Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pokapoka

Started by Skater14 , Oct 15 2005 09:43 AM

  • Please log in to reply

#1
Skater14
Posted 15 October 2005 - 09:43 AM

Skater14

    Member

  • Member
  • PipPip
  • 30 posts
Okay Pokapoka....

Logfile of HijackThis v1.99.1
Scan saved at 9:42:44 AM, on 10/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\system32\dpdita.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\COMMON~1\AOL\110712~1\EE\AOLServiceHost.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\PROGRA~1\COMMON~1\AOL\110712~1\EE\AOLHOS~1.EXE
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\etb\pokapoka76.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.Tyler\My Documents\Programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1107129803\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [tsvcin] C:\Documents and Settings\Owner.Tyler\n20050308.EXE
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\dpdita.exe reg_run
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [System service76] C:\WINDOWS\etb\pokapoka76.exe
O4 - HKCU\..\Run: [sysxml] C:\WINDOWS\system32\sysxml.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10406.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Owner.Tyler\Desktop\cwshredder.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)
  • 0

Advertisements

#2
loophole
Posted 15 October 2005 - 11:42 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello and welcome to Geeks to Go:tazz:

Lets get rid of the main problem then we can get rid of the pokapokapokapokapoka garbage :)

You have the narrator trojan

Please Download the following tools to assist us in removing this infection!
  • Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!
  • Download Track qoo
    • Save it somewhere you will remember like the Desktop
Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Place those results in the next post!
Reboot back to Normal Mode!

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind!
  • 0

#3
Skater14
Posted 15 October 2005 - 07:37 PM

Skater14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Ok heres the WinPFind:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
WinShutDown 5/27/2005 6:06:38 PM R S 234058 C:\WINDOWS\SYSTEM32\abtodisc.dll
WinShutDown 5/5/2005 9:29:00 PM R S 232805 C:\WINDOWS\SYSTEM32\abtxprxy.dll
ad-w-a-r-e.com 5/5/2005 9:29:00 PM R S 232805 C:\WINDOWS\SYSTEM32\abtxprxy.dll
WinShutDown 4/15/2005 3:16:20 PM R S 235867 C:\WINDOWS\SYSTEM32\abvpack.dll
ad-w-a-r-e.com 4/15/2005 3:16:20 PM R S 235867 C:\WINDOWS\SYSTEM32\abvpack.dll
WinShutDown 5/11/2005 8:14:08 PM R S 234272 C:\WINDOWS\SYSTEM32\afrsvc.dll
ad-w-a-r-e.com 5/11/2005 8:14:08 PM R S 234272 C:\WINDOWS\SYSTEM32\afrsvc.dll
WinShutDown 5/17/2005 5:23:44 PM R S 235853 C:\WINDOWS\SYSTEM32\afsnds.dll
ad-w-a-r-e.com 5/17/2005 5:23:44 PM R S 235853 C:\WINDOWS\SYSTEM32\afsnds.dll
WinShutDown 4/24/2005 11:16:16 AM R S 232623 C:\WINDOWS\SYSTEM32\aiifile.dll
ad-w-a-r-e.com 4/24/2005 11:16:16 AM R S 232623 C:\WINDOWS\SYSTEM32\aiifile.dll
WinShutDown 5/29/2005 4:31:00 PM R S 233950 C:\WINDOWS\SYSTEM32\arvpack.dll
WinShutDown 4/11/2005 3:34:16 PM R S 233248 C:\WINDOWS\SYSTEM32\aUmd532.dll
ad-w-a-r-e.com 4/11/2005 3:34:16 PM R S 233248 C:\WINDOWS\SYSTEM32\aUmd532.dll
WinShutDown 5/8/2005 2:26:12 PM 233074 C:\WINDOWS\SYSTEM32\aza0059me.dll
ad-w-a-r-e.com 5/8/2005 2:26:12 PM 233074 C:\WINDOWS\SYSTEM32\aza0059me.dll
WinShutDown 6/30/2005 8:04:38 AM R S 235454 C:\WINDOWS\SYSTEM32\aza6l11s1.dll
WinShutDown 4/14/2005 6:30:28 PM R S 232655 C:\WINDOWS\SYSTEM32\azaq07h5e.dll
ad-w-a-r-e.com 4/14/2005 6:30:28 PM R S 232655 C:\WINDOWS\SYSTEM32\azaq07h5e.dll
WinShutDown 5/29/2005 1:12:58 PM R S 235049 C:\WINDOWS\SYSTEM32\azas03l7e.dll
WinShutDown 5/31/2005 10:51:28 AM R S 236724 C:\WINDOWS\SYSTEM32\azas0ed7eh0.dll
UPX! 1/7/2005 1:47:46 AM 334848 C:\WINDOWS\SYSTEM32\BlackHawkDowntheGame Screensaver.scr
WinShutDown 6/30/2005 12:52:04 PM R S 236055 C:\WINDOWS\SYSTEM32\c2000cdmef0a0.dll
WinShutDown 4/14/2005 6:18:02 PM R S 235867 C:\WINDOWS\SYSTEM32\czyptdll.dll
ad-w-a-r-e.com 4/14/2005 6:18:02 PM R S 235867 C:\WINDOWS\SYSTEM32\czyptdll.dll
aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
WinShutDown 4/15/2005 3:11:22 PM R S 232732 C:\WINDOWS\SYSTEM32\d6j0lg1m16.dll
ad-w-a-r-e.com 4/15/2005 3:11:22 PM R S 232732 C:\WINDOWS\SYSTEM32\d6j0lg1m16.dll
WinShutDown 4/14/2005 3:10:48 PM R S 232778 C:\WINDOWS\SYSTEM32\d80mlid1180.dll
ad-w-a-r-e.com 4/14/2005 3:10:48 PM R S 232778 C:\WINDOWS\SYSTEM32\d80mlid1180.dll
WinShutDown 7/19/2005 7:51:58 AM R S 236588 C:\WINDOWS\SYSTEM32\d8j00i1me8.dll
WinShutDown 5/11/2005 3:21:50 PM R S 234596 C:\WINDOWS\SYSTEM32\d8j02i1mg8.dll
PEC2 8/10/2004 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
WinShutDown 4/30/2005 8:22:32 PM R S 232444 C:\WINDOWS\SYSTEM32\dfserial.dll
ad-w-a-r-e.com 4/30/2005 8:22:32 PM R S 232444 C:\WINDOWS\SYSTEM32\dfserial.dll
WinShutDown 4/18/2005 2:59:12 PM R S 235611 C:\WINDOWS\SYSTEM32\diprop.dll
ad-w-a-r-e.com 4/18/2005 2:59:12 PM R S 235611 C:\WINDOWS\SYSTEM32\diprop.dll
WinShutDown 5/11/2005 3:59:04 PM R S 232578 C:\WINDOWS\SYSTEM32\dllay.dll
WinShutDown 4/14/2005 3:10:48 PM R S 235867 C:\WINDOWS\SYSTEM32\dMd8.dll
ad-w-a-r-e.com 4/14/2005 3:10:48 PM R S 235867 C:\WINDOWS\SYSTEM32\dMd8.dll
WinShutDown 6/6/2005 7:58:44 AM 235460 C:\WINDOWS\SYSTEM32\dn2401fqe.dll
WinShutDown 5/9/2005 8:56:32 PM R S 236189 C:\WINDOWS\SYSTEM32\dnjm0111e.dll
ad-w-a-r-e.com 5/9/2005 8:56:32 PM R S 236189 C:\WINDOWS\SYSTEM32\dnjm0111e.dll
WinShutDown 4/14/2005 2:58:06 PM R S 235958 C:\WINDOWS\SYSTEM32\dnr0019me.dll
ad-w-a-r-e.com 4/14/2005 2:58:06 PM R S 235958 C:\WINDOWS\SYSTEM32\dnr0019me.dll
WinShutDown 7/1/2005 1:36:26 PM R S 236322 C:\WINDOWS\SYSTEM32\dqdmoprp.dll
WinShutDown 6/30/2005 11:58:20 AM R S 235349 C:\WINDOWS\SYSTEM32\e2jm0c11ef.dll
WinShutDown 4/14/2005 6:53:10 PM R S 232826 C:\WINDOWS\SYSTEM32\e402ledo1h0c.dll
ad-w-a-r-e.com 4/14/2005 6:53:10 PM R S 232826 C:\WINDOWS\SYSTEM32\e402ledo1h0c.dll
FSG! 8/19/2001 5:30:46 AM 11357 C:\WINDOWS\SYSTEM32\elitergt32.exe
FSG! 8/19/2001 5:30:46 AM 11593 C:\WINDOWS\SYSTEM32\elitezgx32.exe
WinShutDown 6/18/2005 1:14:58 PM 233416 C:\WINDOWS\SYSTEM32\en6ol1j31.dll
69.59.186.63 9/1/2005 2:54:24 PM 10240 C:\WINDOWS\SYSTEM32\eneaa.dll
209.66.67.134 9/1/2005 2:54:24 PM 10240 C:\WINDOWS\SYSTEM32\eneaa.dll
web-nex 9/1/2005 2:54:24 PM 10240 C:\WINDOWS\SYSTEM32\eneaa.dll
winsync 9/1/2005 2:54:24 PM 10240 C:\WINDOWS\SYSTEM32\eneaa.dll
WinShutDown 6/27/2005 4:12:10 PM R S 233745 C:\WINDOWS\SYSTEM32\enj6l11s1.dll
WinShutDown 4/11/2005 4:08:32 PM R S 233248 C:\WINDOWS\SYSTEM32\fi0403dqe.dll
ad-w-a-r-e.com 4/11/2005 4:08:32 PM R S 233248 C:\WINDOWS\SYSTEM32\fi0403dqe.dll
WinShutDown 5/5/2005 8:14:48 PM R S 232805 C:\WINDOWS\SYSTEM32\fjeploy.dll
ad-w-a-r-e.com 5/5/2005 8:14:48 PM R S 232805 C:\WINDOWS\SYSTEM32\fjeploy.dll
69.59.186.63 9/1/2005 2:54:22 PM 46080 C:\WINDOWS\SYSTEM32\fjfssss.dll
209.66.67.134 9/1/2005 2:54:22 PM 46080 C:\WINDOWS\SYSTEM32\fjfssss.dll
web-nex 9/1/2005 2:54:22 PM 46080 C:\WINDOWS\SYSTEM32\fjfssss.dll
winsync 9/1/2005 2:54:22 PM 46080 C:\WINDOWS\SYSTEM32\fjfssss.dll
WinShutDown 5/19/2005 8:28:10 PM R S 236292 C:\WINDOWS\SYSTEM32\FL20ENU.DLL
ad-w-a-r-e.com 5/19/2005 8:28:10 PM R S 236292 C:\WINDOWS\SYSTEM32\FL20ENU.DLL
WinShutDown 5/10/2005 4:37:36 PM R S 232385 C:\WINDOWS\SYSTEM32\fp2o03f3e.dll
WinShutDown 5/8/2005 7:14:54 PM R S 234077 C:\WINDOWS\SYSTEM32\fp8s03l7e.dll
ad-w-a-r-e.com 5/8/2005 7:14:54 PM R S 234077 C:\WINDOWS\SYSTEM32\fp8s03l7e.dll
WinShutDown 4/14/2005 3:13:54 PM R S 236100 C:\WINDOWS\SYSTEM32\fpl2033oe.dll
ad-w-a-r-e.com 4/14/2005 3:13:54 PM R S 236100 C:\WINDOWS\SYSTEM32\fpl2033oe.dll
WinShutDown 7/19/2005 11:44:06 AM R S 236588 C:\WINDOWS\SYSTEM32\fzusd.dll
WinShutDown 7/19/2005 11:41:02 AM R S 236570 C:\WINDOWS\SYSTEM32\g2jo0c13ef.dll
WinShutDown 6/30/2005 10:21:20 AM R S 235533 C:\WINDOWS\SYSTEM32\gp6ol3j31.dll
WinShutDown 4/14/2005 5:46:48 PM R S 233205 C:\WINDOWS\SYSTEM32\gp6ul3j91.dll
ad-w-a-r-e.com 4/14/2005 5:46:48 PM R S 233205 C:\WINDOWS\SYSTEM32\gp6ul3j91.dll
WinShutDown 7/12/2005 7:37:22 AM R S 233292 C:\WINDOWS\SYSTEM32\gpjml3111.dll
WinShutDown 4/11/2005 8:35:00 PM R S 233248 C:\WINDOWS\SYSTEM32\gpjql3151.dll
ad-w-a-r-e.com 4/11/2005 8:35:00 PM R S 233248 C:\WINDOWS\SYSTEM32\gpjql3151.dll
WinShutDown 4/21/2005 2:57:48 PM R S 235563 C:\WINDOWS\SYSTEM32\gpl0l33m1.dll
ad-w-a-r-e.com 4/21/2005 2:57:48 PM R S 235563 C:\WINDOWS\SYSTEM32\gpl0l33m1.dll
WinShutDown 7/19/2005 4:17:26 PM R S 234272 C:\WINDOWS\SYSTEM32\guard.tmp
ad-w-a-r-e.com 7/19/2005 4:17:26 PM R S 234272 C:\WINDOWS\SYSTEM32\guard.tmp
WinShutDown 4/29/2005 2:52:26 PM R S 232623 C:\WINDOWS\SYSTEM32\gui32.dll
ad-w-a-r-e.com 4/29/2005 2:52:26 PM R S 232623 C:\WINDOWS\SYSTEM32\gui32.dll
WinShutDown 4/24/2005 2:39:32 PM R S 235543 C:\WINDOWS\SYSTEM32\gymf32.dll
ad-w-a-r-e.com 4/24/2005 2:39:32 PM R S 235543 C:\WINDOWS\SYSTEM32\gymf32.dll
WinShutDown 6/30/2005 10:21:20 AM R S 234170 C:\WINDOWS\SYSTEM32\gztext.dll
WinShutDown 5/1/2005 6:55:14 PM R S 232444 C:\WINDOWS\SYSTEM32\heetwiz.dll
ad-w-a-r-e.com 5/1/2005 6:55:14 PM R S 232444 C:\WINDOWS\SYSTEM32\heetwiz.dll
WinShutDown 4/20/2005 3:43:26 PM R S 235015 C:\WINDOWS\SYSTEM32\hr8405lqe.dll
ad-w-a-r-e.com 4/20/2005 3:43:26 PM R S 235015 C:\WINDOWS\SYSTEM32\hr8405lqe.dll
WinShutDown 4/22/2005 4:07:28 PM R S 235638 C:\WINDOWS\SYSTEM32\hrr0059me.dll
ad-w-a-r-e.com 4/22/2005 4:07:28 PM R S 235638 C:\WINDOWS\SYSTEM32\hrr0059me.dll
WinShutDown 4/22/2005 1:29:38 PM R S 235125 C:\WINDOWS\SYSTEM32\hrrq0595e.dll
ad-w-a-r-e.com 4/22/2005 1:29:38 PM R S 235125 C:\WINDOWS\SYSTEM32\hrrq0595e.dll
UPX! 12/15/2004 3:06:34 PM 875888 C:\WINDOWS\SYSTEM32\HyperLinker3.exe
WinShutDown 7/14/2005 7:44:44 AM R S 236685 C:\WINDOWS\SYSTEM32\i2nm0c51ef.dll
WinShutDown 5/9/2005 4:00:54 PM R S 234202 C:\WINDOWS\SYSTEM32\i4600ejmehoa0.dll
ad-w-a-r-e.com 5/9/2005 4:00:54 PM R S 234202 C:\WINDOWS\SYSTEM32\i4600ejmehoa0.dll
WinShutDown 5/4/2005 5:39:26 PM R S 233231 C:\WINDOWS\SYSTEM32\i6240gfqe62e0.dll
ad-w-a-r-e.com 5/4/2005 5:39:26 PM R S 233231 C:\WINDOWS\SYSTEM32\i6240gfqe62e0.dll
WinShutDown 4/15/2005 3:11:22 PM R S 235867 C:\WINDOWS\SYSTEM32\iaxsap.dll
ad-w-a-r-e.com 4/15/2005 3:11:22 PM R S 235867 C:\WINDOWS\SYSTEM32\iaxsap.dll
WinShutDown 4/29/2005 6:49:56 PM R S 233331 C:\WINDOWS\SYSTEM32\ibdetect.dll
ad-w-a-r-e.com 4/29/2005 6:49:56 PM R S 233331 C:\WINDOWS\SYSTEM32\ibdetect.dll
WinShutDown 4/15/2005 3:04:32 PM R S 235867 C:\WINDOWS\SYSTEM32\ibxpromn.dll
ad-w-a-r-e.com 4/15/2005 3:04:32 PM R S 235867 C:\WINDOWS\SYSTEM32\ibxpromn.dll
WinShutDown 4/14/2005 6:53:10 PM R S 235867 C:\WINDOWS\SYSTEM32\ie50_qcx.dll
ad-w-a-r-e.com 4/14/2005 6:53:10 PM R S 235867 C:\WINDOWS\SYSTEM32\ie50_qcx.dll
aspack 5/21/2005 8:45:30 PM 63488 C:\WINDOWS\SYSTEM32\ipikzv.exe
WinShutDown 6/17/2005 7:52:34 AM R S 235688 C:\WINDOWS\SYSTEM32\iqaksie.dll
WinShutDown 6/3/2005 3:50:16 PM R S 233881 C:\WINDOWS\SYSTEM32\ir4ol5h31.dll
WinShutDown 6/6/2005 8:42:44 AM R S 235039 C:\WINDOWS\SYSTEM32\irr0l59m1.dll
WinShutDown 4/25/2005 6:32:44 PM R S 233158 C:\WINDOWS\SYSTEM32\ISKED.DLL
ad-w-a-r-e.com 4/25/2005 6:32:44 PM R S 233158 C:\WINDOWS\SYSTEM32\ISKED.DLL
WinShutDown 5/10/2005 4:37:36 PM R S 236189 C:\WINDOWS\SYSTEM32\izsetup.dll
ad-w-a-r-e.com 5/10/2005 4:37:36 PM R S 236189 C:\WINDOWS\SYSTEM32\izsetup.dll
WinShutDown 4/11/2005 4:28:32 PM R S 233248 C:\WINDOWS\SYSTEM32\j04o0ah3ed4.dll
ad-w-a-r-e.com 4/11/2005 4:28:32 PM R S 233248 C:\WINDOWS\SYSTEM32\j04o0ah3ed4.dll
WinShutDown 6/6/2005 7:51:16 AM R S 236291 C:\WINDOWS\SYSTEM32\j2n2lc5o1f.dll
WinShutDown 4/15/2005 3:04:32 PM R S 232576 C:\WINDOWS\SYSTEM32\j40s0ed7eh0.dll
ad-w-a-r-e.com 4/15/2005 3:04:32 PM R S 232576 C:\WINDOWS\SYSTEM32\j40s0ed7eh0.dll
WinShutDown 7/9/2005 5:58:10 PM R S 234272 C:\WINDOWS\SYSTEM32\j84olih3184.dll
ad-w-a-r-e.com 7/9/2005 5:58:10 PM R S 234272 C:\WINDOWS\SYSTEM32\j84olih3184.dll
WinShutDown 4/14/2005 7:00:12 PM R S 236274 C:\WINDOWS\SYSTEM32\jt0407dqe.dll
ad-w-a-r-e.com 4/14/2005 7:00:12 PM R S 236274 C:\WINDOWS\SYSTEM32\jt0407dqe.dll
WinShutDown 4/14/2005 6:15:26 PM R S 232677 C:\WINDOWS\SYSTEM32\jt0u07d9e.dll
ad-w-a-r-e.com 4/14/2005 6:15:26 PM R S 232677 C:\WINDOWS\SYSTEM32\jt0u07d9e.dll
WinShutDown 4/20/2005 5:36:04 PM R S 234530 C:\WINDOWS\SYSTEM32\jt4o07h3e.dll
ad-w-a-r-e.com 4/20/2005 5:36:04 PM R S 234530 C:\WINDOWS\SYSTEM32\jt4o07h3e.dll
WinShutDown 4/14/2005 3:19:20 PM R S 232497 C:\WINDOWS\SYSTEM32\jt4q07h5e.dll
ad-w-a-r-e.com 4/14/2005 3:19:20 PM R S 232497 C:\WINDOWS\SYSTEM32\jt4q07h5e.dll
WinShutDown 4/29/2005 10:24:46 PM R S 233331 C:\WINDOWS\SYSTEM32\jt6s07j7e.dll
ad-w-a-r-e.com 4/29/2005 10:24:46 PM R S 233331 C:\WINDOWS\SYSTEM32\jt6s07j7e.dll
WinShutDown 5/14/2005 9:26:04 AM R S 236730 C:\WINDOWS\SYSTEM32\jtp8077ue.dll
ad-w-a-r-e.com 5/14/2005 9:26:04 AM R S 236730 C:\WINDOWS\SYSTEM32\jtp8077ue.dll
WinShutDown 4/19/2005 5:30:18 PM R S 233044 C:\WINDOWS\SYSTEM32\jtr0079me.dll
ad-w-a-r-e.com 4/19/2005 5:30:18 PM R S 233044 C:\WINDOWS\SYSTEM32\jtr0079me.dll
WinShutDown 6/30/2005 1:50:10 PM R S 236055 C:\WINDOWS\SYSTEM32\k044lahq1d4e.dll
WinShutDown 4/19/2005 3:37:06 PM R S 235611 C:\WINDOWS\SYSTEM32\k4pmle711h.dll
ad-w-a-r-e.com 4/19/2005 3:37:06 PM R S 235611 C:\WINDOWS\SYSTEM32\k4pmle711h.dll
WinShutDown 4/14/2005 3:19:20 PM R S 235867 C:\WINDOWS\SYSTEM32\kcl0l73m1.dll
ad-w-a-r-e.com 4/14/2005 3:19:20 PM R S 235867 C:\WINDOWS\SYSTEM32\kcl0l73m1.dll
WinShutDown 5/2/2005 3:14:30 PM R S 234742 C:\WINDOWS\SYSTEM32\kedazel.dll
ad-w-a-r-e.com 5/2/2005 3:14:30 PM R S 234742 C:\WINDOWS\SYSTEM32\kedazel.dll
69.59.186.63 10/15/2005 7:12:54 PM 133120 C:\WINDOWS\SYSTEM32\kekwm.dll
209.66.67.134 10/15/2005 7:12:54 PM 133120 C:\WINDOWS\SYSTEM32\kekwm.dll
web-nex 10/15/2005 7:12:54 PM 133120 C:\WINDOWS\SYSTEM32\kekwm.dll
winsync 10/15/2005 7:12:54 PM 133120 C:\WINDOWS\SYSTEM32\kekwm.dll
WinShutDown 6/30/2005 8:04:38 AM R S 233527 C:\WINDOWS\SYSTEM32\kgdpo.dll
WinShutDown 5/8/2005 2:27:32 PM R S 233294 C:\WINDOWS\SYSTEM32\kkdmlt48.dll
ad-w-a-r-e.com 5/8/2005 2:27:32 PM R S 233294 C:\WINDOWS\SYSTEM32\kkdmlt48.dll
WinShutDown 7/19/2005 11:44:06 AM R S 233619 C:\WINDOWS\SYSTEM32\kt6sl7j71.dll
WinShutDown 4/13/2005 6:14:40 PM R S 233207 C:\WINDOWS\SYSTEM32\kt6ul7j91.dll
ad-w-a-r-e.com 4/13/2005 6:14:40 PM R S 233207 C:\WINDOWS\SYSTEM32\kt6ul7j91.dll
WinShutDown 5/10/2005 8:36:58 PM R S 232420 C:\WINDOWS\SYSTEM32\ktdusl.dll
WinShutDown 4/12/2005 3:06:52 PM R S 236001 C:\WINDOWS\SYSTEM32\ktl0l73m1.dll
ad-w-a-r-e.com 4/12/2005 3:06:52 PM R S 236001 C:\WINDOWS\SYSTEM32\ktl0l73m1.dll
WinShutDown 6/28/2005 12:27:36 PM R S 234653 C:\WINDOWS\SYSTEM32\ktl2l73o1.dll
WinShutDown 4/15/2005 11:40:54 PM R S 233323 C:\WINDOWS\SYSTEM32\ktrql7951.dll
ad-w-a-r-e.com 4/15/2005 11:40:54 PM R S 233323 C:\WINDOWS\SYSTEM32\ktrql7951.dll
WinShutDown 5/1/2005 12:39:34 PM R S 233776 C:\WINDOWS\SYSTEM32\ku6ul7j91.dll
ad-w-a-r-e.com 5/1/2005 12:39:34 PM R S 233776 C:\WINDOWS\SYSTEM32\ku6ul7j91.dll
WinShutDown 7/13/2005 7:39:04 AM R S 233464 C:\WINDOWS\SYSTEM32\kvdazel.dll
WinShutDown 4/19/2005 3:38:12 PM R S 233044 C:\WINDOWS\SYSTEM32\kvdlv1.dll
ad-w-a-r-e.com 4/19/2005 3:38:12 PM R S 233044 C:\WINDOWS\SYSTEM32\kvdlv1.dll
WinShutDown 5/14/2005 7:55:02 PM R S 235853 C:\WINDOWS\SYSTEM32\kwdsl1.dll
ad-w-a-r-e.com 5/14/2005 7:55:02 PM R S 235853 C:\WINDOWS\SYSTEM32\kwdsl1.dll
WinShutDown 4/12/2005 3:06:52 PM R S 234964 C:\WINDOWS\SYSTEM32\kZjslg1716.dll
ad-w-a-r-e.com 4/12/2005 3:06:52 PM R S 234964 C:\WINDOWS\SYSTEM32\kZjslg1716.dll
WinShutDown 5/30/2005 7:19:46 PM R S 233050 C:\WINDOWS\SYSTEM32\l02s0af7ed2.dll
WinShutDown 4/20/2005 3:47:00 PM R S 236250 C:\WINDOWS\SYSTEM32\l02slaf71d2.dll
ad-w-a-r-e.com 4/20/2005 3:47:00 PM R S 236250 C:\WINDOWS\SYSTEM32\l02slaf71d2.dll
WinShutDown 4/14/2005 6:18:02 PM R S 236227 C:\WINDOWS\SYSTEM32\l06o0aj3edo.dll
ad-w-a-r-e.com 4/14/2005 6:18:02 PM R S 236227 C:\WINDOWS\SYSTEM32\l06o0aj3edo.dll
WinShutDown 7/18/2005 8:49:30 AM R S 233912 C:\WINDOWS\SYSTEM32\l26o0cj3efo.dll
WinShutDown 4/15/2005 9:49:00 PM R S 232741 C:\WINDOWS\SYSTEM32\l26olcj31fo.dll
ad-w-a-r-e.com 4/15/2005 9:49:00 PM R S 232741 C:\WINDOWS\SYSTEM32\l26olcj31fo.dll
PTech 7/12/2005 6:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
WinShutDown 4/11/2005 3:04:10 PM R S 233248 C:\WINDOWS\SYSTEM32\lnadperf.dll
ad-w-a-r-e.com 4/11/2005 3:04:10 PM R S 233248 C:\WINDOWS\SYSTEM32\lnadperf.dll
69.59.186.63 10/15/2005 7:12:52 PM 181760 C:\WINDOWS\SYSTEM32\lrlocic.dll
209.66.67.134 10/15/2005 7:12:52 PM 181760 C:\WINDOWS\SYSTEM32\lrlocic.dll
web-nex 10/15/2005 7:12:52 PM 181760 C:\WINDOWS\SYSTEM32\lrlocic.dll
winsync 10/15/2005 7:12:52 PM 181760 C:\WINDOWS\SYSTEM32\lrlocic.dll
WinShutDown 4/14/2005 3:16:42 PM R S 232668 C:\WINDOWS\SYSTEM32\lv8809lue.dll
ad-w-a-r-e.com 4/14/2005 3:16:42 PM R S 232668 C:\WINDOWS\SYSTEM32\lv8809lue.dll
WinShutDown 4/14/2005 6:33:42 PM R S 232583 C:\WINDOWS\SYSTEM32\lvjs0917e.dll
ad-w-a-r-e.com 4/14/2005 6:33:42 PM R S 232583 C:\WINDOWS\SYSTEM32\lvjs0917e.dll
WinShutDown 5/28/2005 10:51:10 AM R S 233369 C:\WINDOWS\SYSTEM32\lvlu0939e.dll
WinShutDown 7/13/2005 11:23:38 AM R S 233464 C:\WINDOWS\SYSTEM32\lvnm0951e.dll
WinShutDown 4/20/2005 3:54:46 PM R S 235109 C:\WINDOWS\SYSTEM32\lvpq0975e.dll
ad-w-a-r-e.com 4/20/2005 3:54:46 PM R S 235109 C:\WINDOWS\SYSTEM32\lvpq0975e.dll
WinShutDown 5/27/2005 9:06:28 PM R S 234058 C:\WINDOWS\SYSTEM32\lvrs0997e.dll
WinShutDown 4/14/2005 6:33:44 PM R S 235867 C:\WINDOWS\SYSTEM32\lyfil11n.DLL
ad-w-a-r-e.com 4/14/2005 6:33:44 PM R S 235867 C:\WINDOWS\SYSTEM32\lyfil11n.DLL
WinShutDown 4/30/2005 2:32:26 PM R S 235886 C:\WINDOWS\SYSTEM32\m2460chsef460.dll
ad-w-a-r-e.com 4/30/2005 2:32:26 PM R S 235886 C:\WINDOWS\SYSTEM32\m2460chsef460.dll
WinShutDown 4/16/2005 8:24:32 PM R S 234005 C:\WINDOWS\SYSTEM32\m4po0e73eh.dll
ad-w-a-r-e.com 4/16/2005 8:24:32 PM R S 234005 C:\WINDOWS\SYSTEM32\m4po0e73eh.dll
WinShutDown 6/18/2005 2:07:00 PM 236830 C:\WINDOWS\SYSTEM32\m6po0g73e6.dll
WinShutDown 5/27/2005 1:33:04 PM R S 233369 C:\WINDOWS\SYSTEM32\mbcms.dll
WinShutDown 4/13/2005 5:02:38 PM R S 235867 C:\WINDOWS\SYSTEM32\mbiwave.dll
ad-w-a-r-e.com 4/13/2005 5:02:38 PM R S 235867 C:\WINDOWS\SYSTEM32\mbiwave.dll
WinShutDown 5/2/2005 5:57:52 PM R S 232444 C:\WINDOWS\SYSTEM32\mdyuv.dll
ad-w-a-r-e.com 5/2/2005 5:57:52 PM R S 232444 C:\WINDOWS\SYSTEM32\mdyuv.dll
WinShutDown 4/14/2005 5:46:48 PM R S 235867 C:\WINDOWS\SYSTEM32\megsvc.dll
ad-w-a-r-e.com 4/14/2005 5:46:48 PM R S 235867 C:\WINDOWS\SYSTEM32\megsvc.dll
WinShutDown 5/1/2005 12:47:06 PM 232444 C:\WINDOWS\SYSTEM32\memefilt.dll
ad-w-a-r-e.com 5/1/2005 12:47:06 PM 232444 C:\WINDOWS\SYSTEM32\memefilt.dll
WinShutDown 5/27/2005 5:40:54 PM R S 233369 C:\WINDOWS\SYSTEM32\mesystem.dll
WinShutDown 5/29/2005 4:42:20 PM R S 235720 C:\WINDOWS\SYSTEM32\mgmefilt.dll
WinShutDown 4/14/2005 2:58:06 PM R S 235867 C:\WINDOWS\SYSTEM32\mkgina.dll
ad-w-a-r-e.com 4/14/2005 2:58:06 PM R S 235867 C:\WINDOWS\SYSTEM32\mkgina.dll
WinShutDown 4/16/2005 9:08:38 AM R S 234005 C:\WINDOWS\SYSTEM32\mnmefilt.dll
ad-w-a-r-e.com 4/16/2005 9:08:38 AM R S 234005 C:\WINDOWS\SYSTEM32\mnmefilt.dll
WinShutDown 5/20/2005 9:13:42 PM R S 233276 C:\WINDOWS\SYSTEM32\mofutil.dll
WinShutDown 4/14/2005 3:13:54 PM R S 235867 C:\WINDOWS\SYSTEM32\mowsock.dll
ad-w-a-r-e.com 4/14/2005 3:13:54 PM R S 235867 C:\WINDOWS\SYSTEM32\mowsock.dll
WinShutDown 4/16/2005 2:57:22 PM R S 235571 C:\WINDOWS\SYSTEM32\mqoeacct.dll
ad-w-a-r-e.com 4/16/2005 2:57:22 PM R S 235571 C:\WINDOWS\SYSTEM32\mqoeacct.dll
PECompact2 9/8/2005 9:08:28 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 9/8/2005 9:08:28 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
WinShutDown 4/26/2005 5:27:24 PM R S 233158 C:\WINDOWS\SYSTEM32\mtdtcprx.dll
ad-w-a-r-e.com 4/26/2005 5:27:24 PM R S 233158 C:\WINDOWS\SYSTEM32\mtdtcprx.dll
WinShutDown 4/24/2005 7:21:10 PM R S 232623 C:\WINDOWS\SYSTEM32\muwdat10.dll
ad-w-a-r-e.com 4/24/2005 7:21:10 PM R S 232623 C:\WINDOWS\SYSTEM32\muwdat10.dll
WinShutDown 4/11/2005 4:03:20 PM R S 233248 C:\WINDOWS\SYSTEM32\mviwave.dll
ad-w-a-r-e.com 4/11/2005 4:03:20 PM R S 233248 C:\WINDOWS\SYSTEM32\mviwave.dll
WinShutDown 4/15/2005 2:58:20 PM R S 233083 C:\WINDOWS\SYSTEM32\mvjsl9171.dll
ad-w-a-r-e.com 4/15/2005 2:58:20 PM R S 233083 C:\WINDOWS\SYSTEM32\mvjsl9171.dll
WinShutDown 4/12/2005 4:40:48 PM R S 234964 C:\WINDOWS\SYSTEM32\mvl6l93s1.dll
ad-w-a-r-e.com 4/12/2005 4:40:48 PM R S 234964 C:\WINDOWS\SYSTEM32\mvl6l93s1.dll
WinShutDown 7/1/2005 1:38:46 PM R S 234272 C:\WINDOWS\SYSTEM32\mvrapi.dll
ad-w-a-r-e.com 7/1/2005 1:38:46 PM R S 234272 C:\WINDOWS\SYSTEM32\mvrapi.dll
WinShutDown 5/27/2005 5:33:32 PM R S 234058 C:\WINDOWS\SYSTEM32\mxyuv.dll
WinShutDown 5/11/2005 8:16:08 PM R S 235742 C:\WINDOWS\SYSTEM32\n0p4la7q1d.dll
ad-w-a-r-e.com 5/11/2005 8:16:08 PM R S 235742 C:\WINDOWS\SYSTEM32\n0p4la7q1d.dll
WinShutDown 6/7/2005 7:57:48 AM R S 235460 C:\WINDOWS\SYSTEM32\n8n60i5se8.dll
WinShutDown 5/27/2005 10:19:42 AM R S 235027 C:\WINDOWS\SYSTEM32\n8n6li5s18.dll
WinShutDown 6/2/2005 4:27:46 PM R S 233706 C:\WINDOWS\SYSTEM32\nadenb32.dll
WinShutDown 6/30/2005 10:16:46 AM R S 233527 C:\WINDOWS\SYSTEM32\natid.dll
WinShutDown 5/31/2005 3:59:04 PM R S 236724 C:\WINDOWS\SYSTEM32\nmxpnt.dll
aspack 8/10/2004 6:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
WinShutDown 5/8/2005 10:12:40 AM R S 233074 C:\WINDOWS\SYSTEM32\nvapi32.dll
ad-w-a-r-e.com 5/8/2005 10:12:40 AM R S 233074 C:\WINDOWS\SYSTEM32\nvapi32.dll
WinShutDown 6/30/2005 10:31:52 AM R S 234251 C:\WINDOWS\SYSTEM32\nwmsmgr.dll
WinShutDown 4/18/2005 2:59:12 PM R S 233145 C:\WINDOWS\SYSTEM32\o248lchu1f48.dll
ad-w-a-r-e.com 4/18/2005 2:59:12 PM R S 233145 C:\WINDOWS\SYSTEM32\o248lchu1f48.dll
WinShutDown 4/22/2005 11:50:46 AM R S 235284 C:\WINDOWS\SYSTEM32\o4ns0e57eh.dll
ad-w-a-r-e.com 4/22/2005 11:50:46 AM R S 235284 C:\WINDOWS\SYSTEM32\o4ns0e57eh.dll
WinShutDown 6/30/2005 10:31:50 AM R S 236005 C:\WINDOWS\SYSTEM32\o4nsle571h.dll
WinShutDown 5/26/2005 10:48:20 AM R S 233855 C:\WINDOWS\SYSTEM32\o6840glqe6qe0.dll
WinShutDown 5/29/2005 4:37:00 PM R S 233950 C:\WINDOWS\SYSTEM32\o8840ilqe8qe0.dll
WinShutDown 6/13/2005 2:58:18 PM R S 235688 C:\WINDOWS\SYSTEM32\obbccr32.dll
WinShutDown 5/31/2005 5:34:28 PM R S 233881 C:\WINDOWS\SYSTEM32\pbdx5016.dll
WinShutDown 5/8/2005 7:14:54 PM R S 233294 C:\WINDOWS\SYSTEM32\pdcrt.dll
ad-w-a-r-e.com 5/8/2005 7:14:54 PM R S 233294 C:\WINDOWS\SYSTEM32\pdcrt.dll
WinShutDown 5/2/2005 8:10:50 PM R S 233527 C:\WINDOWS\SYSTEM32\pechdprf.dll
ad-w-a-r-e.com 5/2/2005 8:10:50 PM R S 233527 C:\WINDOWS\SYSTEM32\pechdprf.dll
WinShutDown 6/6/2005 7:51:16 AM R S 235039 C:\WINDOWS\SYSTEM32\pjh.dll
WinShutDown 6/6/2005 7:58:44 AM R S 235039 C:\WINDOWS\SYSTEM32\PLDLIB32.DLL
WinShutDown 4/14/2005 6:23:44 PM R S 232521 C:\WINDOWS\SYSTEM32\q4rq0e95eh.dll
ad-w-a-r-e.com 4/14/2005 6:23:44 PM R S 232521 C:\WINDOWS\SYSTEM32\q4rq0e95eh.dll
Umonitor 8/10/2004 6:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
WinShutDown 4/22/2005 11:50:46 AM R S 234530 C:\WINDOWS\SYSTEM32\rcboex32.dll
ad-w-a-r-e.com 4/22/2005 11:50:46 AM R S 234530 C:\WINDOWS\SYSTEM32\rcboex32.dll
WinShutDown 4/14/2005 6:15:26 PM R S 235867 C:\WINDOWS\SYSTEM32\rQsdlg.dll
ad-w-a-r-e.com 4/14/2005 6:15:26 PM R S 235867 C:\WINDOWS\SYSTEM32\rQsdlg.dll
WinShutDown 4/26/2005 3:02:32 PM R S 232623 C:\WINDOWS\SYSTEM32\RZOCURS.DLL
ad-w-a-r-e.com 4/26/2005 3:02:32 PM R S 232623 C:\WINDOWS\SYSTEM32\RZOCURS.DLL
WinShutDown 4/20/2005 3:57:06 PM R S 232969 C:\WINDOWS\SYSTEM32\s888lilu18q8.dll
ad-w-a-r-e.com 4/20/2005 3:57:06 PM R S 232969 C:\WINDOWS\SYSTEM32\s888lilu18q8.dll
WinShutDown 6/30/2005 2:12:38 PM R S 236322 C:\WINDOWS\SYSTEM32\sbayerxp.dll
WinShutDown 5/9/2005 3:00:26 PM R S 233294 C:\WINDOWS\SYSTEM32\SiellvRTF.dll
ad-w-a-r-e.com 5/9/2005 3:00:26 PM R S 233294 C:\WINDOWS\SYSTEM32\SiellvRTF.dll
WinShutDown 4/28/2005 8:28:30 PM R S 233703 C:\WINDOWS\SYSTEM32\sjell.dll
ad-w-a-r-e.com 4/28/2005 8:28:30 PM R S 233703 C:\WINDOWS\SYSTEM32\sjell.dll
WinShutDown 5/29/2005 1:12:58 PM R S 233950 C:\WINDOWS\SYSTEM32\sjredir.dll
WinShutDown 4/14/2005 3:16:42 PM R S 235867 C:\WINDOWS\SYSTEM32\smell32.dll
ad-w-a-r-e.com 4/14/2005 3:16:42 PM R S 235867 C:\WINDOWS\SYSTEM32\smell32.dll
WinShutDown 4/20/2005 3:35:42 PM R S 234530 C:\WINDOWS\SYSTEM32\smssetup.dll
ad-w-a-r-e.com 4/20/2005 3:35:42 PM R S 234530 C:\WINDOWS\SYSTEM32\smssetup.dll
WinShutDown 5/28/2005 4:44:28 PM R S 234683 C:\WINDOWS\SYSTEM32\sqrialui.dll
WinShutDown 6/18/2005 10:22:24 AM R S 236830 C:\WINDOWS\SYSTEM32\srlogcfg.dll
WinShutDown 5/18/2005 4:39:56 PM R S 235853 C:\WINDOWS\SYSTEM32\svsryty.dll
ad-w-a-r-e.com 5/18/2005 4:39:56 PM R S 235853 C:\WINDOWS\SYSTEM32\svsryty.dll
WinShutDown 5/12/2005 1:39:14 PM R S 234272 C:\WINDOWS\SYSTEM32\szdpapi.dll
ad-w-a-r-e.com 5/12/2005 1:39:14 PM R S 234272 C:\WINDOWS\SYSTEM32\szdpapi.dll
FSG! 8/19/2001 5:30:46 AM 11593 C:\WINDOWS\SYSTEM32\temperror32.dat
winsync 8/10/2004 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
WinShutDown 4/20/2005 3:43:26 PM R S 234530 C:\WINDOWS\SYSTEM32\wbi.dll
ad-w-a-r-e.com 4/20/2005 3:43:26 PM R S 234530 C:\WINDOWS\SYSTEM32\wbi.dll
WinShutDown 5/11/2005 8:06:42 PM R S 232578 C:\WINDOWS\SYSTEM32\wdhisn.dll
WinShutDown 6/30/2005 10:26:44 AM R S 234170 C:\WINDOWS\SYSTEM32\wdspdmoe.dll
WinShutDown 6/28/2005 12:31:36 PM R S 233416 C:\WINDOWS\SYSTEM32\wGvemsp.dll
WinShutDown 7/19/2005 11:41:58 AM R S 236588 C:\WINDOWS\SYSTEM32\whpcore.dll
WinShutDown 5/29/2005 4:45:50 PM R S 236724 C:\WINDOWS\SYSTEM32\wlstream.dll
WinShutDown 5/4/2005 3:38:16 PM R S 232444 C:\WINDOWS\SYSTEM32\wlvdmod.dll
ad-w-a-r-e.com 5/4/2005 3:38:16 PM R S 232444 C:\WINDOWS\SYSTEM32\wlvdmod.dll
WinShutDown 4/16/2005 12:05:52 PM R S 234532 C:\WINDOWS\SYSTEM32\wpnstrm.dll
ad-w-a-r-e.com 4/16/2005 12:05:52 PM R S 234532 C:\WINDOWS\SYSTEM32\wpnstrm.dll
WinShutDown 4/14/2005 6:30:28 PM R S 235867 C:\WINDOWS\SYSTEM32\wpploc.dll
ad-w-a-r-e.com 4/14/2005 6:30:28 PM R S 235867 C:\WINDOWS\SYSTEM32\wpploc.dll
WinShutDown 5/3/2005 8:14:22 PM R S 233527 C:\WINDOWS\SYSTEM32\wsnrnr.dll
ad-w-a-r-e.com 5/3/2005 8:14:22 PM R S 233527 C:\WINDOWS\SYSTEM32\wsnrnr.dll
69.59.186.63 8/30/2005 4:05:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
209.66.67.134 8/30/2005 4:05:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
66.63.167.97 8/30/2005 4:05:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
66.63.167.77 8/30/2005 4:05:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
web-nex 8/30/2005 4:05:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
winsync 8/30/2005 4:05:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
rec2_run 8/30/2005 4:05:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
WinShutDown 4/23/2005 11:20:52 AM R S 235543 C:\WINDOWS\SYSTEM32\wuhatm.dll
ad-w-a-r-e.com 4/23/2005 11:20:52 AM R S 235543 C:\WINDOWS\SYSTEM32\wuhatm.dll
WinShutDown 4/14/2005 6:23:44 PM R S 235867 C:\WINDOWS\SYSTEM32\wupsrcwp.dll
ad-w-a-r-e.com 4/14/2005 6:23:44 PM R S 235867 C:\WINDOWS\SYSTEM32\wupsrcwp.dll
WinShutDown 5/29/2005 4:37:44 PM R S 235720 C:\WINDOWS\SYSTEM32\wwnup2date.dll
WinShutDown 4/26/2005 8:45:28 PM R S 232623 C:\WINDOWS\SYSTEM32\wxdrmdev.dll
ad-w-a-r-e.com 4/26/2005 8:45:28 PM R S 232623 C:\WINDOWS\SYSTEM32\wxdrmdev.dll

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
127.0.0.1 www.qoologic.com
127.0.0.1 www.urllogic.com


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/15/2005 7:19:06 PM S 2048 C:\WINDOWS\bootstat.dat
10/5/2005 2:53:32 PM H 54156 C:\WINDOWS\QTFont.qfn
10/15/2005 7:14:36 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0145df42dc210f137f6d2d447422f300\BIT13.tmp
10/15/2005 7:14:38 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\07d493b7373a9d0d2bdd37a698cb50e0\BIT15.tmp
10/15/2005 7:14:38 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0da4d07f1c0daddae341154d5c5618e8\BIT18.tmp
10/15/2005 7:14:38 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\12872a4fd5ad52aafc9035961c16e563\BIT17.tmp
10/15/2005 7:17:26 PM H 260448 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1ac376e238cceb602406a40a69873cd6\BIT12.tmp
10/15/2005 7:14:38 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2baf8c7dfba31ff73a669aefedd3754b\BIT1A.tmp
10/15/2005 7:14:38 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\9068529eb9ffcb0374073e28df2ec7a6\BIT16.tmp
10/15/2005 7:14:38 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c9ca23e0db0bf40b7c223d3803986f23\BIT19.tmp
10/15/2005 7:14:36 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\f1451574ea132ef2d7739f692814b8b9\BIT14.tmp
10/15/2005 7:13:00 PM HS 2 C:\WINDOWS\system32\cmd.com
10/15/2005 7:12:52 PM HS 2 C:\WINDOWS\system32\netstat.com
10/15/2005 7:12:54 PM HS 2 C:\WINDOWS\system32\ping.com
10/15/2005 7:13:00 PM HS 2 C:\WINDOWS\system32\regedit.com
10/15/2005 7:12:58 PM HS 2 C:\WINDOWS\system32\taskkill.com
10/15/2005 7:12:58 PM HS 2 C:\WINDOWS\system32\tasklist.com
10/15/2005 7:12:56 PM HS 2 C:\WINDOWS\system32\tracert.com
10/15/2005 7:13:48 PM H 527 C:\WINDOWS\system32\vsconfig.xml
10/15/2005 7:19:00 PM H 8192 C:\WINDOWS\system32\config\default.LOG
10/15/2005 7:19:22 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
10/15/2005 7:19:08 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
10/15/2005 7:23:10 PM H 147456 C:\WINDOWS\system32\config\software.LOG
10/15/2005 7:19:16 PM H 1212416 C:\WINDOWS\system32\config\system.LOG
9/13/2005 4:21:18 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
10/15/2005 7:17:28 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/10/2004 6:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 8/20/2004 3:02:46 AM 278528 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/10/2004 6:00:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 9/7/2004 11:16:28 PM 53352 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Ahead Software AG 10/9/2002 12:36:12 PM 57344 C:\WINDOWS\SYSTEM32\NeroBurnRights.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 1/7/2004 12:02:36 AM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Sony Corporation 12/4/1999 5:11:30 AM 151552 C:\WINDOWS\SYSTEM32\UILib.cpl
8/30/2005 4:05:58 PM 31744 C:\WINDOWS\SYSTEM32\vgactl.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
7/20/2005 9:16:26 AM 986 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
4/20/2005 4:02:54 PM 838 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
9/7/2004 8:17:28 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
10/15/2005 7:12:50 PM 417792 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rkri.exe
4/15/2005 5:49:50 PM 1661 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Smart Wizard Wireless Settings.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/7/2004 1:09:14 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
9/7/2004 8:17:28 PM HS 84 C:\Documents and Settings\Owner.Tyler\Start Menu\Programs\Startup\desktop.ini
2/10/2005 10:12:02 PM 256000 C:\Documents and Settings\Owner.Tyler\Start Menu\Programs\Startup\PowerReg Scheduler.exe

Checking files in %USERPROFILE%\Application Data folder...
9/7/2004 1:09:14 PM HS 62 C:\Documents and Settings\Owner.Tyler\Application Data\desktop.ini
4/29/2005 3:10:22 PM 187 C:\Documents and Settings\Owner.Tyler\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
8/1/2005 7:58:36 PM 7294 C:\Documents and Settings\Owner.Tyler\Application Data\wklnhst.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
iebar =
acc= =
acc=none =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{14724289-EA41-4A3F-B3BD-AFE7D000E921} = C:\WINDOWS\system32\fi0403dqe.dll
{145D013A-A987-4066-9648-8FF53C07DDFB} = C:\WINDOWS\system32\megsvc.dll
{410695A1-F3CF-408D-B3E7-CF5FBA9E5C08} = C:\WINDOWS\system32\ku6ul7j91.dll
{51A37BAE-70D9-4952-BBD8-BC15B18E0A88} = C:\WINDOWS\system32\SPRT01.dll
{8BAADF95-7BC0-4E70-B541-F6F810456EE5} = C:\WINDOWS\system32\guard.tmp
{48AF7C03-2725-46A9-8218-2B40257AD1E1} = C:\WINDOWS\system32\guard.tmp
{3CB637C0-7F5D-47E0-8847-CCE25FEE41AD} = C:\WINDOWS\system32\guard.tmp

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\mnmxyfyt
{f4275a26-b5d4-42c1-92ce-0168d3b46c1d} = C:\WINDOWS\system32\kekwm.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4982D40A-C53B-4615-B15B-B5B5E98D167C}
ButtonText = AOL Toolbar :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{669B269B-0D4E-41FB-A3D8-FD67CA94F646}
ButtonText = ComcastHSI : http://www.comcast.net/
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8828075D-D097-4055-AA02-2DBFA9D85E8A}
ButtonText = Support : http://www.comcastsupport.com/
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{97809617-3937-4F84-B335-9BB05EF1A8D4}
ButtonText = Help : http://online.comcast.net/help/
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}
MenuText = Java :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{4982D40A-C53B-4615-B15B-B5B5E98D167C} = AOL Toolbar : C:\Program Files\AOL Toolbar\toolbar.dll
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ehTray C:\WINDOWS\ehome\ehtray.exe
High Definition Audio Property Page Shortcut HDAudPropShortcut.exe
ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
AOL Spyware Protection "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
RemoteControl "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
CHotkey zHotkey.exe
ShowWnd ShowWnd.exe
SunKistEM C:\Program Files\Digital Media Reader\shwiconem.exe

mmtask c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
SoundMan SOUNDMAN.EXE
AlcWzrd ALCWZRD.EXE
Alcmtr ALCMTR.EXE
Recguard C:\WINDOWS\SMINST\RECGUARD.EXE
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
HostManager C:\Program Files\Common Files\AOL\1107129803\EE\AOLHostManager.exe
AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Microsoft Works Update Detection C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
Zone Labs Client C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
MPFTray C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
Pure Networks Port Magic "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
MISAggregator
tsvcin C:\Documents and Settings\Owner.Tyler\n20050308.EXE
WUSB54Gv4 C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
winsync C:\WINDOWS\system32\dpdita.exe reg_run
winupdates C:\Program Files\winupdates\winupdates.exe /auto
tgcmd "C:\Program Files\support.com\bin\tgcmd.exe" /server
System service76 C:\WINDOWS\etb\pokapoka76.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
sysxml C:\WINDOWS\system32\sysxml.exe
SpybotSD TeaTimer C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
sysxml C:\WINDOWS\system32\sysxml.exe


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/15/2005 7:25:37 PM
  • 0

#4
Skater14
Posted 15 October 2005 - 07:39 PM

Skater14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Here is Track qoo.vbs:

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- mnmxyfyt
{f4275a26-b5d4-42c1-92ce-0168d3b46c1d}
C:\WINDOWS\system32\kekwm.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Gamma Loader.lnk
America Online 9.0 Tray Icon.lnk
desktop.ini
rkri.exe
Smart Wizard Wireless Settings.lnk
==============================
C:\Documents and Settings\Owner.Tyler\Start Menu\Programs\Startup

Adobe Gamma Loader.lnk
America Online 9.0 Tray Icon.lnk
desktop.ini
rkri.exe
Smart Wizard Wireless Settings.lnk
desktop.ini
PowerReg Scheduler.exe
==============================
C:\WINDOWS\system32 cpl files


access.cpl Microsoft Corporation
ALSNDMGR.CPL Realtek Semiconductor Corp.
appwiz.cpl Microsoft Corporation
bthprops.cpl Microsoft Corporation
desk.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
NeroBurnRights.cpl Ahead Software AG
netsetup.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
nwc.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
QuickTime.cpl Apple Computer, Inc.
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
UILib.cpl Sony Corporation
vgactl.cpl
wscui.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation
  • 0

#5
loophole
Posted 15 October 2005 - 07:43 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Unfortunately you have another problem

Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.
  • 0

#6
Skater14
Posted 15 October 2005 - 08:10 PM

Skater14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{D5B2891F-E5F8-ADE9-A282-FDBB72BDE2BA}"=""
"iebar"=" "
"acc="=" "
"acc=none"=" "

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}"="SampleView"
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b5 (beta test) Context Menu Shell Extension"
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b5 (beta test) DragDrop Shell Extension"
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b5 (beta test) Context Menu Shell Extension"
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b5 (beta test) Property Sheet Shell Extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{14724289-EA41-4A3F-B3BD-AFE7D000E921}"=""
"{145D013A-A987-4066-9648-8FF53C07DDFB}"=""
"{410695A1-F3CF-408D-B3E7-CF5FBA9E5C08}"=""
"{51A37BAE-70D9-4952-BBD8-BC15B18E0A88}"=""
"{8BAADF95-7BC0-4E70-B541-F6F810456EE5}"=""
"{48AF7C03-2725-46A9-8218-2B40257AD1E1}"=""
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{3CB637C0-7F5D-47E0-8847-CCE25FEE41AD}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{14724289-EA41-4A3F-B3BD-AFE7D000E921}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{14724289-EA41-4A3F-B3BD-AFE7D000E921}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{14724289-EA41-4A3F-B3BD-AFE7D000E921}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{14724289-EA41-4A3F-B3BD-AFE7D000E921}\InprocServer32]
@="C:\\WINDOWS\\system32\\fi0403dqe.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{145D013A-A987-4066-9648-8FF53C07DDFB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{145D013A-A987-4066-9648-8FF53C07DDFB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{145D013A-A987-4066-9648-8FF53C07DDFB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{145D013A-A987-4066-9648-8FF53C07DDFB}\InprocServer32]
@="C:\\WINDOWS\\system32\\megsvc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{410695A1-F3CF-408D-B3E7-CF5FBA9E5C08}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{410695A1-F3CF-408D-B3E7-CF5FBA9E5C08}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{410695A1-F3CF-408D-B3E7-CF5FBA9E5C08}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{410695A1-F3CF-408D-B3E7-CF5FBA9E5C08}\InprocServer32]
@="C:\\WINDOWS\\system32\\ku6ul7j91.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{51A37BAE-70D9-4952-BBD8-BC15B18E0A88}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{51A37BAE-70D9-4952-BBD8-BC15B18E0A88}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{51A37BAE-70D9-4952-BBD8-BC15B18E0A88}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{51A37BAE-70D9-4952-BBD8-BC15B18E0A88}\InprocServer32]
@="C:\\WINDOWS\\system32\\SPRT01.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8BAADF95-7BC0-4E70-B541-F6F810456EE5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8BAADF95-7BC0-4E70-B541-F6F810456EE5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8BAADF95-7BC0-4E70-B541-F6F810456EE5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8BAADF95-7BC0-4E70-B541-F6F810456EE5}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{48AF7C03-2725-46A9-8218-2B40257AD1E1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{48AF7C03-2725-46A9-8218-2B40257AD1E1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{48AF7C03-2725-46A9-8218-2B40257AD1E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{48AF7C03-2725-46A9-8218-2B40257AD1E1}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3CB637C0-7F5D-47E0-8847-CCE25FEE41AD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3CB637C0-7F5D-47E0-8847-CCE25FEE41AD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3CB637C0-7F5D-47E0-8847-CCE25FEE41AD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3CB637C0-7F5D-47E0-8847-CCE25FEE41AD}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
bszip.dll Mon Sep 12 2005 2:50:32p A.... 62,464 61.00 K
cmdlin~1.dll Mon Aug 1 2005 7:13:22p A.... 43,520 42.50 K
d8j00i~1.dll Tue Jul 19 2005 7:51:58a ..S.R 236,588 231.04 K
dxj00i~1.dll Tue Jul 19 2005 11:43:16a A.... 234,272 228.78 K
eneaa.dll Thu Sep 1 2005 2:54:24p A.... 10,240 10.00 K
fjfssss.dll Thu Sep 1 2005 2:54:22p A.... 46,080 45.00 K
fzusd.dll Tue Jul 19 2005 11:44:06a ..S.R 236,588 231.04 K
g2jo0c~1.dll Tue Jul 19 2005 11:41:02a ..S.R 236,570 231.02 K
kekwm.dll Sat Oct 15 2005 7:33:48p A.... 133,120 130.00 K
kt6sl7~1.dll Tue Jul 19 2005 11:44:06a ..S.R 233,619 228.14 K
l26o0c~1.dll Mon Jul 18 2005 8:49:30a ..S.R 233,912 228.43 K
lrlocic.dll Sat Oct 15 2005 7:33:46p A.... 181,760 177.50 K
mshtml.dll Tue Jul 19 2005 8:00:30p A.... 3,014,144 2.87 M
q6nu0g~1.dll Tue Jul 19 2005 11:45:06a ..S.R 0 0.00 K
whpcore.dll Tue Jul 19 2005 11:41:58a ..S.R 236,588 231.04 K
wuauclt.dll Tue Aug 30 2005 4:05:58p A.... 30,720 30.00 K

16 items found: 16 files (7 H/S), 0 directories.
Total of file sizes: 5,170,185 bytes 4.93 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Tue Jul 19 2005 4:17:26p ..S.R 234,272 228.78 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 234,272 bytes 228.78 K
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is D8C8-6082

Directory of C:\WINDOWS\System32

10/15/2005 08:09 PM <DIR> ..
10/15/2005 08:09 PM <DIR> .
08/12/2005 07:12 PM <DIR> dllcache
07/19/2005 04:17 PM 234,272 guard.tmp
07/19/2005 11:45 AM 0 q6nu0g59e6.dll
07/19/2005 11:44 AM 236,588 fzusd.dll
07/19/2005 11:44 AM 233,619 kt6sl7j71.dll
07/19/2005 11:41 AM 236,588 whpcore.dll
07/19/2005 11:41 AM 236,570 g2jo0c13ef.dll
07/19/2005 07:51 AM 236,588 d8j00i1me8.dll
07/18/2005 08:49 AM 233,912 l26o0cj3efo.dll
07/14/2005 07:44 AM 236,685 i2nm0c51ef.dll
07/13/2005 11:23 AM 233,464 lvnm0951e.dll
07/13/2005 07:39 AM 233,464 kvdazel.dll
07/12/2005 07:37 AM 233,292 gpjml3111.dll
07/09/2005 05:58 PM 234,272 j84olih3184.dll
07/01/2005 01:38 PM 234,272 mvrapi.dll
07/01/2005 01:36 PM 236,322 dqdmoprp.dll
06/30/2005 02:12 PM 236,322 sbayerxp.dll
06/30/2005 02:11 PM 236,322 dn6o01j3e.dll
06/30/2005 01:50 PM 236,055 k044lahq1d4e.dll
06/30/2005 12:52 PM 236,055 c2000cdmef0a0.dll
06/30/2005 11:58 AM 235,349 e2jm0c11ef.dll
06/30/2005 10:31 AM 234,251 nwmsmgr.dll
06/30/2005 10:31 AM 236,005 o4nsle571h.dll
06/30/2005 10:26 AM 234,170 wdspdmoe.dll
06/30/2005 10:21 AM 234,170 gztext.dll
06/30/2005 10:21 AM 235,533 gp6ol3j31.dll
06/30/2005 10:16 AM 233,527 natid.dll
06/30/2005 08:04 AM 233,527 kgdpo.dll
06/30/2005 08:04 AM 235,454 aza6l11s1.dll
06/28/2005 12:31 PM 233,416 wGvemsp.dll
06/28/2005 12:27 PM 234,653 ktl2l73o1.dll
06/27/2005 04:12 PM 233,745 enj6l11s1.dll
06/18/2005 10:22 AM 236,830 srlogcfg.dll
06/17/2005 07:52 AM 235,688 iqaksie.dll
06/13/2005 02:58 PM 235,688 obbccr32.dll
06/07/2005 07:57 AM 235,460 n8n60i5se8.dll
06/06/2005 08:42 AM 235,039 irr0l59m1.dll
06/06/2005 07:58 AM 235,039 PLDLIB32.DLL
06/06/2005 07:51 AM 235,039 pjh.dll
06/06/2005 07:51 AM 236,291 j2n2lc5o1f.dll
06/03/2005 03:50 PM 233,881 ir4ol5h31.dll
06/02/2005 04:27 PM 233,706 nadenb32.dll
05/31/2005 05:34 PM 233,881 pbdx5016.dll
05/31/2005 03:59 PM 236,724 nmxpnt.dll
05/31/2005 10:51 AM 236,724 azas0ed7eh0.dll
05/30/2005 07:19 PM 233,050 l02s0af7ed2.dll
05/29/2005 04:45 PM 236,724 wlstream.dll
05/29/2005 04:42 PM 235,720 mgmefilt.dll
05/29/2005 04:37 PM 235,720 wwnup2date.dll
05/29/2005 04:36 PM 233,950 o8840ilqe8qe0.dll
05/29/2005 04:30 PM 233,950 arvpack.dll
05/29/2005 01:12 PM 233,950 sjredir.dll
05/29/2005 01:12 PM 235,049 azas03l7e.dll
05/28/2005 04:44 PM 234,683 sqrialui.dll
05/28/2005 10:51 AM 233,369 lvlu0939e.dll
05/27/2005 09:06 PM 234,058 lvrs0997e.dll
05/27/2005 06:06 PM 234,058 abtodisc.dll
05/27/2005 05:40 PM 233,369 mesystem.dll
05/27/2005 05:33 PM 234,058 mxyuv.dll
05/27/2005 01:33 PM 233,369 mbcms.dll
05/27/2005 10:19 AM 235,027 n8n6li5s18.dll
05/26/2005 10:48 AM 233,855 o6840glqe6qe0.dll
05/20/2005 09:13 PM 233,276 mofutil.dll
05/19/2005 08:28 PM 236,292 FL20ENU.DLL
05/18/2005 04:39 PM 235,853 svsryty.dll
05/17/2005 05:23 PM 235,853 afsnds.dll
05/14/2005 07:55 PM 235,853 kwdsl1.dll
05/14/2005 09:26 AM 236,730 jtp8077ue.dll
05/12/2005 01:39 PM 234,272 szdpapi.dll
05/11/2005 08:16 PM 235,742 n0p4la7q1d.dll
05/11/2005 08:14 PM 234,272 afrsvc.dll
05/11/2005 08:06 PM 232,578 wdhisn.dll
05/11/2005 03:59 PM 232,578 dllay.dll
05/11/2005 03:57 PM 232,578 k6pmlg7116.dll
05/11/2005 03:21 PM 234,596 d8j02i1mg8.dll
05/10/2005 08:36 PM 232,420 ktdusl.dll
05/10/2005 04:37 PM 236,189 izsetup.dll
05/10/2005 04:37 PM 232,385 fp2o03f3e.dll
05/09/2005 08:56 PM 236,189 dnjm0111e.dll
05/09/2005 04:28 PM 236,189 i2lolc331f.dll
05/09/2005 04:00 PM 234,202 i4600ejmehoa0.dll
05/09/2005 03:00 PM 233,294 SiellvRTF.dll
05/08/2005 07:14 PM 233,294 pdcrt.dll
05/08/2005 07:14 PM 234,077 fp8s03l7e.dll
05/08/2005 02:27 PM 233,294 kkdmlt48.dll
05/08/2005 10:12 AM 233,074 nvapi32.dll
05/05/2005 09:28 PM 232,805 abtxprxy.dll
05/05/2005 08:14 PM 232,805 fjeploy.dll
05/04/2005 05:39 PM 233,231 i6240gfqe62e0.dll
05/04/2005 03:38 PM 232,444 wlvdmod.dll
05/03/2005 08:14 PM 233,527 wsnrnr.dll
05/02/2005 08:10 PM 233,527 pechdprf.dll
05/02/2005 05:57 PM 232,444 mdyuv.dll
05/02/2005 03:14 PM 234,742 kedazel.dll
05/01/2005 06:55 PM 232,444 heetwiz.dll
05/01/2005 12:39 PM 233,776 ku6ul7j91.dll
04/30/2005 08:22 PM 232,444 dfserial.dll
04/30/2005 02:32 PM 235,886 m2460chsef460.dll
04/29/2005 10:24 PM 233,331 jt6s07j7e.dll
04/29/2005 06:49 PM 233,331 ibdetect.dll
04/29/2005 02:52 PM 232,623 gui32.dll
04/28/2005 08:28 PM 233,703 sjell.dll
04/26/2005 08:45 PM 232,623 wxdrmdev.dll
04/26/2005 05:27 PM 233,158 mtdtcprx.dll
04/26/2005 03:02 PM 232,623 RZOCURS.DLL
04/25/2005 06:32 PM 233,158 ISKED.DLL
04/24/2005 07:21 PM 232,623 muwdat10.dll
04/24/2005 02:39 PM 235,543 gymf32.dll
04/24/2005 11:16 AM 232,623 aiifile.dll
04/23/2005 11:20 AM 235,543 wuhatm.dll
04/22/2005 04:07 PM 235,638 hrr0059me.dll
04/22/2005 01:29 PM 235,125 hrrq0595e.dll
04/22/2005 11:50 AM 234,530 rcboex32.dll
04/22/2005 11:50 AM 235,284 o4ns0e57eh.dll
04/21/2005 02:57 PM 235,563 gpl0l33m1.dll
04/20/2005 05:36 PM 234,530 jt4o07h3e.dll
04/20/2005 03:57 PM 232,969 s888lilu18q8.dll
04/20/2005 03:54 PM 235,109 lvpq0975e.dll
04/20/2005 03:46 PM 236,250 l02slaf71d2.dll
04/20/2005 03:43 PM 234,530 wbi.dll
04/20/2005 03:43 PM 235,015 hr8405lqe.dll
04/20/2005 03:35 PM 234,530 smssetup.dll
04/19/2005 05:30 PM 233,044 jtr0079me.dll
04/19/2005 03:38 PM 233,044 kvdlv1.dll
04/19/2005 03:37 PM 235,611 k4pmle711h.dll
04/18/2005 02:59 PM 235,611 diprop.dll
04/18/2005 02:59 PM 233,145 o248lchu1f48.dll
04/16/2005 08:24 PM 234,005 m4po0e73eh.dll
04/16/2005 02:57 PM 235,571 mqoeacct.dll
04/16/2005 12:05 PM 234,532 wpnstrm.dll
04/16/2005 09:08 AM 234,005 mnmefilt.dll
04/15/2005 11:40 PM 233,323 ktrql7951.dll
04/15/2005 09:48 PM 232,741 l26olcj31fo.dll
04/15/2005 03:16 PM 235,867 abvpack.dll
04/15/2005 03:11 PM 235,867 iaxsap.dll
04/15/2005 03:11 PM 232,732 d6j0lg1m16.dll
04/15/2005 03:04 PM 235,867 ibxpromn.dll
04/15/2005 03:04 PM 232,576 j40s0ed7eh0.dll
04/15/2005 02:58 PM 233,083 mvjsl9171.dll
04/14/2005 07:00 PM 236,274 jt0407dqe.dll
04/14/2005 06:53 PM 235,867 ie50_qcx.dll
04/14/2005 06:53 PM 232,826 e402ledo1h0c.dll
04/14/2005 06:33 PM 235,867 lyfil11n.DLL
04/14/2005 06:33 PM 232,583 lvjs0917e.dll
04/14/2005 06:30 PM 235,867 wpploc.dll
04/14/2005 06:30 PM 232,655 azaq07h5e.dll
04/14/2005 06:23 PM 235,867 wupsrcwp.dll
04/14/2005 06:23 PM 232,521 q4rq0e95eh.dll
04/14/2005 06:18 PM 235,867 czyptdll.dll
04/14/2005 06:18 PM 236,227 l06o0aj3edo.dll
04/14/2005 06:15 PM 235,867 rQsdlg.dll
04/14/2005 06:15 PM 232,677 jt0u07d9e.dll
04/14/2005 05:46 PM 235,867 megsvc.dll
04/14/2005 05:46 PM 233,205 gp6ul3j91.dll
04/14/2005 03:19 PM 235,867 kcl0l73m1.dll
04/14/2005 03:19 PM 232,497 jt4q07h5e.dll
04/14/2005 03:16 PM 235,867 smell32.dll
04/14/2005 03:16 PM 232,668 lv8809lue.dll
04/14/2005 03:13 PM 235,867 mowsock.dll
04/14/2005 03:13 PM 236,100 fpl2033oe.dll
04/14/2005 03:10 PM 235,867 dMd8.dll
04/14/2005 03:10 PM 232,778 d80mlid1180.dll
04/14/2005 02:58 PM 235,867 mkgina.dll
04/14/2005 02:58 PM 235,958 dnr0019me.dll
04/13/2005 06:14 PM 233,207 kt6ul7j91.dll
04/13/2005 05:02 PM 235,867 mbiwave.dll
04/12/2005 04:40 PM 234,964 mvl6l93s1.dll
04/12/2005 03:06 PM 234,964 kZjslg1716.dll
04/12/2005 03:06 PM 236,001 ktl0l73m1.dll
04/11/2005 08:34 PM 233,248 gpjql3151.dll
04/11/2005 04:28 PM 233,248 j04o0ah3ed4.dll
04/11/2005 04:08 PM 233,248 fi0403dqe.dll
04/11/2005 04:03 PM 233,248 mviwave.dll
04/11/2005 03:34 PM 233,248 aUmd532.dll
04/11/2005 03:04 PM 233,248 lnadperf.dll
09/28/2004 12:35 AM <DIR> Microsoft
174 File(s) 40,562,009 bytes
4 Dir(s) 158,610,771,968 bytes free
  • 0

#7
loophole
Posted 15 October 2005 - 08:29 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

If after the reboot the desktop icons dont dissappear or the log does not pop up then in the l2mfix folder double click the second.bat file to continue with the fix.
  • 0

#8
Skater14
Posted 15 October 2005 - 08:47 PM

Skater14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Setting Directory
C:\
C:\
System Rebooted!

Running From:
C:\

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1632 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1676 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\abtodisc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\abtxprxy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\abvpack.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\afrsvc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\afsnds.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aiifile.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\arvpack.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aUmd532.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aza0059me.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aza6l11s1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azaq07h5e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azas03l7e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azas0ed7eh0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\c2000cdmef0a0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\czyptdll.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\d6j0lg1m16.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\d80mlid1180.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\d8j00i1me8.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\d8j02i1mg8.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dfserial.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\diprop.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dllay.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dMd8.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dn2401fqe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dnjm0111e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dnr0019me.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dqdmoprp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\e2jm0c11ef.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\e402ledo1h0c.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en6ol1j31.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enj6l11s1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fi0403dqe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fjeploy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\FL20ENU.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fp2o03f3e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fp8s03l7e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fpl2033oe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fzusd.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\g2jo0c13ef.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gp6ol3j31.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gp6ul3j91.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gpjml3111.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gpjql3151.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gpl0l33m1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gui32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gymf32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gztext.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\heetwiz.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hr8405lqe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hrr0059me.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hrrq0595e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\i2nm0c51ef.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\i4600ejmehoa0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\i6240gfqe62e0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iaxsap.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ibdetect.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ibxpromn.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ie50_qcx.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iqaksie.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir4ol5h31.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irr0l59m1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ISKED.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\izsetup.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j04o0ah3ed4.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j2n2lc5o1f.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j40s0ed7eh0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j84olih3184.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jt0407dqe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jt0u07d9e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jt4o07h3e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jt4q07h5e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jt6s07j7e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jtp8077ue.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jtr0079me.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k044lahq1d4e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k4pmle711h.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kcl0l73m1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kedazel.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kgdpo.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kkdmlt48.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kt6sl7j71.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kt6ul7j91.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ktdusl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ktl0l73m1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ktl2l73o1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ktrql7951.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ku6ul7j91.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kvdazel.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kvdlv1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kwdsl1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kZjslg1716.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l02s0af7ed2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l02slaf71d2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l06o0aj3edo.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l26o0cj3efo.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l26olcj31fo.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lnadperf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lv8809lue.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvjs0917e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvlu0939e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvnm0951e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvpq0975e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvrs0997e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lyfil11n.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m2460chsef460.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m4po0e73eh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m6po0g73e6.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mbcms.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mbiwave.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mdyuv.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\megsvc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\memefilt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mesystem.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mgmefilt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mkgina.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mnmefilt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mofutil.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mowsock.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mqoeacct.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mtdtcprx.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\muwdat10.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mviwave.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mvjsl9171.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mvl6l93s1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mvrapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mxyuv.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n0p4la7q1d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n8n60i5se8.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n8n6li5s18.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nadenb32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\natid.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nmxpnt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nvapi32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nwmsmgr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o248lchu1f48.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o4ns0e57eh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o4nsle571h.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o6840glqe6qe0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o8840ilqe8qe0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\obbccr32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\pbdx5016.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\pdcrt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\pechdprf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\pjh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\PLDLIB32.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\q4rq0e95eh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rcboex32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rQsdlg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\RZOCURS.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\s888lilu18q8.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sbayerxp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\SiellvRTF.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sjell.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sjredir.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\smell32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\smssetup.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sqrialui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\srlogcfg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\svsryty.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\szdpapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wbi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wdhisn.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wdspdmoe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wGvemsp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\whpcore.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wlstream.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wlvdmod.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wpnstrm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wpploc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wsnrnr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wuhatm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wupsrcwp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wwnup2date.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wxdrmdev.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINDOWS\system32\abtodisc.dll
Successfully Deleted: C:\WINDOWS\system32\abtodisc.dll
deleting: C:\WINDOWS\system32\abtxprxy.dll
Successfully Deleted: C:\WINDOWS\system32\abtxprxy.dll
deleting: C:\WINDOWS\system32\abvpack.dll
Successfully Deleted: C:\WINDOWS\system32\abvpack.dll
deleting: C:\WINDOWS\system32\afrsvc.dll
Successfully Deleted: C:\WINDOWS\system32\afrsvc.dll
deleting: C:\WINDOWS\system32\afsnds.dll
Successfully Deleted: C:\WINDOWS\system32\afsnds.dll
deleting: C:\WINDOWS\system32\aiifile.dll
Successfully Deleted: C:\WINDOWS\system32\aiifile.dll
deleting: C:\WINDOWS\system32\arvpack.dll
Successfully Deleted: C:\WINDOWS\system32\arvpack.dll
deleting: C:\WINDOWS\system32\aUmd532.dll
Successfully Deleted: C:\WINDOWS\system32\aUmd532.dll
deleting: C:\WINDOWS\system32\aza0059me.dll
Successfully Deleted: C:\WINDOWS\system32\aza0059me.dll
deleting: C:\WINDOWS\system32\aza6l11s1.dll
Successfully Deleted: C:\WINDOWS\system32\aza6l11s1.dll
deleting: C:\WINDOWS\system32\azaq07h5e.dll
Successfully Deleted: C:\WINDOWS\system32\azaq07h5e.dll
deleting: C:\WINDOWS\system32\azas03l7e.dll
Successfully Deleted: C:\WINDOWS\system32\azas03l7e.dll
deleting: C:\WINDOWS\system32\azas0ed7eh0.dll
Successfully Deleted: C:\WINDOWS\system32\azas0ed7eh0.dll
deleting: C:\WINDOWS\system32\c2000cdmef0a0.dll
Successfully Deleted: C:\WINDOWS\system32\c2000cdmef0a0.dll
deleting: C:\WINDOWS\system32\czyptdll.dll
Successfully Deleted: C:\WINDOWS\system32\czyptdll.dll
deleting: C:\WINDOWS\system32\d6j0lg1m16.dll
Successfully Deleted: C:\WINDOWS\system32\d6j0lg1m16.dll
deleting: C:\WINDOWS\system32\d80mlid1180.dll
Successfully Deleted: C:\WINDOWS\system32\d80mlid1180.dll
deleting: C:\WINDOWS\system32\d8j00i1me8.dll
Successfully Deleted: C:\WINDOWS\system32\d8j00i1me8.dll
deleting: C:\WINDOWS\system32\d8j02i1mg8.dll
Successfully Deleted: C:\WINDOWS\system32\d8j02i1mg8.dll
deleting: C:\WINDOWS\system32\dfserial.dll
Successfully Deleted: C:\WINDOWS\system32\dfserial.dll
deleting: C:\WINDOWS\system32\diprop.dll
Successfully Deleted: C:\WINDOWS\system32\diprop.dll
deleting: C:\WINDOWS\system32\dllay.dll
Successfully Deleted: C:\WINDOWS\system32\dllay.dll
deleting: C:\WINDOWS\system32\dMd8.dll
Successfully Deleted: C:\WINDOWS\system32\dMd8.dll
deleting: C:\WINDOWS\system32\dn2401fqe.dll
Successfully Deleted: C:\WINDOWS\system32\dn2401fqe.dll
deleting: C:\WINDOWS\system32\dnjm0111e.dll
Successfully Deleted: C:\WINDOWS\system32\dnjm0111e.dll
deleting: C:\WINDOWS\system32\dnr0019me.dll
Successfully Deleted: C:\WINDOWS\system32\dnr0019me.dll
deleting: C:\WINDOWS\system32\dqdmoprp.dll
Successfully Deleted: C:\WINDOWS\system32\dqdmoprp.dll
deleting: C:\WINDOWS\system32\e2jm0c11ef.dll
Successfully Deleted: C:\WINDOWS\system32\e2jm0c11ef.dll
deleting: C:\WINDOWS\system32\e402ledo1h0c.dll
Successfully Deleted: C:\WINDOWS\system32\e402ledo1h0c.dll
deleting: C:\WINDOWS\system32\en6ol1j31.dll
Successfully Deleted: C:\WINDOWS\system32\en6ol1j31.dll
deleting: C:\WINDOWS\system32\enj6l11s1.dll
Successfully Deleted: C:\WINDOWS\system32\enj6l11s1.dll
deleting: C:\WINDOWS\system32\fi0403dqe.dll
Successfully Deleted: C:\WINDOWS\system32\fi0403dqe.dll
deleting: C:\WINDOWS\system32\fjeploy.dll
Successfully Deleted: C:\WINDOWS\system32\fjeploy.dll
deleting: C:\WINDOWS\system32\FL20ENU.DLL
Successfully Deleted: C:\WINDOWS\system32\FL20ENU.DLL
deleting: C:\WINDOWS\system32\fp2o03f3e.dll
Successfully Deleted: C:\WINDOWS\system32\fp2o03f3e.dll
deleting: C:\WINDOWS\system32\fp8s03l7e.dll
Successfully Deleted: C:\WINDOWS\system32\fp8s03l7e.dll
deleting: C:\WINDOWS\system32\fpl2033oe.dll
Successfully Deleted: C:\WINDOWS\system32\fpl2033oe.dll
deleting: C:\WINDOWS\system32\fzusd.dll
Successfully Deleted: C:\WINDOWS\system32\fzusd.dll
deleting: C:\WINDOWS\system32\g2jo0c13ef.dll
Successfully Deleted: C:\WINDOWS\system32\g2jo0c13ef.dll
deleting: C:\WINDOWS\system32\gp6ol3j31.dll
Successfully Deleted: C:\WINDOWS\system32\gp6ol3j31.dll
deleting: C:\WINDOWS\system32\gp6ul3j91.dll
Successfully Deleted: C:\WINDOWS\system32\gp6ul3j91.dll
deleting: C:\WINDOWS\system32\gpjml3111.dll
Successfully Deleted: C:\WINDOWS\system32\gpjml3111.dll
deleting: C:\WINDOWS\system32\gpjql3151.dll
Successfully Deleted: C:\WINDOWS\system32\gpjql3151.dll
deleting: C:\WINDOWS\system32\gpl0l33m1.dll
Successfully Deleted: C:\WINDOWS\system32\gpl0l33m1.dll
deleting: C:\WINDOWS\system32\gui32.dll
Successfully Deleted: C:\WINDOWS\system32\gui32.dll
deleting: C:\WINDOWS\system32\gymf32.dll
Successfully Deleted: C:\WINDOWS\system32\gymf32.dll
deleting: C:\WINDOWS\system32\gztext.dll
Successfully Deleted: C:\WINDOWS\system32\gztext.dll
deleting: C:\WINDOWS\system32\heetwiz.dll
Successfully Deleted: C:\WINDOWS\system32\heetwiz.dll
deleting: C:\WINDOWS\system32\hr8405lqe.dll
Successfully Deleted: C:\WINDOWS\system32\hr8405lqe.dll
deleting: C:\WINDOWS\system32\hrr0059me.dll
Successfully Deleted: C:\WINDOWS\system32\hrr0059me.dll
deleting: C:\WINDOWS\system32\hrrq0595e.dll
Successfully Deleted: C:\WINDOWS\system32\hrrq0595e.dll
deleting: C:\WINDOWS\system32\i2nm0c51ef.dll
Successfully Deleted: C:\WINDOWS\system32\i2nm0c51ef.dll
deleting: C:\WINDOWS\system32\i4600ejmehoa0.dll
Successfully Deleted: C:\WINDOWS\system32\i4600ejmehoa0.dll
deleting: C:\WINDOWS\system32\i6240gfqe62e0.dll
Successfully Deleted: C:\WINDOWS\system32\i6240gfqe62e0.dll
deleting: C:\WINDOWS\system32\iaxsap.dll
Successfully Deleted: C:\WINDOWS\system32\iaxsap.dll
deleting: C:\WINDOWS\system32\ibdetect.dll
Successfully Deleted: C:\WINDOWS\system32\ibdetect.dll
deleting: C:\WINDOWS\system32\ibxpromn.dll
Successfully Deleted: C:\WINDOWS\system32\ibxpromn.dll
deleting: C:\WINDOWS\system32\ie50_qcx.dll
Successfully Deleted: C:\WINDOWS\system32\ie50_qcx.dll
deleting: C:\WINDOWS\system32\iqaksie.dll
Successfully Deleted: C:\WINDOWS\system32\iqaksie.dll
deleting: C:\WINDOWS\system32\ir4ol5h31.dll
Successfully Deleted: C:\WINDOWS\system32\ir4ol5h31.dll
deleting: C:\WINDOWS\system32\irr0l59m1.dll
Successfully Deleted: C:\WINDOWS\system32\irr0l59m1.dll
deleting: C:\WINDOWS\system32\ISKED.DLL
Successfully Deleted: C:\WINDOWS\system32\ISKED.DLL
deleting: C:\WINDOWS\system32\izsetup.dll
Successfully Deleted: C:\WINDOWS\system32\izsetup.dll
deleting: C:\WINDOWS\system32\j04o0ah3ed4.dll
Successfully Deleted: C:\WINDOWS\system32\j04o0ah3ed4.dll
deleting: C:\WINDOWS\system32\j2n2lc5o1f.dll
Successfully Deleted: C:\WINDOWS\system32\j2n2lc5o1f.dll
deleting: C:\WINDOWS\system32\j40s0ed7eh0.dll
Successfully Deleted: C:\WINDOWS\system32\j40s0ed7eh0.dll
deleting: C:\WINDOWS\system32\j84olih3184.dll
Successfully Deleted: C:\WINDOWS\system32\j84olih3184.dll
deleting: C:\WINDOWS\system32\jt0407dqe.dll
Successfully Deleted: C:\WINDOWS\system32\jt0407dqe.dll
deleting: C:\WINDOWS\system32\jt0u07d9e.dll
Successfully Deleted: C:\WINDOWS\system32\jt0u07d9e.dll
deleting: C:\WINDOWS\system32\jt4o07h3e.dll
Successfully Deleted: C:\WINDOWS\system32\jt4o07h3e.dll
deleting: C:\WINDOWS\system32\jt4q07h5e.dll
Successfully Deleted: C:\WINDOWS\system32\jt4q07h5e.dll
deleting: C:\WINDOWS\system32\jt6s07j7e.dll
Successfully Deleted: C:\WINDOWS\system32\jt6s07j7e.dll
deleting: C:\WINDOWS\system32\jtp8077ue.dll
Successfully Deleted: C:\WINDOWS\system32\jtp8077ue.dll
deleting: C:\WINDOWS\system32\jtr0079me.dll
Successfully Deleted: C:\WINDOWS\system32\jtr0079me.dll
deleting: C:\WINDOWS\system32\k044lahq1d4e.dll
Successfully Deleted: C:\WINDOWS\system32\k044lahq1d4e.dll
deleting: C:\WINDOWS\system32\k4pmle711h.dll
Successfully Deleted: C:\WINDOWS\system32\k4pmle711h.dll
deleting: C:\WINDOWS\system32\kcl0l73m1.dll
Successfully Deleted: C:\WINDOWS\system32\kcl0l73m1.dll
deleting: C:\WINDOWS\system32\kedazel.dll
Successfully Deleted: C:\WINDOWS\system32\kedazel.dll
deleting: C:\WINDOWS\system32\kgdpo.dll
Successfully Deleted: C:\WINDOWS\system32\kgdpo.dll
deleting: C:\WINDOWS\system32\kkdmlt48.dll
Successfully Deleted: C:\WINDOWS\system32\kkdmlt48.dll
deleting: C:\WINDOWS\system32\kt6sl7j71.dll
Successfully Deleted: C:\WINDOWS\system32\kt6sl7j71.dll
deleting: C:\WINDOWS\system32\kt6ul7j91.dll
Successfully Deleted: C:\WINDOWS\system32\kt6ul7j91.dll
deleting: C:\WINDOWS\system32\ktdusl.dll
Successfully Deleted: C:\WINDOWS\system32\ktdusl.dll
deleting: C:\WINDOWS\system32\ktl0l73m1.dll
Successfully Deleted: C:\WINDOWS\system32\ktl0l73m1.dll
deleting: C:\WINDOWS\system32\ktl2l73o1.dll
Successfully Deleted: C:\WINDOWS\system32\ktl2l73o1.dll
deleting: C:\WINDOWS\system32\ktrql7951.dll
Successfully Deleted: C:\WINDOWS\system32\ktrql7951.dll
deleting: C:\WINDOWS\system32\ku6ul7j91.dll
Successfully Deleted: C:\WINDOWS\system32\ku6ul7j91.dll
deleting: C:\WINDOWS\system32\kvdazel.dll
Successfully Deleted: C:\WINDOWS\system32\kvdazel.dll
deleting: C:\WINDOWS\system32\kvdlv1.dll
Successfully Deleted: C:\WINDOWS\system32\kvdlv1.dll
deleting: C:\WINDOWS\system32\kwdsl1.dll
Successfully Deleted: C:\WINDOWS\system32\kwdsl1.dll
deleting: C:\WINDOWS\system32\kZjslg1716.dll
Successfully Deleted: C:\WINDOWS\system32\kZjslg1716.dll
deleting: C:\WINDOWS\system32\l02s0af7ed2.dll
Successfully Deleted: C:\WINDOWS\system32\l02s0af7ed2.dll
deleting: C:\WINDOWS\system32\l02slaf71d2.dll
Successfully Deleted: C:\WINDOWS\system32\l02slaf71d2.dll
deleting: C:\WINDOWS\system32\l06o0aj3edo.dll
Successfully Deleted: C:\WINDOWS\system32\l06o0aj3edo.dll
deleting: C:\WINDOWS\system32\l26o0cj3efo.dll
Successfully Deleted: C:\WINDOWS\system32\l26o0cj3efo.dll
deleting: C:\WINDOWS\system32\l26olcj31fo.dll
Successfully Deleted: C:\WINDOWS\system32\l26olcj31fo.dll
deleting: C:\WINDOWS\system32\lnadperf.dll
Successfully Deleted: C:\WINDOWS\system32\lnadperf.dll
deleting: C:\WINDOWS\system32\lv8809lue.dll
Successfully Deleted: C:\WINDOWS\system32\lv8809lue.dll
deleting: C:\WINDOWS\system32\lvjs0917e.dll
Successfully Deleted: C:\WINDOWS\system32\lvjs0917e.dll
deleting: C:\WINDOWS\system32\lvlu0939e.dll
Successfully Deleted: C:\WINDOWS\system32\lvlu0939e.dll
deleting: C:\WINDOWS\system32\lvnm0951e.dll
Successfully Deleted: C:\WINDOWS\system32\lvnm0951e.dll
deleting: C:\WINDOWS\system32\lvpq0975e.dll
Successfully Deleted: C:\WINDOWS\system32\lvpq0975e.dll
deleting: C:\WINDOWS\system32\lvrs0997e.dll
Successfully Deleted: C:\WINDOWS\system32\lvrs0997e.dll
deleting: C:\WINDOWS\system32\lyfil11n.DLL
Successfully Deleted: C:\WINDOWS\system32\lyfil11n.DLL
deleting: C:\WINDOWS\system32\m2460chsef460.dll
Successfully Deleted: C:\WINDOWS\system32\m2460chsef460.dll
deleting: C:\WINDOWS\system32\m4po0e73eh.dll
Successfully Deleted: C:\WINDOWS\system32\m4po0e73eh.dll
deleting: C:\WINDOWS\system32\m6po0g73e6.dll
Successfully Deleted: C:\WINDOWS\system32\m6po0g73e6.dll
deleting: C:\WINDOWS\system32\mbcms.dll
Successfully Deleted: C:\WINDOWS\system32\mbcms.dll
deleting: C:\WINDOWS\system32\mbiwave.dll
Successfully Deleted: C:\WINDOWS\system32\mbiwave.dll
deleting: C:\WINDOWS\system32\mdyuv.dll
Successfully Deleted: C:\WINDOWS\system32\mdyuv.dll
deleting: C:\WINDOWS\system32\megsvc.dll
Successfully Deleted: C:\WINDOWS\system32\megsvc.dll
deleting: C:\WINDOWS\system32\memefilt.dll
Successfully Deleted: C:\WINDOWS\system32\memefilt.dll
deleting: C:\WINDOWS\system32\mesystem.dll
Successfully Deleted: C:\WINDOWS\system32\mesystem.dll
deleting: C:\WINDOWS\system32\mgmefilt.dll
Successfully Deleted: C:\WINDOWS\system32\mgmefilt.dll
deleting: C:\WINDOWS\system32\mkgina.dll
Successfully Deleted: C:\WINDOWS\system32\mkgina.dll
deleting: C:\WINDOWS\system32\mnmefilt.dll
Successfully Deleted: C:\WINDOWS\system32\mnmefilt.dll
deleting: C:\WINDOWS\system32\mofutil.dll
Successfully Deleted: C:\WINDOWS\system32\mofutil.dll
deleting: C:\WINDOWS\system32\mowsock.dll
Successfully Deleted: C:\WINDOWS\system32\mowsock.dll
deleting: C:\WINDOWS\system32\mqoeacct.dll
Successfully Deleted: C:\WINDOWS\system32\mqoeacct.dll
deleting: C:\WINDOWS\system32\mtdtcprx.dll
Successfully Deleted: C:\WINDOWS\system32\mtdtcprx.dll
deleting: C:\WINDOWS\system32\muwdat10.dll
Successfully Deleted: C:\WINDOWS\system32\muwdat10.dll
deleting: C:\WINDOWS\system32\mviwave.dll
Successfully Deleted: C:\WINDOWS\system32\mviwave.dll
deleting: C:\WINDOWS\system32\mvjsl9171.dll
Successfully Deleted: C:\WINDOWS\system32\mvjsl9171.dll
deleting: C:\WINDOWS\system32\mvl6l93s1.dll
Successfully Deleted: C:\WINDOWS\system32\mvl6l93s1.dll
deleting: C:\WINDOWS\system32\mvrapi.dll
Successfully Deleted: C:\WINDOWS\system32\mvrapi.dll
deleting: C:\WINDOWS\system32\mxyuv.dll
Successfully Deleted: C:\WINDOWS\system32\mxyuv.dll
deleting: C:\WINDOWS\system32\n0p4la7q1d.dll
Successfully Deleted: C:\WINDOWS\system32\n0p4la7q1d.dll
deleting: C:\WINDOWS\system32\n8n60i5se8.dll
Successfully Deleted: C:\WINDOWS\system32\n8n60i5se8.dll
deleting: C:\WINDOWS\system32\n8n6li5s18.dll
Successfully Deleted: C:\WINDOWS\system32\n8n6li5s18.dll
deleting: C:\WINDOWS\system32\nadenb32.dll
Successfully Deleted: C:\WINDOWS\system32\nadenb32.dll
deleting: C:\WINDOWS\system32\natid.dll
Successfully Deleted: C:\WINDOWS\system32\natid.dll
deleting: C:\WINDOWS\system32\nmxpnt.dll
Successfully Deleted: C:\WINDOWS\system32\nmxpnt.dll
deleting: C:\WINDOWS\system32\nvapi32.dll
Successfully Deleted: C:\WINDOWS\system32\nvapi32.dll
deleting: C:\WINDOWS\system32\nwmsmgr.dll
Successfully Deleted: C:\WINDOWS\system32\nwmsmgr.dll
deleting: C:\WINDOWS\system32\o248lchu1f48.dll
Successfully Deleted: C:\WINDOWS\system32\o248lchu1f48.dll
deleting: C:\WINDOWS\system32\o4ns0e57eh.dll
Successfully Deleted: C:\WINDOWS\system32\o4ns0e57eh.dll
deleting: C:\WINDOWS\system32\o4nsle571h.dll
Successfully Deleted: C:\WINDOWS\system32\o4nsle571h.dll
deleting: C:\WINDOWS\system32\o6840glqe6qe0.dll
Successfully Deleted: C:\WINDOWS\system32\o6840glqe6qe0.dll
deleting: C:\WINDOWS\system32\o8840ilqe8qe0.dll
Successfully Deleted: C:\WINDOWS\system32\o8840ilqe8qe0.dll
deleting: C:\WINDOWS\system32\obbccr32.dll
Successfully Deleted: C:\WINDOWS\system32\obbccr32.dll
deleting: C:\WINDOWS\system32\pbdx5016.dll
Successfully Deleted: C:\WINDOWS\system32\pbdx5016.dll
deleting: C:\WINDOWS\system32\pdcrt.dll
Successfully Deleted: C:\WINDOWS\system32\pdcrt.dll
deleting: C:\WINDOWS\system32\pechdprf.dll
Successfully Deleted: C:\WINDOWS\system32\pechdprf.dll
deleting: C:\WINDOWS\system32\pjh.dll
Successfully Deleted: C:\WINDOWS\system32\pjh.dll
deleting: C:\WINDOWS\system32\PLDLIB32.DLL
Successfully Deleted: C:\WINDOWS\system32\PLDLIB32.DLL
deleting: C:\WINDOWS\system32\q4rq0e95eh.dll
Successfully Deleted: C:\WINDOWS\system32\q4rq0e95eh.dll
deleting: C:\WINDOWS\system32\rcboex32.dll
Successfully Deleted: C:\WINDOWS\system32\rcboex32.dll
deleting: C:\WINDOWS\system32\rQsdlg.dll
Successfully Deleted: C:\WINDOWS\system32\rQsdlg.dll
deleting: C:\WINDOWS\system32\RZOCURS.DLL
Successfully Deleted: C:\WINDOWS\system32\RZOCURS.DLL
deleting: C:\WINDOWS\system32\s888lilu18q8.dll
Successfully Deleted: C:\WINDOWS\system32\s888lilu18q8.dll
deleting: C:\WINDOWS\system32\sbayerxp.dll
Successfully Deleted: C:\WINDOWS\system32\sbayerxp.dll
deleting: C:\WINDOWS\system32\SiellvRTF.dll
Successfully Deleted: C:\WINDOWS\system32\SiellvRTF.dll
deleting: C:\WINDOWS\system32\sjell.dll
Successfully Deleted: C:\WINDOWS\system32\sjell.dll
deleting: C:\WINDOWS\system32\sjredir.dll
Successfully Deleted: C:\WINDOWS\system32\sjredir.dll
deleting: C:\WINDOWS\system32\smell32.dll
Successfully Deleted: C:\WINDOWS\system32\smell32.dll
deleting: C:\WINDOWS\system32\smssetup.dll
Successfully Deleted: C:\WINDOWS\system32\smssetup.dll
deleting: C:\WINDOWS\system32\sqrialui.dll
Successfully Deleted: C:\WINDOWS\system32\sqrialui.dll
deleting: C:\WINDOWS\system32\srlogcfg.dll
Successfully Deleted: C:\WINDOWS\system32\srlogcfg.dll
deleting: C:\WINDOWS\system32\svsryty.dll
Successfully Deleted: C:\WINDOWS\system32\svsryty.dll
deleting: C:\WINDOWS\system32\szdpapi.dll
Successfully Deleted: C:\WINDOWS\system32\szdpapi.dll
deleting: C:\WINDOWS\system32\wbi.dll
Successfully Deleted: C:\WINDOWS\system32\wbi.dll
deleting: C:\WINDOWS\system32\wdhisn.dll
Successfully Deleted: C:\WINDOWS\system32\wdhisn.dll
deleting: C:\WINDOWS\system32\wdspdmoe.dll
Successfully Deleted: C:\WINDOWS\system32\wdspdmoe.dll
deleting: C:\WINDOWS\system32\wGvemsp.dll
Successfully Deleted: C:\WINDOWS\system32\wGvemsp.dll
deleting: C:\WINDOWS\system32\whpcore.dll
Successfully Deleted: C:\WINDOWS\system32\whpcore.dll
deleting: C:\WINDOWS\system32\wlstream.dll
Successfully Deleted: C:\WINDOWS\system32\wlstream.dll
deleting: C:\WINDOWS\system32\wlvdmod.dll
Successfully Deleted: C:\WINDOWS\system32\wlvdmod.dll
deleting: C:\WINDOWS\system32\wpnstrm.dll
Successfully Deleted: C:\WINDOWS\system32\wpnstrm.dll
deleting: C:\WINDOWS\system32\wpploc.dll
Successfully Deleted: C:\WINDOWS\system32\wpploc.dll
deleting: C:\WINDOWS\system32\wsnrnr.dll
Successfully Deleted: C:\WINDOWS\system32\wsnrnr.dll
deleting: C:\WINDOWS\system32\wuhatm.dll
Successfully Deleted: C:\WINDOWS\system32\wuhatm.dll
deleting: C:\WINDOWS\system32\wupsrcwp.dll
Successfully Deleted: C:\WINDOWS\system32\wupsrcwp.dll
deleting: C:\WINDOWS\system32\wwnup2date.dll
Successfully Deleted: C:\WINDOWS\system32\wwnup2date.dll
deleting: C:\WINDOWS\system32\wxdrmdev.dll
Successfully Deleted: C:\WINDOWS\system32\wxdrmdev.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp


Zipping up files for submission:
adding: abtodisc.dll (188 bytes security) (deflated 5%)
adding: abtxprxy.dll (188 bytes security) (deflated 4%)
adding: abvpack.dll (188 bytes security) (deflated 5%)
adding: afrsvc.dll (188 bytes security) (deflated 4%)
adding: afsnds.dll (188 bytes security) (deflated 5%)
adding: aiifile.dll (188 bytes security) (deflated 4%)
adding: arvpack.dll (188 bytes security) (deflated 5%)
adding: aUmd532.dll (188 bytes security) (deflated 4%)
adding: aza0059me.dll (188 bytes security) (deflated 4%)
adding: aza6l11s1.dll (188 bytes security) (deflated 5%)
adding: azaq07h5e.dll (188 bytes security) (deflated 4%)
adding: azas03l7e.dll (188 bytes security) (deflated 5%)
adding: azas0ed7eh0.dll (188 bytes security) (deflated 6%)
adding: c2000cdmef0a0.dll (188 bytes security) (deflated 5%)
adding: czyptdll.dll (188 bytes security) (deflated 5%)
adding: d6j0lg1m16.dll (188 bytes security) (deflated 4%)
adding: d80mlid1180.dll (188 bytes security) (deflated 4%)
adding: d8j00i1me8.dll (188 bytes security) (deflated 6%)
adding: d8j02i1mg8.dll (188 bytes security) (deflated 5%)
adding: dfserial.dll (188 bytes security) (deflated 4%)
adding: diprop.dll (188 bytes security) (deflated 5%)
adding: dllay.dll (188 bytes security) (deflated 4%)
adding: dMd8.dll (188 bytes security) (deflated 5%)
adding: dn2401fqe.dll (188 bytes security) (deflated 5%)
adding: dnjm0111e.dll (188 bytes security) (deflated 6%)
adding: dnr0019me.dll (188 bytes security) (deflated 5%)
adding: dqdmoprp.dll (188 bytes security) (deflated 6%)
adding: e2jm0c11ef.dll (188 bytes security) (deflated 5%)
adding: e402ledo1h0c.dll (188 bytes security) (deflated 4%)
adding: en6ol1j31.dll (188 bytes security) (deflated 4%)
adding: enj6l11s1.dll (188 bytes security) (deflated 4%)
adding: fi0403dqe.dll (188 bytes security) (deflated 4%)
adding: fjeploy.dll (188 bytes security) (deflated 4%)
adding: FL20ENU.DLL (188 bytes security) (deflated 5%)
adding: fp2o03f3e.dll (188 bytes security) (deflated 4%)
adding: fp8s03l7e.dll (188 bytes security) (deflated 5%)
adding: fpl2033oe.dll (188 bytes security) (deflated 5%)
adding: fzusd.dll (188 bytes security) (deflated 6%)
adding: g2jo0c13ef.dll (188 bytes security) (deflated 6%)
adding: gp6ol3j31.dll (188 bytes security) (deflated 5%)
adding: gp6ul3j91.dll (188 bytes security) (deflated 4%)
adding: gpjml3111.dll (188 bytes security) (deflated 4%)
adding: gpjql3151.dll (188 bytes security) (deflated 4%)
adding: gpl0l33m1.dll (188 bytes security) (deflated 5%)
adding: gui32.dll (188 bytes security) (deflated 4%)
adding: gymf32.dll (188 bytes security) (deflated 5%)
adding: gztext.dll (188 bytes security) (deflated 5%)
adding: heetwiz.dll (188 bytes security) (deflated 4%)
adding: hr8405lqe.dll (188 bytes security) (deflated 5%)
adding: hrr0059me.dll (188 bytes security) (deflated 5%)
adding: hrrq0595e.dll (188 bytes security) (deflated 5%)
adding: i2nm0c51ef.dll (188 bytes security) (deflated 6%)
adding: i4600ejmehoa0.dll (188 bytes security) (deflated 5%)
adding: i6240gfqe62e0.dll (188 bytes security) (deflated 5%)
adding: iaxsap.dll (188 bytes security) (deflated 5%)
adding: ibdetect.dll (188 bytes security) (deflated 4%)
adding: ibxpromn.dll (188 bytes security) (deflated 5%)
adding: ie50_qcx.dll (188 bytes security) (deflated 5%)
adding: iqaksie.dll (188 bytes security) (deflated 5%)
adding: ir4ol5h31.dll (188 bytes security) (deflated 5%)
adding: irr0l59m1.dll (188 bytes security) (deflated 5%)
adding: ISKED.DLL (188 bytes security) (deflated 4%)
adding: izsetup.dll (188 bytes security) (deflated 6%)
adding: j04o0ah3ed4.dll (188 bytes security) (deflated 4%)
adding: j2n2lc5o1f.dll (188 bytes security) (deflated 6%)
adding: j40s0ed7eh0.dll (188 bytes security) (deflated 4%)
adding: j84olih3184.dll (188 bytes security) (deflated 4%)
adding: jt0407dqe.dll (188 bytes security) (deflated 5%)
adding: jt0u07d9e.dll (188 bytes security) (deflated 4%)
adding: jt4o07h3e.dll (188 bytes security) (deflated 5%)
adding: jt4q07h5e.dll (188 bytes security) (deflated 4%)
adding: jt6s07j7e.dll (188 bytes security) (deflated 4%)
adding: jtp8077ue.dll (188 bytes security) (deflated 5%)
adding: jtr0079me.dll (188 bytes security) (deflated 4%)
adding: k044lahq1d4e.dll (188 bytes security) (deflated 5%)
adding: k4pmle711h.dll (188 bytes security) (deflated 5%)
adding: kcl0l73m1.dll (188 bytes security) (deflated 5%)
adding: kedazel.dll (188 bytes security) (deflated 5%)
adding: kgdpo.dll (188 bytes security) (deflated 4%)
adding: kkdmlt48.dll (188 bytes security) (deflated 5%)
adding: kt6sl7j71.dll (188 bytes security) (deflated 5%)
adding: kt6ul7j91.dll (188 bytes security) (deflated 4%)
adding: ktdusl.dll (188 bytes security) (deflated 4%)
adding: ktl0l73m1.dll (188 bytes security) (deflated 5%)
adding: ktl2l73o1.dll (188 bytes security) (deflated 5%)
adding: ktrql7951.dll (188 bytes security) (deflated 4%)
adding: ku6ul7j91.dll (188 bytes security) (deflated 5%)
adding: kvdazel.dll (188 bytes security) (deflated 4%)
adding: kvdlv1.dll (188 bytes security) (deflated 4%)
adding: kwdsl1.dll (188 bytes security) (deflated 5%)
adding: kZjslg1716.dll (188 bytes security) (deflated 5%)
adding: l02s0af7ed2.dll (188 bytes security) (deflated 4%)
adding: l02slaf71d2.dll (188 bytes security) (deflated 6%)
adding: l06o0aj3edo.dll (188 bytes security) (deflated 5%)
adding: l26o0cj3efo.dll (188 bytes security) (deflated 5%)
adding: l26olcj31fo.dll (188 bytes security) (deflated 4%)
adding: lnadperf.dll (188 bytes security) (deflated 4%)
adding: lv8809lue.dll (188 bytes security) (deflated 4%)
adding: lvjs0917e.dll (188 bytes security) (deflated 4%)
adding: lvlu0939e.dll (188 bytes security) (deflated 4%)
adding: lvnm0951e.dll (188 bytes security) (deflated 4%)
adding: lvpq0975e.dll (188 bytes security) (deflated 5%)
adding: lvrs0997e.dll (188 bytes security) (deflated 5%)
adding: lyfil11n.DLL (188 bytes security) (deflated 5%)
adding: m2460chsef460.dll (188 bytes security) (deflated 6%)
adding: m4po0e73eh.dll (188 bytes security) (deflated 5%)
adding: m6po0g73e6.dll (188 bytes security) (deflated 6%)
adding: mbcms.dll (188 bytes security) (deflated 4%)
adding: mbiwave.dll (188 bytes security) (deflated 5%)
adding: mdyuv.dll (188 bytes security) (deflated 4%)
adding: megsvc.dll (188 bytes security) (deflated 5%)
adding: memefilt.dll (188 bytes security) (deflated 4%)
adding: mesystem.dll (188 bytes security) (deflated 4%)
adding: mgmefilt.dll (188 bytes security) (deflated 5%)
adding: mkgina.dll (188 bytes security) (deflated 5%)
adding: mnmefilt.dll (188 bytes security) (deflated 5%)
adding: mofutil.dll (188 bytes security) (deflated 4%)
adding: mowsock.dll (188 bytes security) (deflated 5%)
adding: mqoeacct.dll (188 bytes security) (deflated 5%)
adding: mtdtcprx.dll (188 bytes security) (deflated 4%)
adding: muwdat10.dll (188 bytes security) (deflated 4%)
adding: mviwave.dll (188 bytes security) (deflated 4%)
adding: mvjsl9171.dll (188 bytes security) (deflated 4%)
adding: mvl6l93s1.dll (188 bytes security) (deflated 5%)
adding: mvrapi.dll (188 bytes security) (deflated 4%)
adding: mxyuv.dll (188 bytes security) (deflated 5%)
adding: n0p4la7q1d.dll (188 bytes security) (deflated 5%)
adding: n8n60i5se8.dll (188 bytes security) (deflated 5%)
adding: n8n6li5s18.dll (188 bytes security) (deflated 5%)
adding: nadenb32.dll (188 bytes security) (deflated 4%)
adding: natid.dll (188 bytes security) (deflated 4%)
adding: nmxpnt.dll (188 bytes security) (deflated 6%)
adding: nvapi32.dll (188 bytes security) (deflated 4%)
adding: nwmsmgr.dll (188 bytes security) (deflated 5%)
adding: o248lchu1f48.dll (188 bytes security) (deflated 4%)
adding: o4ns0e57eh.dll (188 bytes security) (deflated 5%)
adding: o4nsle571h.dll (188 bytes security) (deflated 5%)
adding: o6840glqe6qe0.dll (188 bytes security) (deflated 5%)
adding: o8840ilqe8qe0.dll (188 bytes security) (deflated 5%)
adding: obbccr32.dll (188 bytes security) (deflated 5%)
adding: pbdx5016.dll (188 bytes security) (deflated 5%)
adding: pdcrt.dll (188 bytes security) (deflated 5%)
adding: pechdprf.dll (188 bytes security) (deflated 5%)
adding: pjh.dll (188 bytes security) (deflated 5%)
adding: PLDLIB32.DLL (188 bytes security) (deflated 5%)
adding: q4rq0e95eh.dll (188 bytes security) (deflated 4%)
adding: rcboex32.dll (188 bytes security) (deflated 5%)
adding: rQsdlg.dll (188 bytes security) (deflated 5%)
adding: RZOCURS.DLL (188 bytes security) (deflated 4%)
adding: s888lilu18q8.dll (188 bytes security) (deflated 4%)
adding: sbayerxp.dll (188 bytes security) (deflated 6%)
adding: SiellvRTF.dll (188 bytes security) (deflated 5%)
adding: sjell.dll (188 bytes security) (deflated 5%)
adding: sjredir.dll (188 bytes security) (deflated 5%)
adding: smell32.dll (188 bytes security) (deflated 5%)
adding: smssetup.dll (188 bytes security) (deflated 5%)
adding: sqrialui.dll (188 bytes security) (deflated 5%)
adding: srlogcfg.dll (188 bytes security) (deflated 6%)
adding: svsryty.dll (188 bytes security) (deflated 5%)
adding: szdpapi.dll (188 bytes security) (deflated 4%)
adding: wbi.dll (188 bytes security) (deflated 5%)
adding: wdhisn.dll (188 bytes security) (deflated 4%)
adding: wdspdmoe.dll (188 bytes security) (deflated 5%)
adding: wGvemsp.dll (188 bytes security) (deflated 4%)
adding: whpcore.dll (188 bytes security) (deflated 6%)
adding: wlstream.dll (188 bytes security) (deflated 6%)
adding: wlvdmod.dll (188 bytes security) (deflated 4%)
adding: wpnstrm.dll (188 bytes security) (deflated 5%)
adding: wpploc.dll (188 bytes security) (deflated 5%)
adding: wsnrnr.dll (188 bytes security) (deflated 5%)
adding: wuhatm.dll (188 bytes security) (deflated 5%)
adding: wupsrcwp.dll (188 bytes security) (deflated 5%)
adding: wwnup2date.dll (188 bytes security) (deflated 5%)
adding: wxdrmdev.dll (188 bytes security) (deflated 4%)
adding: guard.tmp (188 bytes security) (deflated 4%)
adding: clear.reg (188 bytes security) (deflated 60%)
adding: asdf.txt (188 bytes security) (deflated 63%)
adding: lo2.txt (188 bytes security) (deflated 90%)
adding: log.txt (188 bytes security) (stored 0%)
adding: RtlAudio_Result.txt (148 bytes security) (deflated 49%)
adding: test.txt (188 bytes security) (deflated 85%)
adding: test2.txt (188 bytes security) (deflated 42%)
adding: test3.txt (188 bytes security) (deflated 42%)
adding: test5.txt (188 bytes security) (deflated 42%)
adding: xfind.txt (188 bytes security) (deflated 81%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful

Restoring Windows Update Certificates.:

deleting local copy: abtodisc.dll
deleting local copy: abtxprxy.dll
deleting local copy: abvpack.dll
deleting local copy: afrsvc.dll
deleting local copy: afsnds.dll
deleting local copy: aiifile.dll
deleting local copy: arvpack.dll
deleting local copy: aUmd532.dll
deleting local copy: aza0059me.dll
deleting local copy: aza6l11s1.dll
deleting local copy: azaq07h5e.dll
deleting local copy: azas03l7e.dll
deleting local copy: azas0ed7eh0.dll
deleting local copy: c2000cdmef0a0.dll
deleting local copy: czyptdll.dll
deleting local copy: d6j0lg1m16.dll
deleting local copy: d80mlid1180.dll
deleting local copy: d8j00i1me8.dll
deleting local copy: d8j02i1mg8.dll
deleting local copy: dfserial.dll
deleting local copy: diprop.dll
deleting local copy: dllay.dll
deleting local copy: dMd8.dll
deleting local copy: dn2401fqe.dll
deleting local copy: dnjm0111e.dll
deleting local copy: dnr0019me.dll
deleting local copy: dqdmoprp.dll
deleting local copy: e2jm0c11ef.dll
deleting local copy: e402ledo1h0c.dll
deleting local copy: en6ol1j31.dll
deleting local copy: enj6l11s1.dll
deleting local copy: fi0403dqe.dll
deleting local copy: fjeploy.dll
deleting local copy: FL20ENU.DLL
deleting local copy: fp2o03f3e.dll
deleting local copy: fp8s03l7e.dll
deleting local copy: fpl2033oe.dll
deleting local copy: fzusd.dll
deleting local copy: g2jo0c13ef.dll
deleting local copy: gp6ol3j31.dll
deleting local copy: gp6ul3j91.dll
deleting local copy: gpjml3111.dll
deleting local copy: gpjql3151.dll
deleting local copy: gpl0l33m1.dll
deleting local copy: gui32.dll
deleting local copy: gymf32.dll
deleting local copy: gztext.dll
deleting local copy: heetwiz.dll
deleting local copy: hr8405lqe.dll
deleting local copy: hrr0059me.dll
deleting local copy: hrrq0595e.dll
deleting local copy: i2nm0c51ef.dll
deleting local copy: i4600ejmehoa0.dll
deleting local copy: i6240gfqe62e0.dll
deleting local copy: iaxsap.dll
deleting local copy: ibdetect.dll
deleting local copy: ibxpromn.dll
deleting local copy: ie50_qcx.dll
deleting local copy: iqaksie.dll
deleting local copy: ir4ol5h31.dll
deleting local copy: irr0l59m1.dll
deleting local copy: ISKED.DLL
deleting local copy: izsetup.dll
deleting local copy: j04o0ah3ed4.dll
deleting local copy: j2n2lc5o1f.dll
deleting local copy: j40s0ed7eh0.dll
deleting local copy: j84olih3184.dll
deleting local copy: jt0407dqe.dll
deleting local copy: jt0u07d9e.dll
deleting local copy: jt4o07h3e.dll
deleting local copy: jt4q07h5e.dll
deleting local copy: jt6s07j7e.dll
deleting local copy: jtp8077ue.dll
deleting local copy: jtr0079me.dll
deleting local copy: k044lahq1d4e.dll
deleting local copy: k4pmle711h.dll
deleting local copy: kcl0l73m1.dll
deleting local copy: kedazel.dll
deleting local copy: kgdpo.dll
deleting local copy: kkdmlt48.dll
deleting local copy: kt6sl7j71.dll
deleting local copy: kt6ul7j91.dll
deleting local copy: ktdusl.dll
deleting local copy: ktl0l73m1.dll
deleting local copy: ktl2l73o1.dll
deleting local copy: ktrql7951.dll
deleting local copy: ku6ul7j91.dll
deleting local copy: kvdazel.dll
deleting local copy: kvdlv1.dll
deleting local copy: kwdsl1.dll
deleting local copy: kZjslg1716.dll
deleting local copy: l02s0af7ed2.dll
deleting local copy: l02slaf71d2.dll
deleting local copy: l06o0aj3edo.dll
deleting local copy: l26o0cj3efo.dll
deleting local copy: l26olcj31fo.dll
deleting local copy: lnadperf.dll
deleting local copy: lv8809lue.dll
deleting local copy: lvjs0917e.dll
deleting local copy: lvlu0939e.dll
deleting local copy: lvnm0951e.dll
deleting local copy: lvpq0975e.dll
deleting local copy: lvrs0997e.dll
deleting local copy: lyfil11n.DLL
deleting local copy: m2460chsef460.dll
deleting local copy: m4po0e73eh.dll
deleting local copy: m6po0g73e6.dll
deleting local copy: mbcms.dll
deleting local copy: mbiwave.dll
deleting local copy: mdyuv.dll
deleting local copy: megsvc.dll
deleting local copy: memefilt.dll
deleting local copy: mesystem.dll
deleting local copy: mgmefilt.dll
deleting local copy: mkgina.dll
deleting local copy: mnmefilt.dll
deleting local copy: mofutil.dll
deleting local copy: mowsock.dll
deleting local copy: mqoeacct.dll
deleting local copy: mtdtcprx.dll
deleting local copy: muwdat10.dll
deleting local copy: mviwave.dll
deleting local copy: mvjsl9171.dll
deleting local copy: mvl6l93s1.dll
deleting local copy: mvrapi.dll
deleting local copy: mxyuv.dll
deleting local copy: n0p4la7q1d.dll
deleting local copy: n8n60i5se8.dll
deleting local copy: n8n6li5s18.dll
deleting local copy: nadenb32.dll
deleting local copy: natid.dll
deleting local copy: nmxpnt.dll
deleting local copy: nvapi32.dll
deleting local copy: nwmsmgr.dll
deleting local copy: o248lchu1f48.dll
deleting local copy: o4ns0e57eh.dll
deleting local copy: o4nsle571h.dll
deleting local copy: o6840glqe6qe0.dll
deleting local copy: o8840ilqe8qe0.dll
deleting local copy: obbccr32.dll
deleting local copy: pbdx5016.dll
deleting local copy: pdcrt.dll
deleting local copy: pechdprf.dll
deleting local copy: pjh.dll
deleting local copy: PLDLIB32.DLL
deleting local copy: q4rq0e95eh.dll
deleting local copy: rcboex32.dll
deleting local copy: rQsdlg.dll
deleting local copy: RZOCURS.DLL
deleting local copy: s888lilu18q8.dll
deleting local copy: sbayerxp.dll
deleting local copy: SiellvRTF.dll
deleting local copy: sjell.dll
deleting local copy: sjredir.dll
deleting local copy: smell32.dll
deleting local copy: smssetup.dll
deleting local copy: sqrialui.dll
deleting local copy: srlogcfg.dll
deleting local copy: svsryty.dll
deleting local copy: szdpapi.dll
deleting local copy: wbi.dll
deleting local copy: wdhisn.dll
deleting local copy: wdspdmoe.dll
deleting local copy: wGvemsp.dll
deleting local copy: whpcore.dll
deleting local copy: wlstream.dll
deleting local copy: wlvdmod.dll
deleting local copy: wpnstrm.dll
deleting local copy: wpploc.dll
deleting local copy: wsnrnr.dll
deleting local copy: wuhatm.dll
deleting local copy: wupsrcwp.dll
deleting local copy: wwnup2date.dll
deleting local copy: wxdrmdev.dll
deleting local copy: guard.tmp

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword
  • 0

#9
Skater14
Posted 15 October 2005 - 08:49 PM

Skater14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Well the pokapoka process is not running. Which should be good right? But, the folder is still there with the program in it.
  • 0

#10
loophole
Posted 15 October 2005 - 09:18 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Great one major problem out of the way :tazz: . we will get rid of pokapoka in a little bit. we have to remove these other problems first because they download other garbage (including pokapoka) onto your computer.

Now I will need the two logs referred to in post #2 again please (new ones) :)
  • 0

Advertisements

#11
Skater14
Posted 15 October 2005 - 09:28 PM

Skater14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
WinPFind (new) :

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
UPX! 1/7/2005 1:47:46 AM 334848 C:\WINDOWS\SYSTEM32\BlackHawkDowntheGame Screensaver.scr
aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
PEC2 8/10/2004 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
FSG! 8/19/2001 5:30:46 AM 11357 C:\WINDOWS\SYSTEM32\elitergt32.exe
FSG! 8/19/2001 5:30:46 AM 11593 C:\WINDOWS\SYSTEM32\elitezgx32.exe
69.59.186.63 9/1/2005 2:54:24 PM 10240 C:\WINDOWS\SYSTEM32\eneaa.dll
209.66.67.134 9/1/2005 2:54:24 PM 10240 C:\WINDOWS\SYSTEM32\eneaa.dll
web-nex 9/1/2005 2:54:24 PM 10240 C:\WINDOWS\SYSTEM32\eneaa.dll
winsync 9/1/2005 2:54:24 PM 10240 C:\WINDOWS\SYSTEM32\eneaa.dll
69.59.186.63 9/1/2005 2:54:22 PM 46080 C:\WINDOWS\SYSTEM32\fjfssss.dll
209.66.67.134 9/1/2005 2:54:22 PM 46080 C:\WINDOWS\SYSTEM32\fjfssss.dll
web-nex 9/1/2005 2:54:22 PM 46080 C:\WINDOWS\SYSTEM32\fjfssss.dll
winsync 9/1/2005 2:54:22 PM 46080 C:\WINDOWS\SYSTEM32\fjfssss.dll
UPX! 12/15/2004 3:06:34 PM 875888 C:\WINDOWS\SYSTEM32\HyperLinker3.exe
aspack 5/21/2005 8:45:30 PM 63488 C:\WINDOWS\SYSTEM32\ipikzv.exe
69.59.186.63 10/15/2005 8:39:30 PM 133120 C:\WINDOWS\SYSTEM32\kekwm.dll
209.66.67.134 10/15/2005 8:39:30 PM 133120 C:\WINDOWS\SYSTEM32\kekwm.dll
web-nex 10/15/2005 8:39:30 PM 133120 C:\WINDOWS\SYSTEM32\kekwm.dll
winsync 10/15/2005 8:39:30 PM 133120 C:\WINDOWS\SYSTEM32\kekwm.dll
PTech 7/12/2005 6:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
69.59.186.63 10/15/2005 9:03:24 PM 181760 C:\WINDOWS\SYSTEM32\lrlocic.dll
209.66.67.134 10/15/2005 9:03:24 PM 181760 C:\WINDOWS\SYSTEM32\lrlocic.dll
web-nex 10/15/2005 9:03:24 PM 181760 C:\WINDOWS\SYSTEM32\lrlocic.dll
winsync 10/15/2005 9:03:24 PM 181760 C:\WINDOWS\SYSTEM32\lrlocic.dll
PECompact2 10/4/2005 8:09:08 PM 2293088 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 10/4/2005 8:09:08 PM 2293088 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/10/2004 6:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/10/2004 6:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
FSG! 8/19/2001 5:30:46 AM 11593 C:\WINDOWS\SYSTEM32\temperror32.dat
winsync 8/10/2004 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
69.59.186.63 8/30/2005 4:05:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
209.66.67.134 8/30/2005 4:05:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
66.63.167.97 8/30/2005 4:05:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
66.63.167.77 8/30/2005 4:05:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
web-nex 8/30/2005 4:05:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
winsync 8/30/2005 4:05:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
rec2_run 8/30/2005 4:05:58 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
127.0.0.1 www.qoologic.com
127.0.0.1 www.urllogic.com


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/15/2005 9:20:52 PM S 2048 C:\WINDOWS\bootstat.dat
10/5/2005 2:53:32 PM H 54156 C:\WINDOWS\QTFont.qfn
10/15/2005 9:20:56 PM S 64 C:\WINDOWS\CSC\00000001
10/15/2005 8:43:12 PM H 0 C:\WINDOWS\LastGood\INF\oem4.inf
10/15/2005 8:43:12 PM H 0 C:\WINDOWS\LastGood\INF\oem4.PNF
10/15/2005 8:42:54 PM H 527 C:\WINDOWS\system32\vsconfig.xml
10/4/2005 7:17:40 PM S 21737 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
8/17/2005 7:19:32 PM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899589.cat
9/28/2005 11:53:30 AM S 17402 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat
9/9/2005 7:15:08 PM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901017.cat
8/29/2005 9:25:44 PM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB904706.cat
8/22/2005 12:48:28 PM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905414.cat
8/22/2005 9:03:36 PM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905749.cat
10/15/2005 9:21:14 PM H 16384 C:\WINDOWS\system32\config\default.LOG
10/15/2005 9:20:58 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
10/15/2005 9:21:02 PM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
10/15/2005 9:22:12 PM H 40960 C:\WINDOWS\system32\config\software.LOG
10/15/2005 9:21:14 PM H 1273856 C:\WINDOWS\system32\config\system.LOG
10/15/2005 9:15:56 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
10/15/2005 9:20:12 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/10/2004 6:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 8/20/2004 3:02:46 AM 278528 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/10/2004 6:00:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 9/7/2004 11:16:28 PM 53352 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Ahead Software AG 10/9/2002 12:36:12 PM 57344 C:\WINDOWS\SYSTEM32\NeroBurnRights.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 1/7/2004 12:02:36 AM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Sony Corporation 12/4/1999 5:11:30 AM 151552 C:\WINDOWS\SYSTEM32\UILib.cpl
8/30/2005 4:05:58 PM 31744 C:\WINDOWS\SYSTEM32\vgactl.cpl
Microsoft Corporation 8/10/2004 6:00:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
7/20/2005 9:16:26 AM 986 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
4/20/2005 4:02:54 PM 838 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
9/7/2004 8:17:28 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
10/15/2005 9:03:24 PM 417792 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rkri.exe
4/15/2005 5:49:50 PM 1661 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Smart Wizard Wireless Settings.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/7/2004 1:09:14 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
9/7/2004 8:17:28 PM HS 84 C:\Documents and Settings\Owner.Tyler\Start Menu\Programs\Startup\desktop.ini
2/10/2005 10:12:02 PM 256000 C:\Documents and Settings\Owner.Tyler\Start Menu\Programs\Startup\PowerReg Scheduler.exe

Checking files in %USERPROFILE%\Application Data folder...
9/7/2004 1:09:14 PM HS 62 C:\Documents and Settings\Owner.Tyler\Application Data\desktop.ini
4/29/2005 3:10:22 PM 187 C:\Documents and Settings\Owner.Tyler\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
8/1/2005 7:58:36 PM 7294 C:\Documents and Settings\Owner.Tyler\Application Data\wklnhst.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\mnmxyfyt
{f4275a26-b5d4-42c1-92ce-0168d3b46c1d} = C:\WINDOWS\system32\kekwm.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4982D40A-C53B-4615-B15B-B5B5E98D167C}
ButtonText = AOL Toolbar :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{669B269B-0D4E-41FB-A3D8-FD67CA94F646}
ButtonText = ComcastHSI : http://www.comcast.net/
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8828075D-D097-4055-AA02-2DBFA9D85E8A}
ButtonText = Support : http://www.comcastsupport.com/
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{97809617-3937-4F84-B335-9BB05EF1A8D4}
ButtonText = Help : http://online.comcast.net/help/
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}
MenuText = Java :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{4982D40A-C53B-4615-B15B-B5B5E98D167C} = AOL Toolbar : C:\Program Files\AOL Toolbar\toolbar.dll
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ehTray C:\WINDOWS\ehome\ehtray.exe
High Definition Audio Property Page Shortcut HDAudPropShortcut.exe
ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
AOL Spyware Protection "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
RemoteControl "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
CHotkey zHotkey.exe
ShowWnd ShowWnd.exe
SunKistEM C:\Program Files\Digital Media Reader\shwiconem.exe

mmtask c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
SoundMan SOUNDMAN.EXE
AlcWzrd ALCWZRD.EXE
Alcmtr ALCMTR.EXE
Recguard C:\WINDOWS\SMINST\RECGUARD.EXE
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
HostManager C:\Program Files\Common Files\AOL\1107129803\EE\AOLHostManager.exe
AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Microsoft Works Update Detection C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
Zone Labs Client C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
MPFTray C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
Pure Networks Port Magic "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
MISAggregator
tsvcin C:\Documents and Settings\Owner.Tyler\n20050308.EXE
WUSB54Gv4 C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
winsync C:\WINDOWS\system32\dpdita.exe reg_run
winupdates C:\Program Files\winupdates\winupdates.exe /auto
tgcmd "C:\Program Files\support.com\bin\tgcmd.exe" /server
System service76 C:\WINDOWS\etb\pokapoka76.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
sysxml C:\WINDOWS\system32\sysxml.exe
SpybotSD TeaTimer C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
sysxml C:\WINDOWS\system32\sysxml.exe


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/15/2005 9:26:53 PM
  • 0

#12
Skater14
Posted 15 October 2005 - 09:32 PM

Skater14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Track qoo.vbs (new) :

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- mnmxyfyt
{f4275a26-b5d4-42c1-92ce-0168d3b46c1d}
C:\WINDOWS\system32\kekwm.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Gamma Loader.lnk
America Online 9.0 Tray Icon.lnk
desktop.ini
rkri.exe
Smart Wizard Wireless Settings.lnk
==============================
C:\Documents and Settings\Owner.Tyler\Start Menu\Programs\Startup

Adobe Gamma Loader.lnk
America Online 9.0 Tray Icon.lnk
desktop.ini
rkri.exe
Smart Wizard Wireless Settings.lnk
desktop.ini
PowerReg Scheduler.exe
==============================
C:\WINDOWS\system32 cpl files


access.cpl Microsoft Corporation
ALSNDMGR.CPL Realtek Semiconductor Corp.
appwiz.cpl Microsoft Corporation
bthprops.cpl Microsoft Corporation
desk.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
NeroBurnRights.cpl Ahead Software AG
netsetup.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
nwc.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
QuickTime.cpl Apple Computer, Inc.
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
UILib.cpl Sony Corporation
vgactl.cpl
wscui.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation
  • 0

#13
loophole
Posted 15 October 2005 - 10:07 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Download Pocket KillBox from here. There is a Direct Download and a description of what the Program does inside this link.

Please open Notepad, and copy/paste the code in the box below into a new text file. Save it as KillQoo.reg (set Filetype to "All Files") and save it on your Desktop.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\mnmxyfyt]

[-HKEY_CLASSES_ROOT\CLSID\{f4275a26-b5d4-42c1-92ce-0168d3b46c1d}]


Please copy the list of filepaths below to notepad and save them to your desktop for use in safemode

Open Pocket Killbox and Copy & Paste the entries below into the "Full Path of File to Delete"

C:\WINDOWS\SYSTEM32\eneaa.dll
C:\WINDOWS\SYSTEM32\fjfssss.dll
C:\WINDOWS\SYSTEM32\ipikzv.exe
C:\WINDOWS\SYSTEM32\kekwm.dll
C:\WINDOWS\SYSTEM32\lrlocic.dll
C:\WINDOWS\SYSTEM32\temperror32.dat
C:\WINDOWS\SYSTEM32\wuauclt.dll
C:\WINDOWS\SYSTEM32\vgactl.cpl
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rkri.exe
C:\WINDOWS\system32\kekwm.dll
C:\WINDOWS\system32\sysxml.exe
C:\WINDOWS\system32\dpdita.exe
C:\Documents and Settings\Owner.Tyler\n20050308.EXE




As you Paste each entry into Killbox,place a tick by any of these Selections available

"Delete on Reboot"
"Unregister .dll before Deleting"

Click the Red Circle with the White X in the Middle to Delete!

Restart in Safe Mode and Run those files through Killbox once more to be sure nothing survived.

This time place a tick by any of these selections available

"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"

Now Locate and DoubleClick KillQoo.reg-> Allow it to merge into the Registry!

Restart back in Normal Mode and Post a fresh HijackThis log!
  • 0

#14
Skater14
Posted 16 October 2005 - 10:24 AM

Skater14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Ok the pokapoka76.exe process is running once again :tazz: but maybe we are gonna take that out next or soon. Here is the new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:22:46 AM, on 10/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\etb\pokapoka76.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\COMMON~1\AOL\110712~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110712~1\EE\AOLServiceHost.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Documents and Settings\Owner.Tyler\My Documents\Programs\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search123forme.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search123forme.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search123forme.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1107129803\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [tsvcin] C:\Documents and Settings\Owner.Tyler\n20050308.EXE
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\dpdita.exe reg_run
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [System service76] C:\WINDOWS\etb\pokapoka76.exe
O4 - HKCU\..\Run: [sysxml] C:\WINDOWS\system32\sysxml.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10406.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Owner.Tyler\Desktop\cwshredder.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)
  • 0

#15
loophole
Posted 16 October 2005 - 03:20 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search123forme.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search123forme.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search123forme.com/sp2.php
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\dpdita.exe reg_run
O4 - HKCU\..\Run: [sysxml] C:\WINDOWS\system32\sysxml.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto

Now close all windows other than HiJackThis, then click Fix Checked

Open your task manager (Cntr+ALT+Del) click on Processes then find Winupdates.exe and end task on it

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

winupdates


Please delete these folders using Windows Explorer(if present):

C:\Program Files\winupdates



Please download LQfix.exe from one of the following locations:
  • http://www.downloads.subratam.org/LQfix.exe
    http://miekiemoes.geekstogo.com/tools/LQfix.exe

  • Save it to your desktop.
  • Double-Click LQfix.exe and click Next > Next > Install.
  • Leave the default settings, if you change them, the fix will Fail!
  • You need an active Internet Connection, so make sure your you're not blocking any connection now.
  • Now make sure the "Launch LQfix" box is checked.
  • Click the Finish button, after clicking the Finish button the fix will start.
  • Follow the on-screen prompts.
  • Your system will reboot afterwards.
  • Please be patient after the reboot, there is a script running in the background that needs to complete.
Then do a scan with HiJackThis and post a new log by using Add Reply
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP