Heips! Olen etsinyt foorumilta ja ties mistä ongelmaan ratkaisua, mutta ei asiat ole parantuneet mihinkään. IE:en tulee paljon pop uppeja ja sivu muuttuu esim. spotresults.comiksi. Lisäksi DrWatson postmortem Debugger ilmoitaa (ZoneAlarm) vaarallisesta toiminnasta ja kysyy lupaa todelle monelle ohjelmalle. Kun en anna lupaa tai annan kone voi käynnistyä uudelleen. En ole huomannut mitään yhteyttä vastaa kyllä vai ei... Koneeni taitaa olla aika sekaisin, mutta jos joku viitsisi autaa minua. Tässä vielä Hijack logi: Logfile of HijackThis v1.99.1 Scan saved at 21:56:21, on 21.9.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\nero\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\nero\InCD\InCD.exe C:\WINDOWS\TBPanel.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe E:\Phone\Skype.exe D:\Program Files\Spyware\gcasDtServ.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\drwtsn32.exe C:\Program Files\Real\RealPlayer\RealPlay.exe D:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/ O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe O4 - HKLM\..\Run: [Microsoft Internet Application] iapp.exe O4 - HKLM\..\Run: [Windows Compliant] jtfnpn.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] D:\Program Files\nero\InCD\InCD.exe O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Spyware\gcasServ.exe" O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\RunServices: [Microsoft Internet Application] iapp.exe O4 - HKLM\..\RunServices: [Windows Compliant] jtfnpn.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Windows Compliant] jtfnpn.exe O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "E:\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\lt2027fmg.dll O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\hrru0599e.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing) O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\nero\InCD\InCDsrv.exe O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
Joo onhan siinä örkkejä. Poista lisää/poista sovellus-kohdasta (ohjauspaneeli): Spyware Cleaner Fixaa hijackthisillä (klikkaa do a system scan only, merkkaa nämä ja paina fix checked): O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe O4 - HKLM\..\Run: [Microsoft Internet Application] iapp.exe O4 - HKLM\..\Run: [Windows Compliant] jtfnpn.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\RunServices: [Microsoft Internet Application] iapp.exe O4 - HKLM\..\RunServices: [Windows Compliant] jtfnpn.exe O4 - HKCU\..\Run: [Windows Compliant] jtfnpn.exe O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\hrru0599e.dll (file missing) O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing) O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing) Sitten käynnistä -> suorita -> services.msc -> ok -> etsi listalta Hardware Clock Driver (hwclock) ja SpywareCleanerService -> tuplaklikkaa -> valitse käynnistymistavaksi ei käytössä Laita piilotiedostot näkyviin -> http://www.xtra.co.nz/help/0,,4155-1916458,00.html Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista: C:\WINDOWS\System32\==>lssas.exe<== (HUOM! EI ole lsass.exe, joka on tärkeä ohjelma) iapp.exe (etsi Etsi-toiminnolla) jtfnpn.exe (samat sanat kuin edelliseen) hakemisto C:\Program Files\==>Spyware Cleaner<== C:\WINDOWS\system32\==>hrru0599e.dll<== (jos on) Käynnistä uudestaan ja lähetä uusi hijackthis-loki.
Hei Kemisti! Nyt olen tehnyt tarvittavat toimenpiteet ja ainakin nyt lyhyen käytön jälkeen tuntuu paremmalta. Kiitos kovasti avusta! Tässä vielä hijackthis-logi Logfile of HijackThis v1.99.1 Scan saved at 13:53:48, on 22.9.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\nero\InCD\InCDsrv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\nero\InCD\InCD.exe D:\Program Files\Spyware\gcasServ.exe C:\WINDOWS\TBPanel.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe E:\Phone\Skype.exe C:\Program Files\Real\RealPlayer\RealPlay.exe D:\Program Files\Spyware\gcasDtServ.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/ O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] D:\Program Files\nero\InCD\InCD.exe O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Spyware\gcasServ.exe" O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Windows Compliant] jtfnpn.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "E:\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\mvp0l97m1.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\nero\InCD\InCDsrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
EDIT: Loki ei ole vielä kunnossa, fixaa tuo hijackthisillä: O4 - HKCU\..\Run: [Windows Compliant] jtfnpn.exe Ja yritä löytää tämä Windowsin Etsi-toiminnolla ==>jtfnpn.exe ja poista se. Käynnistä kone uudestaan ja lähetä uusi loki.
---- En löydä jtfnpn.exe vaikka etsin safe modessa että tavallisella puolella. Kone ja netti toimivat nyt nopeammin ja vakaammin. Spotresults popuppeja tulee vieläkin Ie:hen. Firefoxin poistin kokonaan kun se oli ihan sekaisin... Olisiko jotain muuta selainta joka ei olisi niin helposti sekaisin menevää sorttia? Mutta tässä loki... Logfile of HijackThis v1.99.1 Scan saved at 16:49:26, on 22.9.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\nero\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\nero\InCD\InCD.exe D:\Program Files\Spyware\gcasServ.exe C:\WINDOWS\TBPanel.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe E:\Phone\Skype.exe D:\Program Files\Spyware\gcasDtServ.exe D:\Program Files\hijackthis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/ O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] D:\Program Files\nero\InCD\InCD.exe O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Spyware\gcasServ.exe" O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "E:\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\f42m0ef1eh2.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\nero\InCD\InCDsrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
Ongelma on tämä rivi -> O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\f42m0ef1eh2.dll Se aiheuttaa noi popupit. EDIT: Lähetin ton sun lokin tarkastuspyynnön yhdelle mua pätevämmälle. Hän varmaan kattoo sen läpi ja neuvoo eteenpäin, kun ehtii.
Fixasin vielä tuon yhden rivin. Mutta jään odottamaan vielä josko niitä popup ilmaantuu, mutta suuret kiitokset vielä kerran avusta Kemisti!
Nellimak ja -kemisti-, taitaa olla Look2Me tuo örkki, kokeillaanko fixiä tässä illukkaa odotellessa? Hae l2mfix http://www.downloads.subratam.org/l2mfix.exe Pura zippi ja asenna se työpöydälle. Tuplaklikkaa l2mfix.bat Valitse kohta 1 eli näppäät ykkösen ja Enter. Kun scannaus on valmis se tekee txt lokin, laita se tänne.
Tässä l2mfixin loki: L2MFIX find log 1.04a These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\BITS] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\azas0af7ed2.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-NI) ALLOW Read BUILTIN\Users (ID-IO) ALLOW Read BUILTIN\Users (ID-NI) ALLOW Read BUILTIN\Power Users (ID-IO) ALLOW Read BUILTIN\Power Users (ID-NI) ALLOW Full access BUILTIN\Administrators (ID-IO) ALLOW Full access BUILTIN\Administrators (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access CREATOR OWNER ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{E8EEC462-CFA8-148B-84F2-A7E167EB2457}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="History" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension" "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{F867E9E1-B802-4A12-8225-C7A0C741ECD6}"="" "{6EE51AA0-77A0-11D7-B4E1-000347126E46}"="Window Washer Shell Shredding Utility" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{950FF917-7A57-46BC-8017-59D9BF474000}"="Shell Extension for CDRW" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{F867E9E1-B802-4A12-8225-C7A0C741ECD6}] @="" [HKEY_CLASSES_ROOT\CLSID\{F867E9E1-B802-4A12-8225-C7A0C741ECD6}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{F867E9E1-B802-4A12-8225-C7A0C741ECD6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{F867E9E1-B802-4A12-8225-C7A0C741ECD6}\InprocServer32] @="C:\\WINDOWS\\system32\\mq4sdmod.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ sydll.dll Fri 24 Jun 2005 22.25.12 ..S.R 234 272 228,78 K tzolhelp.dll Fri 24 Jun 2005 22.25.26 ..S.R 234 272 228,78 K mshtml.dll Wed 20 Jul 2005 5.00.30 A.... 3 014 144 2,87 M wmcltui.dll Fri 24 Jun 2005 23.44.28 ..S.R 234 272 228,78 K cdfview.dll Sun 3 Jul 2005 5.11.28 A.... 151 040 147,50 K browseui.dll Sun 3 Jul 2005 5.11.28 A.... 1 019 904 996,00 K wvpui.dll Fri 8 Jul 2005 10.14.06 ..S.R 234 900 229,39 K nvtui1.dll Thu 14 Jul 2005 21.29.06 ..S.R 234 272 228,78 K djmv2clt.dll Thu 25 Aug 2005 11.36.12 ..S.R 234 608 229,11 K lubmp13n.dll Tue 6 Sep 2005 8.52.36 ..S.R 234 049 228,56 K kfdusr.dll Wed 14 Sep 2005 13.04.26 ..... 233 233 227,77 K vsdata.dll Mon 29 Aug 2005 19.08.34 A.... 83 712 81,75 K msrating.dll Sun 3 Jul 2005 5.11.30 A.... 146 432 143,00 K mshtmled.dll Sun 3 Jul 2005 5.11.30 A.... 448 512 438,00 K vsmonapi.dll Mon 29 Aug 2005 19.08.54 A.... 104 192 101,75 K iepeers.dll Sun 3 Jul 2005 5.11.28 A.... 251 392 245,50 K coedui.dll Mon 11 Jul 2005 13.31.24 ..S.R 234 900 229,39 K imxwan.dll Mon 11 Jul 2005 19.55.26 ..S.R 233 760 228,28 K mxls31.dll Thu 14 Jul 2005 11.37.54 ..S.R 234 900 229,39 K nqtapi32.dll Thu 14 Jul 2005 21.29.12 ..S.R 234 272 228,78 K mscms.dll Wed 29 Jun 2005 4.46.00 A.... 74 240 72,50 K icm32.dll Wed 29 Jun 2005 4.46.00 A.... 254 976 249,00 K kldlv.dll Thu 14 Jul 2005 22.34.04 ..S.R 234 272 228,78 K srardssp.dll Tue 19 Jul 2005 12.55.46 ..... 234 671 229,17 K dtlayx.dll Fri 22 Jul 2005 21.04.28 ..S.R 234 671 229,17 K dukquota.dll Tue 2 Aug 2005 18.45.28 ..S.R 233 482 228,01 K vspubapi.dll Mon 29 Aug 2005 19.08.58 A.... 227 072 221,75 K zlcomm.dll Mon 29 Aug 2005 19.09.42 A.... 79 616 77,75 K rrsppp.dll Fri 24 Jun 2005 23.43.16 ..S.R 234 272 228,78 K enr8l1~1.dll Thu 30 Jun 2005 21.53.50 ..S.R 234 272 228,78 K pgpnetsh.dll Mon 11 Jul 2005 19.55.32 ..S.R 233 760 228,28 K ennol1~1.dll Tue 5 Jul 2005 22.46.06 ..S.R 234 526 229,03 K en4ql1~1.dll Thu 7 Jul 2005 10.13.04 ..S.R 235 426 229,91 K o0lu0a~1.dll Tue 5 Jul 2005 22.54.42 ..S.R 235 456 229,94 K j4n20e~1.dll Fri 8 Jul 2005 0.04.04 ..S.R 233 883 228,40 K lvj009~1.dll Fri 8 Jul 2005 0.40.26 ..S.R 233 629 228,15 K p6n8lg~1.dll Mon 11 Jul 2005 0.43.20 ..S.R 234 900 229,39 K ktrul7~1.dll Thu 14 Jul 2005 1.42.52 ..S.R 234 784 229,28 K umpnpmgr.dll Thu 30 Jun 2005 5.02.40 A.... 118 272 115,50 K wininet.dll Sun 3 Jul 2005 5.11.30 A.... 658 432 643,00 K urlmon.dll Sun 3 Jul 2005 5.11.30 A.... 607 744 593,50 K lv8o09~1.dll Fri 22 Jul 2005 21.04.28 ..S.R 235 060 229,55 K tfembed.dll Fri 22 Jul 2005 21.06.20 ..S.R 233 248 227,78 K shlwapi.dll Sun 3 Jul 2005 5.11.30 A.... 473 600 462,50 K shdocvw.dll Sun 3 Jul 2005 5.11.30 A.... 1 483 776 1,41 M pngfilt.dll Sun 3 Jul 2005 5.11.30 A.... 39 424 38,50 K inseng.dll Sun 3 Jul 2005 5.11.28 A.... 96 256 94,00 K tapisrv.dll Fri 8 Jul 2005 19.27.56 A.... 249 344 243,50 K o4pq0e~1.dll Thu 14 Jul 2005 23.37.44 ..S.R 234 846 229,34 K e2202c~1.dll Thu 14 Jul 2005 23.51.04 ..S.R 236 294 230,75 K o648lg~1.dll Tue 19 Jul 2005 12.55.44 ..S.R 236 517 230,97 K zlcommdb.dll Mon 29 Aug 2005 19.09.46 A.... 71 424 69,75 K vsregexp.dll Mon 29 Aug 2005 19.09.02 A.... 71 424 69,75 K hrj805~1.dll Tue 23 Aug 2005 13.43.06 ..S.R 235 423 229,90 K kydtuf.dll Wed 21 Sep 2005 13.04.00 ..S.R 233 991 228,50 K vsutil.dll Mon 29 Aug 2005 19.09.14 A.... 382 720 373,75 K vsinit.dll Mon 29 Aug 2005 19.08.46 A.... 141 056 137,75 K vsxml.dll Mon 29 Aug 2005 19.09.22 A.... 100 096 97,75 K woaueng1.dll Tue 20 Sep 2005 0.46.12 ..S.R 234 272 228,78 K ir8ml5~1.dll Sat 23 Jul 2005 2.40.58 ..S.R 233 248 227,78 K hrr605~1.dll Mon 12 Sep 2005 18.36.58 ..S.R 236 091 230,55 K dddmo.dll Wed 21 Sep 2005 22.19.30 ..S.R 237 231 231,67 K aza4l1~1.dll Mon 29 Aug 2005 14.07.58 ..S.R 235 776 230,25 K f0j2la~1.dll Mon 25 Jul 2005 9.03.32 ..S.R 235 909 230,38 K hashlib.dll Tue 12 Jul 2005 15.35.14 A.... 117 976 115,21 K mxdtcprx.dll Thu 22 Sep 2005 11.15.32 ..S.R 233 630 228,15 K i624lg~1.dll Mon 1 Aug 2005 9.54.18 ..S.R 233 449 227,98 K l62slg~1.dll Mon 1 Aug 2005 10.08.50 ..S.R 233 599 228,12 K irn0l5~1.dll Tue 6 Sep 2005 8.25.00 ..S.R 235 104 229,59 K azaml5~1.dll Tue 6 Sep 2005 8.32.12 ..S.R 235 500 229,98 K azaml5~2.dll Tue 6 Sep 2005 8.39.24 ..S.R 235 550 230,03 K mq4sdmod.dll Thu 22 Sep 2005 20.48.02 ..S.R 234 948 229,44 K irj0l5~1.dll Sat 17 Sep 2005 13.10.02 ..S.R 234 248 228,76 K hrns05~1.dll Tue 13 Sep 2005 23.55.36 ..S.R 233 233 227,77 K g622lg~1.dll Mon 1 Aug 2005 10.16.02 ..S.R 233 349 227,88 K o6660g~1.dll Tue 13 Sep 2005 3.38.50 ..S.R 233 233 227,77 K en48l1~1.dll Wed 14 Sep 2005 13.04.26 ..S.R 235 074 229,56 K rvschap.dll Sat 17 Sep 2005 13.10.02 ..S.R 233 233 227,77 K aza0l5~1.dll Tue 20 Sep 2005 1.25.58 ..S.R 234 272 228,78 K hrrs05~1.dll Wed 21 Sep 2005 0.09.50 ..S.R 236 032 230,50 K l0j80a~1.dll Wed 3 Aug 2005 11.30.34 ..S.R 233 482 228,01 K n4p40e~1.dll Tue 20 Sep 2005 0.21.26 ..S.R 234 520 229,02 K hr8u05~1.dll Thu 22 Sep 2005 13.51.30 ..S.R 235 933 230,40 K r08s0a~1.dll Sun 14 Aug 2005 23.32.56 ..S.R 236 600 231,05 K gcunco~1.dll Tue 12 Jul 2005 15.35.10 A.... 95 448 93,21 K gccoll~1.dll Tue 12 Jul 2005 15.35.14 A.... 126 680 123,71 K g040la~1.dll Tue 20 Sep 2005 23.04.38 ..S.R 235 237 229,72 K f2l02c~1.dll Tue 23 Aug 2005 1.44.34 ..S.R 233 538 228,06 K aza8lg~1.dll Tue 23 Aug 2005 13.29.50 ..S.R 236 780 231,23 K j0p0la~1.dll Thu 25 Aug 2005 11.36.12 ..S.R 235 678 230,15 K f4l00e~1.dll Sun 4 Sep 2005 0.22.24 ..S.R 234 049 228,56 K h6n00g~1.dll Tue 6 Sep 2005 8.17.44 ..S.R 234 105 228,62 K d00mla~1.dll Mon 12 Sep 2005 17.50.40 ..S.R 233 286 227,82 K h6j4lg~1.dll Mon 12 Sep 2005 17.59.20 ..S.R 233 444 227,97 K h24mlc~1.dll Tue 20 Sep 2005 23.58.56 ..S.R 236 379 230,84 K i642lg~1.dll Wed 21 Sep 2005 0.34.00 ..S.R 236 573 231,03 K r0p80a~1.dll Wed 21 Sep 2005 10.57.56 ..S.R 234 861 229,36 K az18lg~1.dll Wed 21 Sep 2005 1.08.02 ..S.R 234 468 228,97 K azas0a~1.dll Thu 22 Sep 2005 16.46.58 ..S.R 234 948 229,44 K n6n6lg~1.dll Wed 21 Sep 2005 11.19.56 ..S.R 235 647 230,12 K en62l1~1.dll Wed 21 Sep 2005 20.46.54 ..S.R 234 796 229,29 K gwfspi~1.dll Mon 29 Aug 2005 13.27.06 A.... 23 304 22,76 K legitc~1.dll Mon 29 Aug 2005 13.27.12 A.... 520 968 508,76 K r06u0a~1.dll Thu 22 Sep 2005 16.49.02 ..S.R 235 072 229,56 K aza8l1~1.dll Thu 22 Sep 2005 20.48.02 ..S.R 237 155 231,59 K 105 items found: 105 files (73 H/S), 0 directories. Total of file sizes: 28 835 801 bytes 27,50 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Volume in drive C has no label. Volume Serial Number is 372C-12EE Directory of C:\WINDOWS\System32 22.09.2005 20:48 234ÿ948 mq4sdmod.dll 22.09.2005 20:48 237ÿ155 aza8l19u1.dll 22.09.2005 16:49 235ÿ072 r06u0aj9edo.dll 22.09.2005 16:46 234ÿ948 azas0af7ed2.dll 22.09.2005 13:51 235ÿ933 hr8u05l9e.dll 22.09.2005 11:15 233ÿ630 mxdtcprx.dll 21.09.2005 22:19 237ÿ231 dddmo.dll 21.09.2005 20:46 234ÿ796 en62l1jo1.dll 21.09.2005 13:04 233ÿ991 kydtuf.dll 21.09.2005 11:19 235ÿ647 n6n6lg5s16.dll 21.09.2005 10:57 234ÿ861 r0p80a7ued.dll 21.09.2005 01:08 234ÿ468 az18lg5u16.dll 21.09.2005 00:34 236ÿ573 i642lgho164c.dll 21.09.2005 00:09 236ÿ032 hrrs0597e.dll 20.09.2005 23:58 236ÿ379 h24mlch11f4.dll 20.09.2005 23:04 235ÿ237 g040lahm1d4a.dll 20.09.2005 01:25 234ÿ272 aza0l55m1.dll 20.09.2005 00:46 234ÿ272 woaueng1.dll 20.09.2005 00:21 234ÿ520 n4p40e7qeh.dll 17.09.2005 13:10 233ÿ233 rVschap.dll 17.09.2005 13:10 234ÿ248 irj0l51m1.dll 14.09.2005 13:04 235ÿ074 en48l1hu1.dll 13.09.2005 23:55 233ÿ233 hrns0557e.dll 13.09.2005 03:38 233ÿ233 o6660gjse6o60.dll 12.09.2005 18:36 236ÿ091 hrr6059se.dll 12.09.2005 17:59 233ÿ444 h6j4lg1q16.dll 12.09.2005 17:50 233ÿ286 d00mlad11d0.dll 06.09.2005 08:52 234ÿ049 lubmp13n.dll 06.09.2005 08:39 235ÿ550 azaml5l11.dll 06.09.2005 08:32 235ÿ500 azaml5311.dll 06.09.2005 08:25 235ÿ104 irn0l55m1.dll 06.09.2005 08:17 234ÿ105 h6n00g5me6.dll 04.09.2005 00:22 234ÿ049 f4l00e3meh.dll 29.08.2005 14:07 235ÿ776 aza4l11q1.dll 25.08.2005 11:36 234ÿ608 djmv2clt.dll 25.08.2005 11:36 235ÿ678 j0p0la7m1d.dll 23.08.2005 13:43 235ÿ423 hrj8051ue.dll 23.08.2005 13:29 236ÿ780 aza8lg5u16.dll 23.08.2005 01:44 233ÿ538 f2l02c3mgf.dll 14.08.2005 23:32 236ÿ600 r08s0al7edq.dll 03.08.2005 11:30 233ÿ482 l0j80a1ued.dll 02.08.2005 18:45 233ÿ482 dukquota.dll 01.08.2005 10:16 233ÿ349 g622lgfo162c.dll 01.08.2005 10:08 233ÿ599 l62slgf7162.dll 01.08.2005 09:54 233ÿ449 i624lgfq162e.dll 25.07.2005 09:03 235ÿ909 f0j2la1o1d.dll 23.07.2005 02:40 233ÿ248 ir8ml5l11.dll 22.07.2005 21:06 233ÿ248 tFembed.dll 22.07.2005 21:04 234ÿ671 dtlayx.dll 22.07.2005 21:04 235ÿ060 lv8o09l3e.dll 19.07.2005 12:55 236ÿ517 o648lghu1648.dll 14.07.2005 23:51 236ÿ294 e2202cfmgf2a2.dll 14.07.2005 23:37 234ÿ846 o4pq0e75eh.dll 14.07.2005 22:34 234ÿ272 kldlv.dll 14.07.2005 21:29 234ÿ272 nqtapi32.dll 14.07.2005 21:29 234ÿ272 nvtui1.dll 14.07.2005 11:37 234ÿ900 mxls31.dll 14.07.2005 01:42 234ÿ784 ktrul7991.dll 11.07.2005 19:55 233ÿ760 pGpnetsh.dll 11.07.2005 19:55 233ÿ760 imxwan.dll 11.07.2005 13:31 234ÿ900 coedui.dll 11.07.2005 00:43 234ÿ900 p6n8lg5u16.dll 08.07.2005 10:14 234ÿ900 wvpui.dll 08.07.2005 00:40 233ÿ629 lvj0091me.dll 08.07.2005 00:04 233ÿ883 j4n20e5oeh.dll 07.07.2005 10:13 235ÿ426 en4ql1h51.dll 05.07.2005 22:54 235ÿ456 o0lu0a39ed.dll 05.07.2005 22:46 234ÿ526 ennol1531.dll 30.06.2005 21:53 234ÿ272 enr8l19u1.dll 24.06.2005 23:44 234ÿ272 wmcltui.dll 24.06.2005 23:43 234ÿ272 rRsppp.dll 24.06.2005 22:25 234ÿ272 tzolhelp.dll 24.06.2005 22:25 234ÿ272 sydll.dll 23.06.2005 14:09 234ÿ461 mkdtcuiu.dll 23.06.2005 14:09 235ÿ196 hrls0537e.dll 21.06.2005 09:54 234ÿ461 irlml5311.dll 20.06.2005 10:05 233ÿ489 h60qlgd5160.dll 17.06.2005 00:51 234ÿ784 hdpertrm.dll 16.06.2005 23:50 234ÿ784 GXCollection.dll 16.06.2005 23:50 234ÿ784 IfagXpr5.dll 16.06.2005 11:41 235ÿ446 hrl6053se.dll 16.06.2005 11:41 234ÿ811 aumparse.dll 15.06.2005 19:41 234ÿ811 enpsl1771.dll 11.06.2005 12:39 234ÿ811 dBdim.dll 01.06.2005 10:39 236ÿ200 enj4l11q1.dll 01.06.2005 10:28 236ÿ315 j62qlgf5162.dll 31.05.2005 10:09 233ÿ823 hr4605hse.dll 30.05.2005 17:02 234ÿ329 g4jo0e13eh.dll 29.05.2005 13:27 236ÿ261 o2lulc391f.dll 26.05.2005 14:36 236ÿ658 enp8l17u1.dll 26.05.2005 01:04 236ÿ023 m6julg1916.dll 25.05.2005 18:24 236ÿ023 dvnput8.dll 24.05.2005 10:31 234ÿ674 jQvaee.dll 23.05.2005 18:14 233ÿ708 irl2l53o1.dll 21.05.2005 15:36 233ÿ639 uprrtosa.dll 18.05.2005 13:44 233ÿ546 en26l1fs1.dll 18.05.2005 13:34 236ÿ562 hr0s05d7e.dll 16.05.2005 13:18 234ÿ272 lv2m09f1e.dll 15.05.2005 04:23 235ÿ843 enpql1751.dll 15.05.2005 04:08 234ÿ272 xnsp1res.dll 15.05.2005 03:08 234ÿ272 deconfig.dll 15.05.2005 03:08 234ÿ272 dziman32.dll 15.05.2005 03:07 234ÿ772 l02s0af7ed2.dll 15.05.2005 03:07 234ÿ052 mhpmsp.dll 14.05.2005 19:43 234ÿ052 kt80l7lm1.dll 09.05.2005 22:55 234ÿ052 ogffilt.dll 04.05.2005 13:50 232ÿ443 lvl4093qe.dll 03.05.2005 11:49 235ÿ983 kddsl1.dll 29.04.2005 17:07 233ÿ089 enlsl1371.dll 21.04.2005 13:37 234ÿ279 enl0l13m1.dll 21.04.2005 13:26 233ÿ277 lv2009fme.dll 19.04.2005 22:09 233ÿ318 j00s0ad7ed0.dll 10.07.2003 22:46 <DIR> Microsoft 10.07.2003 22:09 <DIR> dllcache 112 File(s) 26ÿ286ÿ568 bytes 2 Dir(s) 5ÿ004ÿ099ÿ584 bytes free
Sitten jatketaan. Sulje kaikki muut ohjelmat Tuplaklikkaa l2mfix.bat valitse kohta 2 eli näppäät 2 ja Enter Sitten painat vaan jotain näppäintä ja kone käynnistyy uudestaan. Kun kone on käynnistynyt, niin scannaus jatkuu ja kun se on valmis, niin tulee taas txt loki, laita se ja uusi HijackThis loki tänne.
No niin, tässä tulee tavaraa, huh kun sitä onkin paljon: L2Mfix 1.04a Running From: C:\Documents and Settings\Renfors\Desktop\l2mfix RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-NI) ALLOW Read BUILTIN\Users (ID-IO) ALLOW Read BUILTIN\Users (ID-NI) ALLOW Read BUILTIN\Power Users (ID-IO) ALLOW Read BUILTIN\Power Users (ID-NI) ALLOW Full access BUILTIN\Administrators (ID-IO) ALLOW Full access BUILTIN\Administrators (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access CREATOR OWNER Setting registry permissions: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Denying C(CI) access for predefined group "Administrators" - adding new ACCESS DENY entry Registry Permissions set too: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (CI) DENY --C------- BUILTIN\Administrators (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-NI) ALLOW Read BUILTIN\Users (ID-IO) ALLOW Read BUILTIN\Users (ID-NI) ALLOW Read BUILTIN\Power Users (ID-IO) ALLOW Read BUILTIN\Power Users (ID-NI) ALLOW Full access BUILTIN\Administrators (ID-IO) ALLOW Full access BUILTIN\Administrators (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access CREATOR OWNER Setting up for Reboot Starting Reboot! Setting Directory C:\Documents and Settings\Renfors\Desktop\l2mfix System Rebooted! Running From: C:\Documents and Settings\Renfors\Desktop\l2mfix killing explorer and rundll32.exe Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1768 'explorer.exe' Killing PID 1768 'explorer.exe' Killing PID 1768 'explorer.exe' Killing PID 1768 'explorer.exe' Killing PID 1768 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1052 'rundll32.exe' Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! Backing Up: C:\WINDOWS\system32\aumparse.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\az18lg5u16.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\aza0l55m1.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\aza4l11q1.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\aza8lg5u16.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\azaml5311.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\azaml5l11.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\coedui.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\d00mlad11d0.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\dBdim.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\dddmo.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\deconfig.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\djmv2clt.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\dtlayx.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\dukquota.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\dvnput8.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\dziman32.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\e2202cfmgf2a2.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\en26l1fs1.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\en48l1hu1.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\en4ql1h51.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\en62l1jo1.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\enj4l11q1.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\enl0l13m1.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\enlsl1371.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\ennol1531.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\enp8l17u1.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\enpql1751.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\enpsl1771.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\enr8l19u1.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\f0j2la1o1d.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\f2l02c3mgf.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\f4l00e3meh.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\fjusd.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\g040lahm1d4a.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\g4jo0e13eh.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\g622lgfo162c.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\GXCollection.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\h24mlch11f4.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\h60qlgd5160.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\h6j4lg1q16.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\h6n00g5me6.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\hdpertrm.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\hr0s05d7e.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\hr4605hse.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\hr8u05l9e.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\hrj8051ue.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\hrl6053se.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\hrls0537e.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\hrns0557e.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\hrr6059se.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\hrrs0597e.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\i624lgfq162e.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\i642lgho164c.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\IfagXpr5.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\imxwan.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\ir8ml5l11.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\irj0l51m1.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\irl2l53o1.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\irlml5311.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\irn0l55m1.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\j00s0ad7ed0.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\j0p0la7m1d.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\j4n20e5oeh.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\j62qlgf5162.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\jQvaee.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\kddsl1.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\kfdusr.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\kldlv.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\kt80l7lm1.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\ktrul7991.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\kydtuf.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\l02s0af7ed2.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\l0j80a1ued.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\l62slgf7162.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\lubmp13n.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\lv2009fme.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\lv2m09f1e.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\lv8o09l3e.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\lvj0091me.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\lvl4093qe.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\m6julg1916.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\mhpmsp.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\mkdtcuiu.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\mxdtcprx.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\mxls31.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\n4p40e7qeh.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\n6n6lg5s16.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\nqtapi32.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\nvtui1.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\o0lu0a39ed.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\o2lulc391f.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\o4pq0e75eh.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\o648lghu1648.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\o6660gjse6o60.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\ogffilt.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\p6n8lg5u16.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\pGpnetsh.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\r06u0aj9edo.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\r08s0al7edq.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\r0p80a7ued.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\rRsppp.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\rVschap.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\srardssp.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\sydll.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\tFembed.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\tzolhelp.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\uprrtosa.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\wmcltui.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\woaueng1.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\wvpui.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\xnsp1res.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\guard.tmp 1 file(s) copied. deleting: C:\WINDOWS\system32\aumparse.dll Successfully Deleted: C:\WINDOWS\system32\aumparse.dll deleting: C:\WINDOWS\system32\az18lg5u16.dll Successfully Deleted: C:\WINDOWS\system32\az18lg5u16.dll deleting: C:\WINDOWS\system32\aza0l55m1.dll Successfully Deleted: C:\WINDOWS\system32\aza0l55m1.dll deleting: C:\WINDOWS\system32\aza4l11q1.dll Successfully Deleted: C:\WINDOWS\system32\aza4l11q1.dll deleting: C:\WINDOWS\system32\aza8lg5u16.dll Successfully Deleted: C:\WINDOWS\system32\aza8lg5u16.dll deleting: C:\WINDOWS\system32\azaml5311.dll Successfully Deleted: C:\WINDOWS\system32\azaml5311.dll deleting: C:\WINDOWS\system32\azaml5l11.dll Successfully Deleted: C:\WINDOWS\system32\azaml5l11.dll deleting: C:\WINDOWS\system32\coedui.dll Successfully Deleted: C:\WINDOWS\system32\coedui.dll deleting: C:\WINDOWS\system32\d00mlad11d0.dll Successfully Deleted: C:\WINDOWS\system32\d00mlad11d0.dll deleting: C:\WINDOWS\system32\dBdim.dll Successfully Deleted: C:\WINDOWS\system32\dBdim.dll deleting: C:\WINDOWS\system32\dddmo.dll Successfully Deleted: C:\WINDOWS\system32\dddmo.dll deleting: C:\WINDOWS\system32\deconfig.dll Successfully Deleted: C:\WINDOWS\system32\deconfig.dll deleting: C:\WINDOWS\system32\djmv2clt.dll Successfully Deleted: C:\WINDOWS\system32\djmv2clt.dll deleting: C:\WINDOWS\system32\dtlayx.dll Successfully Deleted: C:\WINDOWS\system32\dtlayx.dll deleting: C:\WINDOWS\system32\dukquota.dll Successfully Deleted: C:\WINDOWS\system32\dukquota.dll deleting: C:\WINDOWS\system32\dvnput8.dll Successfully Deleted: C:\WINDOWS\system32\dvnput8.dll deleting: C:\WINDOWS\system32\dziman32.dll Successfully Deleted: C:\WINDOWS\system32\dziman32.dll deleting: C:\WINDOWS\system32\e2202cfmgf2a2.dll Successfully Deleted: C:\WINDOWS\system32\e2202cfmgf2a2.dll deleting: C:\WINDOWS\system32\en26l1fs1.dll Successfully Deleted: C:\WINDOWS\system32\en26l1fs1.dll deleting: C:\WINDOWS\system32\en48l1hu1.dll Successfully Deleted: C:\WINDOWS\system32\en48l1hu1.dll deleting: C:\WINDOWS\system32\en4ql1h51.dll Successfully Deleted: C:\WINDOWS\system32\en4ql1h51.dll deleting: C:\WINDOWS\system32\en62l1jo1.dll Successfully Deleted: C:\WINDOWS\system32\en62l1jo1.dll deleting: C:\WINDOWS\system32\enj4l11q1.dll Successfully Deleted: C:\WINDOWS\system32\enj4l11q1.dll deleting: C:\WINDOWS\system32\enl0l13m1.dll Successfully Deleted: C:\WINDOWS\system32\enl0l13m1.dll deleting: C:\WINDOWS\system32\enlsl1371.dll Successfully Deleted: C:\WINDOWS\system32\enlsl1371.dll deleting: C:\WINDOWS\system32\ennol1531.dll Successfully Deleted: C:\WINDOWS\system32\ennol1531.dll deleting: C:\WINDOWS\system32\enp8l17u1.dll Successfully Deleted: C:\WINDOWS\system32\enp8l17u1.dll deleting: C:\WINDOWS\system32\enpql1751.dll Successfully Deleted: C:\WINDOWS\system32\enpql1751.dll deleting: C:\WINDOWS\system32\enpsl1771.dll Successfully Deleted: C:\WINDOWS\system32\enpsl1771.dll deleting: C:\WINDOWS\system32\enr8l19u1.dll Successfully Deleted: C:\WINDOWS\system32\enr8l19u1.dll deleting: C:\WINDOWS\system32\f0j2la1o1d.dll Successfully Deleted: C:\WINDOWS\system32\f0j2la1o1d.dll deleting: C:\WINDOWS\system32\f2l02c3mgf.dll Successfully Deleted: C:\WINDOWS\system32\f2l02c3mgf.dll deleting: C:\WINDOWS\system32\f4l00e3meh.dll Successfully Deleted: C:\WINDOWS\system32\f4l00e3meh.dll deleting: C:\WINDOWS\system32\fjusd.dll Successfully Deleted: C:\WINDOWS\system32\fjusd.dll deleting: C:\WINDOWS\system32\g040lahm1d4a.dll Successfully Deleted: C:\WINDOWS\system32\g040lahm1d4a.dll deleting: C:\WINDOWS\system32\g4jo0e13eh.dll Successfully Deleted: C:\WINDOWS\system32\g4jo0e13eh.dll deleting: C:\WINDOWS\system32\g622lgfo162c.dll Successfully Deleted: C:\WINDOWS\system32\g622lgfo162c.dll deleting: C:\WINDOWS\system32\GXCollection.dll Successfully Deleted: C:\WINDOWS\system32\GXCollection.dll deleting: C:\WINDOWS\system32\h24mlch11f4.dll Successfully Deleted: C:\WINDOWS\system32\h24mlch11f4.dll deleting: C:\WINDOWS\system32\h60qlgd5160.dll Successfully Deleted: C:\WINDOWS\system32\h60qlgd5160.dll deleting: C:\WINDOWS\system32\h6j4lg1q16.dll Successfully Deleted: C:\WINDOWS\system32\h6j4lg1q16.dll deleting: C:\WINDOWS\system32\h6n00g5me6.dll Successfully Deleted: C:\WINDOWS\system32\h6n00g5me6.dll deleting: C:\WINDOWS\system32\hdpertrm.dll Successfully Deleted: C:\WINDOWS\system32\hdpertrm.dll deleting: C:\WINDOWS\system32\hr0s05d7e.dll Successfully Deleted: C:\WINDOWS\system32\hr0s05d7e.dll deleting: C:\WINDOWS\system32\hr4605hse.dll Successfully Deleted: C:\WINDOWS\system32\hr4605hse.dll deleting: C:\WINDOWS\system32\hr8u05l9e.dll Successfully Deleted: C:\WINDOWS\system32\hr8u05l9e.dll deleting: C:\WINDOWS\system32\hrj8051ue.dll Successfully Deleted: C:\WINDOWS\system32\hrj8051ue.dll deleting: C:\WINDOWS\system32\hrl6053se.dll Successfully Deleted: C:\WINDOWS\system32\hrl6053se.dll deleting: C:\WINDOWS\system32\hrls0537e.dll Successfully Deleted: C:\WINDOWS\system32\hrls0537e.dll deleting: C:\WINDOWS\system32\hrns0557e.dll Successfully Deleted: C:\WINDOWS\system32\hrns0557e.dll deleting: C:\WINDOWS\system32\hrr6059se.dll Successfully Deleted: C:\WINDOWS\system32\hrr6059se.dll deleting: C:\WINDOWS\system32\hrrs0597e.dll Successfully Deleted: C:\WINDOWS\system32\hrrs0597e.dll deleting: C:\WINDOWS\system32\i624lgfq162e.dll Successfully Deleted: C:\WINDOWS\system32\i624lgfq162e.dll deleting: C:\WINDOWS\system32\i642lgho164c.dll Successfully Deleted: C:\WINDOWS\system32\i642lgho164c.dll deleting: C:\WINDOWS\system32\IfagXpr5.dll Successfully Deleted: C:\WINDOWS\system32\IfagXpr5.dll deleting: C:\WINDOWS\system32\imxwan.dll Successfully Deleted: C:\WINDOWS\system32\imxwan.dll deleting: C:\WINDOWS\system32\ir8ml5l11.dll Successfully Deleted: C:\WINDOWS\system32\ir8ml5l11.dll deleting: C:\WINDOWS\system32\irj0l51m1.dll Successfully Deleted: C:\WINDOWS\system32\irj0l51m1.dll deleting: C:\WINDOWS\system32\irl2l53o1.dll Successfully Deleted: C:\WINDOWS\system32\irl2l53o1.dll deleting: C:\WINDOWS\system32\irlml5311.dll Successfully Deleted: C:\WINDOWS\system32\irlml5311.dll deleting: C:\WINDOWS\system32\irn0l55m1.dll Successfully Deleted: C:\WINDOWS\system32\irn0l55m1.dll deleting: C:\WINDOWS\system32\j00s0ad7ed0.dll Successfully Deleted: C:\WINDOWS\system32\j00s0ad7ed0.dll deleting: C:\WINDOWS\system32\j0p0la7m1d.dll Successfully Deleted: C:\WINDOWS\system32\j0p0la7m1d.dll deleting: C:\WINDOWS\system32\j4n20e5oeh.dll Successfully Deleted: C:\WINDOWS\system32\j4n20e5oeh.dll deleting: C:\WINDOWS\system32\j62qlgf5162.dll Successfully Deleted: C:\WINDOWS\system32\j62qlgf5162.dll deleting: C:\WINDOWS\system32\jQvaee.dll Successfully Deleted: C:\WINDOWS\system32\jQvaee.dll deleting: C:\WINDOWS\system32\kddsl1.dll Successfully Deleted: C:\WINDOWS\system32\kddsl1.dll deleting: C:\WINDOWS\system32\kfdusr.dll Successfully Deleted: C:\WINDOWS\system32\kfdusr.dll deleting: C:\WINDOWS\system32\kldlv.dll Successfully Deleted: C:\WINDOWS\system32\kldlv.dll deleting: C:\WINDOWS\system32\kt80l7lm1.dll Successfully Deleted: C:\WINDOWS\system32\kt80l7lm1.dll deleting: C:\WINDOWS\system32\ktrul7991.dll Successfully Deleted: C:\WINDOWS\system32\ktrul7991.dll deleting: C:\WINDOWS\system32\kydtuf.dll Successfully Deleted: C:\WINDOWS\system32\kydtuf.dll deleting: C:\WINDOWS\system32\l02s0af7ed2.dll Successfully Deleted: C:\WINDOWS\system32\l02s0af7ed2.dll deleting: C:\WINDOWS\system32\l0j80a1ued.dll Successfully Deleted: C:\WINDOWS\system32\l0j80a1ued.dll deleting: C:\WINDOWS\system32\l62slgf7162.dll Successfully Deleted: C:\WINDOWS\system32\l62slgf7162.dll deleting: C:\WINDOWS\system32\lubmp13n.dll Successfully Deleted: C:\WINDOWS\system32\lubmp13n.dll deleting: C:\WINDOWS\system32\lv2009fme.dll Successfully Deleted: C:\WINDOWS\system32\lv2009fme.dll deleting: C:\WINDOWS\system32\lv2m09f1e.dll Successfully Deleted: C:\WINDOWS\system32\lv2m09f1e.dll deleting: C:\WINDOWS\system32\lv8o09l3e.dll Successfully Deleted: C:\WINDOWS\system32\lv8o09l3e.dll deleting: C:\WINDOWS\system32\lvj0091me.dll Successfully Deleted: C:\WINDOWS\system32\lvj0091me.dll deleting: C:\WINDOWS\system32\lvl4093qe.dll Successfully Deleted: C:\WINDOWS\system32\lvl4093qe.dll deleting: C:\WINDOWS\system32\m6julg1916.dll Successfully Deleted: C:\WINDOWS\system32\m6julg1916.dll deleting: C:\WINDOWS\system32\mhpmsp.dll Successfully Deleted: C:\WINDOWS\system32\mhpmsp.dll deleting: C:\WINDOWS\system32\mkdtcuiu.dll Successfully Deleted: C:\WINDOWS\system32\mkdtcuiu.dll deleting: C:\WINDOWS\system32\mxdtcprx.dll Successfully Deleted: C:\WINDOWS\system32\mxdtcprx.dll deleting: C:\WINDOWS\system32\mxls31.dll Successfully Deleted: C:\WINDOWS\system32\mxls31.dll deleting: C:\WINDOWS\system32\n4p40e7qeh.dll Successfully Deleted: C:\WINDOWS\system32\n4p40e7qeh.dll deleting: C:\WINDOWS\system32\n6n6lg5s16.dll Successfully Deleted: C:\WINDOWS\system32\n6n6lg5s16.dll deleting: C:\WINDOWS\system32\nqtapi32.dll Successfully Deleted: C:\WINDOWS\system32\nqtapi32.dll deleting: C:\WINDOWS\system32\nvtui1.dll Successfully Deleted: C:\WINDOWS\system32\nvtui1.dll deleting: C:\WINDOWS\system32\o0lu0a39ed.dll Successfully Deleted: C:\WINDOWS\system32\o0lu0a39ed.dll deleting: C:\WINDOWS\system32\o2lulc391f.dll Successfully Deleted: C:\WINDOWS\system32\o2lulc391f.dll deleting: C:\WINDOWS\system32\o4pq0e75eh.dll Successfully Deleted: C:\WINDOWS\system32\o4pq0e75eh.dll deleting: C:\WINDOWS\system32\o648lghu1648.dll Successfully Deleted: C:\WINDOWS\system32\o648lghu1648.dll deleting: C:\WINDOWS\system32\o6660gjse6o60.dll Successfully Deleted: C:\WINDOWS\system32\o6660gjse6o60.dll deleting: C:\WINDOWS\system32\ogffilt.dll Successfully Deleted: C:\WINDOWS\system32\ogffilt.dll deleting: C:\WINDOWS\system32\p6n8lg5u16.dll Successfully Deleted: C:\WINDOWS\system32\p6n8lg5u16.dll deleting: C:\WINDOWS\system32\pGpnetsh.dll Successfully Deleted: C:\WINDOWS\system32\pGpnetsh.dll deleting: C:\WINDOWS\system32\r06u0aj9edo.dll Successfully Deleted: C:\WINDOWS\system32\r06u0aj9edo.dll deleting: C:\WINDOWS\system32\r08s0al7edq.dll Successfully Deleted: C:\WINDOWS\system32\r08s0al7edq.dll deleting: C:\WINDOWS\system32\r0p80a7ued.dll Successfully Deleted: C:\WINDOWS\system32\r0p80a7ued.dll deleting: C:\WINDOWS\system32\rRsppp.dll Successfully Deleted: C:\WINDOWS\system32\rRsppp.dll deleting: C:\WINDOWS\system32\rVschap.dll Successfully Deleted: C:\WINDOWS\system32\rVschap.dll deleting: C:\WINDOWS\system32\srardssp.dll Successfully Deleted: C:\WINDOWS\system32\srardssp.dll deleting: C:\WINDOWS\system32\sydll.dll Successfully Deleted: C:\WINDOWS\system32\sydll.dll deleting: C:\WINDOWS\system32\tFembed.dll Successfully Deleted: C:\WINDOWS\system32\tFembed.dll deleting: C:\WINDOWS\system32\tzolhelp.dll Successfully Deleted: C:\WINDOWS\system32\tzolhelp.dll deleting: C:\WINDOWS\system32\uprrtosa.dll Successfully Deleted: C:\WINDOWS\system32\uprrtosa.dll deleting: C:\WINDOWS\system32\wmcltui.dll Successfully Deleted: C:\WINDOWS\system32\wmcltui.dll deleting: C:\WINDOWS\system32\woaueng1.dll Successfully Deleted: C:\WINDOWS\system32\woaueng1.dll deleting: C:\WINDOWS\system32\wvpui.dll Successfully Deleted: C:\WINDOWS\system32\wvpui.dll deleting: C:\WINDOWS\system32\xnsp1res.dll Successfully Deleted: C:\WINDOWS\system32\xnsp1res.dll deleting: C:\WINDOWS\system32\guard.tmp Desktop.ini sucessfully removed Zipping up files for submission: adding: aumparse.dll (deflated 5%) adding: az18lg5u16.dll (deflated 4%) adding: aza0l55m1.dll (deflated 4%) adding: aza4l11q1.dll (deflated 5%) adding: aza8lg5u16.dll (deflated 6%) adding: azaml5311.dll (deflated 5%) adding: azaml5l11.dll (deflated 5%) adding: coedui.dll (deflated 5%) adding: d00mlad11d0.dll (deflated 4%) adding: dBdim.dll (deflated 5%) adding: dddmo.dll (deflated 6%) adding: deconfig.dll (deflated 4%) adding: djmv2clt.dll (deflated 5%) adding: dtlayx.dll (deflated 4%) adding: dukquota.dll (deflated 4%) adding: dvnput8.dll (deflated 5%) adding: dziman32.dll (deflated 4%) adding: e2202cfmgf2a2.dll (deflated 5%) adding: en26l1fs1.dll (deflated 4%) adding: en48l1hu1.dll (deflated 5%) adding: en4ql1h51.dll (deflated 5%) adding: en62l1jo1.dll (deflated 5%) adding: enj4l11q1.dll (deflated 6%) adding: enl0l13m1.dll (deflated 5%) adding: enlsl1371.dll (deflated 4%) adding: ennol1531.dll (deflated 4%) adding: enp8l17u1.dll (deflated 6%) adding: enpql1751.dll (deflated 5%) adding: enpsl1771.dll (deflated 5%) adding: enr8l19u1.dll (deflated 4%) adding: f0j2la1o1d.dll (deflated 5%) adding: f2l02c3mgf.dll (deflated 4%) adding: f4l00e3meh.dll (deflated 5%) adding: fjusd.dll (deflated 4%) adding: g040lahm1d4a.dll (deflated 5%) adding: g4jo0e13eh.dll (deflated 5%) adding: g622lgfo162c.dll (deflated 4%) adding: GXCollection.dll (deflated 4%) adding: h24mlch11f4.dll (deflated 5%) adding: h60qlgd5160.dll (deflated 4%) adding: h6j4lg1q16.dll (deflated 4%) adding: h6n00g5me6.dll (deflated 5%) adding: hdpertrm.dll (deflated 4%) adding: hr0s05d7e.dll (deflated 5%) adding: hr4605hse.dll (deflated 5%) adding: hr8u05l9e.dll (deflated 5%) adding: hrj8051ue.dll (deflated 5%) adding: hrl6053se.dll (deflated 5%) adding: hrls0537e.dll (deflated 5%) adding: hrns0557e.dll (deflated 4%) adding: hrr6059se.dll (deflated 5%) adding: hrrs0597e.dll (deflated 5%) adding: i624lgfq162e.dll (deflated 4%) adding: i642lgho164c.dll (deflated 5%) adding: IfagXpr5.dll (deflated 4%) adding: imxwan.dll (deflated 4%) adding: ir8ml5l11.dll (deflated 4%) adding: irj0l51m1.dll (deflated 5%) adding: irl2l53o1.dll (deflated 4%) adding: irlml5311.dll (deflated 5%) adding: irn0l55m1.dll (deflated 5%) adding: j00s0ad7ed0.dll (deflated 4%) adding: j0p0la7m1d.dll (deflated 5%) adding: j4n20e5oeh.dll (deflated 4%) adding: j62qlgf5162.dll (deflated 6%) adding: jQvaee.dll (deflated 5%) adding: kddsl1.dll (deflated 5%) adding: kfdusr.dll (deflated 4%) adding: kldlv.dll (deflated 4%) adding: kt80l7lm1.dll (deflated 5%) adding: ktrul7991.dll (deflated 4%) adding: kydtuf.dll (deflated 4%) adding: l02s0af7ed2.dll (deflated 5%) adding: l0j80a1ued.dll (deflated 4%) adding: l62slgf7162.dll (deflated 4%) adding: lubmp13n.dll (deflated 5%) adding: lv2009fme.dll (deflated 4%) adding: lv2m09f1e.dll (deflated 4%) adding: lv8o09l3e.dll (deflated 5%) adding: lvj0091me.dll (deflated 4%) adding: lvl4093qe.dll (deflated 4%) adding: m6julg1916.dll (deflated 5%) adding: mhpmsp.dll (deflated 5%) adding: mkdtcuiu.dll (deflated 5%) adding: mxdtcprx.dll (deflated 4%) adding: mxls31.dll (deflated 5%) adding: n4p40e7qeh.dll (deflated 4%) adding: n6n6lg5s16.dll (deflated 5%) adding: nqtapi32.dll (deflated 4%) adding: nvtui1.dll (deflated 4%) adding: o0lu0a39ed.dll (deflated 5%) adding: o2lulc391f.dll (deflated 5%) adding: o4pq0e75eh.dll (deflated 5%) adding: o648lghu1648.dll (deflated 5%) adding: o6660gjse6o60.dll (deflated 4%) adding: ogffilt.dll (deflated 5%) adding: p6n8lg5u16.dll (deflated 5%) adding: pGpnetsh.dll (deflated 4%) adding: r06u0aj9edo.dll (deflated 5%) adding: r08s0al7edq.dll (deflated 6%) adding: r0p80a7ued.dll (deflated 5%) adding: rRsppp.dll (deflated 4%) adding: rVschap.dll (deflated 4%) adding: srardssp.dll (deflated 4%) adding: sydll.dll (deflated 4%) adding: tFembed.dll (deflated 4%) adding: tzolhelp.dll (deflated 4%) adding: uprrtosa.dll (deflated 4%) adding: wmcltui.dll (deflated 4%) adding: woaueng1.dll (deflated 4%) adding: wvpui.dll (deflated 5%) adding: xnsp1res.dll (deflated 4%) adding: guard.tmp (deflated 4%) adding: echo.reg (deflated 11%) adding: clear.reg (deflated 22%) adding: desktop.ini (stored 0%) adding: readme.txt (deflated 52%) adding: direct.txt (stored 0%) adding: report.txt (deflated 68%) adding: report1.txt (deflated 68%) adding: lo2.txt (deflated 88%) adding: test2.txt (stored 0%) adding: test3.txt (stored 0%) adding: test5.txt (stored 0%) adding: test.txt (deflated 85%) adding: xfind.txt (deflated 80%) adding: backregs/notibac.reg (deflated 87%) adding: backregs/shell.reg (deflated 74%) adding: backregs/F867E9E1-B802-4A12-8225-C7A0C741ECD6.reg (deflated 70%) Restoring Registry Permissions: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Revoking access for predefined group "Administrators" Inherited ACE can not be revoked here! Inherited ACE can not be revoked here! Warning (option /rgaci)) - There is no ACE to remove! Registry permissions set too: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-NI) ALLOW Read BUILTIN\Users (ID-IO) ALLOW Read BUILTIN\Users (ID-NI) ALLOW Read BUILTIN\Power Users (ID-IO) ALLOW Read BUILTIN\Power Users (ID-NI) ALLOW Full access BUILTIN\Administrators (ID-IO) ALLOW Full access BUILTIN\Administrators (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access CREATOR OWNER Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrators ... successful Restoring Windows Update Certificates.: deleting local copy: aumparse.dll deleting local copy: az18lg5u16.dll deleting local copy: aza0l55m1.dll deleting local copy: aza4l11q1.dll deleting local copy: aza8lg5u16.dll deleting local copy: azaml5311.dll deleting local copy: azaml5l11.dll deleting local copy: coedui.dll deleting local copy: d00mlad11d0.dll deleting local copy: dBdim.dll deleting local copy: dddmo.dll deleting local copy: deconfig.dll deleting local copy: djmv2clt.dll deleting local copy: dtlayx.dll deleting local copy: dukquota.dll deleting local copy: dvnput8.dll deleting local copy: dziman32.dll deleting local copy: e2202cfmgf2a2.dll deleting local copy: en26l1fs1.dll deleting local copy: en48l1hu1.dll deleting local copy: en4ql1h51.dll deleting local copy: en62l1jo1.dll deleting local copy: enj4l11q1.dll deleting local copy: enl0l13m1.dll deleting local copy: enlsl1371.dll deleting local copy: ennol1531.dll deleting local copy: enp8l17u1.dll deleting local copy: enpql1751.dll deleting local copy: enpsl1771.dll deleting local copy: enr8l19u1.dll deleting local copy: f0j2la1o1d.dll deleting local copy: f2l02c3mgf.dll deleting local copy: f4l00e3meh.dll deleting local copy: fjusd.dll deleting local copy: g040lahm1d4a.dll deleting local copy: g4jo0e13eh.dll deleting local copy: g622lgfo162c.dll deleting local copy: GXCollection.dll deleting local copy: h24mlch11f4.dll deleting local copy: h60qlgd5160.dll deleting local copy: h6j4lg1q16.dll deleting local copy: h6n00g5me6.dll deleting local copy: hdpertrm.dll deleting local copy: hr0s05d7e.dll deleting local copy: hr4605hse.dll deleting local copy: hr8u05l9e.dll deleting local copy: hrj8051ue.dll deleting local copy: hrl6053se.dll deleting local copy: hrls0537e.dll deleting local copy: hrns0557e.dll deleting local copy: hrr6059se.dll deleting local copy: hrrs0597e.dll deleting local copy: i624lgfq162e.dll deleting local copy: i642lgho164c.dll deleting local copy: IfagXpr5.dll deleting local copy: imxwan.dll deleting local copy: ir8ml5l11.dll deleting local copy: irj0l51m1.dll deleting local copy: irl2l53o1.dll deleting local copy: irlml5311.dll deleting local copy: irn0l55m1.dll deleting local copy: j00s0ad7ed0.dll deleting local copy: j0p0la7m1d.dll deleting local copy: j4n20e5oeh.dll deleting local copy: j62qlgf5162.dll deleting local copy: jQvaee.dll deleting local copy: kddsl1.dll deleting local copy: kfdusr.dll deleting local copy: kldlv.dll deleting local copy: kt80l7lm1.dll deleting local copy: ktrul7991.dll deleting local copy: kydtuf.dll deleting local copy: l02s0af7ed2.dll deleting local copy: l0j80a1ued.dll deleting local copy: l62slgf7162.dll deleting local copy: lubmp13n.dll deleting local copy: lv2009fme.dll deleting local copy: lv2m09f1e.dll deleting local copy: lv8o09l3e.dll deleting local copy: lvj0091me.dll deleting local copy: lvl4093qe.dll deleting local copy: m6julg1916.dll deleting local copy: mhpmsp.dll deleting local copy: mkdtcuiu.dll deleting local copy: mxdtcprx.dll deleting local copy: mxls31.dll deleting local copy: n4p40e7qeh.dll deleting local copy: n6n6lg5s16.dll deleting local copy: nqtapi32.dll deleting local copy: nvtui1.dll deleting local copy: o0lu0a39ed.dll deleting local copy: o2lulc391f.dll deleting local copy: o4pq0e75eh.dll deleting local copy: o648lghu1648.dll deleting local copy: o6660gjse6o60.dll deleting local copy: ogffilt.dll deleting local copy: p6n8lg5u16.dll deleting local copy: pGpnetsh.dll deleting local copy: r06u0aj9edo.dll deleting local copy: r08s0al7edq.dll deleting local copy: r0p80a7ued.dll deleting local copy: rRsppp.dll deleting local copy: rVschap.dll deleting local copy: srardssp.dll deleting local copy: sydll.dll deleting local copy: tFembed.dll deleting local copy: tzolhelp.dll deleting local copy: uprrtosa.dll deleting local copy: wmcltui.dll deleting local copy: woaueng1.dll deleting local copy: wvpui.dll deleting local copy: xnsp1res.dll deleting local copy: guard.tmp The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunServices] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\enl6l13s1.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 The following are the files found: **************************************************************************** C:\WINDOWS\system32\aumparse.dll C:\WINDOWS\system32\az18lg5u16.dll C:\WINDOWS\system32\aza0l55m1.dll C:\WINDOWS\system32\aza4l11q1.dll C:\WINDOWS\system32\aza8lg5u16.dll C:\WINDOWS\system32\azaml5311.dll C:\WINDOWS\system32\azaml5l11.dll C:\WINDOWS\system32\coedui.dll C:\WINDOWS\system32\d00mlad11d0.dll C:\WINDOWS\system32\dBdim.dll C:\WINDOWS\system32\dddmo.dll C:\WINDOWS\system32\deconfig.dll C:\WINDOWS\system32\djmv2clt.dll C:\WINDOWS\system32\dtlayx.dll C:\WINDOWS\system32\dukquota.dll C:\WINDOWS\system32\dvnput8.dll C:\WINDOWS\system32\dziman32.dll C:\WINDOWS\system32\e2202cfmgf2a2.dll C:\WINDOWS\system32\en26l1fs1.dll C:\WINDOWS\system32\en48l1hu1.dll C:\WINDOWS\system32\en4ql1h51.dll C:\WINDOWS\system32\en62l1jo1.dll C:\WINDOWS\system32\enj4l11q1.dll C:\WINDOWS\system32\enl0l13m1.dll C:\WINDOWS\system32\enlsl1371.dll C:\WINDOWS\system32\ennol1531.dll C:\WINDOWS\system32\enp8l17u1.dll C:\WINDOWS\system32\enpql1751.dll C:\WINDOWS\system32\enpsl1771.dll C:\WINDOWS\system32\enr8l19u1.dll C:\WINDOWS\system32\f0j2la1o1d.dll C:\WINDOWS\system32\f2l02c3mgf.dll C:\WINDOWS\system32\f4l00e3meh.dll C:\WINDOWS\system32\fjusd.dll C:\WINDOWS\system32\g040lahm1d4a.dll C:\WINDOWS\system32\g4jo0e13eh.dll C:\WINDOWS\system32\g622lgfo162c.dll C:\WINDOWS\system32\GXCollection.dll C:\WINDOWS\system32\h24mlch11f4.dll C:\WINDOWS\system32\h60qlgd5160.dll C:\WINDOWS\system32\h6j4lg1q16.dll C:\WINDOWS\system32\h6n00g5me6.dll C:\WINDOWS\system32\hdpertrm.dll C:\WINDOWS\system32\hr0s05d7e.dll C:\WINDOWS\system32\hr4605hse.dll C:\WINDOWS\system32\hr8u05l9e.dll C:\WINDOWS\system32\hrj8051ue.dll C:\WINDOWS\system32\hrl6053se.dll C:\WINDOWS\system32\hrls0537e.dll C:\WINDOWS\system32\hrns0557e.dll C:\WINDOWS\system32\hrr6059se.dll C:\WINDOWS\system32\hrrs0597e.dll C:\WINDOWS\system32\i624lgfq162e.dll C:\WINDOWS\system32\i642lgho164c.dll C:\WINDOWS\system32\IfagXpr5.dll C:\WINDOWS\system32\imxwan.dll C:\WINDOWS\system32\ir8ml5l11.dll C:\WINDOWS\system32\irj0l51m1.dll C:\WINDOWS\system32\irl2l53o1.dll C:\WINDOWS\system32\irlml5311.dll C:\WINDOWS\system32\irn0l55m1.dll C:\WINDOWS\system32\j00s0ad7ed0.dll C:\WINDOWS\system32\j0p0la7m1d.dll C:\WINDOWS\system32\j4n20e5oeh.dll C:\WINDOWS\system32\j62qlgf5162.dll C:\WINDOWS\system32\jQvaee.dll C:\WINDOWS\system32\kddsl1.dll C:\WINDOWS\system32\kfdusr.dll C:\WINDOWS\system32\kldlv.dll C:\WINDOWS\system32\kt80l7lm1.dll C:\WINDOWS\system32\ktrul7991.dll C:\WINDOWS\system32\kydtuf.dll C:\WINDOWS\system32\l02s0af7ed2.dll C:\WINDOWS\system32\l0j80a1ued.dll C:\WINDOWS\system32\l62slgf7162.dll C:\WINDOWS\system32\lubmp13n.dll C:\WINDOWS\system32\lv2009fme.dll C:\WINDOWS\system32\lv2m09f1e.dll C:\WINDOWS\system32\lv8o09l3e.dll C:\WINDOWS\system32\lvj0091me.dll C:\WINDOWS\system32\lvl4093qe.dll C:\WINDOWS\system32\m6julg1916.dll C:\WINDOWS\system32\mhpmsp.dll C:\WINDOWS\system32\mkdtcuiu.dll C:\WINDOWS\system32\mxdtcprx.dll C:\WINDOWS\system32\mxls31.dll C:\WINDOWS\system32\n4p40e7qeh.dll C:\WINDOWS\system32\n6n6lg5s16.dll C:\WINDOWS\system32\nqtapi32.dll C:\WINDOWS\system32\nvtui1.dll C:\WINDOWS\system32\o0lu0a39ed.dll C:\WINDOWS\system32\o2lulc391f.dll C:\WINDOWS\system32\o4pq0e75eh.dll C:\WINDOWS\system32\o648lghu1648.dll C:\WINDOWS\system32\o6660gjse6o60.dll C:\WINDOWS\system32\ogffilt.dll C:\WINDOWS\system32\p6n8lg5u16.dll C:\WINDOWS\system32\pGpnetsh.dll C:\WINDOWS\system32\r06u0aj9edo.dll C:\WINDOWS\system32\r08s0al7edq.dll C:\WINDOWS\system32\r0p80a7ued.dll C:\WINDOWS\system32\rRsppp.dll C:\WINDOWS\system32\rVschap.dll C:\WINDOWS\system32\srardssp.dll C:\WINDOWS\system32\sydll.dll C:\WINDOWS\system32\tFembed.dll C:\WINDOWS\system32\tzolhelp.dll C:\WINDOWS\system32\uprrtosa.dll C:\WINDOWS\system32\wmcltui.dll C:\WINDOWS\system32\woaueng1.dll C:\WINDOWS\system32\wvpui.dll C:\WINDOWS\system32\xnsp1res.dll C:\WINDOWS\system32\guard.tmp Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{F867E9E1-B802-4A12-8225-C7A0C741ECD6}"=- [-HKEY_CLASSES_ROOT\CLSID\{F867E9E1-B802-4A12-8225-C7A0C741ECD6}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" **************************************************************************** Desktop.ini Contents: **************************************************************************** [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} **************************************************************************** Ja Hijackthis logi: Logfile of HijackThis v1.99.1 Scan saved at 21:28:52, on 22.9.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\nero\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\nero\InCD\InCD.exe D:\Program Files\Spyware\gcasServ.exe C:\WINDOWS\TBPanel.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe E:\Phone\Skype.exe D:\Program Files\Spyware\gcasDtServ.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/ O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] D:\Program Files\nero\InCD\InCD.exe O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Spyware\gcasServ.exe" O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "E:\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\enl6l13s1.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\nero\InCD\InCDsrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
No eihän se sitten suostunut lähtemään. Kokeillaan seuraavaksi Kill2Me:llä http://www.bleepingcomputer.com/files/Merijn/kill2me.zip Sammuta varmuudeksi MS Antispywaren real-time protection ettei se vaan estä puhdistusta. Eli lataa, pura zippi, klikkaa kill2me.exe ja anna sen jauhaa. Kerro lähtikö HjT:tä se 020 rivi. Sitten huomasin lokissa tuon O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" Tuo on varmaankin poistetun Nortonin jämä, koska sulla on AVG ja Zone. Eli fixaa tuo HjT:llä ja poista Symantec Shared kansio vikasietotilassa.
Hijackthis rivi 020 näyttää tältä: O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\q086lals1dq6.dll Eli ei auttanut tuo Kill2Me. Muuten fixasin tuon symantecin ja kävin poistamassa safe mode puolella symantec sheared kansion. Edelleen tuli harmikseni spotresults-popup!
Kokeillaas sitten VX2Finderia. Pidä se MS Antispyware edelleen suljettuna. Eli lataa, käynnistä, klikkaa > Click to Find VX2Betterinternet, anna poistaa jos jotain löytyy. http://www.downloads.subratam.org/VX2Finder.exe Oliko vaikutusta HjT:n 020 riviin?
kyllä toi Look2Me on, melkein uusin variantti saattaa olla että ton lmfixin joutuu vetään 4-5 kertaakin, esim: http://www.geekstogo.com/forum/index.php?act=ST&f=37&t=44900 l2mfixin tekijä antoi tällasen neuvon: aja toi l2mfiksi , mutta siinä vaiheessa kun pitäs käynnistää uudelleen paina cancel avaa hijackthis, fiksaa toi 020 winlogon notify rivin kohde ja käynnistä manuaalisesti uudelleen jos ei toi toimi niin sitte aja l2mfix useaan kertaan
ajoin l2mfixin viiteen kertaan läpi ja en saa 020 riviä millään pois. Nyt se näyttää tältä: O20 - Winlogon Notify: MSSYCLM - C:\WINDOWS\system32\hr0u05d9e.dll Eli tuntuu muuttuvan tuo dll-tiedosto. Onneksi sentään drwatsonin ei käynnistele konetta enää uudelleen kun poistin windows sp 2 ja palautin sen kuitenkin uudelleen systen restore toiminnolla, tuntui kummasti auttavan siihen ongelmaan... Popuppeja tulee vieläkin, mutta enää harvakseltaan ,että jotain olemme onnistuneet korjaamaan. Asensin kyllä google toolbarin, oisko se auttanut hieman. Tässä vielä tämän hetkinen hijackthis logi, jos vaikka katsastaisitte sen läpi... Logfile of HijackThis v1.99.1 Scan saved at 0:13:30, on 26.9.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\nero\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\nero\InCD\InCD.exe C:\WINDOWS\TBPanel.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe E:\Phone\Skype.exe D:\Program Files\Spyware\gcasDtServ.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/ O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] D:\Program Files\nero\InCD\InCD.exe O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Spyware\gcasServ.exe" O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "E:\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: MSSYCLM - C:\WINDOWS\system32\hr0u05d9e.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\nero\InCD\InCDsrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
Lokissa on se sama 020-örkki, mikä ennenkin. Kokeilitko myös tätä tapaa? -> "aja toi l2mfiksi , mutta siinä vaiheessa kun pitäs käynnistää uudelleen paina cancel avaa hijackthis, fiksaa toi 020 winlogon notify rivin kohde ja käynnistä manuaalisesti uudelleen"
Hei -kemisti-! Kyllä niin tein kuin neuvottiin, olen neuvojen orja vielä näissä virus ym. hommissa. Ja kyllä se l2mfix auttaa sen verran, että muuttuu tuo 020 rivi, koska nyt se näyttää tältä: O20 - Winlogon Notify: policies - C:\WINDOWS\system32\lvj4091qe.dll Onkohan minun koneessa jokin örkki-ohjelma joka aina muuttaa tuon vai onko palomuurista vahingossa päästetty jokin örkki läpi? Pitäisköhän tehdä toi l2mfix moneen kertaan ja katsoa sitten mitä tulee logiin. Mutta ajaisinko vain l2mfix run fixia monta kertaa vai pitääkö ajaa koko homma second.batin kanssa?
Jos Look2Me fixaus olisi onnistunut niin tuo olisi palauttanut myös sen takaisin. Ajoit siis l2mfixin viidesti läpi, jos annoit koneen bootata(uudelleenkäynnistyä) aina fixien välillä niin kokeile fixata(l2mfix.bat ja vaihtoehto2) ilman väliboottia ja fixaa aina välillä Hijakilla se 020 rivi.
Hei Kaikki Minua Auttaneet! Nyt taisin onnistua poistamaan look2me ongelman. Ainakin se 020 rivi poistui. Popupeista en vielä tiedä kun innoissani heti tänne kirjoitin. Mutta miten nyt pystyn suojaamaan koneeni parhaiten? Tässä hetkellä on palomuuri, windows päivitykset, adaware, spywareblaster, virustorjunta, spyware doctor ja microsoftin antispyware käytössä. Tässä vielä hijackthis-logi: Logfile of HijackThis v1.99.1 Scan saved at 12:27:10, on 27.9.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\nero\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\nero\InCD\InCD.exe C:\WINDOWS\TBPanel.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe E:\Phone\Skype.exe D:\Program Files\Spyware\gcasDtServ.exe C:\WINDOWS\system32\wuauclt.exe D:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/ O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] D:\Program Files\nero\InCD\InCD.exe O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Spyware\gcasServ.exe" O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "E:\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\guard.tmp O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\nero\InCD\InCDsrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe