Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please Help Diagnose


  • Please log in to reply
14 replies to this topic

#1 Blastedw0lf4

Blastedw0lf4

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 20 July 2005 - 06:24 PM

Hi Everyone,


This is basically my first post up here on bleepingcomputers and I come to you guys in need of great assistance. The initial error for me occurs on startup where I see a windows error message about winlogon.exe.. I discard the message not to send to microsoft..and continue using the computer ..after a while another error message about buffer over run comes up .. showing rundll32.exe ... I close this error message out and about 20-40 min later i'll come back and be blue screend w/ this message STOP 0xc000021a in WINLOGON.EXE .... of course before coming here I tried a couple of 3rd party remedys like norton anti 2k5, xoftspy, ad-aware, a-squared, cleanmypc registry cleaner, even tools to view the processes.. It seems everytime i clean the whole system out good .. and i boot normally the 1st time.. i have bypassed some of the errors..but when i do a restart..it happens all over again.. Hopefully some1 here can assist me so I leave you with the log file:

::btw I am running in safe mode as we speak::

Logfile of HijackThis v1.99.1
Scan saved at 7:02:29 PM, on 7/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [mscin] C:\WINDOWS\system32\m190309.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
O20 - Winlogon Notify: Media Center - C:\WINDOWS\system32\ADCUPS.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



Please some1 .. rid me 0f these malicious sCrIpTZ!

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 23 July 2005 - 06:38 AM

Hi Blastedw0lf4 and Welcome to the Bleeping Computer!

That log has a stinch of the Look2me Infection,so please download the l2mfix from here
http://www.atribune.org/downloads/l2mfix.exe
or
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe.

Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop.

Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log.

Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until I ask you to.


If you recieve any error messages for CMD or Autoexec.bat>> Select Option 5 from the l2mfix and once at the Site,Click on the link that apply to your Operating System!

Double Click the file it downloads and Extract the files to its predetermined System32 folder!

#3 Blastedw0lf4

Blastedw0lf4
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  

Posted 23 July 2005 - 01:39 PM

hi.. well 1st off thank you for viewing my post..hopefully we can finally fix my p00r machine out .... ok i did all that you told me .. i did get a CMD error but the log came out in the end so i do not know to continue step 5 (becuase the error came out but, i still got the log file) instruct me further on what to do after this reply ... heres the log file that it gave me:


L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Media Center]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\DZRGUI.DLL"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{7ADEDC4F-B31E-92DE-A451-053649D864FA}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{590FF12A-9458-4092-A520-6C959CD81FEA}"="PowerConverter"
"{588F8FCC-A42C-435A-A1FB-95E9DB877555}"=""
"{4954059B-B898-4992-A1CA-03CF33716E71}"=""
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="ař Context Menu Shell Extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{588F8FCC-A42C-435A-A1FB-95E9DB877555}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{588F8FCC-A42C-435A-A1FB-95E9DB877555}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{588F8FCC-A42C-435A-A1FB-95E9DB877555}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4954059B-B898-4992-A1CA-03CF33716E71}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4954059B-B898-4992-A1CA-03CF33716E71}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4954059B-B898-4992-A1CA-03CF33716E71}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4954059B-B898-4992-A1CA-03CF33716E71}\InprocServer32]
@="C:\\WINDOWS\\system32\\DGD8THK.DLL"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 90AF-397D

Directory of C:\WINDOWS\System32

07/23/2005 01:51 PM 417,792 DGD8THK.DLL
07/22/2005 07:33 PM 417,792 DZRGUI.DLL
07/22/2005 11:50 AM 417,792 SVCLIENT.DLL
07/22/2005 10:24 AM 417,792 CMCDLL.DLL
07/22/2005 10:24 AM 417,792 CUMSNAP.DLL
07/22/2005 09:15 AM 417,792 NXTPLWIZ.DLL
07/22/2005 09:15 AM 417,792 NPTRAP.DLL
07/22/2005 06:46 AM 417,792 JEBEXEC.DLL
07/22/2005 06:46 AM 417,792 kwd101.dll
07/22/2005 05:30 AM 417,792 CBRSRV.DLL
07/22/2005 05:30 AM 417,792 CBYPTNET.DLL
07/22/2005 04:04 AM 417,792 DSPROV.DLL
07/22/2005 04:04 AM 417,792 DKKQUOTA.DLL
07/22/2005 02:38 AM 417,792 KLDSP.DLL
07/22/2005 02:38 AM 417,792 CBTDLL.DLL
07/22/2005 01:29 AM 417,792 CURTCLI.DLL
07/22/2005 01:29 AM 417,792 CMADMIN.DLL
07/22/2005 12:22 AM 417,792 CINSOLE.DLL
07/22/2005 12:22 AM 417,792 CJMUID.DLL
07/21/2005 11:02 PM 417,792 duvxdec_0411.dll
07/21/2005 11:02 PM 417,792 AMRACE.DLL
07/21/2005 09:48 PM 417,792 cRg18030.dll
07/21/2005 09:48 PM 417,792 cSg18030.dll
07/21/2005 08:46 PM 417,792 sdlb2.dll
07/21/2005 08:46 PM 417,792 SECLIENT.DLL
07/21/2005 07:38 PM 417,792 RDSMONTR.DLL
07/21/2005 07:38 PM 417,792 RWSSAPI.DLL
07/21/2005 06:15 PM 417,792 IKAKENG.DLL
07/21/2005 06:15 PM 417,792 IKCVID.DLL
07/21/2005 04:53 PM 417,792 DFVMGR.DLL
07/21/2005 04:53 PM 417,792 DNRGRES.DLL
07/21/2005 03:48 PM 417,792 KSDNO.DLL
07/17/2005 01:27 AM 417,792 SNCFILES.DLL
07/16/2005 02:29 AM <DIR> DLLCACHE
07/14/2005 11:07 PM 417,792 IOSHLPR.DLL
07/14/2005 10:19 PM 417,792 ADCUPS.DLL
07/14/2005 04:04 PM 417,792 XLLPROVI.DLL
07/14/2005 04:04 PM 417,792 wdweb.dll
07/14/2005 02:44 PM 417,792 DYLAY.DLL
07/14/2005 02:44 PM 417,792 DOMODEMX.DLL
07/14/2005 01:44 PM 417,792 DLRGRES.DLL
07/14/2005 01:44 PM 417,792 AELUI.DLL
07/14/2005 12:36 PM 417,792 wops.dll
07/12/2005 08:37 PM 417,792 IOSECSVC.DLL
07/12/2005 05:23 AM 417,792 MKAPSSPC.DLL
07/12/2005 04:15 AM 417,792 MURD2X40.DLL
07/12/2005 04:15 AM 417,792 MCRECR40.DLL
07/12/2005 02:55 AM 417,792 LLHSVC.DLL
07/12/2005 02:54 AM 417,792 ldtga11n.dll
07/12/2005 01:41 AM 417,792 NIHTML.DLL
07/12/2005 01:40 AM 417,792 NBLANUI.DLL
07/12/2005 12:39 AM 417,792 fpsclntR.dll
07/12/2005 12:39 AM 417,792 FXSRCH.DLL
07/11/2005 11:14 PM 417,792 SSHCINST.DLL
07/11/2005 11:13 PM 417,792 SINDMAIL.DLL
07/11/2005 10:05 PM 417,792 GODEF.DLL
07/11/2005 10:04 PM 417,792 FESUI.DLL
07/11/2005 08:41 PM 417,792 wypshell.dll
07/11/2005 08:40 PM 417,792 WOSTREAM.DLL
07/11/2005 07:16 PM 417,792 ALPTIF.DLL
07/11/2005 07:15 PM 417,792 ABTIVEDS.DLL
07/11/2005 05:50 PM 417,792 MSIOLE16.DLL
07/11/2005 05:49 PM 417,792 MI3216.DLL
07/11/2005 04:24 PM 417,792 IWXWAN.DLL
07/11/2005 04:23 PM 417,792 IBSMSNAP.DLL
07/11/2005 12:26 PM 417,792 MC3216.DLL
07/11/2005 12:25 PM 417,792 MKPI32.DLL
07/11/2005 11:17 AM 417,792 mpvcp71.dll
07/11/2005 11:16 AM 417,792 mfvcp71.dll
07/08/2005 07:21 PM 417,792 KADBR.DLL
07/06/2005 08:14 AM 417,792 AKCTRES.DLL
07/01/2005 12:03 AM 104 7B98AA9539.sys
07/01/2005 12:03 AM 1,682 KGyGaAvL.sys
06/28/2005 06:03 AM <DIR> Microsoft
06/27/2005 07:27 PM 417,792 wuninet.dll
73 File(s) 29,665,018 bytes
2 Dir(s) 45,857,562,624 bytes free

hope this helpz...THANK YOU AGAIN

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 23 July 2005 - 04:36 PM

Did you recieve an error message while running the l2mfix??

#5 Blastedw0lf4

Blastedw0lf4
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 23 July 2005 - 04:44 PM

i opened the .bat file fine

when i chose option 1 the error came out

but the log file still poped up ...contact me on AIM

Blastedw0lf4

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 23 July 2005 - 05:42 PM

How bout MSN or Yahoo?

AIM is the one I dont have!

#7 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 23 July 2005 - 07:53 PM

I installed AIM and Added you!

Open the l2mfix and choose Option 5,this will open a browser page!

Inside that page,you will see 3 links,choose the one that applies to your operating system!

Once the download is complete,doubleclick the .exe file that was downloaded!

It will open a Self Extractor,just extract the files to thier predetermined location and run the l2mfix,Option1 again and post those results!

#8 Blastedw0lf4

Blastedw0lf4
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  

Posted 23 July 2005 - 09:32 PM

alright did all you told me .. heres the log:


L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reinstall]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\DGD8THK.DLL"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{C1A01002-E833-AD91-7E72-D449E92F6A4D}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{590FF12A-9458-4092-A520-6C959CD81FEA}"="PowerConverter"
"{588F8FCC-A42C-435A-A1FB-95E9DB877555}"=""
"{4954059B-B898-4992-A1CA-03CF33716E71}"=""
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="ař Context Menu Shell Extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{588F8FCC-A42C-435A-A1FB-95E9DB877555}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{588F8FCC-A42C-435A-A1FB-95E9DB877555}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{588F8FCC-A42C-435A-A1FB-95E9DB877555}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4954059B-B898-4992-A1CA-03CF33716E71}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4954059B-B898-4992-A1CA-03CF33716E71}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4954059B-B898-4992-A1CA-03CF33716E71}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4954059B-B898-4992-A1CA-03CF33716E71}\InprocServer32]
@="C:\\WINDOWS\\system32\\DGD8THK.DLL"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
abtiveds.dll Mon Jul 11 2005 7:16:00p ..S.R 417,792 408.00 K
adcups.dll Thu Jul 14 2005 10:19:36p ..S.R 417,792 408.00 K
aelui.dll Thu Jul 14 2005 1:44:56p ..S.R 417,792 408.00 K
akctres.dll Wed Jul 6 2005 8:14:50a ..S.R 417,792 408.00 K
alptif.dll Mon Jul 11 2005 7:16:06p ..S.R 417,792 408.00 K
amrace.dll Thu Jul 21 2005 11:02:04p ..S.R 417,792 408.00 K
aunps2.dll Sat Jul 23 2005 10:45:08a A.... 24,576 24.00 K
browseui.dll Mon May 2 2005 4:52:34p A.... 1,019,904 996.00 K
cbrsrv.dll Fri Jul 22 2005 5:30:10a ..S.R 417,792 408.00 K
cbtdll.dll Fri Jul 22 2005 2:38:06a ..S.R 417,792 408.00 K
cbyptnet.dll Fri Jul 22 2005 5:30:06a ..S.R 417,792 408.00 K
cdfview.dll Mon May 2 2005 4:52:34p A.... 151,040 147.50 K
cdm.dll Thu May 26 2005 4:16:24a A.... 75,544 73.77 K
cinsole.dll Fri Jul 22 2005 12:22:08a ..S.R 417,792 408.00 K
cjmuid.dll Fri Jul 22 2005 12:22:04a ..S.R 417,792 408.00 K
cmadmin.dll Fri Jul 22 2005 1:29:04a ..S.R 417,792 408.00 K
cmcdll.dll Fri Jul 22 2005 10:24:10a ..S.R 417,792 408.00 K
cmdlin~1.dll Tue Jun 21 2005 7:13:04p A.... 98,304 96.00 K
cmdlin~2.dll Mon Jul 4 2005 3:31:22a A.... 43,520 42.50 K
crg18030.dll Thu Jul 21 2005 9:48:08p ..S.R 417,792 408.00 K
csg18030.dll Thu Jul 21 2005 9:48:04p ..S.R 417,792 408.00 K
cumsnap.dll Fri Jul 22 2005 10:24:06a ..S.R 417,792 408.00 K
curtcli.dll Fri Jul 22 2005 1:29:08a ..S.R 417,792 408.00 K
dfvmgr.dll Thu Jul 21 2005 4:53:10p ..S.R 417,792 408.00 K
dfxg11.dll Wed May 18 2005 3:11:44p A.... 581,632 568.00 K
dgd8thk.dll Sat Jul 23 2005 1:51:38p ..S.R 417,792 408.00 K
dkkquota.dll Fri Jul 22 2005 4:04:06a ..S.R 417,792 408.00 K
dlrgres.dll Thu Jul 14 2005 1:45:00p ..S.R 417,792 408.00 K
dnrgres.dll Thu Jul 21 2005 4:53:04p ..S.R 417,792 408.00 K
domodemx.dll Thu Jul 14 2005 2:44:54p ..S.R 417,792 408.00 K
dsprov.dll Fri Jul 22 2005 4:04:10a ..S.R 417,792 408.00 K
duvxde~1.dll Thu Jul 21 2005 11:02:08p ..S.R 417,792 408.00 K
dylay.dll Thu Jul 14 2005 2:45:00p ..S.R 417,792 408.00 K
dzrgui.dll Fri Jul 22 2005 7:33:38p ..S.R 417,792 408.00 K
fesui.dll Mon Jul 11 2005 10:05:00p ..S.R 417,792 408.00 K
ffusd.dll Sat Jul 23 2005 2:44:40p ..S.R 417,792 408.00 K
fpsclntr.dll Tue Jul 12 2005 12:39:06a ..S.R 417,792 408.00 K
fxsrch.dll Tue Jul 12 2005 12:39:02a ..S.R 417,792 408.00 K
godef.dll Mon Jul 11 2005 10:05:06p ..S.R 417,792 408.00 K
hccutils.dll Mon Apr 25 2005 10:27:50a A.... 73,728 72.00 K
hhsetup.dll Thu May 26 2005 10:04:28p A.... 41,472 40.50 K
ialmco~3.dll Mon Apr 25 2005 10:48:24a A.... 61,440 60.00 K
ialmdd5.dll Mon Apr 25 2005 10:55:34a A.... 882,298 861.62 K
ialmdev5.dll Mon Apr 25 2005 10:48:12a A.... 197,498 192.87 K
ialmdnt5.dll Mon Apr 25 2005 10:48:22a A.... 120,955 118.12 K
ialmrem.dll Mon Apr 25 2005 10:48:26a A.... 49,152 48.00 K
ialmrnt5.dll Mon Apr 25 2005 10:48:28a A.... 38,014 37.12 K
ibsmsnap.dll Mon Jul 11 2005 4:24:00p ..S.R 417,792 408.00 K
iepeers.dll Mon May 2 2005 4:52:34p A.... 250,880 245.00 K
igfxdev.dll Mon Apr 25 2005 10:28:06a A.... 131,072 128.00 K
igfxdo.dll Mon Apr 25 2005 10:29:06a A.... 86,016 84.00 K
igfxexps.dll Mon Apr 25 2005 10:32:44a A.... 36,864 36.00 K
igfxpph.dll Mon Apr 25 2005 10:31:56a A.... 143,360 140.00 K
igfxres.dll Mon Apr 25 2005 10:28:10a A.... 135,168 132.00 K
igfxress.dll Mon Apr 25 2005 10:32:00a A.... 1,503,232 1.43 M
igfxsrvc.dll Mon Apr 25 2005 10:28:54a A.... 57,344 56.00 K
igldev32.dll Mon Apr 25 2005 10:40:50a A.... 520,192 508.00 K
iglicd32.dll Mon Apr 25 2005 10:39:02a A.... 2,310,144 2.20 M
ikakeng.dll Thu Jul 21 2005 6:15:08p ..S.R 417,792 408.00 K
ikcvid.dll Thu Jul 21 2005 6:15:04p ..S.R 417,792 408.00 K
inseng.dll Mon May 2 2005 4:52:34p A.... 96,256 94.00 K
iosecsvc.dll Tue Jul 12 2005 8:37:20p ..S.R 417,792 408.00 K
ioshlpr.dll Thu Jul 14 2005 11:07:50p ..S.R 417,792 408.00 K
itircl.dll Thu May 26 2005 10:04:28p A.... 155,136 151.50 K
itss.dll Thu May 26 2005 10:04:28p A.... 137,216 134.00 K
iuengine.dll Thu May 26 2005 4:16:24a A.... 198,424 193.77 K
iwxwan.dll Mon Jul 11 2005 4:24:06p ..S.R 417,792 408.00 K
jebexec.dll Fri Jul 22 2005 6:46:10a ..S.R 417,792 408.00 K
kadbr.dll Fri Jul 8 2005 7:21:46p ..S.R 417,792 408.00 K
kldsp.dll Fri Jul 22 2005 2:38:10a ..S.R 417,792 408.00 K
ksdno.dll Thu Jul 21 2005 3:48:36p ..S.R 417,792 408.00 K
kwd101.dll Fri Jul 22 2005 6:46:06a ..S.R 417,792 408.00 K
ldtga11n.dll Tue Jul 12 2005 2:55:00a ..S.R 417,792 408.00 K
llhsvc.dll Tue Jul 12 2005 2:55:04a ..S.R 417,792 408.00 K
mc3216.dll Mon Jul 11 2005 12:26:04p ..S.R 417,792 408.00 K
mcrecr40.dll Tue Jul 12 2005 4:15:02a ..S.R 417,792 408.00 K
mfvcp71.dll Mon Jul 11 2005 11:17:00a ..S.R 417,792 408.00 K
mi3216.dll Mon Jul 11 2005 5:50:00p ..S.R 417,792 408.00 K
mkapsspc.dll Tue Jul 12 2005 5:23:02a ..S.R 417,792 408.00 K
mkpi32.dll Mon Jul 11 2005 12:26:00p ..S.R 417,792 408.00 K
mpvcp71.dll Mon Jul 11 2005 11:17:04a ..S.R 417,792 408.00 K
mshtml.dll Mon May 2 2005 4:52:36p A.... 3,012,608 2.87 M
mshtmled.dll Mon May 2 2005 4:52:36p A.... 448,512 438.00 K
msi.dll Wed May 4 2005 2:45:32p A.... 2,890,240 2.75 M
msihnd.dll Wed May 4 2005 2:45:36p A.... 271,360 265.00 K
msimsg.dll Wed May 4 2005 2:45:36p A.... 884,736 864.00 K
msiole16.dll Mon Jul 11 2005 5:50:04p ..S.R 417,792 408.00 K
msisip.dll Wed May 4 2005 2:45:36p A.... 15,360 15.00 K
msrating.dll Mon May 2 2005 4:52:36p A.... 146,432 143.00 K
murd2x40.dll Tue Jul 12 2005 4:15:06a ..S.R 417,792 408.00 K
nblanui.dll Tue Jul 12 2005 1:41:00a ..S.R 417,792 408.00 K
nihtml.dll Tue Jul 12 2005 1:41:04a ..S.R 417,792 408.00 K
nptrap.dll Fri Jul 22 2005 9:15:06a ..S.R 417,792 408.00 K
nxtplwiz.dll Fri Jul 22 2005 9:15:10a ..S.R 417,792 408.00 K
pngfilt.dll Mon May 2 2005 4:52:36p A.... 39,424 38.50 K
rdsmontr.dll Thu Jul 21 2005 7:38:08p ..S.R 417,792 408.00 K
rwssapi.dll Thu Jul 21 2005 7:38:04p ..S.R 417,792 408.00 K
s32evnt1.dll Fri May 13 2005 7:50:10p A.... 91,856 89.70 K
sdlb2.dll Thu Jul 21 2005 8:46:08p ..S.R 417,792 408.00 K
seclient.dll Thu Jul 21 2005 8:46:04p ..S.R 417,792 408.00 K
shdocvw.dll Mon May 2 2005 4:52:36p A.... 1,483,776 1.41 M
shlwapi.dll Mon May 2 2005 4:52:36p A.... 473,600 462.50 K
sindmail.dll Mon Jul 11 2005 11:14:00p ..S.R 417,792 408.00 K
sncfiles.dll Sun Jul 17 2005 1:27:26a ..S.R 417,792 408.00 K
sshcinst.dll Mon Jul 11 2005 11:14:06p ..S.R 417,792 408.00 K
supdate.dll Fri Jul 8 2005 1:12:54p A.... 29,184 28.50 K
svclient.dll Fri Jul 22 2005 11:50:06a ..S.R 417,792 408.00 K
urlmon.dll Mon May 2 2005 4:52:36p A.... 607,744 593.50 K
wdweb.dll Thu Jul 14 2005 4:04:54p ..S.R 417,792 408.00 K
wininet.dll Mon May 2 2005 4:52:36p A.... 657,920 642.50 K
wops.dll Thu Jul 14 2005 12:36:08p ..S.R 417,792 408.00 K
wostream.dll Mon Jul 11 2005 8:41:00p ..S.R 417,792 408.00 K
wuapi.dll Thu May 26 2005 4:16:30a A.... 465,176 454.27 K
wuaueng.dll Thu May 26 2005 4:16:30a A.... 1,343,768 1.28 M
wuaueng1.dll Thu May 26 2005 4:16:30a A.... 194,328 189.77 K
wucltui.dll Thu May 26 2005 4:16:30a A.... 127,256 124.27 K
wuninet.dll Mon Jun 27 2005 7:27:32p ..S.R 417,792 408.00 K
wups.dll Thu May 26 2005 4:16:30a A.... 41,240 40.27 K
wups2.dll Thu May 26 2005 4:16:30a A.... 18,200 17.77 K
wuweb.dll Thu May 26 2005 4:16:30a A.... 173,536 169.47 K
wypshell.dll Mon Jul 11 2005 8:41:06p ..S.R 417,792 408.00 K
xllprovi.dll Thu Jul 14 2005 4:04:58p ..S.R 417,792 408.00 K
xpsp3res.dll Mon May 16 2005 8:25:36p ..... 15,360 15.00 K

123 items found: 123 files (72 H/S), 0 directories.
Total of file sizes: 52,733,021 bytes 50.29 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 90AF-397D

Directory of C:\WINDOWS\System32

07/23/2005 02:44 PM 417,792 FFUSD.DLL
07/23/2005 01:51 PM 417,792 DGD8THK.DLL
07/22/2005 07:33 PM 417,792 DZRGUI.DLL
07/22/2005 11:50 AM 417,792 SVCLIENT.DLL
07/22/2005 10:24 AM 417,792 CMCDLL.DLL
07/22/2005 10:24 AM 417,792 CUMSNAP.DLL
07/22/2005 09:15 AM 417,792 NXTPLWIZ.DLL
07/22/2005 09:15 AM 417,792 NPTRAP.DLL
07/22/2005 06:46 AM 417,792 JEBEXEC.DLL
07/22/2005 06:46 AM 417,792 kwd101.dll
07/22/2005 05:30 AM 417,792 CBRSRV.DLL
07/22/2005 05:30 AM 417,792 CBYPTNET.DLL
07/22/2005 04:04 AM 417,792 DSPROV.DLL
07/22/2005 04:04 AM 417,792 DKKQUOTA.DLL
07/22/2005 02:38 AM 417,792 KLDSP.DLL
07/22/2005 02:38 AM 417,792 CBTDLL.DLL
07/22/2005 01:29 AM 417,792 CURTCLI.DLL
07/22/2005 01:29 AM 417,792 CMADMIN.DLL
07/22/2005 12:22 AM 417,792 CINSOLE.DLL
07/22/2005 12:22 AM 417,792 CJMUID.DLL
07/21/2005 11:02 PM 417,792 duvxdec_0411.dll
07/21/2005 11:02 PM 417,792 AMRACE.DLL
07/21/2005 09:48 PM 417,792 cRg18030.dll
07/21/2005 09:48 PM 417,792 cSg18030.dll
07/21/2005 08:46 PM 417,792 sdlb2.dll
07/21/2005 08:46 PM 417,792 SECLIENT.DLL
07/21/2005 07:38 PM 417,792 RDSMONTR.DLL
07/21/2005 07:38 PM 417,792 RWSSAPI.DLL
07/21/2005 06:15 PM 417,792 IKAKENG.DLL
07/21/2005 06:15 PM 417,792 IKCVID.DLL
07/21/2005 04:53 PM 417,792 DFVMGR.DLL
07/21/2005 04:53 PM 417,792 DNRGRES.DLL
07/21/2005 03:48 PM 417,792 KSDNO.DLL
07/17/2005 01:27 AM 417,792 SNCFILES.DLL
07/16/2005 02:29 AM <DIR> DLLCACHE
07/14/2005 11:07 PM 417,792 IOSHLPR.DLL
07/14/2005 10:19 PM 417,792 ADCUPS.DLL
07/14/2005 04:04 PM 417,792 XLLPROVI.DLL
07/14/2005 04:04 PM 417,792 wdweb.dll
07/14/2005 02:44 PM 417,792 DYLAY.DLL
07/14/2005 02:44 PM 417,792 DOMODEMX.DLL
07/14/2005 01:44 PM 417,792 DLRGRES.DLL
07/14/2005 01:44 PM 417,792 AELUI.DLL
07/14/2005 12:36 PM 417,792 wops.dll
07/12/2005 08:37 PM 417,792 IOSECSVC.DLL
07/12/2005 05:23 AM 417,792 MKAPSSPC.DLL
07/12/2005 04:15 AM 417,792 MURD2X40.DLL
07/12/2005 04:15 AM 417,792 MCRECR40.DLL
07/12/2005 02:55 AM 417,792 LLHSVC.DLL
07/12/2005 02:54 AM 417,792 ldtga11n.dll
07/12/2005 01:41 AM 417,792 NIHTML.DLL
07/12/2005 01:40 AM 417,792 NBLANUI.DLL
07/12/2005 12:39 AM 417,792 fpsclntR.dll
07/12/2005 12:39 AM 417,792 FXSRCH.DLL
07/11/2005 11:14 PM 417,792 SSHCINST.DLL
07/11/2005 11:13 PM 417,792 SINDMAIL.DLL
07/11/2005 10:05 PM 417,792 GODEF.DLL
07/11/2005 10:04 PM 417,792 FESUI.DLL
07/11/2005 08:41 PM 417,792 wypshell.dll
07/11/2005 08:40 PM 417,792 WOSTREAM.DLL
07/11/2005 07:16 PM 417,792 ALPTIF.DLL
07/11/2005 07:15 PM 417,792 ABTIVEDS.DLL
07/11/2005 05:50 PM 417,792 MSIOLE16.DLL
07/11/2005 05:49 PM 417,792 MI3216.DLL
07/11/2005 04:24 PM 417,792 IWXWAN.DLL
07/11/2005 04:23 PM 417,792 IBSMSNAP.DLL
07/11/2005 12:26 PM 417,792 MC3216.DLL
07/11/2005 12:25 PM 417,792 MKPI32.DLL
07/11/2005 11:17 AM 417,792 mpvcp71.dll
07/11/2005 11:16 AM 417,792 mfvcp71.dll
07/08/2005 07:21 PM 417,792 KADBR.DLL
07/06/2005 08:14 AM 417,792 AKCTRES.DLL
07/01/2005 12:03 AM 104 7B98AA9539.sys
07/01/2005 12:03 AM 1,682 KGyGaAvL.sys
06/28/2005 06:03 AM <DIR> Microsoft
06/27/2005 07:27 PM 417,792 wuninet.dll
74 File(s) 30,082,810 bytes
2 Dir(s) 46,393,208,832 bytes free


Thankz man! :thumbsup:

#9 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 24 July 2005 - 05:07 AM

Close any programs you have open since this step requires a reboot.


From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer.

After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log.

Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!

After you have posted those 2 logs,proceed with the Instructiosn below!

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Download and Install
CleanUp!
Dont use it yet!

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Run Cleanup,when prompted to log off>> Select No

Scan the PC with Ewido just as described in the link-> Clean everthing it finds and make sure to Save the Report

Scan the System with Ad Aware,remove everything it finds and delete all quaratine files!

Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>OK>>Follow the Prompts to Restart!!

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates


Download the Hoster from here:
http://www.funkytoad.com/download/hoster.zip
Press "Restore Original Hosts" and press "OK"!
Exit Program!


Post back with a fresh HijackThis log and the reports from Ewido and Panda!

#10 Blastedw0lf4

Blastedw0lf4
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 24 July 2005 - 10:51 AM

1st log:

L2Mfix 1.03a

Running From:
C:\Documents and Settings\Luis\Desktop\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting up for Reboot


Starting Reboot!

C:\Documents and Settings\Luis\Desktop\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\Luis\Desktop\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1472 'explorer.exe'
Killing PID 1472 'explorer.exe'
Killing PID 1472 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1608 'rundll32.exe'
Killing PID 1956 'rundll32.exe'
Killing PID 1972 'rundll32.exe'
Killing PID 1980 'rundll32.exe'
Killing PID 364 'rundll32.exe'
Error 0x6 : The handle is invalid.


Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\ABTIVEDS.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ABTIVEDS.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ADCUPS.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ADCUPS.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\AELUI.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\AELUI.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\AKCTRES.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\AKCTRES.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ALPTIF.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ALPTIF.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\AMRACE.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\AMRACE.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\CBRSRV.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\CBRSRV.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\CBTDLL.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\CBTDLL.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\CBYPTNET.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\CBYPTNET.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\CINSOLE.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\CINSOLE.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\CJMUID.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\CJMUID.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\CMADMIN.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\CMADMIN.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\CMCDLL.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\CMCDLL.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cRg18030.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cRg18030.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cSg18030.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cSg18030.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\CUMSNAP.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\CUMSNAP.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\CURTCLI.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\CURTCLI.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\DFVMGR.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\DFVMGR.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\DGD8THK.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\DGD8THK.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\DKKQUOTA.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\DKKQUOTA.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\DLRGRES.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\DLRGRES.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\DNRGRES.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\DNRGRES.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\DOMODEMX.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\DOMODEMX.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\DSPROV.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\DSPROV.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\duvxdec_0411.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\duvxdec_0411.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\DYLAY.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\DYLAY.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\DZRGUI.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\DZRGUI.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\FESUI.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\FESUI.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fpsclntR.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fpsclntR.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\FXSRCH.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\FXSRCH.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\GODEF.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\GODEF.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\IBSMSNAP.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\IBSMSNAP.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\IKAKENG.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\IKAKENG.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\IKCVID.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\IKCVID.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\IOSECSVC.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\IOSECSVC.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\IOSHLPR.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\IOSHLPR.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\IWXWAN.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\IWXWAN.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\JEBEXEC.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\JEBEXEC.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\KADBR.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\KADBR.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\KLDSP.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\KLDSP.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\KSDNO.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\KSDNO.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kwd101.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kwd101.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ldtga11n.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ldtga11n.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\LLHSVC.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\LLHSVC.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MC3216.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MC3216.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MCRECR40.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MCRECR40.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mfvcp71.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mfvcp71.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MHVIDC32.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MHVIDC32.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MI3216.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MI3216.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MKAPSSPC.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MKAPSSPC.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MKPI32.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MKPI32.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mpvcp71.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mpvcp71.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MSIOLE16.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MSIOLE16.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MURD2X40.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MURD2X40.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\NBLANUI.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\NBLANUI.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\NIHTML.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\NIHTML.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\NPTRAP.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\NPTRAP.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\NXTPLWIZ.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\NXTPLWIZ.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\RDSMONTR.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\RDSMONTR.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\RWSSAPI.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\RWSSAPI.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sdlb2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sdlb2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\SECLIENT.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\SECLIENT.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\SINDMAIL.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\SINDMAIL.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\SJCURITY.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\SJCURITY.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\SNCFILES.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\SNCFILES.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\SSHCINST.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\SSHCINST.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\SVCLIENT.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\SVCLIENT.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wdweb.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wdweb.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wops.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wops.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\WOSTREAM.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\WOSTREAM.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wuninet.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wuninet.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wypshell.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wypshell.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\XLLPROVI.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\XLLPROVI.DLL
1 file(s) copied.
deleting: C:\WINDOWS\system32\ABTIVEDS.DLL
Successfully Deleted: C:\WINDOWS\system32\ABTIVEDS.DLL
deleting: C:\WINDOWS\system32\ABTIVEDS.DLL
Successfully Deleted: C:\WINDOWS\system32\ABTIVEDS.DLL
deleting: C:\WINDOWS\system32\ADCUPS.DLL
Successfully Deleted: C:\WINDOWS\system32\ADCUPS.DLL
deleting: C:\WINDOWS\system32\ADCUPS.DLL
Successfully Deleted: C:\WINDOWS\system32\ADCUPS.DLL
deleting: C:\WINDOWS\system32\AELUI.DLL
Successfully Deleted: C:\WINDOWS\system32\AELUI.DLL
deleting: C:\WINDOWS\system32\AELUI.DLL
Successfully Deleted: C:\WINDOWS\system32\AELUI.DLL
deleting: C:\WINDOWS\system32\AKCTRES.DLL
Successfully Deleted: C:\WINDOWS\system32\AKCTRES.DLL
deleting: C:\WINDOWS\system32\AKCTRES.DLL
Successfully Deleted: C:\WINDOWS\system32\AKCTRES.DLL
deleting: C:\WINDOWS\system32\ALPTIF.DLL
Successfully Deleted: C:\WINDOWS\system32\ALPTIF.DLL
deleting: C:\WINDOWS\system32\ALPTIF.DLL
Successfully Deleted: C:\WINDOWS\system32\ALPTIF.DLL
deleting: C:\WINDOWS\system32\AMRACE.DLL
Successfully Deleted: C:\WINDOWS\system32\AMRACE.DLL
deleting: C:\WINDOWS\system32\AMRACE.DLL
Successfully Deleted: C:\WINDOWS\system32\AMRACE.DLL
deleting: C:\WINDOWS\system32\CBRSRV.DLL
Successfully Deleted: C:\WINDOWS\system32\CBRSRV.DLL
deleting: C:\WINDOWS\system32\CBRSRV.DLL
Successfully Deleted: C:\WINDOWS\system32\CBRSRV.DLL
deleting: C:\WINDOWS\system32\CBTDLL.DLL
Successfully Deleted: C:\WINDOWS\system32\CBTDLL.DLL
deleting: C:\WINDOWS\system32\CBTDLL.DLL
Successfully Deleted: C:\WINDOWS\system32\CBTDLL.DLL
deleting: C:\WINDOWS\system32\CBYPTNET.DLL
Successfully Deleted: C:\WINDOWS\system32\CBYPTNET.DLL
deleting: C:\WINDOWS\system32\CBYPTNET.DLL
Successfully Deleted: C:\WINDOWS\system32\CBYPTNET.DLL
deleting: C:\WINDOWS\system32\CINSOLE.DLL
Successfully Deleted: C:\WINDOWS\system32\CINSOLE.DLL
deleting: C:\WINDOWS\system32\CINSOLE.DLL
Successfully Deleted: C:\WINDOWS\system32\CINSOLE.DLL
deleting: C:\WINDOWS\system32\CJMUID.DLL
Successfully Deleted: C:\WINDOWS\system32\CJMUID.DLL
deleting: C:\WINDOWS\system32\CJMUID.DLL
Successfully Deleted: C:\WINDOWS\system32\CJMUID.DLL
deleting: C:\WINDOWS\system32\CMADMIN.DLL
Successfully Deleted: C:\WINDOWS\system32\CMADMIN.DLL
deleting: C:\WINDOWS\system32\CMADMIN.DLL
Successfully Deleted: C:\WINDOWS\system32\CMADMIN.DLL
deleting: C:\WINDOWS\system32\CMCDLL.DLL
Successfully Deleted: C:\WINDOWS\system32\CMCDLL.DLL
deleting: C:\WINDOWS\system32\CMCDLL.DLL
Successfully Deleted: C:\WINDOWS\system32\CMCDLL.DLL
deleting: C:\WINDOWS\system32\cRg18030.dll
Successfully Deleted: C:\WINDOWS\system32\cRg18030.dll
deleting: C:\WINDOWS\system32\cRg18030.dll
Successfully Deleted: C:\WINDOWS\system32\cRg18030.dll
deleting: C:\WINDOWS\system32\cSg18030.dll
Successfully Deleted: C:\WINDOWS\system32\cSg18030.dll
deleting: C:\WINDOWS\system32\cSg18030.dll
Successfully Deleted: C:\WINDOWS\system32\cSg18030.dll
deleting: C:\WINDOWS\system32\CUMSNAP.DLL
Successfully Deleted: C:\WINDOWS\system32\CUMSNAP.DLL
deleting: C:\WINDOWS\system32\CUMSNAP.DLL
Successfully Deleted: C:\WINDOWS\system32\CUMSNAP.DLL
deleting: C:\WINDOWS\system32\CURTCLI.DLL
Successfully Deleted: C:\WINDOWS\system32\CURTCLI.DLL
deleting: C:\WINDOWS\system32\CURTCLI.DLL
Successfully Deleted: C:\WINDOWS\system32\CURTCLI.DLL
deleting: C:\WINDOWS\system32\DFVMGR.DLL
Successfully Deleted: C:\WINDOWS\system32\DFVMGR.DLL
deleting: C:\WINDOWS\system32\DFVMGR.DLL
Successfully Deleted: C:\WINDOWS\system32\DFVMGR.DLL
deleting: C:\WINDOWS\system32\DGD8THK.DLL
Successfully Deleted: C:\WINDOWS\system32\DGD8THK.DLL
deleting: C:\WINDOWS\system32\DGD8THK.DLL
Successfully Deleted: C:\WINDOWS\system32\DGD8THK.DLL
deleting: C:\WINDOWS\system32\DKKQUOTA.DLL
Successfully Deleted: C:\WINDOWS\system32\DKKQUOTA.DLL
deleting: C:\WINDOWS\system32\DKKQUOTA.DLL
Successfully Deleted: C:\WINDOWS\system32\DKKQUOTA.DLL
deleting: C:\WINDOWS\system32\DLRGRES.DLL
Successfully Deleted: C:\WINDOWS\system32\DLRGRES.DLL
deleting: C:\WINDOWS\system32\DLRGRES.DLL
Successfully Deleted: C:\WINDOWS\system32\DLRGRES.DLL
deleting: C:\WINDOWS\system32\DNRGRES.DLL
Successfully Deleted: C:\WINDOWS\system32\DNRGRES.DLL
deleting: C:\WINDOWS\system32\DNRGRES.DLL
Successfully Deleted: C:\WINDOWS\system32\DNRGRES.DLL
deleting: C:\WINDOWS\system32\DOMODEMX.DLL
Successfully Deleted: C:\WINDOWS\system32\DOMODEMX.DLL
deleting: C:\WINDOWS\system32\DOMODEMX.DLL
Successfully Deleted: C:\WINDOWS\system32\DOMODEMX.DLL
deleting: C:\WINDOWS\system32\DSPROV.DLL
Successfully Deleted: C:\WINDOWS\system32\DSPROV.DLL
deleting: C:\WINDOWS\system32\DSPROV.DLL
Successfully Deleted: C:\WINDOWS\system32\DSPROV.DLL
deleting: C:\WINDOWS\system32\duvxdec_0411.dll
Successfully Deleted: C:\WINDOWS\system32\duvxdec_0411.dll
deleting: C:\WINDOWS\system32\duvxdec_0411.dll
Successfully Deleted: C:\WINDOWS\system32\duvxdec_0411.dll
deleting: C:\WINDOWS\system32\DYLAY.DLL
Successfully Deleted: C:\WINDOWS\system32\DYLAY.DLL
deleting: C:\WINDOWS\system32\DYLAY.DLL
Successfully Deleted: C:\WINDOWS\system32\DYLAY.DLL
deleting: C:\WINDOWS\system32\DZRGUI.DLL
Successfully Deleted: C:\WINDOWS\system32\DZRGUI.DLL
deleting: C:\WINDOWS\system32\DZRGUI.DLL
Successfully Deleted: C:\WINDOWS\system32\DZRGUI.DLL
deleting: C:\WINDOWS\system32\FESUI.DLL
Successfully Deleted: C:\WINDOWS\system32\FESUI.DLL
deleting: C:\WINDOWS\system32\FESUI.DLL
Successfully Deleted: C:\WINDOWS\system32\FESUI.DLL
deleting: C:\WINDOWS\system32\fpsclntR.dll
Successfully Deleted: C:\WINDOWS\system32\fpsclntR.dll
deleting: C:\WINDOWS\system32\fpsclntR.dll
Successfully Deleted: C:\WINDOWS\system32\fpsclntR.dll
deleting: C:\WINDOWS\system32\FXSRCH.DLL
Successfully Deleted: C:\WINDOWS\system32\FXSRCH.DLL
deleting: C:\WINDOWS\system32\FXSRCH.DLL
Successfully Deleted: C:\WINDOWS\system32\FXSRCH.DLL
deleting: C:\WINDOWS\system32\GODEF.DLL
Successfully Deleted: C:\WINDOWS\system32\GODEF.DLL
deleting: C:\WINDOWS\system32\GODEF.DLL
Successfully Deleted: C:\WINDOWS\system32\GODEF.DLL
deleting: C:\WINDOWS\system32\IBSMSNAP.DLL
Successfully Deleted: C:\WINDOWS\system32\IBSMSNAP.DLL
deleting: C:\WINDOWS\system32\IBSMSNAP.DLL
Successfully Deleted: C:\WINDOWS\system32\IBSMSNAP.DLL
deleting: C:\WINDOWS\system32\IKAKENG.DLL
Successfully Deleted: C:\WINDOWS\system32\IKAKENG.DLL
deleting: C:\WINDOWS\system32\IKAKENG.DLL
Successfully Deleted: C:\WINDOWS\system32\IKAKENG.DLL
deleting: C:\WINDOWS\system32\IKCVID.DLL
Successfully Deleted: C:\WINDOWS\system32\IKCVID.DLL
deleting: C:\WINDOWS\system32\IKCVID.DLL
Successfully Deleted: C:\WINDOWS\system32\IKCVID.DLL
deleting: C:\WINDOWS\system32\IOSECSVC.DLL
Successfully Deleted: C:\WINDOWS\system32\IOSECSVC.DLL
deleting: C:\WINDOWS\system32\IOSECSVC.DLL
Successfully Deleted: C:\WINDOWS\system32\IOSECSVC.DLL
deleting: C:\WINDOWS\system32\IOSHLPR.DLL
Successfully Deleted: C:\WINDOWS\system32\IOSHLPR.DLL
deleting: C:\WINDOWS\system32\IOSHLPR.DLL
Successfully Deleted: C:\WINDOWS\system32\IOSHLPR.DLL
deleting: C:\WINDOWS\system32\IWXWAN.DLL
Successfully Deleted: C:\WINDOWS\system32\IWXWAN.DLL
deleting: C:\WINDOWS\system32\IWXWAN.DLL
Successfully Deleted: C:\WINDOWS\system32\IWXWAN.DLL
deleting: C:\WINDOWS\system32\JEBEXEC.DLL
Successfully Deleted: C:\WINDOWS\system32\JEBEXEC.DLL
deleting: C:\WINDOWS\system32\JEBEXEC.DLL
Successfully Deleted: C:\WINDOWS\system32\JEBEXEC.DLL
deleting: C:\WINDOWS\system32\KADBR.DLL
Successfully Deleted: C:\WINDOWS\system32\KADBR.DLL
deleting: C:\WINDOWS\system32\KADBR.DLL
Successfully Deleted: C:\WINDOWS\system32\KADBR.DLL
deleting: C:\WINDOWS\system32\KLDSP.DLL
Successfully Deleted: C:\WINDOWS\system32\KLDSP.DLL
deleting: C:\WINDOWS\system32\KLDSP.DLL
Successfully Deleted: C:\WINDOWS\system32\KLDSP.DLL
deleting: C:\WINDOWS\system32\KSDNO.DLL
Successfully Deleted: C:\WINDOWS\system32\KSDNO.DLL
deleting: C:\WINDOWS\system32\KSDNO.DLL
Successfully Deleted: C:\WINDOWS\system32\KSDNO.DLL
deleting: C:\WINDOWS\system32\kwd101.dll
Successfully Deleted: C:\WINDOWS\system32\kwd101.dll
deleting: C:\WINDOWS\system32\kwd101.dll
Successfully Deleted: C:\WINDOWS\system32\kwd101.dll
deleting: C:\WINDOWS\system32\ldtga11n.dll
Successfully Deleted: C:\WINDOWS\system32\ldtga11n.dll
deleting: C:\WINDOWS\system32\ldtga11n.dll
Successfully Deleted: C:\WINDOWS\system32\ldtga11n.dll
deleting: C:\WINDOWS\system32\LLHSVC.DLL
Successfully Deleted: C:\WINDOWS\system32\LLHSVC.DLL
deleting: C:\WINDOWS\system32\LLHSVC.DLL
Successfully Deleted: C:\WINDOWS\system32\LLHSVC.DLL
deleting: C:\WINDOWS\system32\MC3216.DLL
Successfully Deleted: C:\WINDOWS\system32\MC3216.DLL
deleting: C:\WINDOWS\system32\MC3216.DLL
Successfully Deleted: C:\WINDOWS\system32\MC3216.DLL
deleting: C:\WINDOWS\system32\MCRECR40.DLL
Successfully Deleted: C:\WINDOWS\system32\MCRECR40.DLL
deleting: C:\WINDOWS\system32\MCRECR40.DLL
Successfully Deleted: C:\WINDOWS\system32\MCRECR40.DLL
deleting: C:\WINDOWS\system32\mfvcp71.dll
Successfully Deleted: C:\WINDOWS\system32\mfvcp71.dll
deleting: C:\WINDOWS\system32\mfvcp71.dll
Successfully Deleted: C:\WINDOWS\system32\mfvcp71.dll
deleting: C:\WINDOWS\system32\MHVIDC32.DLL
Successfully Deleted: C:\WINDOWS\system32\MHVIDC32.DLL
deleting: C:\WINDOWS\system32\MHVIDC32.DLL
Successfully Deleted: C:\WINDOWS\system32\MHVIDC32.DLL
deleting: C:\WINDOWS\system32\MI3216.DLL
Successfully Deleted: C:\WINDOWS\system32\MI3216.DLL
deleting: C:\WINDOWS\system32\MI3216.DLL
Successfully Deleted: C:\WINDOWS\system32\MI3216.DLL
deleting: C:\WINDOWS\system32\MKAPSSPC.DLL
Successfully Deleted: C:\WINDOWS\system32\MKAPSSPC.DLL
deleting: C:\WINDOWS\system32\MKAPSSPC.DLL
Successfully Deleted: C:\WINDOWS\system32\MKAPSSPC.DLL
deleting: C:\WINDOWS\system32\MKPI32.DLL
Successfully Deleted: C:\WINDOWS\system32\MKPI32.DLL
deleting: C:\WINDOWS\system32\MKPI32.DLL
Successfully Deleted: C:\WINDOWS\system32\MKPI32.DLL
deleting: C:\WINDOWS\system32\mpvcp71.dll
Successfully Deleted: C:\WINDOWS\system32\mpvcp71.dll
deleting: C:\WINDOWS\system32\mpvcp71.dll
Successfully Deleted: C:\WINDOWS\system32\mpvcp71.dll
deleting: C:\WINDOWS\system32\MSIOLE16.DLL
Successfully Deleted: C:\WINDOWS\system32\MSIOLE16.DLL
deleting: C:\WINDOWS\system32\MSIOLE16.DLL
Successfully Deleted: C:\WINDOWS\system32\MSIOLE16.DLL
deleting: C:\WINDOWS\system32\MURD2X40.DLL
Successfully Deleted: C:\WINDOWS\system32\MURD2X40.DLL
deleting: C:\WINDOWS\system32\MURD2X40.DLL
Successfully Deleted: C:\WINDOWS\system32\MURD2X40.DLL
deleting: C:\WINDOWS\system32\NBLANUI.DLL
Successfully Deleted: C:\WINDOWS\system32\NBLANUI.DLL
deleting: C:\WINDOWS\system32\NBLANUI.DLL
Successfully Deleted: C:\WINDOWS\system32\NBLANUI.DLL
deleting: C:\WINDOWS\system32\NIHTML.DLL
Successfully Deleted: C:\WINDOWS\system32\NIHTML.DLL
deleting: C:\WINDOWS\system32\NIHTML.DLL
Successfully Deleted: C:\WINDOWS\system32\NIHTML.DLL
deleting: C:\WINDOWS\system32\NPTRAP.DLL
Successfully Deleted: C:\WINDOWS\system32\NPTRAP.DLL
deleting: C:\WINDOWS\system32\NPTRAP.DLL
Successfully Deleted: C:\WINDOWS\system32\NPTRAP.DLL
deleting: C:\WINDOWS\system32\NXTPLWIZ.DLL
Successfully Deleted: C:\WINDOWS\system32\NXTPLWIZ.DLL
deleting: C:\WINDOWS\system32\NXTPLWIZ.DLL
Successfully Deleted: C:\WINDOWS\system32\NXTPLWIZ.DLL
deleting: C:\WINDOWS\system32\RDSMONTR.DLL
Successfully Deleted: C:\WINDOWS\system32\RDSMONTR.DLL
deleting: C:\WINDOWS\system32\RDSMONTR.DLL
Successfully Deleted: C:\WINDOWS\system32\RDSMONTR.DLL
deleting: C:\WINDOWS\system32\RWSSAPI.DLL
Successfully Deleted: C:\WINDOWS\system32\RWSSAPI.DLL
deleting: C:\WINDOWS\system32\RWSSAPI.DLL
Successfully Deleted: C:\WINDOWS\system32\RWSSAPI.DLL
deleting: C:\WINDOWS\system32\sdlb2.dll
Successfully Deleted: C:\WINDOWS\system32\sdlb2.dll
deleting: C:\WINDOWS\system32\sdlb2.dll
Successfully Deleted: C:\WINDOWS\system32\sdlb2.dll
deleting: C:\WINDOWS\system32\SECLIENT.DLL
Successfully Deleted: C:\WINDOWS\system32\SECLIENT.DLL
deleting: C:\WINDOWS\system32\SECLIENT.DLL
Successfully Deleted: C:\WINDOWS\system32\SECLIENT.DLL
deleting: C:\WINDOWS\system32\SINDMAIL.DLL
Successfully Deleted: C:\WINDOWS\system32\SINDMAIL.DLL
deleting: C:\WINDOWS\system32\SINDMAIL.DLL
Successfully Deleted: C:\WINDOWS\system32\SINDMAIL.DLL
deleting: C:\WINDOWS\system32\SJCURITY.DLL
Successfully Deleted: C:\WINDOWS\system32\SJCURITY.DLL
deleting: C:\WINDOWS\system32\SJCURITY.DLL
Successfully Deleted: C:\WINDOWS\system32\SJCURITY.DLL
deleting: C:\WINDOWS\system32\SNCFILES.DLL
Successfully Deleted: C:\WINDOWS\system32\SNCFILES.DLL
deleting: C:\WINDOWS\system32\SNCFILES.DLL
Successfully Deleted: C:\WINDOWS\system32\SNCFILES.DLL
deleting: C:\WINDOWS\system32\SSHCINST.DLL
Successfully Deleted: C:\WINDOWS\system32\SSHCINST.DLL
deleting: C:\WINDOWS\system32\SSHCINST.DLL
Successfully Deleted: C:\WINDOWS\system32\SSHCINST.DLL
deleting: C:\WINDOWS\system32\SVCLIENT.DLL
Successfully Deleted: C:\WINDOWS\system32\SVCLIENT.DLL
deleting: C:\WINDOWS\system32\SVCLIENT.DLL
Successfully Deleted: C:\WINDOWS\system32\SVCLIENT.DLL
deleting: C:\WINDOWS\system32\wdweb.dll
Successfully Deleted: C:\WINDOWS\system32\wdweb.dll
deleting: C:\WINDOWS\system32\wdweb.dll
Successfully Deleted: C:\WINDOWS\system32\wdweb.dll
deleting: C:\WINDOWS\system32\wops.dll
Successfully Deleted: C:\WINDOWS\system32\wops.dll
deleting: C:\WINDOWS\system32\wops.dll
Successfully Deleted: C:\WINDOWS\system32\wops.dll
deleting: C:\WINDOWS\system32\WOSTREAM.DLL
Successfully Deleted: C:\WINDOWS\system32\WOSTREAM.DLL
deleting: C:\WINDOWS\system32\WOSTREAM.DLL
Successfully Deleted: C:\WINDOWS\system32\WOSTREAM.DLL
deleting: C:\WINDOWS\system32\wuninet.dll
Successfully Deleted: C:\WINDOWS\system32\wuninet.dll
deleting: C:\WINDOWS\system32\wuninet.dll
Successfully Deleted: C:\WINDOWS\system32\wuninet.dll
deleting: C:\WINDOWS\system32\wypshell.dll
Successfully Deleted: C:\WINDOWS\system32\wypshell.dll
deleting: C:\WINDOWS\system32\wypshell.dll
Successfully Deleted: C:\WINDOWS\system32\wypshell.dll
deleting: C:\WINDOWS\system32\XLLPROVI.DLL
Successfully Deleted: C:\WINDOWS\system32\XLLPROVI.DLL
deleting: C:\WINDOWS\system32\XLLPROVI.DLL
Successfully Deleted: C:\WINDOWS\system32\XLLPROVI.DLL


Zipping up files for submission:
adding: ABTIVEDS.DLL (140 bytes security) (deflated 48%)
adding: ADCUPS.DLL (140 bytes security) (deflated 48%)
adding: AELUI.DLL (140 bytes security) (deflated 48%)
adding: AKCTRES.DLL (140 bytes security) (deflated 48%)
adding: ALPTIF.DLL (140 bytes security) (deflated 48%)
adding: AMRACE.DLL (140 bytes security) (deflated 48%)
adding: CBRSRV.DLL (140 bytes security) (deflated 48%)
adding: CBTDLL.DLL (140 bytes security) (deflated 48%)
adding: CBYPTNET.DLL (140 bytes security) (deflated 48%)
adding: CINSOLE.DLL (140 bytes security) (deflated 48%)
adding: CJMUID.DLL (140 bytes security) (deflated 48%)
adding: CMADMIN.DLL (140 bytes security) (deflated 48%)
adding: CMCDLL.DLL (140 bytes security) (deflated 48%)
adding: cRg18030.dll (140 bytes security) (deflated 48%)
adding: cSg18030.dll (140 bytes security) (deflated 48%)
adding: CUMSNAP.DLL (140 bytes security) (deflated 48%)
adding: CURTCLI.DLL (140 bytes security) (deflated 48%)
adding: DFVMGR.DLL (140 bytes security) (deflated 48%)
adding: DGD8THK.DLL (140 bytes security) (deflated 48%)
adding: DKKQUOTA.DLL (140 bytes security) (deflated 48%)
adding: DLRGRES.DLL (140 bytes security) (deflated 48%)
adding: DNRGRES.DLL (140 bytes security) (deflated 48%)
adding: DOMODEMX.DLL (140 bytes security) (deflated 48%)
adding: DSPROV.DLL (140 bytes security) (deflated 48%)
adding: duvxdec_0411.dll (140 bytes security) (deflated 48%)
adding: DYLAY.DLL (140 bytes security) (deflated 48%)
adding: DZRGUI.DLL (140 bytes security) (deflated 48%)
adding: FESUI.DLL (140 bytes security) (deflated 48%)
adding: fpsclntR.dll (140 bytes security) (deflated 48%)
adding: FXSRCH.DLL (140 bytes security) (deflated 48%)
adding: GODEF.DLL (140 bytes security) (deflated 48%)
adding: IBSMSNAP.DLL (140 bytes security) (deflated 48%)
adding: IKAKENG.DLL (140 bytes security) (deflated 48%)
adding: IKCVID.DLL (140 bytes security) (deflated 48%)
adding: IOSECSVC.DLL (140 bytes security) (deflated 48%)
adding: IOSHLPR.DLL (140 bytes security) (deflated 48%)
adding: IWXWAN.DLL (140 bytes security) (deflated 48%)
adding: JEBEXEC.DLL (140 bytes security) (deflated 48%)
adding: KADBR.DLL (140 bytes security) (deflated 48%)
adding: KLDSP.DLL (140 bytes security) (deflated 48%)
adding: KSDNO.DLL (140 bytes security) (deflated 48%)
adding: kwd101.dll (140 bytes security) (deflated 48%)
adding: ldtga11n.dll (140 bytes security) (deflated 48%)
adding: LLHSVC.DLL (140 bytes security) (deflated 48%)
adding: MC3216.DLL (140 bytes security) (deflated 48%)
adding: MCRECR40.DLL (140 bytes security) (deflated 48%)
adding: mfvcp71.dll (140 bytes security) (deflated 48%)
adding: MHVIDC32.DLL (140 bytes security) (deflated 48%)
adding: MI3216.DLL (140 bytes security) (deflated 48%)
adding: MKAPSSPC.DLL (140 bytes security) (deflated 48%)
adding: MKPI32.DLL (140 bytes security) (deflated 48%)
adding: mpvcp71.dll (140 bytes security) (deflated 48%)
adding: MSIOLE16.DLL (140 bytes security) (deflated 48%)
adding: MURD2X40.DLL (140 bytes security) (deflated 48%)
adding: NBLANUI.DLL (140 bytes security) (deflated 48%)
adding: NIHTML.DLL (140 bytes security) (deflated 48%)
adding: NPTRAP.DLL (140 bytes security) (deflated 48%)
adding: NXTPLWIZ.DLL (140 bytes security) (deflated 48%)
adding: RDSMONTR.DLL (140 bytes security) (deflated 48%)
adding: RWSSAPI.DLL (140 bytes security) (deflated 48%)
adding: sdlb2.dll (140 bytes security) (deflated 48%)
adding: SECLIENT.DLL (140 bytes security) (deflated 48%)
adding: SINDMAIL.DLL (140 bytes security) (deflated 48%)
adding: SJCURITY.DLL (140 bytes security) (deflated 48%)
adding: SNCFILES.DLL (140 bytes security) (deflated 48%)
adding: SSHCINST.DLL (140 bytes security) (deflated 48%)
adding: SVCLIENT.DLL (140 bytes security) (deflated 48%)
adding: wdweb.dll (140 bytes security) (deflated 48%)
adding: wops.dll (140 bytes security) (deflated 48%)
adding: WOSTREAM.DLL (140 bytes security) (deflated 48%)
adding: wuninet.dll (140 bytes security) (deflated 48%)
adding: wypshell.dll (140 bytes security) (deflated 48%)
adding: XLLPROVI.DLL (140 bytes security) (deflated 48%)
adding: clear.reg (140 bytes security) (deflated 37%)
adding: echo.reg (140 bytes security) (deflated 8%)
adding: direct.txt (140 bytes security) (stored 0%)
adding: lo2.txt (140 bytes security) (deflated 92%)
adding: readme.txt (140 bytes security) (deflated 49%)
adding: report.txt (140 bytes security) (deflated 69%)
adding: test.txt (140 bytes security) (deflated 91%)
adding: test2.txt (140 bytes security) (deflated 17%)
adding: test3.txt (140 bytes security) (deflated 17%)
adding: test5.txt (140 bytes security) (deflated 17%)
adding: xfind.txt (140 bytes security) (deflated 89%)
adding: backregs/4954059B-B898-4992-A1CA-03CF33716E71.reg (140 bytes security) (deflated 70%)
adding: backregs/588F8FCC-A42C-435A-A1FB-95E9DB877555.reg (140 bytes security) (deflated 69%)
adding: backregs/shell.reg (140 bytes security) (deflated 73%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful

deleting local copy: ABTIVEDS.DLL
deleting local copy: ABTIVEDS.DLL
deleting local copy: ADCUPS.DLL
deleting local copy: ADCUPS.DLL
deleting local copy: AELUI.DLL
deleting local copy: AELUI.DLL
deleting local copy: AKCTRES.DLL
deleting local copy: AKCTRES.DLL
deleting local copy: ALPTIF.DLL
deleting local copy: ALPTIF.DLL
deleting local copy: AMRACE.DLL
deleting local copy: AMRACE.DLL
deleting local copy: CBRSRV.DLL
deleting local copy: CBRSRV.DLL
deleting local copy: CBTDLL.DLL
deleting local copy: CBTDLL.DLL
deleting local copy: CBYPTNET.DLL
deleting local copy: CBYPTNET.DLL
deleting local copy: CINSOLE.DLL
deleting local copy: CINSOLE.DLL
deleting local copy: CJMUID.DLL
deleting local copy: CJMUID.DLL
deleting local copy: CMADMIN.DLL
deleting local copy: CMADMIN.DLL
deleting local copy: CMCDLL.DLL
deleting local copy: CMCDLL.DLL
deleting local copy: cRg18030.dll
deleting local copy: cRg18030.dll
deleting local copy: cSg18030.dll
deleting local copy: cSg18030.dll
deleting local copy: CUMSNAP.DLL
deleting local copy: CUMSNAP.DLL
deleting local copy: CURTCLI.DLL
deleting local copy: CURTCLI.DLL
deleting local copy: DFVMGR.DLL
deleting local copy: DFVMGR.DLL
deleting local copy: DGD8THK.DLL
deleting local copy: DGD8THK.DLL
deleting local copy: DKKQUOTA.DLL
deleting local copy: DKKQUOTA.DLL
deleting local copy: DLRGRES.DLL
deleting local copy: DLRGRES.DLL
deleting local copy: DNRGRES.DLL
deleting local copy: DNRGRES.DLL
deleting local copy: DOMODEMX.DLL
deleting local copy: DOMODEMX.DLL
deleting local copy: DSPROV.DLL
deleting local copy: DSPROV.DLL
deleting local copy: duvxdec_0411.dll
deleting local copy: duvxdec_0411.dll
deleting local copy: DYLAY.DLL
deleting local copy: DYLAY.DLL
deleting local copy: DZRGUI.DLL
deleting local copy: DZRGUI.DLL
deleting local copy: FESUI.DLL
deleting local copy: FESUI.DLL
deleting local copy: fpsclntR.dll
deleting local copy: fpsclntR.dll
deleting local copy: FXSRCH.DLL
deleting local copy: FXSRCH.DLL
deleting local copy: GODEF.DLL
deleting local copy: GODEF.DLL
deleting local copy: IBSMSNAP.DLL
deleting local copy: IBSMSNAP.DLL
deleting local copy: IKAKENG.DLL
deleting local copy: IKAKENG.DLL
deleting local copy: IKCVID.DLL
deleting local copy: IKCVID.DLL
deleting local copy: IOSECSVC.DLL
deleting local copy: IOSECSVC.DLL
deleting local copy: IOSHLPR.DLL
deleting local copy: IOSHLPR.DLL
deleting local copy: IWXWAN.DLL
deleting local copy: IWXWAN.DLL
deleting local copy: JEBEXEC.DLL
deleting local copy: JEBEXEC.DLL
deleting local copy: KADBR.DLL
deleting local copy: KADBR.DLL
deleting local copy: KLDSP.DLL
deleting local copy: KLDSP.DLL
deleting local copy: KSDNO.DLL
deleting local copy: KSDNO.DLL
deleting local copy: kwd101.dll
deleting local copy: kwd101.dll
deleting local copy: ldtga11n.dll
deleting local copy: ldtga11n.dll
deleting local copy: LLHSVC.DLL
deleting local copy: LLHSVC.DLL
deleting local copy: MC3216.DLL
deleting local copy: MC3216.DLL
deleting local copy: MCRECR40.DLL
deleting local copy: MCRECR40.DLL
deleting local copy: mfvcp71.dll
deleting local copy: mfvcp71.dll
deleting local copy: MHVIDC32.DLL
deleting local copy: MHVIDC32.DLL
deleting local copy: MI3216.DLL
deleting local copy: MI3216.DLL
deleting local copy: MKAPSSPC.DLL
deleting local copy: MKAPSSPC.DLL
deleting local copy: MKPI32.DLL
deleting local copy: MKPI32.DLL
deleting local copy: mpvcp71.dll
deleting local copy: mpvcp71.dll
deleting local copy: MSIOLE16.DLL
deleting local copy: MSIOLE16.DLL
deleting local copy: MURD2X40.DLL
deleting local copy: MURD2X40.DLL
deleting local copy: NBLANUI.DLL
deleting local copy: NBLANUI.DLL
deleting local copy: NIHTML.DLL
deleting local copy: NIHTML.DLL
deleting local copy: NPTRAP.DLL
deleting local copy: NPTRAP.DLL
deleting local copy: NXTPLWIZ.DLL
deleting local copy: NXTPLWIZ.DLL
deleting local copy: RDSMONTR.DLL
deleting local copy: RDSMONTR.DLL
deleting local copy: RWSSAPI.DLL
deleting local copy: RWSSAPI.DLL
deleting local copy: sdlb2.dll
deleting local copy: sdlb2.dll
deleting local copy: SECLIENT.DLL
deleting local copy: SECLIENT.DLL
deleting local copy: SINDMAIL.DLL
deleting local copy: SINDMAIL.DLL
deleting local copy: SJCURITY.DLL
deleting local copy: SJCURITY.DLL
deleting local copy: SNCFILES.DLL
deleting local copy: SNCFILES.DLL
deleting local copy: SSHCINST.DLL
deleting local copy: SSHCINST.DLL
deleting local copy: SVCLIENT.DLL
deleting local copy: SVCLIENT.DLL
deleting local copy: wdweb.dll
deleting local copy: wdweb.dll
deleting local copy: wops.dll
deleting local copy: wops.dll
deleting local copy: WOSTREAM.DLL
deleting local copy: WOSTREAM.DLL
deleting local copy: wuninet.dll
deleting local copy: wuninet.dll
deleting local copy: wypshell.dll
deleting local copy: wypshell.dll
deleting local copy: XLLPROVI.DLL
deleting local copy: XLLPROVI.DLL

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\ABTIVEDS.DLL
C:\WINDOWS\system32\ABTIVEDS.DLL
C:\WINDOWS\system32\ADCUPS.DLL
C:\WINDOWS\system32\ADCUPS.DLL
C:\WINDOWS\system32\AELUI.DLL
C:\WINDOWS\system32\AELUI.DLL
C:\WINDOWS\system32\AKCTRES.DLL
C:\WINDOWS\system32\AKCTRES.DLL
C:\WINDOWS\system32\ALPTIF.DLL
C:\WINDOWS\system32\ALPTIF.DLL
C:\WINDOWS\system32\AMRACE.DLL
C:\WINDOWS\system32\AMRACE.DLL
C:\WINDOWS\system32\CBRSRV.DLL
C:\WINDOWS\system32\CBRSRV.DLL
C:\WINDOWS\system32\CBTDLL.DLL
C:\WINDOWS\system32\CBTDLL.DLL
C:\WINDOWS\system32\CBYPTNET.DLL
C:\WINDOWS\system32\CBYPTNET.DLL
C:\WINDOWS\system32\CINSOLE.DLL
C:\WINDOWS\system32\CINSOLE.DLL
C:\WINDOWS\system32\CJMUID.DLL
C:\WINDOWS\system32\CJMUID.DLL
C:\WINDOWS\system32\CMADMIN.DLL
C:\WINDOWS\system32\CMADMIN.DLL
C:\WINDOWS\system32\CMCDLL.DLL
C:\WINDOWS\system32\CMCDLL.DLL
C:\WINDOWS\system32\cRg18030.dll
C:\WINDOWS\system32\cRg18030.dll
C:\WINDOWS\system32\cSg18030.dll
C:\WINDOWS\system32\cSg18030.dll
C:\WINDOWS\system32\CUMSNAP.DLL
C:\WINDOWS\system32\CUMSNAP.DLL
C:\WINDOWS\system32\CURTCLI.DLL
C:\WINDOWS\system32\CURTCLI.DLL
C:\WINDOWS\system32\DFVMGR.DLL
C:\WINDOWS\system32\DFVMGR.DLL
C:\WINDOWS\system32\DGD8THK.DLL
C:\WINDOWS\system32\DGD8THK.DLL
C:\WINDOWS\system32\DKKQUOTA.DLL
C:\WINDOWS\system32\DKKQUOTA.DLL
C:\WINDOWS\system32\DLRGRES.DLL
C:\WINDOWS\system32\DLRGRES.DLL
C:\WINDOWS\system32\DNRGRES.DLL
C:\WINDOWS\system32\DNRGRES.DLL
C:\WINDOWS\system32\DOMODEMX.DLL
C:\WINDOWS\system32\DOMODEMX.DLL
C:\WINDOWS\system32\DSPROV.DLL
C:\WINDOWS\system32\DSPROV.DLL
C:\WINDOWS\system32\duvxdec_0411.dll
C:\WINDOWS\system32\duvxdec_0411.dll
C:\WINDOWS\system32\DYLAY.DLL
C:\WINDOWS\system32\DYLAY.DLL
C:\WINDOWS\system32\DZRGUI.DLL
C:\WINDOWS\system32\DZRGUI.DLL
C:\WINDOWS\system32\FESUI.DLL
C:\WINDOWS\system32\FESUI.DLL
C:\WINDOWS\system32\fpsclntR.dll
C:\WINDOWS\system32\fpsclntR.dll
C:\WINDOWS\system32\FXSRCH.DLL
C:\WINDOWS\system32\FXSRCH.DLL
C:\WINDOWS\system32\GODEF.DLL
C:\WINDOWS\system32\GODEF.DLL
C:\WINDOWS\system32\IBSMSNAP.DLL
C:\WINDOWS\system32\IBSMSNAP.DLL
C:\WINDOWS\system32\IKAKENG.DLL
C:\WINDOWS\system32\IKAKENG.DLL
C:\WINDOWS\system32\IKCVID.DLL
C:\WINDOWS\system32\IKCVID.DLL
C:\WINDOWS\system32\IOSECSVC.DLL
C:\WINDOWS\system32\IOSECSVC.DLL
C:\WINDOWS\system32\IOSHLPR.DLL
C:\WINDOWS\system32\IOSHLPR.DLL
C:\WINDOWS\system32\IWXWAN.DLL
C:\WINDOWS\system32\IWXWAN.DLL
C:\WINDOWS\system32\JEBEXEC.DLL
C:\WINDOWS\system32\JEBEXEC.DLL
C:\WINDOWS\system32\KADBR.DLL
C:\WINDOWS\system32\KADBR.DLL
C:\WINDOWS\system32\KLDSP.DLL
C:\WINDOWS\system32\KLDSP.DLL
C:\WINDOWS\system32\KSDNO.DLL
C:\WINDOWS\system32\KSDNO.DLL
C:\WINDOWS\system32\kwd101.dll
C:\WINDOWS\system32\kwd101.dll
C:\WINDOWS\system32\ldtga11n.dll
C:\WINDOWS\system32\ldtga11n.dll
C:\WINDOWS\system32\LLHSVC.DLL
C:\WINDOWS\system32\LLHSVC.DLL
C:\WINDOWS\system32\MC3216.DLL
C:\WINDOWS\system32\MC3216.DLL
C:\WINDOWS\system32\MCRECR40.DLL
C:\WINDOWS\system32\MCRECR40.DLL
C:\WINDOWS\system32\mfvcp71.dll
C:\WINDOWS\system32\mfvcp71.dll
C:\WINDOWS\system32\MHVIDC32.DLL
C:\WINDOWS\system32\MHVIDC32.DLL
C:\WINDOWS\system32\MI3216.DLL
C:\WINDOWS\system32\MI3216.DLL
C:\WINDOWS\system32\MKAPSSPC.DLL
C:\WINDOWS\system32\MKAPSSPC.DLL
C:\WINDOWS\system32\MKPI32.DLL
C:\WINDOWS\system32\MKPI32.DLL
C:\WINDOWS\system32\mpvcp71.dll
C:\WINDOWS\system32\mpvcp71.dll
C:\WINDOWS\system32\MSIOLE16.DLL
C:\WINDOWS\system32\MSIOLE16.DLL
C:\WINDOWS\system32\MURD2X40.DLL
C:\WINDOWS\system32\MURD2X40.DLL
C:\WINDOWS\system32\NBLANUI.DLL
C:\WINDOWS\system32\NBLANUI.DLL
C:\WINDOWS\system32\NIHTML.DLL
C:\WINDOWS\system32\NIHTML.DLL
C:\WINDOWS\system32\NPTRAP.DLL
C:\WINDOWS\system32\NPTRAP.DLL
C:\WINDOWS\system32\NXTPLWIZ.DLL
C:\WINDOWS\system32\NXTPLWIZ.DLL
C:\WINDOWS\system32\RDSMONTR.DLL
C:\WINDOWS\system32\RDSMONTR.DLL
C:\WINDOWS\system32\RWSSAPI.DLL
C:\WINDOWS\system32\RWSSAPI.DLL
C:\WINDOWS\system32\sdlb2.dll
C:\WINDOWS\system32\sdlb2.dll
C:\WINDOWS\system32\SECLIENT.DLL
C:\WINDOWS\system32\SECLIENT.DLL
C:\WINDOWS\system32\SINDMAIL.DLL
C:\WINDOWS\system32\SINDMAIL.DLL
C:\WINDOWS\system32\SJCURITY.DLL
C:\WINDOWS\system32\SJCURITY.DLL
C:\WINDOWS\system32\SNCFILES.DLL
C:\WINDOWS\system32\SNCFILES.DLL
C:\WINDOWS\system32\SSHCINST.DLL
C:\WINDOWS\system32\SSHCINST.DLL
C:\WINDOWS\system32\SVCLIENT.DLL
C:\WINDOWS\system32\SVCLIENT.DLL
C:\WINDOWS\system32\wdweb.dll
C:\WINDOWS\system32\wdweb.dll
C:\WINDOWS\system32\wops.dll
C:\WINDOWS\system32\wops.dll
C:\WINDOWS\system32\WOSTREAM.DLL
C:\WINDOWS\system32\WOSTREAM.DLL
C:\WINDOWS\system32\wuninet.dll
C:\WINDOWS\system32\wuninet.dll
C:\WINDOWS\system32\wypshell.dll
C:\WINDOWS\system32\wypshell.dll
C:\WINDOWS\system32\XLLPROVI.DLL
C:\WINDOWS\system32\XLLPROVI.DLL

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{588F8FCC-A42C-435A-A1FB-95E9DB877555}"=-
"{4954059B-B898-4992-A1CA-03CF33716E71}"=-
[-HKEY_CLASSES_ROOT\CLSID\{588F8FCC-A42C-435A-A1FB-95E9DB877555}]
[-HKEY_CLASSES_ROOT\CLSID\{4954059B-B898-4992-A1CA-03CF33716E71}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************



hijack this new log:



Logfile of HijackThis v1.99.1
Scan saved at 11:48:48 AM, on 7/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\wintask.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\WINDOWS\system32\exp.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ares Lite Edition\AresLite.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\bama\tlii.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\EXPLORER.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\CashBack\bin\cashback.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\system32\stlb2.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\system32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\system32\stlb2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..�

#11 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 24 July 2005 - 11:41 AM

Keep going with the Directions!

Looks like the Notify Key got trahed but we can fix that!

By the way...AIM is On!

#12 Blastedw0lf4

Blastedw0lf4
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  

Posted 24 July 2005 - 12:42 PM

alright man las 3 logz starting w/ hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 1:36:44 PM, on 7/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Ares Lite Edition\AresLite.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Sen] C:\Program Files\bama\tlii.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

2nd log: Panda

Incident Status Location

Adware:adware/powersearch No disinfected C:\WINDOWS\SYSTEM32\stlb2.xml
Adware:adware/look2me No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\ActiveX.ocx
Spyware:spyware/surfsidekick No disinfected C:\DOCUMENTS AND SETTINGS\LUIS\APPLICATION DATA\Sskcwrd.dll
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini
Adware:adware/apropos No disinfected C:\PROGRAM FILES\Aprps
Adware:adware/addestroyer No disinfected C:\DOCUMENTS AND SETTINGS\LUIS\START MENU\PROGRAMS\AdDestroyer
Adware:adware/sahagent No disinfected C:\WINDOWS\SYSTEM32\SahImages
Adware:adware/elitebar No disinfected C:\DOCUMENTS AND SETTINGS\LUIS\FAVORITES\Casino & Carrers
Adware:adware/savenow No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\nsv
Adware:adware/virtualbouncer No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\VBouncer
Adware:adware/novo No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CDM
Adware:adware/topconvert No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TPUSN
Adware:adware/wupd No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MEDIA ACCESS
Adware:adware/delfinmedia No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\VIDCTRL
Spyware:spyware/dyfuca No disinfected HKEY_CLASSES_ROOT\CLSID\{00000001-C003-4A2F-9142-7CB1D78DE6C1}
Adware:adware/portalscan No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\AUNPS2
Adware:Adware/Apropos No disinfected C:\Program Files\Aprps\ProxyStub.dll
3rd log: ewido

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:20:58 PM, 7/24/2005
+ Report-Checksum: DB583CBF

+ Scan result:

HKLM\SOFTWARE\Bargains -> Spyware.BargainBuddy : Cleaned without backup
HKLM\SOFTWARE\CashBack -> Spyware.CashBack : Cleaned without backup
HKLM\SOFTWARE\Classes\ADP.UrlCatcher -> Spyware.BargainBuddy : Cleaned without backup
HKLM\SOFTWARE\Classes\ADP.UrlCatcher\CLSID -> Spyware.BargainBuddy : Cleaned without backup
HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Spyware.BookedSpace : Cleaned without backup
HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned without backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Spyware.BookedSpace : Cleaned without backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Spyware.BookedSpace : Cleaned without backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Spyware.BookedSpace : Cleaned without backup
HKLM\SOFTWARE\Classes\CB.UrlCatcher -> Spyware.NaviSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\CB.UrlCatcher\CLSID -> Spyware.NaviSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\CLSID\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned without backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned without backup
HKLM\SOFTWARE\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC} -> Spyware.AdDestroyer : Cleaned without backup
HKLM\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned without backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned without backup
HKLM\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned without backup
HKLM\SOFTWARE\Classes\CLSID\{E004800A-73C6-4587-B855-98D0CE0C16B1} -> Spyware.BrowserAid : Cleaned without backup
HKLM\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned without backup
HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} -> Spyware.BookedSpace : Cleaned without backup
HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E} -> Spyware.AdDestroyer : Cleaned without backup
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE} -> Spyware.AdDestroyer : Cleaned without backup
HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B} -> Spyware.AdDestroyer : Cleaned without backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E1357} -> Spyware.NaviSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E2468} -> Spyware.NaviSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678} -> Spyware.BargainBuddy : Cleaned without backup
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06} -> Spyware.AdDestroyer : Cleaned without backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned without backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED11357} -> Spyware.NaviSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED12468} -> Spyware.NaviSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678} -> Spyware.BargainBuddy : Cleaned without backup
HKLM\SOFTWARE\Classes\NLS.UrlCatcher -> Spyware.NaviSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\NLS.UrlCatcher\CLSID -> Spyware.NaviSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops -> Spyware.AdDestroyer : Cleaned without backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid -> Spyware.AdDestroyer : Cleaned without backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Spyware.AdDestroyer : Cleaned without backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Spyware.AdDestroyer : Cleaned without backup
HKLM\SOFTWARE\Classes\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned without backup
HKLM\SOFTWARE\Classes\TypeLib\{12EE7A5E-0674-42F9-A76C-000000004D00} -> Spyware.BrowserAid : Cleaned without backup
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3} -> Spyware.NaviSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516C2E3} -> Spyware.NaviSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516E2A3} -> Spyware.NaviSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9} -> Spyware.AdDestroyer : Cleaned without backup
HKLM\SOFTWARE\Classes\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} -> Spyware.AdDestroyer : Cleaned without backup
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarBHO -> Spyware.BrowserAid : Cleaned without backup
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarBHO\CLSID -> Spyware.BrowserAid : Cleaned without backup
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarBHO\CurVer -> Spyware.BrowserAid : Cleaned without backup
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarName -> Spyware.BrowserAid : Cleaned without backup
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarName\CLSID -> Spyware.BrowserAid : Cleaned without backup
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarName\CurVer -> Spyware.BrowserAid : Cleaned without backup
HKLM\SOFTWARE\ClickSpring -> Spyware.PurityScan : Cleaned without backup
HKLM\SOFTWARE\eXactUtil -> Spyware.BargainBuddy : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12EE7A5E-0674-42f9-A76A-000000004D00} -> Spyware.BrowserAid : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate -> Spyware.BrowserAid : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate\Active -> Spyware.BrowserAid : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy -> Spyware.BargainBuddy : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack -> Spyware.CashBack : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch -> Spyware.NaviSearch : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Spyware.SurfSide : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virtual Bouncer -> Spyware.VirtualBouncer : Cleaned without backup
HKLM\SOFTWARE\NaviSearch -> Spyware.NaviSearch : Cleaned without backup
HKU\S-1-5-21-2078154095-2568762783-95642640-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned without backup
HKU\S-1-5-21-2078154095-2568762783-95642640-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned without backup
HKU\S-1-5-21-2078154095-2568762783-95642640-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12EE7A5E-0674-42F9-A76A-000000004D00} -> Spyware.BrowserAid : Cleaned without backup
HKU\S-1-5-21-2078154095-2568762783-95642640-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12EE7A5E-0674-42F9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned without backup
HKU\S-1-5-21-2078154095-2568762783-95642640-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} -> Spyware.SearchMiracle : Cleaned without backup
HKU\S-1-5-21-2078154095-2568762783-95642640-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned without backup
HKU\S-1-5-21-2078154095-2568762783-95642640-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44BE0690-5429-47F0-85BB-3FFD8020233E} -> Spyware.UCmore : Cleaned without backup
HKU\S-1-5-21-2078154095-2568762783-95642640-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned without backup
HKU\S-1-5-21-2078154095-2568762783-95642640-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} -> Spyware.EliteBar : Cleaned without backup
HKU\S-1-5-21-2078154095-2568762783-95642640-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned without backup
HKU\S-1-5-21-2078154095-2568762783-95642640-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned without backup
HKU\S-1-5-21-2078154095-2568762783-95642640-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned without backup
HKU\S-1-5-21-2078154095-2568762783-95642640-1006\Software\VB and VBA Program Settings\VBouncer -> Spyware.VirtualBouncer : Cleaned without backup
HKU\S-1-5-21-2078154095-2568762783-95642640-1006\Software\VB and VBA Program Settings\VBouncer\Settings -> Spyware.VirtualBouncer : Cleaned without backup
HKU\S-1-5-21-2078154095-2568762783-95642640-1006\Software\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/ABTIVEDS.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/ADCUPS.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/AELUI.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/AKCTRES.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/ALPTIF.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/DLRGRES.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/DOMODEMX.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/DYLAY.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/FESUI.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/fpsclntR.dll -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/FXSRCH.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/GODEF.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/IBSMSNAP.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/IOSECSVC.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/IOSHLPR.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/IWXWAN.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/KADBR.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/KSDNO.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/ldtga11n.dll -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/LLHSVC.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/MCRECR40.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/MI3216.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/MKAPSSPC.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/MSIOLE16.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/MURD2X40.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/NBLANUI.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/NIHTML.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/SINDMAIL.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/SNCFILES.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/SSHCINST.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/wdweb.dll -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/wops.dll -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/WOSTREAM.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/wuninet.dll -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/wypshell.dll -> Spyware.Look2Me : Cleaned without backup
C:\Documents and Settings\Luis\Desktop\l2mfix\backup.zip/XLLPROVI.DLL -> Spyware.Look2Me : Cleaned without backup
C:\Program Files\a2\fff-a2-crk.exe -> Trojan.Small.cr : Cleaned without backup
C:\Program Files\AdDestroyer\AdDestroyer.exe -> Spyware.VirtualBouncer : Cleaned without backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned without backup
C:\Program Files\bama\tlii.exe -> Spyware.PurityScan : Cleaned without backup
C:\Program Files\BullsEye Network\bin\adv.exe -> Spyware.BargainBuddy : Cleaned without backup
C:\Program Files\BullsEye Network\bin\adx.exe -> Spyware.BargainBuddy : Cleaned without backup
C:\Program Files\BullsEye Network\bin\bargains.exe -> Spyware.BargainBuddy : Cleaned without backup
C:\Program Files\CashBack\bin\cb.exe -> Spyware.CashBack : Cleaned without backup
C:\Program Files\CashBack\bin\flash.exe -> Spyware.CashBack : Cleaned without backup
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.Delfin : Cleaned without backup
C:\Program Files\NaviSearch\bin\nls.exe -> Spyware.BargainBuddy : Cleaned without backup
C:\Program Files\SurfSideKick 3\Ssk.exe -> Spyware.SurfSide : Cleaned without backup
C:\Program Files\SurfSideKick 3\SskBho.dll -> Spyware.SurfSide : Cleaned without backup
C:\Program Files\SurfSideKick 3\SskCore.dll -> Spyware.SurfSide : Cleaned without backup
C:\Program Files\VBouncer\VirtualBouncer.exe -> Spyware.VirtualBouncer : Cleaned without backup
C:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace : Cleaned without backup
C:\WINDOWS\cgumkbfy.exe -> Spyware.BookedSpace : Cleaned without backup
C:\WINDOWS\IFinst25.exe -> Backdoor.Ifinst : Cleaned without backup
C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned without backup
C:\WINDOWS\SYSTEM32\AUNPS2.dll -> Spyware.Hijacker.Generic : Cleaned without backup
C:\WINDOWS\SYSTEM32\bbchk.exe -> Spyware.BargainBuddy : Cleaned without backup
C:\WINDOWS\SYSTEM32\cdmdownld\idrkrqksfv.exe -> Spyware.SmartPops : Cleaned without backup
C:\WINDOWS\SYSTEM32\e6f1873b.dll -> TrojanDownloader.Braidupdate.d : Cleaned without backup
C:\WINDOWS\SYSTEM32\exdl.exe -> Spyware.BargainBuddy : Cleaned without backup
C:\WINDOWS\SYSTEM32\exdl1.exe -> Spyware.BargainBuddy : Cleaned without backup
C:\WINDOWS\SYSTEM32\exdl2.exe -> Spyware.BargainBuddy : Cleaned without backup
C:\WINDOWS\SYSTEM32\exdl3.exe -> Spyware.BargainBuddy : Cleaned without backup
C:\WINDOWS\SYSTEM32\exp.exe -> TrojanDownloader.Small.abd : Cleaned without backup
C:\WINDOWS\SYSTEM32\exul.exe -> Spyware.BargainBuddy : Cleaned without backup
C:\WINDOWS\SYSTEM32\exul1.exe -> Spyware.BargainBuddy : Cleaned without backup
C:\WINDOWS\SYSTEM32\exul3.exe -> Spyware.BargainBuddy : Cleaned without backup
C:\WINDOWS\SYSTEM32\javexulm.vxd -> Spyware.BargainBuddy : Cleaned without backup
C:\WINDOWS\SYSTEM32\msbe.dll -> Spyware.BargainBuddy : Cleaned without backup
C:\WINDOWS\SYSTEM32\mscb.dll -> Spyware.BargainBuddy : Cleaned without backup
C:\WINDOWS\SYSTEM32\nvms.dll -> Spyware.BargainBuddy : Cleaned without backup
C:\WINDOWS\SYSTEM32\PopOops.dll -> Spyware.VirtualBouncer : Cleaned without backup
C:\WINDOWS\SYSTEM32\PopOops2.dll -> Spyware.VirtualBouncer : Cleaned without backup
C:\WINDOWS\SYSTEM32\redit.cpl -> TrojanDownloader.Qoologic.p : Cleaned without backup
C:\WINDOWS\SYSTEM32\stlb2.dll -> TrojanDownloader.Braidupdate.d : Cleaned without backup
C:\WINDOWS\SYSTEM32\supdate.dll -> TrojanDownloader.Qoologic.p : Cleaned without backup
C:\WINDOWS\SYSTEM32\SWLAD1.dll -> Spyware.VirtualBouncer : Cleaned without backup
C:\WINDOWS\SYSTEM32\SWLAD2.dll -> Spyware.VirtualBouncer : Cleaned without backup
C:\WINDOWS\SYSTEM32\wintask.exe -> TrojanDownloader.Small.abd : Cleaned without backup
C:\WINDOWS\ucmoreiex.exe/UCMTSAIE.DLL -> Spyware.UCmore : Cleaned without backup
C:\WINDOWS\ucmoreiex.exe/IUCMORE.DLL -> Spyware.UCmore : Cleaned without backup


::Report End

gonna select option 4 and then wait 4 further instructions.. THANKZ!!!

#13 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 24 July 2005 - 01:24 PM

OK,I gave you the link to Pocket Killbox via AIM!

Please download the attachment below to your desktop,dont execute it until I ask!

Go to Add\Remove Programs and Remove

SurfSideKick 3

Open KillBox and Copy&Paste each entry below into the "Full Path of File to Delete"

C:\WINDOWS\cfgmgr52.ini
C:\WINDOWS\cfgmgr52.dll
C:\WINDOWS\system32\exp.exe
C:\WINDOWS\SYSTEM32\stlb2.xml
C:\WINDOWS\system32\wintask.exe
C:\WINDOWS\system32\E6F1873B.DLL
C:\WINDOWS\system32\D9EBC318C.DLL
C:\WINDOWS\SYSTEM32\SahImages
C:\WINDOWS\DOWNLOADED PROGRAM FILES\ActiveX.ocx
C:\DOCUMENTS AND SETTINGS\LUIS\APPLICATION DATA\Sskcwrd.dll
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\nsv
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\VBouncer
C:\DOCUMENTS AND SETTINGS\LUIS\START MENU\PROGRAMS\AdDestroyer
C:\DOCUMENTS AND SETTINGS\LUIS\FAVORITES\Casino & Carrers
C:\PROGRAM FILES\Aprps
C:\Program Files\bama


As you paste each in,place a tick by any of these selections available

"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"
"Deltree(Include Subdirectories)"


Click the Red Circle with the White X in the Middle to Delete!

Locate the Reg File you downoaded and Double Click to execute-> Allow it to merge into the registry!

Open HijackThis and put a check next to these

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)

O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe

O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun

O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe

O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16

O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C

O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

O4 - HKCU\..\Run: [Sen] C:\Program Files\bama\tlii.exe

O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx

Make sure All Windows and Browsers are Closed and Click "Fix Checked"

Once all thats complete,Disable System Restore
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Restart the PC and Post back with a fresh HijackThis log!

Attached Files

  • Attached File  clr.reg   373bytes   3 downloads


#14 Blastedw0lf4

Blastedw0lf4
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  

Posted 24 July 2005 - 01:47 PM

alright heres the latest hijack this log ..I think ya fixed it up man..thankz so much :thumbsup:


Logfile of HijackThis v1.99.1
Scan saved at 2:44:41 PM, on 7/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HijackThis\hijackthis.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#15 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 25 July 2005 - 05:39 AM

One last Online Scan and One last Ewido Safe Mode Scan will tell the tale!

Update Ewido and go to Safe Mode-> Scan and Save a log!

Restart back Normal and Use 1 of the Online Scanners below!

http://support.f-secure.com/enu/home/ols.shtml

http://www.freedom.net/viruscenter/onlineviruscheck.html

http://housecall60.trendmicro.com/en/start_corp.asp?id=scan


Post back with those results and lets have a look!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users