Smitfraud recovery repercussions

yossarian084

First, thank you for all the great info on this site. Unfortunately, my problem still exists. Im getting a blue screen when I try a Normal login and it says the Explorer.exe has an application error. My hijakthis log is clean but I can only run it in Safe Mode. Nail.exe and the random letter file are there but it had that before this problem happened. I've been using the info on the Smitfraud threads and nothing is working. I will repost with the log file if you need it.

Thanks!

Crunchie

Please post an hijackthis log after rebooting.

Go to Jotti Virus Scan
Upload C:\WINDOWS\SYSTEM\wininet.dll
Let it scan and post the results in your next reply.

yossarian084

Here is the log.

Logfile of HijackThis v1.99.1
Scan saved at 8:03:10 PM, on 2/21/2003
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\gisrkgj.exe
C:\Documents and Settings\Administrator.CF-48\Desktop\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [pwrpdfprsrv.exe] C:\Program Files\PowerPDF\pwrpdfsrv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\system32\intel32.exe
O4 - HKLM\..\Run: [vihvpaj] c:\windows\system32\gisrkgj.exe r
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

And...Ewido

---

ewido security suite - Scan report

---

+ Created on: 1:03:15 AM, 2/22/2003
+ Report-Checksum: CA7541A2

+ Scan result:

C:\!Submit\nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\epeelc.exe -> Adware.BetterInternet : Cleaned with backup


::Report End

See anything bad? When I boot in normal mode I get theblue screen after trying to log in.

Crunchie

Crunchie wrote:

Please post an hijackthis log after rebooting.

Go to Jotti Virus Scan
Upload C:\WINDOWS\SYSTEM\wininet.dll
Let it scan and post the results in your next reply.

Did you upload the wininit.dll file as requested?

Nail is alive and well on your PC too. Below is my canned reply, so ignore what is not relevant .

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Nailfix from here:
http://www.noidea.us/easyfile/file.php?download=20050515010747824
It will self-extract to the desktop, but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml


Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. During the scan it will prompt you to clean files, click OK.
Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Close all open windows except for HijackThis and click Fix Checked.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

yossarian084

I cant seem to scan anything with that dll file. Didnt seem to do anything when I put it in the System folder. Here is the new Hijack log.

Logfile of HijackThis v1.99.1
Scan saved at 11:59:53 AM, on 2/23/2003
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator.CF-48\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [pwrpdfprsrv.exe] C:\Program Files\PowerPDF\pwrpdfsrv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [reyiju] c:\windows\system32\idebsrs.exe r
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

The Nail file is gone but Im still getting the random letter name file. I can still only boot in safe mode.

Crunchie

Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows and hit the "Fix checked" button.

O4 - HKLM\..\Run: [reyiju] c:\windows\system32\idebsrs.exe r

Now manually delete c:\windows\system32\idebsrs.exe if it exists.

=========

Open Notepad, and copy/paste the following into a new file:

dir %Systemdrive%\wininet.dll /a h /s > files.txt
start notepad files.txt

Save this as FindFiles.bat, choose to save it as *all files and place it on your desktop.

Double click on FindFiles.bat and post the content of the text file you get in your next reply

yossarian084

thanks so much for your patience. Here is the log.

Volume in drive C is BOOT
Volume Serial Number is 503A-12FE

Directory of C:\WINDOWS\ServicePackFiles\i386

08/04/2004 03:56 AM 656,384 wininet.dll
1 File(s) 656,384 bytes

Directory of C:\WINDOWS\system

08/17/2001 11:34 PM 583,680 wininet.dll
1 File(s) 583,680 bytes

Directory of C:\WINDOWS\system32

08/04/2004 03:56 AM 656,384 wininet.dll
1 File(s) 656,384 bytes

yossarian084

The idebsrs.exe r file returns after I delete it. It just comes up under a different random name.

Crunchie

Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:

• Click on scanner
• Click Complete System Scan and the scan will begin.
• During the scan it will prompt you to clean files, click OK
• When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
• When the scan is finished, click the Save report button at the bottom of the screen.
• Save the report to your desktop

Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let us know if any problems persist.

yossarian084

Here are the logs...

smitRem log file
version 2.2

by noahdfear

The current date is: Sun 07/24/2005
The current time is: 0:26:44.96

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

And Ewido...

---

ewido security suite - Scan report

---

+ Created on: 1:20:37 AM, 7/24/2005
+ Report-Checksum: 8DFAB528

+ Scan result:

C:\WINDOWS\system32\idebsrs.exe -> Adware.BetterInternet : Cleaned with backup


::Report End

I still cant log on in normal mode so didnt run the Panda scan.

yossarian084

Adaware didnt find anything...

Crunchie

Well, at the moment the only thing I can suggest is a system restore back to a time when you could boot into normal mode .
Let me know how you get on as you will likely have to post another hijackthis log.

yossarian084

OK. I know Its been a while and I think I got rid of the smitfraud thing. However, I still have pop up problems. Here is the Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 2:20:29 PM, on 8/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\M-Audio MobilePre\Install\MPInst.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\wiidx.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\k2pm0c71ef.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: MobilePre Installer (MobilePreInstallerService) - M-Audio - C:\Program Files\M-Audio MobilePre\Install\MPInst.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

Help!

Crunchie

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

yossarian084

Thanks.

here is the new log.

L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\policies]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\hr4u05h9e.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Urls]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\en80l1lm1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

Crunchie

Nowhere near a complete log. However, there is enough there to show you are infected. In your next reply, be sure to post the entire log. It is very important as the next part of the fix includes the deletion of files and the log will show me if there are any legitimate files that have mistakenly removed!

==

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!

yossarian084

You're right. Sorry about the log.

here it is...again.

L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\policies]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\hr4u05h9e.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Urls]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\en80l1lm1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{842870D2-B3CB-D276-94A6-6C6B3EAAA802}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
"{6EE51AA0-77A0-11D7-B4E1-000347126E46}"="Window Washer Shell Shredding Utility"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{75774EA3-C630-44C5-9EBE-7F2A015CCA7F}"=""
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{52175E8C-EEE3-4725-83B9-F10E033C0EE6}"=""
"{5FD216F2-AE3B-4133-856F-3687793CB6F4}"=""
"{E750DBD1-1632-4A52-AFBB-9755066393BC}"=""
"{66A704AA-3637-4C9E-A101-20BAD58167A3}"=""
"{4433D7EA-CF87-499F-92FD-9C98A76F766C}"=""
"{FF599C85-FCEC-4B46-BB3B-85D7E75AC978}"=""
"{5ABBB46D-0146-4F63-ADB5-710FB01986B3}"=""
"{1E23914E-0EDB-4D84-B72E-996BA7432B96}"=""
"{E571F5C2-264C-4E3A-88E3-367DC8A26531}"=""
"{84CB9830-AC0F-4891-905B-0A595FEDE8B2}"=""
"{C9B135A5-A31E-41B7-9CD4-005BCC922409}"=""
"{58D9F31C-E621-431A-A6F6-D289CC4CE236}"=""
"{4BDCF5B4-A3DD-4662-BF8D-928BF259B4FF}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{75774EA3-C630-44C5-9EBE-7F2A015CCA7F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{75774EA3-C630-44C5-9EBE-7F2A015CCA7F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{75774EA3-C630-44C5-9EBE-7F2A015CCA7F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{75774EA3-C630-44C5-9EBE-7F2A015CCA7F}\InprocServer32]
@="C:\\WINDOWS\\system32\\6ko4svc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{52175E8C-EEE3-4725-83B9-F10E033C0EE6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{52175E8C-EEE3-4725-83B9-F10E033C0EE6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{52175E8C-EEE3-4725-83B9-F10E033C0EE6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{52175E8C-EEE3-4725-83B9-F10E033C0EE6}\InprocServer32]
@="C:\\WINDOWS\\system32\\iwmontr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{66A704AA-3637-4C9E-A101-20BAD58167A3}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{66A704AA-3637-4C9E-A101-20BAD58167A3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{66A704AA-3637-4C9E-A101-20BAD58167A3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{66A704AA-3637-4C9E-A101-20BAD58167A3}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4433D7EA-CF87-499F-92FD-9C98A76F766C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4433D7EA-CF87-499F-92FD-9C98A76F766C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4433D7EA-CF87-499F-92FD-9C98A76F766C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4433D7EA-CF87-499F-92FD-9C98A76F766C}\InprocServer32]
@="C:\\WINDOWS\\system32\\umhisapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FF599C85-FCEC-4B46-BB3B-85D7E75AC978}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{FF599C85-FCEC-4B46-BB3B-85D7E75AC978}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FF599C85-FCEC-4B46-BB3B-85D7E75AC978}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FF599C85-FCEC-4B46-BB3B-85D7E75AC978}\InprocServer32]
@="C:\\WINDOWS\\system32\\thappcmp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5ABBB46D-0146-4F63-ADB5-710FB01986B3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5ABBB46D-0146-4F63-ADB5-710FB01986B3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5ABBB46D-0146-4F63-ADB5-710FB01986B3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5ABBB46D-0146-4F63-ADB5-710FB01986B3}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1E23914E-0EDB-4D84-B72E-996BA7432B96}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1E23914E-0EDB-4D84-B72E-996BA7432B96}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1E23914E-0EDB-4D84-B72E-996BA7432B96}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1E23914E-0EDB-4D84-B72E-996BA7432B96}\InprocServer32]
@="C:\\WINDOWS\\system32\\rGsmans.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E571F5C2-264C-4E3A-88E3-367DC8A26531}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E571F5C2-264C-4E3A-88E3-367DC8A26531}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E571F5C2-264C-4E3A-88E3-367DC8A26531}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E571F5C2-264C-4E3A-88E3-367DC8A26531}\InprocServer32]
@="C:\\WINDOWS\\system32\\iBsnap.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{84CB9830-AC0F-4891-905B-0A595FEDE8B2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{84CB9830-AC0F-4891-905B-0A595FEDE8B2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{84CB9830-AC0F-4891-905B-0A595FEDE8B2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{84CB9830-AC0F-4891-905B-0A595FEDE8B2}\InprocServer32]
@="C:\\WINDOWS\\system32\\doconfig.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C9B135A5-A31E-41B7-9CD4-005BCC922409}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C9B135A5-A31E-41B7-9CD4-005BCC922409}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C9B135A5-A31E-41B7-9CD4-005BCC922409}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C9B135A5-A31E-41B7-9CD4-005BCC922409}\InprocServer32]
@="C:\\WINDOWS\\system32\\ngevent.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{58D9F31C-E621-431A-A6F6-D289CC4CE236}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{58D9F31C-E621-431A-A6F6-D289CC4CE236}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{58D9F31C-E621-431A-A6F6-D289CC4CE236}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{58D9F31C-E621-431A-A6F6-D289CC4CE236}\InprocServer32]
@="C:\\WINDOWS\\system32\\lwcdll.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4BDCF5B4-A3DD-4662-BF8D-928BF259B4FF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4BDCF5B4-A3DD-4662-BF8D-928BF259B4FF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4BDCF5B4-A3DD-4662-BF8D-928BF259B4FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4BDCF5B4-A3DD-4662-BF8D-928BF259B4FF}\InprocServer32]
@="C:\\WINDOWS\\system32\\milogmgr.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
Directory Listing of system files:
Volume in drive C is Boot
Volume Serial Number is 60DF-B474

Directory of C:\WINDOWS\System32

08/07/2005 08:41 AM 233,208 milogmgr.dll
08/07/2005 08:37 AM 236,704 mv28l9fu1.dll
08/06/2005 11:36 PM 233,208 hr4u05h9e.dll
08/06/2005 06:10 PM 235,564 wdpasf.dll
08/06/2005 06:07 PM 234,483 dn0q01d5e.dll
08/06/2005 02:37 PM 234,311 wipsrcwp.dll
08/03/2005 07:39 PM 234,311 mWpistub.dll
07/30/2005 06:45 PM <DIR> dllcache
07/30/2005 02:36 PM 234,311 jt2q07f5e.dll
07/30/2005 08:27 AM 233,248 wqasf.dll
07/30/2005 07:59 AM 233,248 lwrmonui.dll
07/30/2005 06:31 AM 233,248 dmnlobby.dll
07/30/2005 06:31 AM 233,248 dcmodemx.dll
07/30/2005 05:18 AM 233,248 doound.dll
07/30/2005 05:18 AM 233,248 devvox.dll
07/30/2005 03:49 AM 233,248 tyrmsrv.dll
07/30/2005 03:49 AM 233,248 tqpmib.dll
07/30/2005 02:47 AM 233,248 dk7vb.dll
07/30/2005 02:47 AM 233,248 dcsenh.dll
07/30/2005 01:25 AM 233,248 SF2EVNT1.DLL
07/30/2005 01:25 AM 233,248 rkn_dos.dll
07/30/2005 12:01 AM 233,248 kudic.dll
07/30/2005 12:01 AM 233,248 kudgr.dll
07/29/2005 10:48 PM 233,248 bwpanui.dll
07/29/2005 10:47 PM 233,248 bmpanui.dll
07/29/2005 09:39 PM 233,248 mcdart.dll
07/29/2005 09:39 PM 233,248 mkcms.dll
07/29/2005 08:39 PM 233,248 turmsrv.dll
07/29/2005 08:38 PM 233,248 tUpiperf.dll
07/29/2005 07:34 PM 233,248 srcur32.dll
07/29/2005 07:33 PM 233,248 skcfiles.dll
07/29/2005 06:20 PM 233,248 mpvcrt40.dll
07/29/2005 06:19 PM 233,248 mhvbvm60.dll
07/29/2005 04:50 PM 233,248 fzjs0317e.dll
07/29/2005 04:50 PM 233,248 fz6u03j9e.dll
07/29/2005 02:19 PM 233,248 iVxrtmgr.dll
07/29/2005 02:18 PM 233,248 iDssdo.dll
07/29/2005 12:59 PM 233,248 iWxrtmgr.dll
07/29/2005 12:58 PM 233,248 iOsads.dll
07/29/2005 11:52 AM 233,248 svs.dll
07/29/2005 11:51 AM 233,248 sks.dll
07/29/2005 10:35 AM 233,248 dvprop.dll
07/29/2005 10:34 AM 233,248 dl16gt.dLL
07/29/2005 09:17 AM 233,248 lxcalspl.dll
07/29/2005 09:16 AM 233,248 lfghours.dll
07/29/2005 07:48 AM 233,248 htd.dll
07/29/2005 07:47 AM 233,248 gzi32.dll
07/29/2005 06:26 AM 233,248 wtauserv.dll
07/29/2005 06:25 AM 233,248 wjcltui.dll
07/29/2005 05:02 AM 233,248 lbhsvc.dll
07/29/2005 05:01 AM 233,248 ltbfaac.dll
07/29/2005 03:49 AM 233,248 jvpl400.dll
07/29/2005 03:48 AM 233,248 jvcript.dll
07/29/2005 02:40 AM 233,248 nqvdmd.dll
07/29/2005 02:39 AM 233,248 ngmsmgr.dll
07/29/2005 01:37 AM 233,248 oee2nls.dll
07/29/2005 01:36 AM 233,248 owdbse32.dll
07/29/2005 12:29 AM 233,248 hwetmon.dll
07/29/2005 12:28 AM 233,248 hoetwiz.dll
07/28/2005 11:29 PM 233,248 ojbccu32.dll
07/28/2005 11:28 PM 233,248 obbc32gt.dll
07/28/2005 10:04 PM 233,248 cwcdll.dll
07/28/2005 10:03 PM 233,248 col3d32.dll
07/28/2005 08:51 PM 233,248 tLpisrv.dll
07/28/2005 08:50 PM 233,248 SqmStore.dll
07/28/2005 07:22 PM 233,248 skreamci.dll
07/28/2005 07:21 PM 233,248 sarmfilt.dll
07/28/2005 06:09 PM 233,248 mmoert2.dll
07/28/2005 06:08 PM 233,248 mulbui.dll
07/28/2005 04:40 PM 233,248 mvrd2x40.dll
07/28/2005 04:39 PM 233,248 mosap.dll
07/28/2005 03:21 PM 233,248 mvl_qic.dll
07/28/2005 03:20 PM 233,248 mvimsg.dll
07/28/2005 02:00 PM 233,248 mkimsg.dll
07/28/2005 01:59 PM 233,248 is32_32.dll
07/28/2005 12:53 PM 233,248 wjpsrcwp.dll
07/28/2005 12:52 PM 233,248 wrpdxm.dll
07/28/2005 11:41 AM 233,248 tRpi.dll
07/28/2005 11:41 AM 233,248 sjgina.dll
07/28/2005 10:15 AM 233,248 iamontr.dll
07/28/2005 10:15 AM 233,248 ianathlp.dll
07/28/2005 09:03 AM 233,248 wpbvw.dll
07/28/2005 09:02 AM 233,248 wP2time.dll
07/28/2005 07:33 AM 233,248 6wo4svc.dll
07/28/2005 07:33 AM 233,248 3evxVfWCodec.dll
07/28/2005 06:31 AM 233,248 aytiveds.dll
07/28/2005 05:26 AM 233,248 hxui.dll
07/28/2005 05:26 AM 233,248 hnpertrm.dll
07/28/2005 04:12 AM 233,248 psgfilt.dll
07/28/2005 04:12 AM 233,248 plapi.dll
07/28/2005 03:00 AM 233,248 krdmaori.dll
07/28/2005 03:00 AM 233,248 kjdinben.dll
07/28/2005 01:51 AM 233,248 dMdim700.dll
07/28/2005 01:51 AM 233,248 dCd8thk.dll
07/28/2005 12:31 AM 233,248 RnoMSCPS.dll
07/28/2005 12:31 AM 233,248 rggsvc.dll
07/27/2005 11:30 PM 233,248 mwxbde40.dll
07/27/2005 11:30 PM 233,248 mwxml2r.dll
07/27/2005 10:22 PM 233,248 rwgapi.dll
07/27/2005 10:22 PM 233,248 rochost.dll
07/27/2005 09:19 PM 233,248 kedfc.dll
07/27/2005 09:19 PM 233,248 kedgr1.dll
07/27/2005 08:14 PM 233,248 uqrcntra.dll
07/27/2005 08:14 PM 233,248 ujrcntra.dll
07/27/2005 07:00 PM 233,248 eyr8l19u1.dll
07/27/2005 07:00 PM 233,248 do7vb.dll
07/27/2005 05:48 PM 233,248 pxapi.dll
07/27/2005 05:48 PM 233,248 pnapi.dll
07/27/2005 04:22 PM 233,248 mdhgrcoi.dll
07/27/2005 04:22 PM 233,248 MWCDec.dll
07/27/2005 03:06 PM 233,248 MIPI.DLL
07/27/2005 03:06 PM 233,248 mQg_hook.dll
07/27/2005 01:51 PM 233,248 mkasn1.dll
07/27/2005 01:51 PM 233,248 mrwstr10.dll
07/27/2005 12:42 PM 233,248 mfobjs.dll
07/27/2005 12:42 PM 233,248 mnorcl32.dll
07/27/2005 11:22 AM 233,248 xisp2res.dll
07/27/2005 11:22 AM 233,248 xy_x263dec.dll
07/27/2005 09:58 AM 233,248 aqsldpc.dll
07/27/2005 09:58 AM 233,248 aimparse.dll
07/27/2005 08:48 AM 233,248 shcfiles.dll
07/27/2005 08:48 AM 233,248 sxrrun.dll
07/27/2005 07:42 AM 233,248 badispl.dll
07/27/2005 07:42 AM 233,248 aqtodisc.dll
07/27/2005 06:31 AM 233,248 scclient.dll
07/27/2005 06:31 AM 233,248 sklwoa.dll
07/27/2005 05:25 AM 233,248 clmodem.dll
07/27/2005 05:25 AM 233,248 cDtsrvut.dll
07/27/2005 04:25 AM 233,248 kydbu.dll
07/27/2005 04:25 AM 233,248 kqdda.dll
07/27/2005 03:03 AM 233,248 MIC71.dll
07/27/2005 03:03 AM 233,248 mqasn1.dll
07/27/2005 01:36 AM 233,248 dvime.dll
07/27/2005 01:36 AM 233,248 dlserver.dll
07/27/2005 12:26 AM 233,248 SkmStore.dll
07/27/2005 12:26 AM 233,248 ScmNeti.dll
07/26/2005 11:20 PM 233,248 ADFAXCNV.DLL
07/26/2005 11:20 PM 233,248 avsldpc.dll
07/26/2005 10:20 PM 233,248 kqdusr.dll
07/26/2005 10:20 PM 233,248 kidycc.dll
07/26/2005 08:58 PM 233,248 laghours.dll
07/26/2005 08:58 PM 233,248 lsnkinfo.dll
07/26/2005 07:31 PM 233,248 dn3j.dll
07/26/2005 07:31 PM 233,248 dv3j.dll
07/26/2005 06:21 PM 233,248 scmpsnap.dll
07/26/2005 06:21 PM 233,248 sudll.dll
07/26/2005 04:58 PM 233,248 didlgs.dll
07/26/2005 04:58 PM 233,248 diocx.dll
07/26/2005 03:48 PM 233,248 rhaenh.dll
07/26/2005 03:48 PM 233,248 rzutetab.dll
07/26/2005 02:25 PM 233,248 dvmsrpcn.dll
07/26/2005 02:25 PM 233,248 ddwsockx.dll
07/26/2005 01:15 PM 233,248 pmflbmsg.dll
07/26/2005 01:15 PM 233,248 pcgfilt.dll
07/26/2005 11:58 AM 233,248 IkagX7.dll
07/26/2005 11:58 AM 233,248 idsetup.dll
07/26/2005 10:40 AM 233,248 kodsl1.dll
07/26/2005 10:40 AM 233,248 khdsl.dll
07/26/2005 09:39 AM 233,248 chedui.dll
07/26/2005 09:39 AM 233,248 cxyptui.dll
07/26/2005 08:14 AM 233,248 ikxrtmgr.dll
07/26/2005 08:14 AM 233,248 iaxrtmgr.dll
07/26/2005 07:01 AM 233,248 kkdsw.dll
07/26/2005 07:01 AM 233,248 kcdru1.dll
07/26/2005 05:38 AM 233,248 uqer32.dll
07/26/2005 05:38 AM 233,248 ujrcoina.dll
07/26/2005 04:28 AM 233,248 kpdcz.dll
07/26/2005 04:28 AM 233,248 kidblr.dll
07/26/2005 03:05 AM 233,248 uwnp.dll
07/26/2005 03:05 AM 233,248 uwlmon.dll
07/26/2005 01:55 AM 233,248 ivclass.dll
07/26/2005 01:55 AM 233,248 ilfosoft.dll
07/26/2005 12:32 AM 233,248 ubbmon.dll
07/26/2005 12:32 AM 233,248 urrcntra.dll
07/25/2005 11:22 PM 233,248 iqfosoft.dll
07/25/2005 11:22 PM 233,248 iqetppui.dll
07/25/2005 10:05 PM 233,248 rYsmans.dll
07/25/2005 10:05 PM 233,248 qrap.dll
07/25/2005 08:47 PM 233,248 scell32.dll
07/25/2005 08:47 PM 233,248 msg209.dll
07/25/2005 07:46 PM 233,248 nllsapi.dll
07/25/2005 07:46 PM 233,248 nbmkcert.dll
07/25/2005 06:38 PM 233,248 jbpl400.dll
07/25/2005 06:38 PM 233,248 jtpl400.dll
07/25/2005 05:24 PM 233,248 cymctl32.dll
07/25/2005 05:24 PM 233,248 czcui.dll
07/25/2005 04:12 PM 233,248 If50_qcx.dll
07/25/2005 04:12 PM 233,248 jXvart.dll
07/25/2005 03:03 PM 233,248 ssndcmsg.dll
07/25/2005 03:03 PM 233,248 stcurity.dll
07/25/2005 01:43 PM 233,248 pdfmgr.dll
07/25/2005 01:43 PM 233,248 pTqsp.dll
07/25/2005 12:25 PM 233,248 cxmaddin.dll
07/25/2005 12:25 PM 233,248 cymaddin.dll
07/25/2005 11:24 AM 233,248 nomsevt.dll
07/25/2005 11:24 AM 233,248 ngdsbcli.dll
07/25/2005 09:59 AM 233,248 cblbact.dll
07/25/2005 09:59 AM 233,248 cumctl32.dll
07/25/2005 08:46 AM 233,248 wdn32spl.dll
07/25/2005 08:46 AM 233,248 wlcsapi.dll
07/25/2005 07:17 AM 233,248 uftfs.dll
07/25/2005 07:17 AM 233,248 ufeg.dll
07/25/2005 06:15 AM 233,248 ebent97.dll
07/25/2005 06:15 AM 233,248 ercapi.dll
07/25/2005 04:53 AM 233,248 dknlobby.dll
07/25/2005 04:53 AM 233,248 dcwsockx.dll
07/25/2005 03:46 AM 233,248 sygina.dll
07/25/2005 03:46 AM 233,248 sqell32.dll
07/25/2005 02:26 AM 233,248 cjiconfg.dll
07/25/2005 02:26 AM 233,248 CCMLM5c.DLL
07/25/2005 01:22 AM 233,248 cvmsnap.dll
07/25/2005 01:22 AM 233,248 clmrepl.dll
07/25/2005 12:11 AM 233,248 cnrpol.dll
07/25/2005 12:11 AM 233,248 cfmpstui.dll
07/24/2005 11:08 PM 233,248 SDMEVNT1.DLL
07/24/2005 11:08 PM 233,248 svsinv.dll
07/24/2005 09:40 PM 233,248 ltasrv.dll
07/24/2005 09:40 PM 233,248 lmcalspl.dll
07/24/2005 08:21 PM 233,248 wtn87em.dll
07/24/2005 08:21 PM 233,248 wtnipsec.dll
07/24/2005 07:00 PM 233,248 miricons.dll
07/24/2005 07:00 PM 233,248 mqcshext.dll
07/24/2005 05:53 PM 233,248 qudwipes.dll
07/24/2005 05:53 PM 233,248 rMcpldlg.dll
07/24/2005 04:42 PM 233,248 ojexl32.dll
07/24/2005 04:42 PM 233,248 oebc32gt.dll
06/16/2005 10:18 PM 0 kt88l7lu1.dll
03/01/2005 01:03 PM <DIR> Microsoft
226 File(s) 52,490,916 bytes
2 Dir(s) 67,112,357,888 bytes free

Crunchie

That looks better

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!

yossarian084

Hey there,

here is the new log...

Just so you know, I cant seem to do a normal shiut down of Windows. I always have to shut it off with the on/off switch. Any thoughts?

I had to delete a bunch of lines to make it fit in this post.

L2Mfix 1.03a

Running From:
C:\Documents and Settings\Administrator\Desktop\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry


killing explorer and rundll32.exe


Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Successfully Deleted: C:\WINDOWS\system32\htd.dll
deleting: C:\WINDOWS\system32\hwetmon.dll
Successfully Deleted: C:\WINDOWS\system32\hwetmon.dll
deleting: C:\WINDOWS\system32\hxui.dll
Successfully Deleted: C:\WINDOWS\system32\hxui.dll
deleting: C:\WINDOWS\system32\iamontr.dll
Successfully Deleted: C:\WINDOWS\system32\iamontr.dll
deleting: C:\WINDOWS\system32\ianathlp.dll
Successfully Deleted: C:\WINDOWS\system32\ianathlp.dll
deleting: C:\WINDOWS\system32\iaxrtmgr.dll
Successfully Deleted: C:\WINDOWS\system32\iaxrtmgr.dll
deleting: C:\WINDOWS\system32\idsetup.dll
Successfully Deleted: C:\WINDOWS\system32\idsetup.dll
deleting: C:\WINDOWS\system32\iDssdo.dll
Successfully Deleted: C:\WINDOWS\system32\iDssdo.dll
deleting: C:\WINDOWS\system32\If50_qcx.dll
Successfully Deleted: C:\WINDOWS\system32\If50_qcx.dll
deleting: C:\WINDOWS\system32\IkagX7.dll
Successfully Deleted: C:\WINDOWS\system32\IkagX7.dll
deleting: C:\WINDOWS\system32\ikxrtmgr.dll
Successfully Deleted: C:\WINDOWS\system32\ikxrtmgr.dll
deleting: C:\WINDOWS\system32\ilfosoft.dll
Successfully Deleted: C:\WINDOWS\system32\ilfosoft.dll
deleting: C:\WINDOWS\system32\iOsads.dll
Successfully Deleted: C:\WINDOWS\system32\iOsads.dll
deleting: C:\WINDOWS\system32\iqetppui.dll
Successfully Deleted: C:\WINDOWS\system32\iqetppui.dll
deleting: C:\WINDOWS\system32\iqfosoft.dll
Successfully Deleted: C:\WINDOWS\system32\iqfosoft.dll
deleting: C:\WINDOWS\system32\is32_32.dll
Successfully Deleted: C:\WINDOWS\system32\is32_32.dll
deleting: C:\WINDOWS\system32\ivclass.dll
Successfully Deleted: C:\WINDOWS\system32\ivclass.dll
deleting: C:\WINDOWS\system32\iVxrtmgr.dll
Successfully Deleted: C:\WINDOWS\system32\iVxrtmgr.dll
deleting: C:\WINDOWS\system32\iWxrtmgr.dll
Successfully Deleted: C:\WINDOWS\system32\iWxrtmgr.dll
deleting: C:\WINDOWS\system32\jbpl400.dll
Successfully Deleted: C:\WINDOWS\system32\jbpl400.dll
deleting: C:\WINDOWS\system32\jt2q07f5e.dll
Successfully Deleted: C:\WINDOWS\system32\jt2q07f5e.dll
deleting: C:\WINDOWS\system32\jtpl400.dll
Successfully Deleted: C:\WINDOWS\system32\jtpl400.dll
deleting: C:\WINDOWS\system32\jvcript.dll
Successfully Deleted: C:\WINDOWS\system32\jvcript.dll
deleting: C:\WINDOWS\system32\jvpl400.dll
Successfully Deleted: C:\WINDOWS\system32\jvpl400.dll
deleting: C:\WINDOWS\system32\jXvart.dll
Successfully Deleted: C:\WINDOWS\system32\jXvart.dll
deleting: C:\WINDOWS\system32\kcdru1.dll
Successfully Deleted: C:\WINDOWS\system32\kcdru1.dll
deleting: C:\WINDOWS\system32\kedfc.dll
Successfully Deleted: C:\WINDOWS\system32\kedfc.dll
deleting: C:\WINDOWS\system32\kedgr1.dll
Successfully Deleted: C:\WINDOWS\system32\kedgr1.dll
deleting: C:\WINDOWS\system32\khdsl.dll
Successfully Deleted: C:\WINDOWS\system32\khdsl.dll
deleting: C:\WINDOWS\system32\kidblr.dll
Successfully Deleted: C:\WINDOWS\system32\kidblr.dll
deleting: C:\WINDOWS\system32\kidycc.dll
Successfully Deleted: C:\WINDOWS\system32\kidycc.dll
deleting: C:\WINDOWS\system32\kjdinben.dll
Successfully Deleted: C:\WINDOWS\system32\kjdinben.dll
deleting: C:\WINDOWS\system32\kkdsw.dll
Successfully Deleted: C:\WINDOWS\system32\kkdsw.dll
deleting: C:\WINDOWS\system32\kodsl1.dll
Successfully Deleted: C:\WINDOWS\system32\kodsl1.dll
deleting: C:\WINDOWS\system32\kpdcz.dll
Successfully Deleted: C:\WINDOWS\system32\kpdcz.dll
deleting: C:\WINDOWS\system32\kqdda.dll
Successfully Deleted: C:\WINDOWS\system32\kqdda.dll
deleting: C:\WINDOWS\system32\kqdusr.dll
Successfully Deleted: C:\WINDOWS\system32\kqdusr.dll
deleting: C:\WINDOWS\system32\krdmaori.dll
Successfully Deleted: C:\WINDOWS\system32\krdmaori.dll
deleting: C:\WINDOWS\system32\kudgr.dll
Successfully Deleted: C:\WINDOWS\system32\kudgr.dll
deleting: C:\WINDOWS\system32\kudic.dll
Successfully Deleted: C:\WINDOWS\system32\kudic.dll
deleting: C:\WINDOWS\system32\kydbu.dll
Successfully Deleted: C:\WINDOWS\system32\kydbu.dll
deleting: C:\WINDOWS\system32\laghours.dll
Successfully Deleted: C:\WINDOWS\system32\laghours.dll
deleting: C:\WINDOWS\system32\lbhsvc.dll
Successfully Deleted: C:\WINDOWS\system32\lbhsvc.dll
deleting: C:\WINDOWS\system32\lfghours.dll
Successfully Deleted: C:\WINDOWS\system32\lfghours.dll
deleting: C:\WINDOWS\system32\lmcalspl.dll
Successfully Deleted: C:\WINDOWS\system32\lmcalspl.dll
deleting: C:\WINDOWS\system32\lsnkinfo.dll
Successfully Deleted: C:\WINDOWS\system32\lsnkinfo.dll
deleting: C:\WINDOWS\system32\ltasrv.dll
Successfully Deleted: C:\WINDOWS\system32\ltasrv.dll
deleting: C:\WINDOWS\system32\ltbfaac.dll
Successfully Deleted: C:\WINDOWS\system32\ltbfaac.dll
deleting: C:\WINDOWS\system32\lwrmonui.dll
Successfully Deleted: C:\WINDOWS\system32\lwrmonui.dll
deleting: C:\WINDOWS\system32\lxcalspl.dll
Successfully Deleted: C:\WINDOWS\system32\lxcalspl.dll
deleting: C:\WINDOWS\system32\mcdart.dll
Successfully Deleted: C:\WINDOWS\system32\mcdart.dll
deleting: C:\WINDOWS\system32\mdhgrcoi.dll
Successfully Deleted: C:\WINDOWS\system32\mdhgrcoi.dll
deleting: C:\WINDOWS\system32\mfobjs.dll
Successfully Deleted: C:\WINDOWS\system32\mfobjs.dll
deleting: C:\WINDOWS\system32\mhvbvm60.dll
Successfully Deleted: C:\WINDOWS\system32\mhvbvm60.dll
deleting: C:\WINDOWS\system32\MIC71.dll
Successfully Deleted: C:\WINDOWS\system32\MIC71.dll
deleting: C:\WINDOWS\system32\milogmgr.dll
Successfully Deleted: C:\WINDOWS\system32\milogmgr.dll
deleting: C:\WINDOWS\system32\MIPI.DLL
Successfully Deleted: C:\WINDOWS\system32\MIPI.DLL
deleting: C:\WINDOWS\system32\miricons.dll
Successfully Deleted: C:\WINDOWS\system32\miricons.dll
deleting: C:\WINDOWS\system32\mkasn1.dll
Successfully Deleted: C:\WINDOWS\system32\mkasn1.dll
deleting: C:\WINDOWS\system32\mkcms.dll
Successfully Deleted: C:\WINDOWS\system32\mkcms.dll
deleting: C:\WINDOWS\system32\mkimsg.dll
Successfully Deleted: C:\WINDOWS\system32\mkimsg.dll
deleting: C:\WINDOWS\system32\mmoert2.dll
Successfully Deleted: C:\WINDOWS\system32\mmoert2.dll
deleting: C:\WINDOWS\system32\mnorcl32.dll
Successfully Deleted: C:\WINDOWS\system32\mnorcl32.dll
deleting: C:\WINDOWS\system32\mosap.dll
Successfully Deleted: C:\WINDOWS\system32\mosap.dll
deleting: C:\WINDOWS\system32\mpvcrt40.dll
Successfully Deleted: C:\WINDOWS\system32\mpvcrt40.dll
deleting: C:\WINDOWS\system32\mqasn1.dll
Successfully Deleted: C:\WINDOWS\system32\mqasn1.dll
deleting: C:\WINDOWS\system32\mqcshext.dll
Successfully Deleted: C:\WINDOWS\system32\mqcshext.dll
deleting: C:\WINDOWS\system32\mQg_hook.dll
Successfully Deleted: C:\WINDOWS\system32\mQg_hook.dll
deleting: C:\WINDOWS\system32\mrwstr10.dll
Successfully Deleted: C:\WINDOWS\system32\mrwstr10.dll
deleting: C:\WINDOWS\system32\msg209.dll
Successfully Deleted: C:\WINDOWS\system32\msg209.dll
deleting: C:\WINDOWS\system32\mulbui.dll
Successfully Deleted: C:\WINDOWS\system32\mulbui.dll
deleting: C:\WINDOWS\system32\mv28l9fu1.dll
Successfully Deleted: C:\WINDOWS\system32\mv28l9fu1.dll
deleting: C:\WINDOWS\system32\mvimsg.dll
Successfully Deleted: C:\WINDOWS\system32\mvimsg.dll
deleting: C:\WINDOWS\system32\mvl_qic.dll
Successfully Deleted: C:\WINDOWS\system32\mvl_qic.dll
deleting: C:\WINDOWS\system32\mvrd2x40.dll
Successfully Deleted: C:\WINDOWS\system32\mvrd2x40.dll
deleting: C:\WINDOWS\system32\MWCDec.dll
Successfully Deleted: C:\WINDOWS\system32\MWCDec.dll
deleting: C:\WINDOWS\system32\mWpistub.dll
Successfully Deleted: C:\WINDOWS\system32\mWpistub.dll
deleting: C:\WINDOWS\system32\mwxbde40.dll
Successfully Deleted: C:\WINDOWS\system32\mwxbde40.dll
deleting: C:\WINDOWS\system32\mwxml2r.dll
Successfully Deleted: C:\WINDOWS\system32\mwxml2r.dll
deleting: C:\WINDOWS\system32\nbmkcert.dll
Successfully Deleted: C:\WINDOWS\system32\nbmkcert.dll
deleting: C:\WINDOWS\system32\ngdsbcli.dll
Successfully Deleted: C:\WINDOWS\system32\ngdsbcli.dll
deleting: C:\WINDOWS\system32\ngmsmgr.dll
Successfully Deleted: C:\WINDOWS\system32\ngmsmgr.dll
deleting: C:\WINDOWS\system32\nllsapi.dll
Successfully Deleted: C:\WINDOWS\system32\nllsapi.dll
deleting: C:\WINDOWS\system32\nomsevt.dll
Successfully Deleted: C:\WINDOWS\system32\nomsevt.dll
deleting: C:\WINDOWS\system32\nqvdmd.dll
Successfully Deleted: C:\WINDOWS\system32\nqvdmd.dll
deleting: C:\WINDOWS\system32\obbc32gt.dll
Successfully Deleted: C:\WINDOWS\system32\obbc32gt.dll
deleting: C:\WINDOWS\system32\oebc32gt.dll
Successfully Deleted: C:\WINDOWS\system32\oebc32gt.dll
deleting: C:\WINDOWS\system32\oee2nls.dll
Successfully Deleted: C:\WINDOWS\system32\oee2nls.dll
deleting: C:\WINDOWS\system32\ojbccu32.dll
Successfully Deleted: C:\WINDOWS\system32\ojbccu32.dll
deleting: C:\WINDOWS\system32\ojexl32.dll
Successfully Deleted: C:\WINDOWS\system32\ojexl32.dll
deleting: C:\WINDOWS\system32\owdbse32.dll
Successfully Deleted: C:\WINDOWS\system32\owdbse32.dll
deleting: C:\WINDOWS\system32\pcgfilt.dll
Successfully Deleted: C:\WINDOWS\system32\pcgfilt.dll
deleting: C:\WINDOWS\system32\pdfmgr.dll
Successfully Deleted: C:\WINDOWS\system32\pdfmgr.dll
deleting: C:\WINDOWS\system32\plapi.dll
Successfully Deleted: C:\WINDOWS\system32\plapi.dll
deleting: C:\WINDOWS\system32\pmflbmsg.dll
Successfully Deleted: C:\WINDOWS\system32\pmflbmsg.dll
deleting: C:\WINDOWS\system32\pnapi.dll
Successfully Deleted: C:\WINDOWS\system32\pnapi.dll
deleting: C:\WINDOWS\system32\psgfilt.dll
Successfully Deleted: C:\WINDOWS\system32\psgfilt.dll
deleting: C:\WINDOWS\system32\pTqsp.dll
Successfully Deleted: C:\WINDOWS\system32\pTqsp.dll
deleting: C:\WINDOWS\system32\pxapi.dll
Successfully Deleted: C:\WINDOWS\system32\pxapi.dll
deleting: C:\WINDOWS\system32\qrap.dll
Successfully Deleted: C:\WINDOWS\system32\qrap.dll
deleting: C:\WINDOWS\system32\qudwipes.dll
Successfully Deleted: C:\WINDOWS\system32\qudwipes.dll
deleting: C:\WINDOWS\system32\rggsvc.dll
Successfully Deleted: C:\WINDOWS\system32\rggsvc.dll
deleting: C:\WINDOWS\system32\rhaenh.dll
Successfully Deleted: C:\WINDOWS\system32\rhaenh.dll
deleting: C:\WINDOWS\system32\rkn_dos.dll
Successfully Deleted: C:\WINDOWS\system32\rkn_dos.dll
deleting: C:\WINDOWS\system32\rMcpldlg.dll
Successfully Deleted: C:\WINDOWS\system32\rMcpldlg.dll
deleting: C:\WINDOWS\system32\RnoMSCPS.dll
Successfully Deleted: C:\WINDOWS\system32\RnoMSCPS.dll
deleting: C:\WINDOWS\system32\rochost.dll
Successfully Deleted: C:\WINDOWS\system32\rochost.dll
deleting: C:\WINDOWS\system32\rwgapi.dll
Successfully Deleted: C:\WINDOWS\system32\rwgapi.dll
deleting: C:\WINDOWS\system32\rYsmans.dll
Successfully Deleted: C:\WINDOWS\system32\rYsmans.dll
deleting: C:\WINDOWS\system32\rzutetab.dll
Successfully Deleted: C:\WINDOWS\system32\rzutetab.dll
deleting: C:\WINDOWS\system32\sarmfilt.dll
Successfully Deleted: C:\WINDOWS\system32\sarmfilt.dll
deleting: C:\WINDOWS\system32\scclient.dll
Successfully Deleted: C:\WINDOWS\system32\scclient.dll
deleting: C:\WINDOWS\system32\scell32.dll
Successfully Deleted: C:\WINDOWS\system32\scell32.dll
deleting: C:\WINDOWS\system32\ScmNeti.dll
Successfully Deleted: C:\WINDOWS\system32\ScmNeti.dll
deleting: C:\WINDOWS\system32\scmpsnap.dll
deleting: C:\WINDOWS\system32\sxrrun.dll
Successfully Deleted: C:\WINDOWS\system32\sxrrun.dll
deleting: C:\WINDOWS\system32\sygina.dll
Successfully Deleted: C:\WINDOWS\system32\sygina.dll
deleting: C:\WINDOWS\system32\tLpisrv.dll
Successfully Deleted: C:\WINDOWS\system32\tLpisrv.dll
deleting: C:\WINDOWS\system32\tqpmib.dll
Successfully Deleted: C:\WINDOWS\system32\tqpmib.dll
deleting: C:\WINDOWS\system32\tRpi.dll
Successfully Deleted: C:\WINDOWS\system32\tRpi.dll
deleting: C:\WINDOWS\system32\tUpiperf.dll
Successfully Deleted: C:\WINDOWS\system32\tUpiperf.dll
deleting: C:\WINDOWS\system32\turmsrv.dll
Successfully Deleted: C:\WINDOWS\system32\turmsrv.dll
deleting: C:\WINDOWS\system32\tyrmsrv.dll
Successfully Deleted: C:\WINDOWS\system32\tyrmsrv.dll
deleting: C:\WINDOWS\system32\ubbmon.dll
Successfully Deleted: C:\WINDOWS\system32\ubbmon.dll
deleting: C:\WINDOWS\system32\ufeg.dll
Successfully Deleted: C:\WINDOWS\system32\ufeg.dll
deleting: C:\WINDOWS\system32\uftfs.dll
Successfully Deleted: C:\WINDOWS\system32\uftfs.dll
deleting: C:\WINDOWS\system32\ujrcntra.dll
Successfully Deleted: C:\WINDOWS\system32\ujrcntra.dll
deleting: C:\WINDOWS\system32\ujrcoina.dll
Successfully Deleted: C:\WINDOWS\system32\ujrcoina.dll
deleting: C:\WINDOWS\system32\uqer32.dll
Successfully Deleted: C:\WINDOWS\system32\uqer32.dll
deleting: C:\WINDOWS\system32\uqrcntra.dll
Successfully Deleted: C:\WINDOWS\system32\uqrcntra.dll
deleting: C:\WINDOWS\system32\urrcntra.dll
Successfully Deleted: C:\WINDOWS\system32\urrcntra.dll
deleting: C:\WINDOWS\system32\uwlmon.dll
Successfully Deleted: C:\WINDOWS\system32\uwlmon.dll
deleting: C:\WINDOWS\system32\uwnp.dll
Successfully Deleted: C:\WINDOWS\system32\uwnp.dll
deleting: C:\WINDOWS\system32\wdn32spl.dll
Successfully Deleted: C:\WINDOWS\system32\wdn32spl.dll
deleting: C:\WINDOWS\system32\wdpasf.dll
Successfully Deleted: C:\WINDOWS\system32\wdpasf.dll
deleting: C:\WINDOWS\system32\wipsrcwp.dll
Successfully Deleted: C:\WINDOWS\system32\wipsrcwp.dll
deleting: C:\WINDOWS\system32\wjcltui.dll
Successfully Deleted: C:\WINDOWS\system32\wjcltui.dll
deleting: C:\WINDOWS\system32\wjpsrcwp.dll
Successfully Deleted: C:\WINDOWS\system32\wjpsrcwp.dll
deleting: C:\WINDOWS\system32\wlcsapi.dll
Successfully Deleted: C:\WINDOWS\system32\wlcsapi.dll
deleting: C:\WINDOWS\system32\wP2time.dll
Successfully Deleted: C:\WINDOWS\system32\wP2time.dll
deleting: C:\WINDOWS\system32\wpbvw.dll
Successfully Deleted: C:\WINDOWS\system32\wpbvw.dll
deleting: C:\WINDOWS\system32\wqasf.dll
Successfully Deleted: C:\WINDOWS\system32\wqasf.dll
deleting: C:\WINDOWS\system32\wrpdxm.dll
Successfully Deleted: C:\WINDOWS\system32\wrpdxm.dll
deleting: C:\WINDOWS\system32\wtauserv.dll
Successfully Deleted: C:\WINDOWS\system32\wtauserv.dll
deleting: C:\WINDOWS\system32\wtn87em.dll
Successfully Deleted: C:\WINDOWS\system32\wtn87em.dll
deleting: C:\WINDOWS\system32\wtnipsec.dll
Successfully Deleted: C:\WINDOWS\system32\wtnipsec.dll
deleting: C:\WINDOWS\system32\xisp2res.dll
Successfully Deleted: C:\WINDOWS\system32\xisp2res.dll
deleting: C:\WINDOWS\system32\xy_x263dec.dll
Successfully Deleted: C:\WINDOWS\system32\xy_x263dec.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp


Zipping up files for submission:
adding: 3evxVfWCodec.dll (164 bytes security) (deflated 4%)
adding: 6wo4svc.dll (164 bytes security) (deflated 4%)
adding: ADFAXCNV.DLL (164 bytes security) (deflated 4%)
adding: aimparse.dll (164 bytes security) (deflated 4%)
adding: aqsldpc.dll (164 bytes security) (deflated 4%)
adding: aqtodisc.dll (164 bytes security) (deflated 4%)
adding: avsldpc.dll (164 bytes security) (deflated 4%)
adding: aytiveds.dll (164 bytes security) (deflated 4%)
adding: badispl.dll (164 bytes security) (deflated 4%)
adding: bmpanui.dll (164 bytes security) (deflated 4%)
adding: bwpanui.dll (164 bytes security) (deflated 4%)
adding: cblbact.dll (164 bytes security) (deflated 4%)
adding: CCMLM5c.DLL (164 bytes security) (deflated 4%)
adding: cDtsrvut.dll (164 bytes security) (deflated 4%)
adding: cfmpstui.dll (164 bytes security) (deflated 4%)
adding: chedui.dll (164 bytes security) (deflated 4%)
adding: cjiconfg.dll (164 bytes security) (deflated 4%)
adding: clmodem.dll (164 bytes security) (deflated 4%)
adding: clmrepl.dll (164 bytes security) (deflated 4%)
adding: cnrpol.dll (164 bytes security) (deflated 4%)
adding: col3d32.dll (164 bytes security) (deflated 4%)
adding: cumctl32.dll (164 bytes security) (deflated 4%)
adding: cvmsnap.dll (164 bytes security) (deflated 4%)
adding: cwcdll.dll (164 bytes security) (deflated 4%)
adding: cxmaddin.dll (164 bytes security) (deflated 4%)
adding: cxyptui.dll (164 bytes security) (deflated 4%)
adding: cymaddin.dll (164 bytes security) (deflated 4%)
adding: cymctl32.dll (164 bytes security) (deflated 4%)
adding: czcui.dll (164 bytes security) (deflated 4%)
adding: dCd8thk.dll (164 bytes security) (deflated 4%)
adding: dcmodemx.dll (164 bytes security) (deflated 4%)
adding: dcsenh.dll (164 bytes security) (deflated 4%)
adding: dcwsockx.dll (164 bytes security) (deflated 4%)
adding: ddwsockx.dll (164 bytes security) (deflated 4%)
adding: devvox.dll (164 bytes security) (deflated 4%)
adding: didlgs.dll (164 bytes security) (deflated 4%)
adding: diocx.dll (164 bytes security) (deflated 4%)
adding: dk7vb.dll (164 bytes security) (deflated 4%)
adding: dknlobby.dll (164 bytes security) (deflated 4%)
adding: dl16gt.dLL (164 bytes security) (deflated 4%)
adding: dlserver.dll (164 bytes security) (deflated 4%)
adding: dMdim700.dll (164 bytes security) (deflated 4%)
adding: dmnlobby.dll (164 bytes security) (deflated 4%)
adding: dn0q01d5e.dll (164 bytes security) (deflated 5%)
adding: dn3j.dll (164 bytes security) (deflated 4%)
adding: do7vb.dll (164 bytes security) (deflated 4%)
adding: doound.dll (164 bytes security) (deflated 4%)
adding: dv3j.dll (164 bytes security) (deflated 4%)
adding: dvime.dll (164 bytes security) (deflated 4%)
adding: dvmsrpcn.dll (164 bytes security) (deflated 4%)
adding: dvprop.dll (164 bytes security) (deflated 4%)
adding: ebent97.dll (164 bytes security) (deflated 4%)
adding: ercapi.dll (164 bytes security) (deflated 4%)
adding: eyr8l19u1.dll (164 bytes security) (deflated 4%)
adding: fz6u03j9e.dll (164 bytes security) (deflated 4%)
adding: fzjs0317e.dll (164 bytes security) (deflated 4%)
adding: gzi32.dll (164 bytes security) (deflated 4%)
adding: hbetcfg.dll (164 bytes security) (deflated 4%)
adding: hnpertrm.dll (164 bytes security) (deflated 4%)
adding: hoetwiz.dll (164 bytes security) (deflated 4%)
adding: htd.dll (164 bytes security) (deflated 4%)
adding: hwetmon.dll (164 bytes security) (deflated 4%)
adding: hxui.dll (164 bytes security) (deflated 4%)
adding: iamontr.dll (164 bytes security) (deflated 4%)
adding: ianathlp.dll (164 bytes security) (deflated 4%)
adding: iaxrtmgr.dll (164 bytes security) (deflated 4%)
adding: idsetup.dll (164 bytes security) (deflated 4%)
adding: iDssdo.dll (164 bytes security) (deflated 4%)
adding: If50_qcx.dll (164 bytes security) (deflated 4%)
adding: IkagX7.dll (164 bytes security) (deflated 4%)
adding: ikxrtmgr.dll (164 bytes security) (deflated 4%)
adding: ilfosoft.dll (164 bytes security) (deflated 4%)
adding: iOsads.dll (164 bytes security) (deflated 4%)
adding: iqetppui.dll (164 bytes security) (deflated 4%)
adding: iqfosoft.dll (164 bytes security) (deflated 4%)
adding: is32_32.dll (164 bytes security) (deflated 4%)
adding: ivclass.dll (164 bytes security) (deflated 4%)
adding: iVxrtmgr.dll (164 bytes security) (deflated 4%)
adding: iWxrtmgr.dll (164 bytes security) (deflated 4%)
adding: jbpl400.dll (164 bytes security) (deflated 4%)
adding: jt2q07f5e.dll (164 bytes security) (deflated 5%)
adding: jtpl400.dll (164 bytes security) (deflated 4%)
adding: jvcript.dll (164 bytes security) (deflated 4%)
adding: jvpl400.dll (164 bytes security) (deflated 4%)
adding: jXvart.dll (164 bytes security) (deflated 4%)
adding: kcdru1.dll (164 bytes security) (deflated 4%)
adding: kedfc.dll (164 bytes security) (deflated 4%)
adding: kedgr1.dll (164 bytes security) (deflated 4%)
adding: khdsl.dll (164 bytes security) (deflated 4%)
adding: kidblr.dll (164 bytes security) (deflated 4%)
adding: kidycc.dll (164 bytes security) (deflated 4%)
adding: kjdinben.dll (164 bytes security) (deflated 4%)
adding: kkdsw.dll (164 bytes security) (deflated 4%)
adding: kodsl1.dll (164 bytes security) (deflated 4%)
adding: kpdcz.dll (164 bytes security) (deflated 4%)
adding: kqdda.dll (164 bytes security) (deflated 4%)
adding: kqdusr.dll (164 bytes security) (deflated 4%)
adding: krdmaori.dll (164 bytes security) (deflated 4%)
adding: kudgr.dll (164 bytes security) (deflated 4%)
adding: kudic.dll (164 bytes security) (deflated 4%)
adding: kydbu.dll (164 bytes security) (deflated 4%)
adding: laghours.dll (164 bytes security) (deflated 4%)
adding: lbhsvc.dll (164 bytes security) (deflated 4%)
adding: lfghours.dll (164 bytes security) (deflated 4%)
adding: lmcalspl.dll (164 bytes security) (deflated 4%)
adding: lsnkinfo.dll (164 bytes security) (deflated 4%)
adding: ltasrv.dll (164 bytes security) (deflated 4%)
adding: ltbfaac.dll (164 bytes security) (deflated 4%)
adding: lwrmonui.dll (164 bytes security) (deflated 4%)
adding: lxcalspl.dll (164 bytes security) (deflated 4%)
adding: mcdart.dll (164 bytes security) (deflated 4%)
adding: mdhgrcoi.dll (164 bytes security) (deflated 4%)
adding: mfobjs.dll (164 bytes security) (deflated 4%)
adding: mhvbvm60.dll (164 bytes security) (deflated 4%)
adding: MIC71.dll (164 bytes security) (deflated 4%)
adding: milogmgr.dll (164 bytes security) (deflated 4%)
adding: MIPI.DLL (164 bytes security) (deflated 4%)
adding: miricons.dll (164 bytes security) (deflated 4%)
adding: mkasn1.dll (164 bytes security) (deflated 4%)
adding: mkcms.dll (164 bytes security) (deflated 4%)
adding: mkimsg.dll (164 bytes security) (deflated 4%)
adding: mmoert2.dll (164 bytes security) (deflated 4%)
adding: mnorcl32.dll (164 bytes security) (deflated 4%)
adding: mosap.dll (164 bytes security) (deflated 4%)
adding: mpvcrt40.dll (164 bytes security) (deflated 4%)
adding: mqasn1.dll (164 bytes security) (deflated 4%)
adding: mqcshext.dll (164 bytes security) (deflated 4%)
adding: mQg_hook.dll (164 bytes security) (deflated 4%)
adding: mrwstr10.dll (164 bytes security) (deflated 4%)
adding: msg209.dll (164 bytes security) (deflated 4%)
adding: mulbui.dll (164 bytes security) (deflated 4%)
adding: mv28l9fu1.dll (164 bytes security) (deflated 6%)
adding: mvimsg.dll (164 bytes security) (deflated 4%)
adding: mvl_qic.dll (164 bytes security) (deflated 4%)
adding: mvrd2x40.dll (164 bytes security) (deflated 4%)
adding: MWCDec.dll (164 bytes security) (deflated 4%)
adding: mWpistub.dll (164 bytes security) (deflated 5%)
adding: mwxbde40.dll (164 bytes security) (deflated 4%)
adding: mwxml2r.dll (164 bytes security) (deflated 4%)
adding: nbmkcert.dll (164 bytes security) (deflated 4%)
adding: ngdsbcli.dll (164 bytes security) (deflated 4%)
adding: ngmsmgr.dll (164 bytes security) (deflated 4%)
adding: nllsapi.dll (164 bytes security) (deflated 4%)
adding: nomsevt.dll (164 bytes security) (deflated 4%)
adding: nqvdmd.dll (164 bytes security) (deflated 4%)
adding: obbc32gt.dll (164 bytes security) (deflated 4%)
adding: oebc32gt.dll (164 bytes security) (deflated 4%)
adding: oee2nls.dll (164 bytes security) (deflated 4%)
adding: ojbccu32.dll (164 bytes security) (deflated 4%)
adding: ojexl32.dll (164 bytes security) (deflated 4%)
adding: owdbse32.dll (164 bytes security) (deflated 4%)
adding: pcgfilt.dll (164 bytes security) (deflated 4%)
adding: pdfmgr.dll (164 bytes security) (deflated 4%)
adding: plapi.dll (164 bytes security) (deflated 4%)
adding: pmflbmsg.dll (164 bytes security) (deflated 4%)
adding: pnapi.dll (164 bytes security) (deflated 4%)
adding: psgfilt.dll (164 bytes security) (deflated 4%)
adding: pTqsp.dll (164 bytes security) (deflated 4%)
adding: pxapi.dll (164 bytes security) (deflated 4%)
adding: qrap.dll (164 bytes security) (deflated 4%)
adding: qudwipes.dll (164 bytes security) (deflated 4%)
adding: rggsvc.dll (164 bytes security) (deflated 4%)
adding: rhaenh.dll (164 bytes security) (deflated 4%)
adding: rkn_dos.dll (164 bytes security) (deflated 4%)
adding: rMcpldlg.dll (164 bytes security) (deflated 4%)
adding: RnoMSCPS.dll (164 bytes security) (deflated 4%)
adding: rochost.dll (164 bytes security) (deflated 4%)
adding: rwgapi.dll (164 bytes security) (deflated 4%)
adding: rYsmans.dll (164 bytes security) (deflated 4%)
adding: rzutetab.dll (164 bytes security) (deflated 4%)
adding: sarmfilt.dll (164 bytes security) (deflated 4%)
adding: scclient.dll (164 bytes security) (deflated 4%)
adding: scell32.dll (164 bytes security) (deflated 4%)
adding: ScmNeti.dll (164 bytes security) (deflated 4%)
adding: scmpsnap.dll (164 bytes security) (deflated 4%)
adding: SDMEVNT1.DLL (164 bytes security) (deflated 4%)
adding: SF2EVNT1.DLL (164 bytes security) (deflated 4%)
adding: shcfiles.dll (164 bytes security) (deflated 4%)
adding: sjgina.dll (164 bytes security) (deflated 4%)
adding: skcfiles.dll (164 bytes security) (deflated 4%)
adding: sklwoa.dll (164 bytes security) (deflated 4%)
adding: SkmStore.dll (164 bytes security) (deflated 4%)
adding: skreamci.dll (164 bytes security) (deflated 4%)
adding: sks.dll (164 bytes security) (deflated 4%)
adding: sqell32.dll (164 bytes security) (deflated 4%)
adding: SqmStore.dll (164 bytes security) (deflated 4%)
adding: srcur32.dll (164 bytes security) (deflated 4%)
adding: ssndcmsg.dll (164 bytes security) (deflated 4%)
adding: stcurity.dll (164 bytes security) (deflated 4%)
adding: sudll.dll (164 bytes security) (deflated 4%)
adding: svs.dll (164 bytes security) (deflated 4%)
adding: svsinv.dll (164 bytes security) (deflated 4%)
adding: sxrrun.dll (164 bytes security) (deflated 4%)
adding: sygina.dll (164 bytes security) (deflated 4%)
adding: tLpisrv.dll (164 bytes security) (deflated 4%)
adding: tqpmib.dll (164 bytes security) (deflated 4%)
adding: tRpi.dll (164 bytes security) (deflated 4%)
adding: tUpiperf.dll (164 bytes security) (deflated 4%)
adding: turmsrv.dll (164 bytes security) (deflated 4%)
adding: tyrmsrv.dll (164 bytes security) (deflated 4%)
adding: ubbmon.dll (164 bytes security) (deflated 4%)
adding: ufeg.dll (164 bytes security) (deflated 4%)
adding: uftfs.dll (164 bytes security) (deflated 4%)
adding: ujrcntra.dll (164 bytes security) (deflated 4%)
adding: ujrcoina.dll (164 bytes security) (deflated 4%)
adding: uqer32.dll (164 bytes security) (deflated 4%)
adding: uqrcntra.dll (164 bytes security) (deflated 4%)
adding: urrcntra.dll (164 bytes security) (deflated 4%)
adding: uwlmon.dll (164 bytes security) (deflated 4%)
adding: uwnp.dll (164 bytes security) (deflated 4%)
adding: wdn32spl.dll (164 bytes security) (deflated 4%)
adding: wdpasf.dll (164 bytes security) (deflated 5%)
adding: wipsrcwp.dll (164 bytes security) (deflated 5%)
adding: wjcltui.dll (164 bytes security) (deflated 4%)
adding: wjpsrcwp.dll (164 bytes security) (deflated 4%)
adding: wlcsapi.dll (164 bytes security) (deflated 4%)
adding: wP2time.dll (164 bytes security) (deflated 4%)
adding: wpbvw.dll (164 bytes security) (deflated 4%)
adding: wqasf.dll (164 bytes security) (deflated 4%)
adding: wrpdxm.dll (164 bytes security) (deflated 4%)
adding: wtauserv.dll (164 bytes security) (deflated 4%)
adding: wtn87em.dll (164 bytes security) (deflated 4%)
adding: wtnipsec.dll (164 bytes security) (deflated 4%)
adding: xisp2res.dll (164 bytes security) (deflated 4%)
adding: xy_x263dec.dll (164 bytes security) (deflated 4%)
adding: guard.tmp (164 bytes security) (deflated 4%)
adding: clear.reg (164 bytes security) (deflated 67%)
adding: echo.reg (164 bytes security) (deflated 10%)
adding: direct.txt (164 bytes security) (stored 0%)
adding: lo2.txt (164 bytes security) (deflated 90%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: report.txt (164 bytes security) (deflated 73%)
adding: test.txt (164 bytes security) (deflated 87%)
adding: test2.txt (164 bytes security) (deflated 47%)
adding: test3.txt (164 bytes security) (deflated 47%)
adding: test5.txt (164 bytes security) (deflated 47%)
adding: xfind.txt (164 bytes security) (deflated 84%)
adding: backregs/1E23914E-0EDB-4D84-B72E-996BA7432B96.reg (164 bytes security) (deflated 70%)
adding: backregs/4433D7EA-CF87-499F-92FD-9C98A76F766C.reg (164 bytes security) (deflated 70%)
adding: backregs/4BDCF5B4-A3DD-4662-BF8D-928BF259B4FF.reg (164 bytes security) (deflated 70%)
adding: backregs/52175E8C-EEE3-4725-83B9-F10E033C0EE6.reg (164 bytes security) (deflated 70%)
adding: backregs/58D9F31C-E621-431A-A6F6-D289CC4CE236.reg (164 bytes security) (deflated 70%)
adding: backregs/5ABBB46D-0146-4F63-ADB5-710FB01986B3.reg (164 bytes security) (deflated 70%)
adding: backregs/66A704AA-3637-4C9E-A101-20BAD58167A3.reg (164 bytes security) (deflated 69%)
adding: backregs/75774EA3-C630-44C5-9EBE-7F2A015CCA7F.reg (164 bytes security) (deflated 70%)
adding: backregs/84CB9830-AC0F-4891-905B-0A595FEDE8B2.reg (164 bytes security) (deflated 70%)
adding: backregs/C9B135A5-A31E-41B7-9CD4-005BCC922409.reg (164 bytes security) (deflated 70%)
adding: backregs/E571F5C2-264C-4E3A-88E3-367DC8A26531.reg (164 bytes security) (deflated 70%)
adding: backregs/FF599C85-FCEC-4B46-BB3B-85D7E75AC978.reg (164 bytes security) (deflated 69%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful

deleting local copy: 3evxVfWCodec.dll
deleting local copy: 6wo4svc.dll
deleting local copy: ADFAXCNV.DLL
deleting local copy: aimparse.dll
deleting local copy: aqsldpc.dll
deleting local copy: aqtodisc.dll
deleting local copy: avsldpc.dll
deleting local copy: aytiveds.dll
deleting local copy: badispl.dll
deleting local copy: bmpanui.dll
deleting local copy: bwpanui.dll
deleting local copy: cblbact.dll
deleting local copy: CCMLM5c.DLL
deleting local copy: cDtsrvut.dll
deleting local copy: cfmpstui.dll
deleting local copy: chedui.dll
deleting local copy: cjiconfg.dll
deleting local copy: clmodem.dll
deleting local copy: clmrepl.dll
deleting local copy: cnrpol.dll
deleting local copy: col3d32.dll
deleting local copy: cumctl32.dll
deleting local copy: cvmsnap.dll
deleting local copy: cwcdll.dll
deleting local copy: cxmaddin.dll
deleting local copy: cxyptui.dll
deleting local copy: cymaddin.dll
deleting local copy: cymctl32.dll
deleting local copy: czcui.dll
deleting local copy: dCd8thk.dll
deleting local copy: dcmodemx.dll
deleting local copy: dcsenh.dll
deleting local copy: dcwsockx.dll
deleting local copy: ddwsockx.dll
deleting local copy: devvox.dll
deleting local copy: didlgs.dll
deleting local copy: diocx.dll
deleting local copy: dk7vb.dll
deleting local copy: dknlobby.dll
deleting local copy: dl16gt.dLL
deleting local copy: dlserver.dll
deleting local copy: dMdim700.dll
deleting local copy: dmnlobby.dll
deleting local copy: dn0q01d5e.dll
deleting local copy: dn3j.dll
deleting local copy: do7vb.dll
deleting local copy: doound.dll
deleting local copy: dv3j.dll
deleting local copy: dvime.dll
deleting local copy: dvmsrpcn.dll
deleting local copy: dvprop.dll
deleting local copy: ebent97.dll
deleting local copy: ercapi.dll
deleting local copy: eyr8l19u1.dll
deleting local copy: fz6u03j9e.dll
deleting local copy: fzjs0317e.dll
deleting local copy: gzi32.dll
deleting local copy: hbetcfg.dll
deleting local copy: hnpertrm.dll
deleting local copy: hoetwiz.dll
deleting local copy: htd.dll
deleting local copy: hwetmon.dll
deleting local copy: hxui.dll
deleting local copy: iamontr.dll
deleting local copy: ianathlp.dll
deleting local copy: iaxrtmgr.dll
deleting local copy: idsetup.dll
deleting local copy: iDssdo.dll
deleting local copy: If50_qcx.dll
deleting local copy: IkagX7.dll
deleting local copy: ikxrtmgr.dll
deleting local copy: ilfosoft.dll
deleting local copy: iOsads.dll
deleting local copy: iqetppui.dll
deleting local copy: iqfosoft.dll
deleting local copy: is32_32.dll
deleting local copy: ivclass.dll
deleting local copy: iVxrtmgr.dll
deleting local copy: iWxrtmgr.dll
deleting local copy: jbpl400.dll
deleting local copy: jt2q07f5e.dll
deleting local copy: jtpl400.dll
deleting local copy: jvcript.dll
deleting local copy: jvpl400.dll
deleting local copy: jXvart.dll
deleting local copy: kcdru1.dll
deleting local copy: kedfc.dll
deleting local copy: kedgr1.dll
deleting local copy: khdsl.dll
deleting local copy: kidblr.dll
deleting local copy: kidycc.dll
deleting local copy: kjdinben.dll
deleting local copy: kkdsw.dll
deleting local copy: kodsl1.dll
deleting local copy: kpdcz.dll
deleting local copy: kqdda.dll
deleting local copy: kqdusr.dll
deleting local copy: krdmaori.dll
deleting local copy: kudgr.dll
deleting local copy: kudic.dll
deleting local copy: kydbu.dll
deleting local copy: laghours.dll
deleting local copy: lbhsvc.dll
deleting local copy: lfghours.dll
deleting local copy: lmcalspl.dll
deleting local copy: lsnkinfo.dll
deleting local copy: ltasrv.dll
deleting local copy: ltbfaac.dll
deleting local copy: lwrmonui.dll
deleting local copy: lxcalspl.dll
deleting local copy: mcdart.dll
deleting local copy: mdhgrcoi.dll
deleting local copy: mfobjs.dll
deleting local copy: mhvbvm60.dll
deleting local copy: MIC71.dll
deleting local copy: milogmgr.dll
deleting local copy: MIPI.DLL
deleting local copy: miricons.dll
deleting local copy: mkasn1.dll
deleting local copy: mkcms.dll
deleting local copy: mkimsg.dll
deleting local copy: mmoert2.dll
deleting local copy: mnorcl32.dll
deleting local copy: mosap.dll
deleting local copy: mpvcrt40.dll
deleting local copy: mqasn1.dll
deleting local copy: mqcshext.dll
deleting local copy: mQg_hook.dll
deleting local copy: mrwstr10.dll
deleting local copy: msg209.dll
deleting local copy: mulbui.dll
deleting local copy: mv28l9fu1.dll
deleting local copy: mvimsg.dll
deleting local copy: mvl_qic.dll
deleting local copy: mvrd2x40.dll
deleting local copy: MWCDec.dll
deleting local copy: mWpistub.dll
deleting local copy: mwxbde40.dll
deleting local copy: mwxml2r.dll
deleting local copy: nbmkcert.dll
deleting local copy: ngdsbcli.dll
deleting local copy: ngmsmgr.dll
deleting local copy: nllsapi.dll
deleting local copy: nomsevt.dll
deleting local copy: nqvdmd.dll
deleting local copy: obbc32gt.dll
deleting local copy: oebc32gt.dll
deleting local copy: oee2nls.dll
deleting local copy: ojbccu32.dll
deleting local copy: ojexl32.dll
deleting local copy: owdbse32.dll
deleting local copy: pcgfilt.dll
deleting local copy: pdfmgr.dll
deleting local copy: plapi.dll
deleting local copy: pmflbmsg.dll
deleting local copy: pnapi.dll
deleting local copy: psgfilt.dll
deleting local copy: pTqsp.dll
deleting local copy: pxapi.dll
deleting local copy: qrap.dll
deleting local copy: qudwipes.dll
deleting local copy: rggsvc.dll
deleting local copy: rhaenh.dll
deleting local copy: rkn_dos.dll
deleting local copy: rMcpldlg.dll
deleting local copy: RnoMSCPS.dll
deleting local copy: rochost.dll
deleting local copy: rwgapi.dll
deleting local copy: rYsmans.dll
deleting local copy: rzutetab.dll
deleting local copy: sarmfilt.dll
deleting local copy: scclient.dll
deleting local copy: scell32.dll
deleting local copy: ScmNeti.dll
deleting local copy: scmpsnap.dll
deleting local copy: SDMEVNT1.DLL
deleting local copy: SF2EVNT1.DLL
deleting local copy: shcfiles.dll
deleting local copy: sjgina.dll
deleting local copy: skcfiles.dll
deleting local copy: sklwoa.dll
deleting local copy: SkmStore.dll
deleting local copy: skreamci.dll
deleting local copy: sks.dll
deleting local copy: sqell32.dll
deleting local copy: SqmStore.dll
deleting local copy: srcur32.dll
deleting local copy: ssndcmsg.dll
deleting local copy: stcurity.dll
deleting local copy: sudll.dll
deleting local copy: svs.dll
deleting local copy: svsinv.dll
deleting local copy: sxrrun.dll
deleting local copy: sygina.dll
deleting local copy: tLpisrv.dll
deleting local copy: tqpmib.dll
deleting local copy: tRpi.dll
deleting local copy: tUpiperf.dll
deleting local copy: turmsrv.dll
deleting local copy: tyrmsrv.dll
deleting local copy: ubbmon.dll
deleting local copy: ufeg.dll
deleting local copy: uftfs.dll
deleting local copy: ujrcntra.dll
deleting local copy: ujrcoina.dll
deleting local copy: uqer32.dll
deleting local copy: uqrcntra.dll
deleting local copy: urrcntra.dll
deleting local copy: uwlmon.dll
deleting local copy: uwnp.dll
deleting local copy: wdn32spl.dll
deleting local copy: wdpasf.dll
deleting local copy: wipsrcwp.dll
deleting local copy: wjcltui.dll
deleting local copy: wjpsrcwp.dll
deleting local copy: wlcsapi.dll
deleting local copy: wP2time.dll
deleting local copy: wpbvw.dll
deleting local copy: wqasf.dll
deleting local copy: wrpdxm.dll
deleting local copy: wtauserv.dll
deleting local copy: wtn87em.dll
deleting local copy: wtnipsec.dll
deleting local copy: xisp2res.dll
deleting local copy: xy_x263dec.dll
deleting local copy: guard.tmp

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Urls]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\en80l1lm1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\3evxVfWCodec.dll
C:\WINDOWS\system32\6wo4svc.dll
C:\WINDOWS\system32\ADFAXCNV.DLL
C:\WINDOWS\system32\aimparse.dll
C:\WINDOWS\system32\aqsldpc.dll
C:\WINDOWS\system32\aqtodisc.dll
C:\WINDOWS\system32\avsldpc.dll
C:\WINDOWS\system32\aytiveds.dll
C:\WINDOWS\system32\badispl.dll
C:\WINDOWS\system32\bmpanui.dll
C:\WINDOWS\system32\bwpanui.dll
C:\WINDOWS\system32\cblbact.dll
C:\WINDOWS\system32\CCMLM5c.DLL
C:\WINDOWS\system32\cDtsrvut.dll
C:\WINDOWS\system32\cfmpstui.dll
C:\WINDOWS\system32\chedui.dll
C:\WINDOWS\system32\cjiconfg.dll
C:\WINDOWS\system32\clmodem.dll
C:\WINDOWS\system32\clmrepl.dll
C:\WINDOWS\system32\cnrpol.dll
C:\WINDOWS\system32\col3d32.dll
C:\WINDOWS\system32\cumctl32.dll
C:\WINDOWS\system32\cvmsnap.dll
C:\WINDOWS\system32\cwcdll.dll
C:\WINDOWS\system32\cxmaddin.dll
C:\WINDOWS\system32\cxyptui.dll
C:\WINDOWS\system32\cymaddin.dll
C:\WINDOWS\system32\cymctl32.dll
C:\WINDOWS\system32\czcui.dll
C:\WINDOWS\system32\dCd8thk.dll
C:\WINDOWS\system32\dcmodemx.dll
C:\WINDOWS\system32\dcsenh.dll
C:\WINDOWS\system32\dcwsockx.dll
C:\WINDOWS\system32\ddwsockx.dll
C:\WINDOWS\system32\devvox.dll
C:\WINDOWS\system32\didlgs.dll
C:\WINDOWS\system32\diocx.dll
C:\WINDOWS\system32\dk7vb.dll
C:\WINDOWS\system32\dknlobby.dll
C:\WINDOWS\system32\dl16gt.dLL
C:\WINDOWS\system32\dlserver.dll
C:\WINDOWS\system32\dMdim700.dll
C:\WINDOWS\system32\dmnlobby.dll
C:\WINDOWS\system32\dn0q01d5e.dll
C:\WINDOWS\system32\dn3j.dll
C:\WINDOWS\system32\do7vb.dll
C:\WINDOWS\system32\doound.dll
C:\WINDOWS\system32\dv3j.dll
C:\WINDOWS\system32\dvime.dll
C:\WINDOWS\system32\dvmsrpcn.dll
C:\WINDOWS\system32\dvprop.dll
C:\WINDOWS\system32\ebent97.dll
C:\WINDOWS\system32\ercapi.dll
C:\WINDOWS\system32\eyr8l19u1.dll
C:\WINDOWS\system32\fz6u03j9e.dll
C:\WINDOWS\system32\fzjs0317e.dll
C:\WINDOWS\system32\gzi32.dll
C:\WINDOWS\system32\hbetcfg.dll
C:\WINDOWS\system32\hnpertrm.dll
C:\WINDOWS\system32\hoetwiz.dll
C:\WINDOWS\system32\htd.dll
C:\WINDOWS\system32\hwetmon.dll
C:\WINDOWS\system32\hxui.dll
C:\WINDOWS\system32\iamontr.dll
C:\WINDOWS\system32\ianathlp.dll
C:\WINDOWS\system32\iaxrtmgr.dll
C:\WINDOWS\system32\idsetup.dll
C:\WINDOWS\system32\iDssdo.dll
C:\WINDOWS\system32\If50_qcx.dll
C:\WINDOWS\system32\IkagX7.dll
C:\WINDOWS\system32\ikxrtmgr.dll
C:\WINDOWS\system32\ilfosoft.dll
C:\WINDOWS\system32\iOsads.dll
C:\WINDOWS\system32\iqetppui.dll
C:\WINDOWS\system32\iqfosoft.dll
C:\WINDOWS\system32\is32_32.dll
C:\WINDOWS\system32\ivclass.dll
C:\WINDOWS\system32\iVxrtmgr.dll
C:\WINDOWS\system32\iWxrtmgr.dll
C:\WINDOWS\system32\jbpl400.dll
C:\WINDOWS\system32\jt2q07f5e.dll
C:\WINDOWS\system32\jtpl400.dll
C:\WINDOWS\system32\jvcript.dll
C:\WINDOWS\system32\jvpl400.dll
C:\WINDOWS\system32\jXvart.dll
C:\WINDOWS\system32\kcdru1.dll
C:\WINDOWS\system32\kedfc.dll
C:\WINDOWS\system32\kedgr1.dll
C:\WINDOWS\system32\mvimsg.dll
C:\WINDOWS\system32\mvl_qic.dll
C:\C:\WINDOWS\system32\pmflbmsg.dll
C:\WINDOWS\system32\pnapi.dll
C:\WINDOWS\system32\psgfilt.dll
C:\WINDOWS\system32\pTqsp.dll
C:\WINDOWS\system32\pxapi.dll
C:\WINDOWS\system32\qrap.dll
C:\WINDOWS\system32\qudwipes.dll
C:\WINDOWS\system32\rggsvc.dll
C:\WINDOWS\system32\rhaenh.dll
C:\WINDOWS\system32\rkn_dos.dll
C:\WINDOWS\system32\rMcpldlg.dll
C:\WINDOWS\system32\RnoMSCPS.dll
C:\WINDOWS\system32\rochost.dll
C:\WINDOWS\system32\rwgapi.dll
C:\WINDOWS\system32\rYsmans.dll
C:\WINDOWS\system32\rzutetab.dll
C:\WINDOWS\system32\sarmfilt.dll
C:\WINDOWS\system32\scclient.dll
C:\WINDOWS\system32\scell32.dll
C:\WINDOWS\system32\ScmNeti.dll
C:\WINDOWS\system32\scmpsnap.dll
C:\WINDOWS\system32\SDMEVNT1.DLL
C:\WINDOWS\system32\SF2EVNT1.DLL
C:\WINDOWS\system32\shcfiles.dll
C:\WINDOWS\system32\sjgina.dll
C:\WINDOWS\system32\skcfiles.dll
C:\WINDOWS\system32\sklwoa.dll
C:\WINDOWS\system32\SkmStore.dll
C:\WINDOWS\system32\skreamci.dll
C:\WINDOWS\system32\sks.dll
C:\WINDOWS\system32\sqell32.dll
C:\WINDOWS\system32\SqmStore.dll
C:\WINDOWS\system32\srcur32.dll
C:\WINDOWS\system32\ssndcmsg.dll
C:\WINDOWS\system32\stcurity.dll
C:\WINDOWS\system32\sudll.dll
C:\WINDOWS\system32\svs.dll
C:\WINDOWS\system32\svsinv.dll
C:\WINDOWS\system32\sxrrun.dll
C:\WINDOWS\system32\sygina.dll
C:\WINDOWS\system32\tLpisrv.dll
C:\WINDOWS\system32\tqpmib.dll
C:\WINDOWS\system32\tRpi.dll
C:\WINDOWS\system32\tUpiperf.dll
C:\WINDOWS\system32\turmsrv.dll
C:\WINDOWS\system32\tyrmsrv.dll
C:\WINDOWS\system32\ubbmon.dll
C:\WINDOWS\system32\ufeg.dll
C:\WINDOWS\system32\uftfs.dll
C:\WINDOWS\system32\ujrcntra.dll
C:\WINDOWS\system32\ujrcoina.dll
C:\WINDOWS\system32\uqer32.dll
C:\WINDOWS\system32\uqrcntra.dll
C:\WINDOWS\system32\urrcntra.dll
C:\WINDOWS\system32\uwlmon.dll
C:\WINDOWS\system32\uwnp.dll
C:\WINDOWS\system32\wdn32spl.dll
C:\WINDOWS\system32\wdpasf.dll
C:\WINDOWS\system32\wipsrcwp.dll
C:\WINDOWS\system32\wjcltui.dll
C:\WINDOWS\system32\wjpsrcwp.dll
C:\WINDOWS\system32\wlcsapi.dll
C:\WINDOWS\system32\wP2time.dll
C:\WINDOWS\system32\wpbvw.dll
C:\WINDOWS\system32\wqasf.dll
C:\WINDOWS\system32\wrpdxm.dll
C:\WINDOWS\system32\wtauserv.dll
C:\WINDOWS\system32\wtn87em.dll
C:\WINDOWS\system32\wtnipsec.dll
C:\WINDOWS\system32\xisp2res.dll
C:\WINDOWS\system32\xy_x263dec.dll
C:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{75774EA3-C630-44C5-9EBE-7F2A015CCA7F}"=-
"{52175E8C-EEE3-4725-83B9-F10E033C0EE6}"=-
"{5FD216F2-AE3B-4133-856F-3687793CB6F4}"=-
"{E750DBD1-1632-4A52-AFBB-9755066393BC}"=-
"{66A704AA-3637-4C9E-A101-20BAD58167A3}"=-
"{4433D7EA-CF87-499F-92FD-9C98A76F766C}"=-
"{FF599C85-FCEC-4B46-BB3B-85D7E75AC978}"=-
"{5ABBB46D-0146-4F63-ADB5-710FB01986B3}"=-
"{1E23914E-0EDB-4D84-B72E-996BA7432B96}"=-
"{E571F5C2-264C-4E3A-88E3-367DC8A26531}"=-
"{84CB9830-AC0F-4891-905B-0A595FEDE8B2}"=-
"{C9B135A5-A31E-41B7-9CD4-005BCC922409}"=-
"{58D9F31C-E621-431A-A6F6-D289CC4CE236}"=-
"{4BDCF5B4-A3DD-4662-BF8D-928BF259B4FF}"=-
[-HKEY_CLASSES_ROOT\CLSID\{75774EA3-C630-44C5-9EBE-7F2A015CCA7F}]
[-HKEY_CLASSES_ROOT\CLSID\{52175E8C-EEE3-4725-83B9-F10E033C0EE6}]
[-HKEY_CLASSES_ROOT\CLSID\{5FD216F2-AE3B-4133-856F-3687793CB6F4}]
[-HKEY_CLASSES_ROOT\CLSID\{E750DBD1-1632-4A52-AFBB-9755066393BC}]
[-HKEY_CLASSES_ROOT\CLSID\{66A704AA-3637-4C9E-A101-20BAD58167A3}]
[-HKEY_CLASSES_ROOT\CLSID\{4433D7EA-CF87-499F-92FD-9C98A76F766C}]
[-HKEY_CLASSES_ROOT\CLSID\{FF599C85-FCEC-4B46-BB3B-85D7E75AC978}]
[-HKEY_CLASSES_ROOT\CLSID\{5ABBB46D-0146-4F63-ADB5-710FB01986B3}]
[-HKEY_CLASSES_ROOT\CLSID\{1E23914E-0EDB-4D84-B72E-996BA7432B96}]
[-HKEY_CLASSES_ROOT\CLSID\{E571F5C2-264C-4E3A-88E3-367DC8A26531}]
[-HKEY_CLASSES_ROOT\CLSID\{84CB9830-AC0F-4891-905B-0A595FEDE8B2}]
[-HKEY_CLASSES_ROOT\CLSID\{C9B135A5-A31E-41B7-9CD4-005BCC922409}]
[-HKEY_CLASSES_ROOT\CLSID\{58D9F31C-E621-431A-A6F6-D289CC4CE236}]
[-HKEY_CLASSES_ROOT\CLSID\{4BDCF5B4-A3DD-4662-BF8D-928BF259B4FF}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

Crunchie

Crunchie wrote:

Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

If it will not all fit in one post, then attach it to your post .

You forgot the hijackthis log too.

yossarian084

Actually, I think we fixed it. No more pop ups at all.

here is the Hijack log.
Logfile of HijackThis v1.99.1
Scan saved at 7:12:44 AM, on 8/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\M-Audio MobilePre\Install\MPInst.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O20 - Winlogon Notify: Urls - C:\WINDOWS\system32\en80l1lm1.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: MobilePre Installer (MobilePreInstallerService) - M-Audio - C:\Program Files\M-Audio MobilePre\Install\MPInst.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

Crunchie

Just fix this one and you should be ok .

===============

Run HiJackThis, click "Scan", then check(tick) the following, if present:


O20 - Winlogon Notify: Urls - C:\WINDOWS\system32\en80l1lm1.dll (file missing)


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

yossarian084

I think we fixed it. No more pop ups are appearing. Thanks so much for your help.

yossarian084

Here is the Hijack log

Logfile of HijackThis v1.99.1
Scan saved at 3:51:30 PM, on 8/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\M-Audio MobilePre\Install\MPInst.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

Crunchie

Congratulations! Your log looks clean - good work!

===============

Now that your PC is clean you need to follow these easy steps to keeping it this way:

Secure your Internet Explorer by going here and following the instructions there.

Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.

Use a firewall to help prevent your PC's control being usurped by undesireables. There is a link to a good, free firewall in my signature.

Install and keep updated, Ad-Aware SE, and Spybot S&D.
Run them both on a regular basis, following the manufacturer's recommendations.

Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.

Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.


Clear your Temp folders.
Clear out your Temporary internet files and other temp files.
Go to Start > Settings > Control Panel >Internet Options.
Under the General tab click the Delete temporary internet files,
delete all Offline content as well. Clear out Cookies.

Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)

C:\Documents and Settings\username\Local Settings\Temp\

In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.

Empty the Recycle Bin.

For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.

Go to Start>Run and type msconfig. Press enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.

Check the box labelled 'Turn off System restore'.

Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.

Note that all previous restore points will be lost.

===============

If you have any more problems, post back.

-

Happy surfing,

crunchie.

yossarian084

You rock. I really appreciate your patience and advice. Hopefully I can stay out of trouble now.....

Crunchie

You are welcome .

This thread is now closed. If you need it reopened, please send a PM to one of our Mods.

Include the link to the thread and detail why you need it reopened.

If this is not your thread please start a New Topic.