • PipPip
  • 13 posts
working on this for 2 days!! Please help eliminate winfixer...

here is hijack log from this morning:

Logfile of HijackThis v1.99.1
Scan saved at 7:23:44 AM, on 8/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\etb\pokapoka63.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [second] C:\Documents and Settings\User\Desktop\l2mfix\second.bat
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\rsched32.dll (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  • 0

Advertisements

#2
Rawe
Posted 17 August 2005 - 05:59 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello and welcome!

Let's start with Elitum--

Please download miekiemoes' LQfix batch here:
LQfix.zip
Unzip it to the desktop but do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site;
http://www.pchell.co.../safemode.shtml

Once in Safe Mode, please run LQfix.bat

When finished, reboot into normal mode.

Post a fresh HiJackThis log.

- Rawe :tazz:

Can you also tell me which Anti-virus software you're currently using? :)

I see no signs of one in your log.
  • 0

#3
richl
Posted 17 August 2005 - 06:20 AM

richl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hello Rawe - Followed your instructions, here is a new hijack log. As for anti-virus program, I couldn't locate either, need to buy one immediately!! Had Norton 2004, can't find now..

Logfile of HijackThis v1.99.1
Scan saved at 8:06:20 AM, on 8/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [second] C:\Documents and Settings\User\Desktop\l2mfix\second.bat
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\rsched32.dll (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  • 0

#4
Rawe
Posted 17 August 2005 - 06:26 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Please look at this thread;
http://www.geekstogo...ources-t38.html

Install free edition of AVG.

I don't suggest buying Norton, Avg will do the job.

Can you install it, then update it, run the setup and run a complete scan with it. Remove all it finds. IF there is an possibility to save the logfile and/or copy it, can you paste it here. If not, can you just let me know what it found and if something could not be fixed. After that, post a new HijackThis log here. Also, don't reboot after posting the new log.

- Rawe :tazz:
  • 0

#5
Rawe
Posted 17 August 2005 - 06:36 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Just as an note.. Don't install any other programs yet. ONLY AVG as an Anti-virus for you. It's a great piece of software. :tazz:
  • 0

#6
richl
Posted 17 August 2005 - 07:01 AM

richl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Rawe- Downloaded AVG, thanks for the tip. It removed 7 viruses.

AVG Results:

C:\Documents and Settings\User\Local Settings\Temp\bw2.com","","Deleted"
"C:\Documents and Settings\User\Local Settings\Temp\ICD4.tmp\installer_MARKETING37.exe","","Deleted"
"C:\WINDOWS\My404.exe","","Deleted"
"C:\WINDOWS\visfxun.exe","","Deleted"
"C:\WINDOWS\Downloaded Program Files\installer_MARKETING37.exe","","Deleted"
"C:\WINDOWS\Downloaded Program Files\installer_PIVOTAL_DB.exe","","Deleted"
"C:\WINDOWS\Temp\b.com","","Deleted"

Here is new Hijack this file:

Logfile of HijackThis v1.99.1
Scan saved at 8:49:05 AM, on 8/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [second] C:\Documents and Settings\User\Desktop\l2mfix\second.bat
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\rsched32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program

Thanks!!
  • 0

#7
Rawe
Posted 17 August 2005 - 07:08 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hmm. It shows you have Elitum again??

Let's do this again.

Please download miekiemoes' LQfix batch here:
LQfix.zip
Unzip it to the desktop but do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site;
http://www.pchell.co.../safemode.shtml

Once in Safe Mode, please run LQfix.bat

When finished, reboot into normal mode.

Post a fresh HiJackThis log.

- Rawe :tazz:
  • 0

#8
richl
Posted 17 August 2005 - 07:21 AM

richl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi- reran LQfix again, here is latest hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 9:10:36 AM, on 8/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [second] C:\Documents and Settings\User\Desktop\l2mfix\second.bat
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\rsched32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Thanks.
  • 0

#9
Rawe
Posted 17 August 2005 - 07:25 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Can you disable Microsoft Anti-spyware doing the following;

Right click on the Microsoft AntiSpyware icon (looks like a target) and click on Security Agents Status (Enabled) and click on Disable Real-time Protection. IF there is any other options to disable, do that too.

It might be interfering with the fix.

After that,
run a scan with HijackThis and check the following objects;

O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe

Make sure they are checked.. Close any other open windows.. Click Fix Checked.

Rerun LQfix in Safe Mode again.

Then post me this log along with the new HiJackThis log:

Please download the l2mfix from one of the locations below;

http://www.atribune....oads/l2mfix.exe

http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double-click l2mfix.exe

Click the Install - button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop.

Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log.

Copy the contents of that log and paste it into your next reply.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until I ask you to!

Note; if you recieve any error messages for CMD or Autoexec.bat>> select option 5 from the l2mfix and once at the site, click on the link that apply to your operating system!

Double-click the file it downloads and extract the files to its predetermined System32 folder!

- Rawe :tazz:
  • 0

#10
richl
Posted 17 August 2005 - 07:59 AM

richl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I think I screwed up somewhere. Installed I2mfix.exe per instructions, rebooted from normal mode & a window came up windows-system32/cmd.exe -
message: killing explorer + rund 1132.exe system cannot find the path specified 0 files copied. Alos a registry editor-cannot export backregs + a bunch of numbers. I'm now on another computer, my desktop is blank, cannot restar in safe mode. Any suggestions?
Thanks.
  • 0

Advertisements

#11
Rawe
Posted 17 August 2005 - 08:36 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Can you reboot your PC normally? Or is everything just blank?
  • 0

#12
richl
Posted 17 August 2005 - 11:39 AM

richl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Rawe-
Sorry I had to bolt so quickly earlier - everything is blank. I reboot, I see my files for a second, those messages come up & then the screen is blank except forn picture on desktop.
  • 0

#13
Rawe
Posted 17 August 2005 - 11:42 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Can you enter the Task manager hitting CTRL - ALT - DEL at the same time?

If you do:

Go to Task Manager, go to the "Applications" - tab, click "New Task" and type in: reboot.exe

Your system should restart soon.. If it does, just go on with the fix and follow my earlier instructions after restarted.. Try it.
  • 0

#14
Rawe
Posted 17 August 2005 - 11:46 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Which option did you choose from L2mfix?
Was it option 1 or something else?
  • 0

#15
richl
Posted 17 August 2005 - 11:47 AM

richl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
thanks was able to get back on, scan took place & here is the log. not sure if I used the i2mfix.exe correctly. Please let me know next steps..

Setting Directory
C:\Documents and Settings\User
Setting Directory
C:\Documents and Settings\User
System Rebooted!

Running From:
C:\Documents and Settings\User

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1316 'explorer.exe'
Killing PID 1316 'explorer.exe'
Killing PID 1316 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1396 'rundll32.exe'
Setting Directory
C:\Documents and Settings\User
System Rebooted!

Running From:
C:\Documents and Settings\User

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'
Killing PID 1320 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1400 'rundll32.exe'
Setting Directory
C:\Documents and Settings\User
System Rebooted!

Running From:
C:\Documents and Settings\User

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1304 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1388 'rundll32.exe'

Scanning First Pass. Please Wait!

Setting Directory
C:\Documents and Settings\User
System Rebooted!

Running From:
C:\Documents and Settings\User

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1304 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Error, Cannot find a process with an image name of rundll32.exe

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\alsldpc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\alsldpc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cyyptdll.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cyyptdll.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\denet.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\denet.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dicpmon.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dicpmon.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dimsrpcn.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dimsrpcn.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\diser.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\diser.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dpcprop2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dpcprop2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dprawex.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dprawex.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dSdrm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dSdrm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dunet.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dunet.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dXdim700.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dXdim700.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dzband.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dzband.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\elcapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\elcapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\faamebuf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\faamebuf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fzifs.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fzifs.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ic41_qc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ic41_qc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\icetmib1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\icetmib1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iEssam.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iEssam.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ifxrip.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ifxrip.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iietcfg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iietcfg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kc1394.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kc1394.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kcdbene.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kcdbene.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kcdhela3.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kcdhela3.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kcdpl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kcdpl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kedcz1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kedcz1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kguser.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kguser.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kjdca.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kjdca.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kodsl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kodsl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\krdsl1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\krdsl1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ksdcz2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ksdcz2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kudsmsno.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kudsmsno.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kw1394.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kw1394.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kwdtuq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kwdtuq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kzdtuf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kzdtuf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lpexpand.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lpexpand.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mkl_qic.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mkl_qic.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mydsrv32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mydsrv32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\myl_qic.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\myl_qic.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mzimtf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mzimtf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nhfjkphf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nhfjkphf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nslanui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nslanui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nsmsmgr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nsmsmgr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\orbc32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\orbc32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sdcfiles.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sdcfiles.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\szmsg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\szmsg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\tzolhelp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\tzolhelp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\tZpi3.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\tZpi3.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\unhisapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\unhisapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\uzhisapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\uzhisapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wcv8dmod.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wcv8dmod.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wicsvc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wicsvc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wjspdmoe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wjspdmoe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wy2_32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wy2_32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINDOWS\system32\alsldpc.dll
Successfully Deleted: C:\WINDOWS\system32\alsldpc.dll
deleting: C:\WINDOWS\system32\alsldpc.dll
Successfully Deleted: C:\WINDOWS\system32\alsldpc.dll
deleting: C:\WINDOWS\system32\cyyptdll.dll
Successfully Deleted: C:\WINDOWS\system32\cyyptdll.dll
deleting: C:\WINDOWS\system32\cyyptdll.dll
Successfully Deleted: C:\WINDOWS\system32\cyyptdll.dll
deleting: C:\WINDOWS\system32\denet.dll
Successfully Deleted: C:\WINDOWS\system32\denet.dll
deleting: C:\WINDOWS\system32\denet.dll
Successfully Deleted: C:\WINDOWS\system32\denet.dll
deleting: C:\WINDOWS\system32\dicpmon.dll
Successfully Deleted: C:\WINDOWS\system32\dicpmon.dll
deleting: C:\WINDOWS\system32\dicpmon.dll
Successfully Deleted: C:\WINDOWS\system32\dicpmon.dll
deleting: C:\WINDOWS\system32\dimsrpcn.dll
Successfully Deleted: C:\WINDOWS\system32\dimsrpcn.dll
deleting: C:\WINDOWS\system32\dimsrpcn.dll
Successfully Deleted: C:\WINDOWS\system32\dimsrpcn.dll
deleting: C:\WINDOWS\system32\diser.dll
Successfully Deleted: C:\WINDOWS\system32\diser.dll
deleting: C:\WINDOWS\system32\diser.dll
Successfully Deleted: C:\WINDOWS\system32\diser.dll
deleting: C:\WINDOWS\system32\dpcprop2.dll
Successfully Deleted: C:\WINDOWS\system32\dpcprop2.dll
deleting: C:\WINDOWS\system32\dpcprop2.dll
Successfully Deleted: C:\WINDOWS\system32\dpcprop2.dll
deleting: C:\WINDOWS\system32\dprawex.dll
Successfully Deleted: C:\WINDOWS\system32\dprawex.dll
deleting: C:\WINDOWS\system32\dprawex.dll
Successfully Deleted: C:\WINDOWS\system32\dprawex.dll
deleting: C:\WINDOWS\system32\dSdrm.dll
Successfully Deleted: C:\WINDOWS\system32\dSdrm.dll
deleting: C:\WINDOWS\system32\dSdrm.dll
Successfully Deleted: C:\WINDOWS\system32\dSdrm.dll
deleting: C:\WINDOWS\system32\dunet.dll
Successfully Deleted: C:\WINDOWS\system32\dunet.dll
deleting: C:\WINDOWS\system32\dunet.dll
Successfully Deleted: C:\WINDOWS\system32\dunet.dll
deleting: C:\WINDOWS\system32\dXdim700.dll
Successfully Deleted: C:\WINDOWS\system32\dXdim700.dll
deleting: C:\WINDOWS\system32\dXdim700.dll
Successfully Deleted: C:\WINDOWS\system32\dXdim700.dll
deleting: C:\WINDOWS\system32\dzband.dll
Successfully Deleted: C:\WINDOWS\system32\dzband.dll
deleting: C:\WINDOWS\system32\dzband.dll
Successfully Deleted: C:\WINDOWS\system32\dzband.dll
deleting: C:\WINDOWS\system32\elcapi.dll
Successfully Deleted: C:\WINDOWS\system32\elcapi.dll
deleting: C:\WINDOWS\system32\elcapi.dll
Successfully Deleted: C:\WINDOWS\system32\elcapi.dll
deleting: C:\WINDOWS\system32\faamebuf.dll
Successfully Deleted: C:\WINDOWS\system32\faamebuf.dll
deleting: C:\WINDOWS\system32\faamebuf.dll
Successfully Deleted: C:\WINDOWS\system32\faamebuf.dll
deleting: C:\WINDOWS\system32\fzifs.dll
Successfully Deleted: C:\WINDOWS\system32\fzifs.dll
deleting: C:\WINDOWS\system32\fzifs.dll
Successfully Deleted: C:\WINDOWS\system32\fzifs.dll
deleting: C:\WINDOWS\system32\ic41_qc.dll
Successfully Deleted: C:\WINDOWS\system32\ic41_qc.dll
deleting: C:\WINDOWS\system32\ic41_qc.dll
Successfully Deleted: C:\WINDOWS\system32\ic41_qc.dll
deleting: C:\WINDOWS\system32\icetmib1.dll
Successfully Deleted: C:\WINDOWS\system32\icetmib1.dll
deleting: C:\WINDOWS\system32\icetmib1.dll
Successfully Deleted: C:\WINDOWS\system32\icetmib1.dll
deleting: C:\WINDOWS\system32\iEssam.dll
Successfully Deleted: C:\WINDOWS\system32\iEssam.dll
deleting: C:\WINDOWS\system32\iEssam.dll
Successfully Deleted: C:\WINDOWS\system32\iEssam.dll
deleting: C:\WINDOWS\system32\ifxrip.dll
Successfully Deleted: C:\WINDOWS\system32\ifxrip.dll
deleting: C:\WINDOWS\system32\ifxrip.dll
Successfully Deleted: C:\WINDOWS\system32\ifxrip.dll
deleting: C:\WINDOWS\system32\iietcfg.dll
Successfully Deleted: C:\WINDOWS\system32\iietcfg.dll
deleting: C:\WINDOWS\system32\iietcfg.dll
Successfully Deleted: C:\WINDOWS\system32\iietcfg.dll
deleting: C:\WINDOWS\system32\kc1394.dll
Successfully Deleted: C:\WINDOWS\system32\kc1394.dll
deleting: C:\WINDOWS\system32\kc1394.dll
Successfully Deleted: C:\WINDOWS\system32\kc1394.dll
deleting: C:\WINDOWS\system32\kcdbene.dll
Successfully Deleted: C:\WINDOWS\system32\kcdbene.dll
deleting: C:\WINDOWS\system32\kcdbene.dll
Successfully Deleted: C:\WINDOWS\system32\kcdbene.dll
deleting: C:\WINDOWS\system32\kcdhela3.dll
Successfully Deleted: C:\WINDOWS\system32\kcdhela3.dll
deleting: C:\WINDOWS\system32\kcdhela3.dll
Successfully Deleted: C:\WINDOWS\system32\kcdhela3.dll
deleting: C:\WINDOWS\system32\kcdpl.dll
Successfully Deleted: C:\WINDOWS\system32\kcdpl.dll
deleting: C:\WINDOWS\system32\kcdpl.dll
Successfully Deleted: C:\WINDOWS\system32\kcdpl.dll
deleting: C:\WINDOWS\system32\kedcz1.dll
Successfully Deleted: C:\WINDOWS\system32\kedcz1.dll
deleting: C:\WINDOWS\system32\kedcz1.dll
Successfully Deleted: C:\WINDOWS\system32\kedcz1.dll
deleting: C:\WINDOWS\system32\kguser.dll
Successfully Deleted: C:\WINDOWS\system32\kguser.dll
deleting: C:\WINDOWS\system32\kguser.dll
Successfully Deleted: C:\WINDOWS\system32\kguser.dll
deleting: C:\WINDOWS\system32\kjdca.dll
Successfully Deleted: C:\WINDOWS\system32\kjdca.dll
deleting: C:\WINDOWS\system32\kjdca.dll
Successfully Deleted: C:\WINDOWS\system32\kjdca.dll
deleting: C:\WINDOWS\system32\kodsl.dll
Successfully Deleted: C:\WINDOWS\system32\kodsl.dll
deleting: C:\WINDOWS\system32\kodsl.dll
Successfully Deleted: C:\WINDOWS\system32\kodsl.dll
deleting: C:\WINDOWS\system32\krdsl1.dll
Successfully Deleted: C:\WINDOWS\system32\krdsl1.dll
deleting: C:\WINDOWS\system32\krdsl1.dll
Successfully Deleted: C:\WINDOWS\system32\krdsl1.dll
deleting: C:\WINDOWS\system32\ksdcz2.dll
Successfully Deleted: C:\WINDOWS\system32\ksdcz2.dll
deleting: C:\WINDOWS\system32\ksdcz2.dll
Successfully Deleted: C:\WINDOWS\system32\ksdcz2.dll
deleting: C:\WINDOWS\system32\kudsmsno.dll
Successfully Deleted: C:\WINDOWS\system32\kudsmsno.dll
deleting: C:\WINDOWS\system32\kudsmsno.dll
Successfully Deleted: C:\WINDOWS\system32\kudsmsno.dll
deleting: C:\WINDOWS\system32\kw1394.dll
Successfully Deleted: C:\WINDOWS\system32\kw1394.dll
deleting: C:\WINDOWS\system32\kw1394.dll
Successfully Deleted: C:\WINDOWS\system32\kw1394.dll
deleting: C:\WINDOWS\system32\kwdtuq.dll
Successfully Deleted: C:\WINDOWS\system32\kwdtuq.dll
deleting: C:\WINDOWS\system32\kwdtuq.dll
Successfully Deleted: C:\WINDOWS\system32\kwdtuq.dll
deleting: C:\WINDOWS\system32\kzdtuf.dll
Successfully Deleted: C:\WINDOWS\system32\kzdtuf.dll
deleting: C:\WINDOWS\system32\kzdtuf.dll
Successfully Deleted: C:\WINDOWS\system32\kzdtuf.dll
deleting: C:\WINDOWS\system32\lpexpand.dll
Successfully Deleted: C:\WINDOWS\system32\lpexpand.dll
deleting: C:\WINDOWS\system32\lpexpand.dll
Successfully Deleted: C:\WINDOWS\system32\lpexpand.dll
deleting: C:\WINDOWS\system32\mkl_qic.dll
Successfully Deleted: C:\WINDOWS\system32\mkl_qic.dll
deleting: C:\WINDOWS\system32\mkl_qic.dll
Successfully Deleted: C:\WINDOWS\system32\mkl_qic.dll
deleting: C:\WINDOWS\system32\mydsrv32.dll
Successfully Deleted: C:\WINDOWS\system32\mydsrv32.dll
deleting: C:\WINDOWS\system32\mydsrv32.dll
Successfully Deleted: C:\WINDOWS\system32\mydsrv32.dll
deleting: C:\WINDOWS\system32\myl_qic.dll
Successfully Deleted: C:\WINDOWS\system32\myl_qic.dll
deleting: C:\WINDOWS\system32\myl_qic.dll
Successfully Deleted: C:\WINDOWS\system32\myl_qic.dll
deleting: C:\WINDOWS\system32\mzimtf.dll
Successfully Deleted: C:\WINDOWS\system32\mzimtf.dll
deleting: C:\WINDOWS\system32\mzimtf.dll
Successfully Deleted: C:\WINDOWS\system32\mzimtf.dll
deleting: C:\WINDOWS\system32\nhfjkphf.dll
Successfully Deleted: C:\WINDOWS\system32\nhfjkphf.dll
deleting: C:\WINDOWS\system32\nhfjkphf.dll
Successfully Deleted: C:\WINDOWS\system32\nhfjkphf.dll
deleting: C:\WINDOWS\system32\nslanui.dll
Successfully Deleted: C:\WINDOWS\system32\nslanui.dll
deleting: C:\WINDOWS\system32\nslanui.dll
Successfully Deleted: C:\WINDOWS\system32\nslanui.dll
deleting: C:\WINDOWS\system32\nsmsmgr.dll
Successfully Deleted: C:\WINDOWS\system32\nsmsmgr.dll
deleting: C:\WINDOWS\system32\nsmsmgr.dll
Successfully Deleted: C:\WINDOWS\system32\nsmsmgr.dll
deleting: C:\WINDOWS\system32\orbc32.dll
Successfully Deleted: C:\WINDOWS\system32\orbc32.dll
deleting: C:\WINDOWS\system32\orbc32.dll
Successfully Deleted: C:\WINDOWS\system32\orbc32.dll
deleting: C:\WINDOWS\system32\sdcfiles.dll
Successfully Deleted: C:\WINDOWS\system32\sdcfiles.dll
deleting: C:\WINDOWS\system32\sdcfiles.dll
Successfully Deleted: C:\WINDOWS\system32\sdcfiles.dll
deleting: C:\WINDOWS\system32\szmsg.dll
Successfully Deleted: C:\WINDOWS\system32\szmsg.dll
deleting: C:\WINDOWS\system32\szmsg.dll
Successfully Deleted: C:\WINDOWS\system32\szmsg.dll
deleting: C:\WINDOWS\system32\tzolhelp.dll
Successfully Deleted: C:\WINDOWS\system32\tzolhelp.dll
deleting: C:\WINDOWS\system32\tzolhelp.dll
Successfully Deleted: C:\WINDOWS\system32\tzolhelp.dll
deleting: C:\WINDOWS\system32\tZpi3.dll
Successfully Deleted: C:\WINDOWS\system32\tZpi3.dll
deleting: C:\WINDOWS\system32\tZpi3.dll
Successfully Deleted: C:\WINDOWS\system32\tZpi3.dll
deleting: C:\WINDOWS\system32\unhisapi.dll
Successfully Deleted: C:\WINDOWS\system32\unhisapi.dll
deleting: C:\WINDOWS\system32\unhisapi.dll
Successfully Deleted: C:\WINDOWS\system32\unhisapi.dll
deleting: C:\WINDOWS\system32\uzhisapi.dll
Successfully Deleted: C:\WINDOWS\system32\uzhisapi.dll
deleting: C:\WINDOWS\system32\uzhisapi.dll
Successfully Deleted: C:\WINDOWS\system32\uzhisapi.dll
deleting: C:\WINDOWS\system32\wcv8dmod.dll
Successfully Deleted: C:\WINDOWS\system32\wcv8dmod.dll
deleting: C:\WINDOWS\system32\wcv8dmod.dll
Successfully Deleted: C:\WINDOWS\system32\wcv8dmod.dll
deleting: C:\WINDOWS\system32\wicsvc.dll
Successfully Deleted: C:\WINDOWS\system32\wicsvc.dll
deleting: C:\WINDOWS\system32\wicsvc.dll
Successfully Deleted: C:\WINDOWS\system32\wicsvc.dll
deleting: C:\WINDOWS\system32\wjspdmoe.dll
Successfully Deleted: C:\WINDOWS\system32\wjspdmoe.dll
deleting: C:\WINDOWS\system32\wjspdmoe.dll
Successfully Deleted: C:\WINDOWS\system32\wjspdmoe.dll
deleting: C:\WINDOWS\system32\wy2_32.dll
Successfully Deleted: C:\WINDOWS\system32\wy2_32.dll
deleting: C:\WINDOWS\system32\wy2_32.dll
Successfully Deleted: C:\WINDOWS\system32\wy2_32.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp


Zipping up files for submission:
adding: alsldpc.dll (164 bytes security) (deflated 48%)
adding: cyyptdll.dll (164 bytes security) (deflated 48%)
adding: denet.dll (164 bytes security) (deflated 48%)
adding: dicpmon.dll (164 bytes security) (deflated 48%)
adding: dimsrpcn.dll (164 bytes security) (deflated 48%)
adding: diser.dll (164 bytes security) (deflated 48%)
adding: dpcprop2.dll (164 bytes security) (deflated 48%)
adding: dprawex.dll (164 bytes security) (deflated 48%)
adding: dSdrm.dll (164 bytes security) (deflated 48%)
adding: dunet.dll (164 bytes security) (deflated 48%)
adding: dXdim700.dll (164 bytes security) (deflated 48%)
adding: dzband.dll (164 bytes security) (deflated 48%)
adding: elcapi.dll (164 bytes security) (deflated 48%)
adding: faamebuf.dll (164 bytes security) (deflated 48%)
adding: fzifs.dll (164 bytes security) (deflated 48%)
adding: ic41_qc.dll (164 bytes security) (deflated 48%)
adding: icetmib1.dll (164 bytes security) (deflated 48%)
adding: iEssam.dll (164 bytes security) (deflated 48%)
adding: ifxrip.dll (164 bytes security) (deflated 48%)
adding: iietcfg.dll (164 bytes security) (deflated 48%)
adding: kc1394.dll (164 bytes security) (deflated 48%)
adding: kcdbene.dll (164 bytes security) (deflated 48%)
adding: kcdhela3.dll (164 bytes security) (deflated 48%)
adding: kcdpl.dll (164 bytes security) (deflated 48%)
adding: kedcz1.dll (164 bytes security) (deflated 48%)
adding: kguser.dll (164 bytes security) (deflated 48%)
adding: kjdca.dll (164 bytes security) (deflated 48%)
adding: kodsl.dll (164 bytes security) (deflated 48%)
adding: krdsl1.dll (164 bytes security) (deflated 48%)
adding: ksdcz2.dll (164 bytes security) (deflated 48%)
adding: kudsmsno.dll (164 bytes security) (deflated 48%)
adding: kw1394.dll (164 bytes security) (deflated 48%)
adding: kwdtuq.dll (164 bytes security) (deflated 48%)
adding: kzdtuf.dll (164 bytes security) (deflated 48%)
adding: lpexpand.dll (164 bytes security) (deflated 48%)
adding: mkl_qic.dll (164 bytes security) (deflated 48%)
adding: mydsrv32.dll (164 bytes security) (deflated 48%)
adding: myl_qic.dll (164 bytes security) (deflated 48%)
adding: mzimtf.dll (164 bytes security) (deflated 48%)
adding: nhfjkphf.dll (164 bytes security) (deflated 48%)
adding: nslanui.dll (164 bytes security) (deflated 48%)
adding: nsmsmgr.dll (164 bytes security) (deflated 48%)
adding: orbc32.dll (164 bytes security) (deflated 48%)
adding: sdcfiles.dll (164 bytes security) (deflated 48%)
adding: szmsg.dll (164 bytes security) (deflated 48%)
adding: tzolhelp.dll (164 bytes security) (deflated 48%)
adding: tZpi3.dll (164 bytes security) (deflated 48%)
adding: unhisapi.dll (164 bytes security) (deflated 48%)
adding: uzhisapi.dll (164 bytes security) (deflated 48%)
adding: wcv8dmod.dll (164 bytes security) (deflated 48%)
adding: wicsvc.dll (164 bytes security) (deflated 48%)
adding: wjspdmoe.dll (164 bytes security) (deflated 48%)
adding: wy2_32.dll (164 bytes security) (deflated 48%)
adding: guard.tmp (164 bytes security) (deflated 48%)
adding: clear.reg (164 bytes security) (deflated 2%)
adding: lo2.txt (164 bytes security) (deflated 93%)
adding: reglog.txt (164 bytes security) (deflated 50%)
adding: test.txt (164 bytes security) (deflated 92%)
adding: test2.txt (164 bytes security) (stored 0%)
adding: test3.txt (164 bytes security) (stored 0%)
adding: test5.txt (164 bytes security) (stored 0%)
adding: xfind.txt (164 bytes security) (deflated 89%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful

Restoring Windows Update Certificates.:

deleting local copy: alsldpc.dll
deleting local copy: alsldpc.dll
deleting local copy: cyyptdll.dll
deleting local copy: cyyptdll.dll
deleting local copy: denet.dll
deleting local copy: denet.dll
deleting local copy: dicpmon.dll
deleting local copy: dicpmon.dll
deleting local copy: dimsrpcn.dll
deleting local copy: dimsrpcn.dll
deleting local copy: diser.dll
deleting local copy: diser.dll
deleting local copy: dpcprop2.dll
deleting local copy: dpcprop2.dll
deleting local copy: dprawex.dll
deleting local copy: dprawex.dll
deleting local copy: dSdrm.dll
deleting local copy: dSdrm.dll
deleting local copy: dunet.dll
deleting local copy: dunet.dll
deleting local copy: dXdim700.dll
deleting local copy: dXdim700.dll
deleting local copy: dzband.dll
deleting local copy: dzband.dll
deleting local copy: elcapi.dll
deleting local copy: elcapi.dll
deleting local copy: faamebuf.dll
deleting local copy: faamebuf.dll
deleting local copy: fzifs.dll
deleting local copy: fzifs.dll
deleting local copy: ic41_qc.dll
deleting local copy: ic41_qc.dll
deleting local copy: icetmib1.dll
deleting local copy: icetmib1.dll
deleting local copy: iEssam.dll
deleting local copy: iEssam.dll
deleting local copy: ifxrip.dll
deleting local copy: ifxrip.dll
deleting local copy: iietcfg.dll
deleting local copy: iietcfg.dll
deleting local copy: kc1394.dll
deleting local copy: kc1394.dll
deleting local copy: kcdbene.dll
deleting local copy: kcdbene.dll
deleting local copy: kcdhela3.dll
deleting local copy: kcdhela3.dll
deleting local copy: kcdpl.dll
deleting local copy: kcdpl.dll
deleting local copy: kedcz1.dll
deleting local copy: kedcz1.dll
deleting local copy: kguser.dll
deleting local copy: kguser.dll
deleting local copy: kjdca.dll
deleting local copy: kjdca.dll
deleting local copy: kodsl.dll
deleting local copy: kodsl.dll
deleting local copy: krdsl1.dll
deleting local copy: krdsl1.dll
deleting local copy: ksdcz2.dll
deleting local copy: ksdcz2.dll
deleting local copy: kudsmsno.dll
deleting local copy: kudsmsno.dll
deleting local copy: kw1394.dll
deleting local copy: kw1394.dll
deleting local copy: kwdtuq.dll
deleting local copy: kwdtuq.dll
deleting local copy: kzdtuf.dll
deleting local copy: kzdtuf.dll
deleting local copy: lpexpand.dll
deleting local copy: lpexpand.dll
deleting local copy: mkl_qic.dll
deleting local copy: mkl_qic.dll
deleting local copy: mydsrv32.dll
deleting local copy: mydsrv32.dll
deleting local copy: myl_qic.dll
deleting local copy: myl_qic.dll
deleting local copy: mzimtf.dll
deleting local copy: mzimtf.dll
deleting local copy: nhfjkphf.dll
deleting local copy: nhfjkphf.dll
deleting local copy: nslanui.dll
deleting local copy: nslanui.dll
deleting local copy: nsmsmgr.dll
deleting local copy: nsmsmgr.dll
deleting local copy: orbc32.dll
deleting local copy: orbc32.dll
deleting local copy: sdcfiles.dll
deleting local copy: sdcfiles.dll
deleting local copy: szmsg.dll
deleting local copy: szmsg.dll
deleting local copy: tzolhelp.dll
deleting local copy: tzolhelp.dll
deleting local copy: tZpi3.dll
deleting local copy: tZpi3.dll
deleting local copy: unhisapi.dll
deleting local copy: unhisapi.dll
deleting local copy: uzhisapi.dll
deleting local copy: uzhisapi.dll
deleting local copy: wcv8dmod.dll
deleting local copy: wcv8dmod.dll
deleting local copy: wicsvc.dll
deleting local copy: wicsvc.dll
deleting local copy: wjspdmoe.dll
deleting local copy: wjspdmoe.dll
deleting local copy: wy2_32.dll
deleting local copy: wy2_32.dll
deleting local copy: guard.tmp
deleting local copy: guard.tmp

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\rsched32.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\alsldpc.dll
C:\WINDOWS\system32\alsldpc.dll
C:\WINDOWS\system32\cyyptdll.dll
C:\WINDOWS\system32\cyyptdll.dll
C:\WINDOWS\system32\denet.dll
C:\WINDOWS\system32\denet.dll
C:\WINDOWS\system32\dicpmon.dll
C:\WINDOWS\system32\dicpmon.dll
C:\WINDOWS\system32\dimsrpcn.dll
C:\WINDOWS\system32\dimsrpcn.dll
C:\WINDOWS\system32\diser.dll
C:\WINDOWS\system32\diser.dll
C:\WINDOWS\system32\dpcprop2.dll
C:\WINDOWS\system32\dpcprop2.dll
C:\WINDOWS\system32\dprawex.dll
C:\WINDOWS\system32\dprawex.dll
C:\WINDOWS\system32\dSdrm.dll
C:\WINDOWS\system32\dSdrm.dll
C:\WINDOWS\system32\dunet.dll
C:\WINDOWS\system32\dunet.dll
C:\WINDOWS\system32\dXdim700.dll
C:\WINDOWS\system32\dXdim700.dll
C:\WINDOWS\system32\dzband.dll
C:\WINDOWS\system32\dzband.dll
C:\WINDOWS\system32\elcapi.dll
C:\WINDOWS\system32\elcapi.dll
C:\WINDOWS\system32\faamebuf.dll
C:\WINDOWS\system32\faamebuf.dll
C:\WINDOWS\system32\fzifs.dll
C:\WINDOWS\system32\fzifs.dll
C:\WINDOWS\system32\ic41_qc.dll
C:\WINDOWS\system32\ic41_qc.dll
C:\WINDOWS\system32\icetmib1.dll
C:\WINDOWS\system32\icetmib1.dll
C:\WINDOWS\system32\iEssam.dll
C:\WINDOWS\system32\iEssam.dll
C:\WINDOWS\system32\ifxrip.dll
C:\WINDOWS\system32\ifxrip.dll
C:\WINDOWS\system32\iietcfg.dll
C:\WINDOWS\system32\iietcfg.dll
C:\WINDOWS\system32\kc1394.dll
C:\WINDOWS\system32\kc1394.dll
C:\WINDOWS\system32\kcdbene.dll
C:\WINDOWS\system32\kcdbene.dll
C:\WINDOWS\system32\kcdhela3.dll
C:\WINDOWS\system32\kcdhela3.dll
C:\WINDOWS\system32\kcdpl.dll
C:\WINDOWS\system32\kcdpl.dll
C:\WINDOWS\system32\kedcz1.dll
C:\WINDOWS\system32\kedcz1.dll
C:\WINDOWS\system32\kguser.dll
C:\WINDOWS\system32\kguser.dll
C:\WINDOWS\system32\kjdca.dll
C:\WINDOWS\system32\kjdca.dll
C:\WINDOWS\system32\kodsl.dll
C:\WINDOWS\system32\kodsl.dll
C:\WINDOWS\system32\krdsl1.dll
C:\WINDOWS\system32\krdsl1.dll
C:\WINDOWS\system32\ksdcz2.dll
C:\WINDOWS\system32\ksdcz2.dll
C:\WINDOWS\system32\kudsmsno.dll
C:\WINDOWS\system32\kudsmsno.dll
C:\WINDOWS\system32\kw1394.dll
C:\WINDOWS\system32\kw1394.dll
C:\WINDOWS\system32\kwdtuq.dll
C:\WINDOWS\system32\kwdtuq.dll
C:\WINDOWS\system32\kzdtuf.dll
C:\WINDOWS\system32\kzdtuf.dll
C:\WINDOWS\system32\lpexpand.dll
C:\WINDOWS\system32\lpexpand.dll
C:\WINDOWS\system32\mkl_qic.dll
C:\WINDOWS\system32\mkl_qic.dll
C:\WINDOWS\system32\mydsrv32.dll
C:\WINDOWS\system32\mydsrv32.dll
C:\WINDOWS\system32\myl_qic.dll
C:\WINDOWS\system32\myl_qic.dll
C:\WINDOWS\system32\mzimtf.dll
C:\WINDOWS\system32\mzimtf.dll
C:\WINDOWS\system32\nhfjkphf.dll
C:\WINDOWS\system32\nhfjkphf.dll
C:\WINDOWS\system32\nslanui.dll
C:\WINDOWS\system32\nslanui.dll
C:\WINDOWS\system32\nsmsmgr.dll
C:\WINDOWS\system32\nsmsmgr.dll
C:\WINDOWS\system32\orbc32.dll
C:\WINDOWS\system32\orbc32.dll
C:\WINDOWS\system32\sdcfiles.dll
C:\WINDOWS\system32\sdcfiles.dll
C:\WINDOWS\system32\szmsg.dll
C:\WINDOWS\system32\szmsg.dll
C:\WINDOWS\system32\tzolhelp.dll
C:\WINDOWS\system32\tzolhelp.dll
C:\WINDOWS\system32\tZpi3.dll
C:\WINDOWS\system32\tZpi3.dll
C:\WINDOWS\system32\unhisapi.dll
C:\WINDOWS\system32\unhisapi.dll
C:\WINDOWS\system32\uzhisapi.dll
C:\WINDOWS\system32\uzhisapi.dll
C:\WINDOWS\system32\wcv8dmod.dll
C:\WINDOWS\system32\wcv8dmod.dll
C:\WINDOWS\system32\wicsvc.dll
C:\WINDOWS\system32\wicsvc.dll
C:\WINDOWS\system32\wjspdmoe.dll
C:\WINDOWS\system32\wjspdmoe.dll
C:\WINDOWS\system32\wy2_32.dll
C:\WINDOWS\system32\wy2_32.dll
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP