DrWatson postmortem Debugger ja IE:n pop upit!

Nellimak · Sep 21, 2005

Heips!

Olen etsinyt foorumilta ja ties mistä ongelmaan ratkaisua, mutta ei asiat ole parantuneet mihinkään. IE:en tulee paljon pop uppeja ja sivu muuttuu esim. spotresults.comiksi.

Lisäksi DrWatson postmortem Debugger ilmoitaa (ZoneAlarm) vaarallisesta toiminnasta ja kysyy lupaa todelle monelle ohjelmalle. Kun en anna lupaa tai annan kone voi käynnistyä uudelleen. En ole huomannut mitään yhteyttä vastaa kyllä vai ei...

Koneeni taitaa olla aika sekaisin, mutta jos joku viitsisi autaa minua. Tässä vielä Hijack logi:

Logfile of HijackThis v1.99.1
Scan saved at 21:56:21, on 21.9.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\nero\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\nero\InCD\InCD.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Phone\Skype.exe
D:\Program Files\Spyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
D:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [Microsoft Internet Application] iapp.exe
O4 - HKLM\..\Run: [Windows Compliant] jtfnpn.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\nero\InCD\InCD.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Spyware\gcasServ.exe"
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [Microsoft Internet Application] iapp.exe
O4 - HKLM\..\RunServices: [Windows Compliant] jtfnpn.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Compliant] jtfnpn.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "E:\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\lt2027fmg.dll
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\hrru0599e.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\nero\InCD\InCDsrv.exe
O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

-kemisti- · Sep 21, 2005

Joo onhan siinä örkkejä.

Poista lisää/poista sovellus-kohdasta (ohjauspaneeli):

Spyware Cleaner

Fixaa hijackthisillä (klikkaa do a system scan only, merkkaa nämä ja paina fix checked):

O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [Microsoft Internet Application] iapp.exe
O4 - HKLM\..\Run: [Windows Compliant] jtfnpn.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunServices: [Microsoft Internet Application] iapp.exe
O4 - HKLM\..\RunServices: [Windows Compliant] jtfnpn.exe
O4 - HKCU\..\Run: [Windows Compliant] jtfnpn.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\hrru0599e.dll (file missing)
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing)

Sitten käynnistä -> suorita -> services.msc -> ok -> etsi listalta Hardware Clock Driver (hwclock) ja SpywareCleanerService -> tuplaklikkaa -> valitse käynnistymistavaksi ei käytössä

Laita piilotiedostot näkyviin -> http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista:

C:\WINDOWS\System32\==>lssas.exe<== (HUOM! EI ole lsass.exe, joka on
tärkeä ohjelma)
iapp.exe (etsi Etsi-toiminnolla)
jtfnpn.exe (samat sanat kuin edelliseen)
hakemisto C:\Program Files\==>Spyware Cleaner<==
C:\WINDOWS\system32\==>hrru0599e.dll<== (jos on)

Käynnistä uudestaan ja lähetä uusi hijackthis-loki.

Nellimak · Sep 22, 2005

Hei Kemisti!

Nyt olen tehnyt tarvittavat toimenpiteet ja ainakin nyt lyhyen käytön jälkeen tuntuu paremmalta. Kiitos kovasti avusta!

Tässä vielä hijackthis-logi

Logfile of HijackThis v1.99.1
Scan saved at 13:53:48, on 22.9.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\nero\InCD\InCDsrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\nero\InCD\InCD.exe
D:\Program Files\Spyware\gcasServ.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Phone\Skype.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
D:\Program Files\Spyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\nero\InCD\InCD.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Spyware\gcasServ.exe"
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Compliant] jtfnpn.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "E:\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\mvp0l97m1.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\nero\InCD\InCDsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

-kemisti- · Sep 22, 2005

EDIT: Loki ei ole vielä kunnossa, fixaa tuo hijackthisillä:

O4 - HKCU\..\Run: [Windows Compliant] jtfnpn.exe

Ja yritä löytää tämä Windowsin Etsi-toiminnolla ==>jtfnpn.exe ja poista se.

Käynnistä kone uudestaan ja lähetä uusi loki.

Nellimak · Sep 22, 2005

---- En löydä jtfnpn.exe vaikka etsin safe modessa että tavallisella puolella.

Kone ja netti toimivat nyt nopeammin ja vakaammin. Spotresults popuppeja tulee vieläkin Ie:hen. Firefoxin poistin kokonaan kun se oli ihan sekaisin... Olisiko jotain muuta selainta joka ei olisi niin helposti sekaisin menevää sorttia?

Mutta tässä loki...

Logfile of HijackThis v1.99.1
Scan saved at 16:49:26, on 22.9.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\nero\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\nero\InCD\InCD.exe
D:\Program Files\Spyware\gcasServ.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Phone\Skype.exe
D:\Program Files\Spyware\gcasDtServ.exe
D:\Program Files\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\nero\InCD\InCD.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Spyware\gcasServ.exe"
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "E:\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\f42m0ef1eh2.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\nero\InCD\InCDsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

-kemisti- · Sep 22, 2005

Ongelma on tämä rivi -> O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\f42m0ef1eh2.dll
Se aiheuttaa noi popupit.

EDIT: Lähetin ton sun lokin tarkastuspyynnön yhdelle mua pätevämmälle. Hän varmaan kattoo sen läpi ja neuvoo eteenpäin, kun ehtii.

Nellimak · Sep 22, 2005

Fixasin vielä tuon yhden rivin. Mutta jään odottamaan vielä josko niitä popup ilmaantuu, mutta suuret kiitokset vielä kerran avusta Kemisti!

Toymaatti · Sep 22, 2005

Nellimak ja -kemisti-, taitaa olla Look2Me tuo örkki, kokeillaanko fixiä tässä illukkaa odotellessa?

Hae l2mfix

http://www.downloads.subratam.org/l2mfix.exe

Pura zippi ja asenna se työpöydälle.
Tuplaklikkaa l2mfix.bat
Valitse kohta 1 eli näppäät ykkösen ja Enter.
Kun scannaus on valmis se tekee txt lokin, laita se tänne.

Nellimak · Sep 22, 2005

Tässä l2mfixin loki:

L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\BITS]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\azas0af7ed2.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{E8EEC462-CFA8-148B-84F2-A7E167EB2457}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{F867E9E1-B802-4A12-8225-C7A0C741ECD6}"=""
"{6EE51AA0-77A0-11D7-B4E1-000347126E46}"="Window Washer Shell Shredding Utility"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{950FF917-7A57-46BC-8017-59D9BF474000}"="Shell Extension for CDRW"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F867E9E1-B802-4A12-8225-C7A0C741ECD6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F867E9E1-B802-4A12-8225-C7A0C741ECD6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F867E9E1-B802-4A12-8225-C7A0C741ECD6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F867E9E1-B802-4A12-8225-C7A0C741ECD6}\InprocServer32]
@="C:\\WINDOWS\\system32\\mq4sdmod.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
sydll.dll Fri 24 Jun 2005 22.25.12 ..S.R 234 272 228,78 K
tzolhelp.dll Fri 24 Jun 2005 22.25.26 ..S.R 234 272 228,78 K
mshtml.dll Wed 20 Jul 2005 5.00.30 A.... 3 014 144 2,87 M
wmcltui.dll Fri 24 Jun 2005 23.44.28 ..S.R 234 272 228,78 K
cdfview.dll Sun 3 Jul 2005 5.11.28 A.... 151 040 147,50 K
browseui.dll Sun 3 Jul 2005 5.11.28 A.... 1 019 904 996,00 K
wvpui.dll Fri 8 Jul 2005 10.14.06 ..S.R 234 900 229,39 K
nvtui1.dll Thu 14 Jul 2005 21.29.06 ..S.R 234 272 228,78 K
djmv2clt.dll Thu 25 Aug 2005 11.36.12 ..S.R 234 608 229,11 K
lubmp13n.dll Tue 6 Sep 2005 8.52.36 ..S.R 234 049 228,56 K
kfdusr.dll Wed 14 Sep 2005 13.04.26 ..... 233 233 227,77 K
vsdata.dll Mon 29 Aug 2005 19.08.34 A.... 83 712 81,75 K
msrating.dll Sun 3 Jul 2005 5.11.30 A.... 146 432 143,00 K
mshtmled.dll Sun 3 Jul 2005 5.11.30 A.... 448 512 438,00 K
vsmonapi.dll Mon 29 Aug 2005 19.08.54 A.... 104 192 101,75 K
iepeers.dll Sun 3 Jul 2005 5.11.28 A.... 251 392 245,50 K
coedui.dll Mon 11 Jul 2005 13.31.24 ..S.R 234 900 229,39 K
imxwan.dll Mon 11 Jul 2005 19.55.26 ..S.R 233 760 228,28 K
mxls31.dll Thu 14 Jul 2005 11.37.54 ..S.R 234 900 229,39 K
nqtapi32.dll Thu 14 Jul 2005 21.29.12 ..S.R 234 272 228,78 K
mscms.dll Wed 29 Jun 2005 4.46.00 A.... 74 240 72,50 K
icm32.dll Wed 29 Jun 2005 4.46.00 A.... 254 976 249,00 K
kldlv.dll Thu 14 Jul 2005 22.34.04 ..S.R 234 272 228,78 K
srardssp.dll Tue 19 Jul 2005 12.55.46 ..... 234 671 229,17 K
dtlayx.dll Fri 22 Jul 2005 21.04.28 ..S.R 234 671 229,17 K
dukquota.dll Tue 2 Aug 2005 18.45.28 ..S.R 233 482 228,01 K
vspubapi.dll Mon 29 Aug 2005 19.08.58 A.... 227 072 221,75 K
zlcomm.dll Mon 29 Aug 2005 19.09.42 A.... 79 616 77,75 K
rrsppp.dll Fri 24 Jun 2005 23.43.16 ..S.R 234 272 228,78 K
enr8l1~1.dll Thu 30 Jun 2005 21.53.50 ..S.R 234 272 228,78 K
pgpnetsh.dll Mon 11 Jul 2005 19.55.32 ..S.R 233 760 228,28 K
ennol1~1.dll Tue 5 Jul 2005 22.46.06 ..S.R 234 526 229,03 K
en4ql1~1.dll Thu 7 Jul 2005 10.13.04 ..S.R 235 426 229,91 K
o0lu0a~1.dll Tue 5 Jul 2005 22.54.42 ..S.R 235 456 229,94 K
j4n20e~1.dll Fri 8 Jul 2005 0.04.04 ..S.R 233 883 228,40 K
lvj009~1.dll Fri 8 Jul 2005 0.40.26 ..S.R 233 629 228,15 K
p6n8lg~1.dll Mon 11 Jul 2005 0.43.20 ..S.R 234 900 229,39 K
ktrul7~1.dll Thu 14 Jul 2005 1.42.52 ..S.R 234 784 229,28 K
umpnpmgr.dll Thu 30 Jun 2005 5.02.40 A.... 118 272 115,50 K
wininet.dll Sun 3 Jul 2005 5.11.30 A.... 658 432 643,00 K
urlmon.dll Sun 3 Jul 2005 5.11.30 A.... 607 744 593,50 K
lv8o09~1.dll Fri 22 Jul 2005 21.04.28 ..S.R 235 060 229,55 K
tfembed.dll Fri 22 Jul 2005 21.06.20 ..S.R 233 248 227,78 K
shlwapi.dll Sun 3 Jul 2005 5.11.30 A.... 473 600 462,50 K
shdocvw.dll Sun 3 Jul 2005 5.11.30 A.... 1 483 776 1,41 M
pngfilt.dll Sun 3 Jul 2005 5.11.30 A.... 39 424 38,50 K
inseng.dll Sun 3 Jul 2005 5.11.28 A.... 96 256 94,00 K
tapisrv.dll Fri 8 Jul 2005 19.27.56 A.... 249 344 243,50 K
o4pq0e~1.dll Thu 14 Jul 2005 23.37.44 ..S.R 234 846 229,34 K
e2202c~1.dll Thu 14 Jul 2005 23.51.04 ..S.R 236 294 230,75 K
o648lg~1.dll Tue 19 Jul 2005 12.55.44 ..S.R 236 517 230,97 K
zlcommdb.dll Mon 29 Aug 2005 19.09.46 A.... 71 424 69,75 K
vsregexp.dll Mon 29 Aug 2005 19.09.02 A.... 71 424 69,75 K
hrj805~1.dll Tue 23 Aug 2005 13.43.06 ..S.R 235 423 229,90 K
kydtuf.dll Wed 21 Sep 2005 13.04.00 ..S.R 233 991 228,50 K
vsutil.dll Mon 29 Aug 2005 19.09.14 A.... 382 720 373,75 K
vsinit.dll Mon 29 Aug 2005 19.08.46 A.... 141 056 137,75 K
vsxml.dll Mon 29 Aug 2005 19.09.22 A.... 100 096 97,75 K
woaueng1.dll Tue 20 Sep 2005 0.46.12 ..S.R 234 272 228,78 K
ir8ml5~1.dll Sat 23 Jul 2005 2.40.58 ..S.R 233 248 227,78 K
hrr605~1.dll Mon 12 Sep 2005 18.36.58 ..S.R 236 091 230,55 K
dddmo.dll Wed 21 Sep 2005 22.19.30 ..S.R 237 231 231,67 K
aza4l1~1.dll Mon 29 Aug 2005 14.07.58 ..S.R 235 776 230,25 K
f0j2la~1.dll Mon 25 Jul 2005 9.03.32 ..S.R 235 909 230,38 K
hashlib.dll Tue 12 Jul 2005 15.35.14 A.... 117 976 115,21 K
mxdtcprx.dll Thu 22 Sep 2005 11.15.32 ..S.R 233 630 228,15 K
i624lg~1.dll Mon 1 Aug 2005 9.54.18 ..S.R 233 449 227,98 K
l62slg~1.dll Mon 1 Aug 2005 10.08.50 ..S.R 233 599 228,12 K
irn0l5~1.dll Tue 6 Sep 2005 8.25.00 ..S.R 235 104 229,59 K
azaml5~1.dll Tue 6 Sep 2005 8.32.12 ..S.R 235 500 229,98 K
azaml5~2.dll Tue 6 Sep 2005 8.39.24 ..S.R 235 550 230,03 K
mq4sdmod.dll Thu 22 Sep 2005 20.48.02 ..S.R 234 948 229,44 K
irj0l5~1.dll Sat 17 Sep 2005 13.10.02 ..S.R 234 248 228,76 K
hrns05~1.dll Tue 13 Sep 2005 23.55.36 ..S.R 233 233 227,77 K
g622lg~1.dll Mon 1 Aug 2005 10.16.02 ..S.R 233 349 227,88 K
o6660g~1.dll Tue 13 Sep 2005 3.38.50 ..S.R 233 233 227,77 K
en48l1~1.dll Wed 14 Sep 2005 13.04.26 ..S.R 235 074 229,56 K
rvschap.dll Sat 17 Sep 2005 13.10.02 ..S.R 233 233 227,77 K
aza0l5~1.dll Tue 20 Sep 2005 1.25.58 ..S.R 234 272 228,78 K
hrrs05~1.dll Wed 21 Sep 2005 0.09.50 ..S.R 236 032 230,50 K
l0j80a~1.dll Wed 3 Aug 2005 11.30.34 ..S.R 233 482 228,01 K
n4p40e~1.dll Tue 20 Sep 2005 0.21.26 ..S.R 234 520 229,02 K
hr8u05~1.dll Thu 22 Sep 2005 13.51.30 ..S.R 235 933 230,40 K
r08s0a~1.dll Sun 14 Aug 2005 23.32.56 ..S.R 236 600 231,05 K
gcunco~1.dll Tue 12 Jul 2005 15.35.10 A.... 95 448 93,21 K
gccoll~1.dll Tue 12 Jul 2005 15.35.14 A.... 126 680 123,71 K
g040la~1.dll Tue 20 Sep 2005 23.04.38 ..S.R 235 237 229,72 K
f2l02c~1.dll Tue 23 Aug 2005 1.44.34 ..S.R 233 538 228,06 K
aza8lg~1.dll Tue 23 Aug 2005 13.29.50 ..S.R 236 780 231,23 K
j0p0la~1.dll Thu 25 Aug 2005 11.36.12 ..S.R 235 678 230,15 K
f4l00e~1.dll Sun 4 Sep 2005 0.22.24 ..S.R 234 049 228,56 K
h6n00g~1.dll Tue 6 Sep 2005 8.17.44 ..S.R 234 105 228,62 K
d00mla~1.dll Mon 12 Sep 2005 17.50.40 ..S.R 233 286 227,82 K
h6j4lg~1.dll Mon 12 Sep 2005 17.59.20 ..S.R 233 444 227,97 K
h24mlc~1.dll Tue 20 Sep 2005 23.58.56 ..S.R 236 379 230,84 K
i642lg~1.dll Wed 21 Sep 2005 0.34.00 ..S.R 236 573 231,03 K
r0p80a~1.dll Wed 21 Sep 2005 10.57.56 ..S.R 234 861 229,36 K
az18lg~1.dll Wed 21 Sep 2005 1.08.02 ..S.R 234 468 228,97 K
azas0a~1.dll Thu 22 Sep 2005 16.46.58 ..S.R 234 948 229,44 K
n6n6lg~1.dll Wed 21 Sep 2005 11.19.56 ..S.R 235 647 230,12 K
en62l1~1.dll Wed 21 Sep 2005 20.46.54 ..S.R 234 796 229,29 K
gwfspi~1.dll Mon 29 Aug 2005 13.27.06 A.... 23 304 22,76 K
legitc~1.dll Mon 29 Aug 2005 13.27.12 A.... 520 968 508,76 K
r06u0a~1.dll Thu 22 Sep 2005 16.49.02 ..S.R 235 072 229,56 K
aza8l1~1.dll Thu 22 Sep 2005 20.48.02 ..S.R 237 155 231,59 K

105 items found: 105 files (73 H/S), 0 directories.
Total of file sizes: 28 835 801 bytes 27,50 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 372C-12EE

Directory of C:\WINDOWS\System32

22.09.2005 20:48 234ÿ948 mq4sdmod.dll
22.09.2005 20:48 237ÿ155 aza8l19u1.dll
22.09.2005 16:49 235ÿ072 r06u0aj9edo.dll
22.09.2005 16:46 234ÿ948 azas0af7ed2.dll
22.09.2005 13:51 235ÿ933 hr8u05l9e.dll
22.09.2005 11:15 233ÿ630 mxdtcprx.dll
21.09.2005 22:19 237ÿ231 dddmo.dll
21.09.2005 20:46 234ÿ796 en62l1jo1.dll
21.09.2005 13:04 233ÿ991 kydtuf.dll
21.09.2005 11:19 235ÿ647 n6n6lg5s16.dll
21.09.2005 10:57 234ÿ861 r0p80a7ued.dll
21.09.2005 01:08 234ÿ468 az18lg5u16.dll
21.09.2005 00:34 236ÿ573 i642lgho164c.dll
21.09.2005 00:09 236ÿ032 hrrs0597e.dll
20.09.2005 23:58 236ÿ379 h24mlch11f4.dll
20.09.2005 23:04 235ÿ237 g040lahm1d4a.dll
20.09.2005 01:25 234ÿ272 aza0l55m1.dll
20.09.2005 00:46 234ÿ272 woaueng1.dll
20.09.2005 00:21 234ÿ520 n4p40e7qeh.dll
17.09.2005 13:10 233ÿ233 rVschap.dll
17.09.2005 13:10 234ÿ248 irj0l51m1.dll
14.09.2005 13:04 235ÿ074 en48l1hu1.dll
13.09.2005 23:55 233ÿ233 hrns0557e.dll
13.09.2005 03:38 233ÿ233 o6660gjse6o60.dll
12.09.2005 18:36 236ÿ091 hrr6059se.dll
12.09.2005 17:59 233ÿ444 h6j4lg1q16.dll
12.09.2005 17:50 233ÿ286 d00mlad11d0.dll
06.09.2005 08:52 234ÿ049 lubmp13n.dll
06.09.2005 08:39 235ÿ550 azaml5l11.dll
06.09.2005 08:32 235ÿ500 azaml5311.dll
06.09.2005 08:25 235ÿ104 irn0l55m1.dll
06.09.2005 08:17 234ÿ105 h6n00g5me6.dll
04.09.2005 00:22 234ÿ049 f4l00e3meh.dll
29.08.2005 14:07 235ÿ776 aza4l11q1.dll
25.08.2005 11:36 234ÿ608 djmv2clt.dll
25.08.2005 11:36 235ÿ678 j0p0la7m1d.dll
23.08.2005 13:43 235ÿ423 hrj8051ue.dll
23.08.2005 13:29 236ÿ780 aza8lg5u16.dll
23.08.2005 01:44 233ÿ538 f2l02c3mgf.dll
14.08.2005 23:32 236ÿ600 r08s0al7edq.dll
03.08.2005 11:30 233ÿ482 l0j80a1ued.dll
02.08.2005 18:45 233ÿ482 dukquota.dll
01.08.2005 10:16 233ÿ349 g622lgfo162c.dll
01.08.2005 10:08 233ÿ599 l62slgf7162.dll
01.08.2005 09:54 233ÿ449 i624lgfq162e.dll
25.07.2005 09:03 235ÿ909 f0j2la1o1d.dll
23.07.2005 02:40 233ÿ248 ir8ml5l11.dll
22.07.2005 21:06 233ÿ248 tFembed.dll
22.07.2005 21:04 234ÿ671 dtlayx.dll
22.07.2005 21:04 235ÿ060 lv8o09l3e.dll
19.07.2005 12:55 236ÿ517 o648lghu1648.dll
14.07.2005 23:51 236ÿ294 e2202cfmgf2a2.dll
14.07.2005 23:37 234ÿ846 o4pq0e75eh.dll
14.07.2005 22:34 234ÿ272 kldlv.dll
14.07.2005 21:29 234ÿ272 nqtapi32.dll
14.07.2005 21:29 234ÿ272 nvtui1.dll
14.07.2005 11:37 234ÿ900 mxls31.dll
14.07.2005 01:42 234ÿ784 ktrul7991.dll
11.07.2005 19:55 233ÿ760 pGpnetsh.dll
11.07.2005 19:55 233ÿ760 imxwan.dll
11.07.2005 13:31 234ÿ900 coedui.dll
11.07.2005 00:43 234ÿ900 p6n8lg5u16.dll
08.07.2005 10:14 234ÿ900 wvpui.dll
08.07.2005 00:40 233ÿ629 lvj0091me.dll
08.07.2005 00:04 233ÿ883 j4n20e5oeh.dll
07.07.2005 10:13 235ÿ426 en4ql1h51.dll
05.07.2005 22:54 235ÿ456 o0lu0a39ed.dll
05.07.2005 22:46 234ÿ526 ennol1531.dll
30.06.2005 21:53 234ÿ272 enr8l19u1.dll
24.06.2005 23:44 234ÿ272 wmcltui.dll
24.06.2005 23:43 234ÿ272 rRsppp.dll
24.06.2005 22:25 234ÿ272 tzolhelp.dll
24.06.2005 22:25 234ÿ272 sydll.dll
23.06.2005 14:09 234ÿ461 mkdtcuiu.dll
23.06.2005 14:09 235ÿ196 hrls0537e.dll
21.06.2005 09:54 234ÿ461 irlml5311.dll
20.06.2005 10:05 233ÿ489 h60qlgd5160.dll
17.06.2005 00:51 234ÿ784 hdpertrm.dll
16.06.2005 23:50 234ÿ784 GXCollection.dll
16.06.2005 23:50 234ÿ784 IfagXpr5.dll
16.06.2005 11:41 235ÿ446 hrl6053se.dll
16.06.2005 11:41 234ÿ811 aumparse.dll
15.06.2005 19:41 234ÿ811 enpsl1771.dll
11.06.2005 12:39 234ÿ811 dBdim.dll
01.06.2005 10:39 236ÿ200 enj4l11q1.dll
01.06.2005 10:28 236ÿ315 j62qlgf5162.dll
31.05.2005 10:09 233ÿ823 hr4605hse.dll
30.05.2005 17:02 234ÿ329 g4jo0e13eh.dll
29.05.2005 13:27 236ÿ261 o2lulc391f.dll
26.05.2005 14:36 236ÿ658 enp8l17u1.dll
26.05.2005 01:04 236ÿ023 m6julg1916.dll
25.05.2005 18:24 236ÿ023 dvnput8.dll
24.05.2005 10:31 234ÿ674 jQvaee.dll
23.05.2005 18:14 233ÿ708 irl2l53o1.dll
21.05.2005 15:36 233ÿ639 uprrtosa.dll
18.05.2005 13:44 233ÿ546 en26l1fs1.dll
18.05.2005 13:34 236ÿ562 hr0s05d7e.dll
16.05.2005 13:18 234ÿ272 lv2m09f1e.dll
15.05.2005 04:23 235ÿ843 enpql1751.dll
15.05.2005 04:08 234ÿ272 xnsp1res.dll
15.05.2005 03:08 234ÿ272 deconfig.dll
15.05.2005 03:08 234ÿ272 dziman32.dll
15.05.2005 03:07 234ÿ772 l02s0af7ed2.dll
15.05.2005 03:07 234ÿ052 mhpmsp.dll
14.05.2005 19:43 234ÿ052 kt80l7lm1.dll
09.05.2005 22:55 234ÿ052 ogffilt.dll
04.05.2005 13:50 232ÿ443 lvl4093qe.dll
03.05.2005 11:49 235ÿ983 kddsl1.dll
29.04.2005 17:07 233ÿ089 enlsl1371.dll
21.04.2005 13:37 234ÿ279 enl0l13m1.dll
21.04.2005 13:26 233ÿ277 lv2009fme.dll
19.04.2005 22:09 233ÿ318 j00s0ad7ed0.dll
10.07.2003 22:46 <DIR> Microsoft
10.07.2003 22:09 <DIR> dllcache
112 File(s) 26ÿ286ÿ568 bytes
2 Dir(s) 5ÿ004ÿ099ÿ584 bytes free

Toymaatti · Sep 22, 2005

Sitten jatketaan.

Sulje kaikki muut ohjelmat

Tuplaklikkaa l2mfix.bat
valitse kohta 2 eli näppäät 2 ja Enter
Sitten painat vaan jotain näppäintä ja kone käynnistyy uudestaan.
Kun kone on käynnistynyt, niin scannaus jatkuu ja kun se on valmis, niin tulee taas txt loki,
laita se ja uusi HijackThis loki tänne.

Nellimak · Sep 22, 2005

No niin, tässä tulee tavaraa, huh kun sitä onkin paljon:

L2Mfix 1.04a

Running From:
C:\Documents and Settings\Renfors\Desktop\l2mfix

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

Setting registry permissions:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry

Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

Setting up for Reboot

Starting Reboot!

Setting Directory
C:\Documents and Settings\Renfors\Desktop\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\Renfors\Desktop\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1768 'explorer.exe'
Killing PID 1768 'explorer.exe'
Killing PID 1768 'explorer.exe'
Killing PID 1768 'explorer.exe'
Killing PID 1768 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1052 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\aumparse.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\az18lg5u16.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aza0l55m1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aza4l11q1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aza8lg5u16.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azaml5311.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azaml5l11.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\coedui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\d00mlad11d0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dBdim.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dddmo.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\deconfig.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\djmv2clt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dtlayx.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dukquota.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dvnput8.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dziman32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\e2202cfmgf2a2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en26l1fs1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en48l1hu1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en4ql1h51.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en62l1jo1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enj4l11q1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enl0l13m1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enlsl1371.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ennol1531.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enp8l17u1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enpql1751.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enpsl1771.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enr8l19u1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\f0j2la1o1d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\f2l02c3mgf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\f4l00e3meh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fjusd.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\g040lahm1d4a.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\g4jo0e13eh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\g622lgfo162c.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\GXCollection.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\h24mlch11f4.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\h60qlgd5160.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\h6j4lg1q16.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\h6n00g5me6.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hdpertrm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hr0s05d7e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hr4605hse.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hr8u05l9e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hrj8051ue.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hrl6053se.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hrls0537e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hrns0557e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hrr6059se.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hrrs0597e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\i624lgfq162e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\i642lgho164c.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\IfagXpr5.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\imxwan.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir8ml5l11.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irj0l51m1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irl2l53o1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irlml5311.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irn0l55m1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j00s0ad7ed0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j0p0la7m1d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j4n20e5oeh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j62qlgf5162.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jQvaee.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kddsl1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kfdusr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kldlv.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kt80l7lm1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ktrul7991.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kydtuf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l02s0af7ed2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l0j80a1ued.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l62slgf7162.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lubmp13n.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lv2009fme.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lv2m09f1e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lv8o09l3e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvj0091me.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvl4093qe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m6julg1916.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mhpmsp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mkdtcuiu.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mxdtcprx.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mxls31.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n4p40e7qeh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n6n6lg5s16.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nqtapi32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nvtui1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o0lu0a39ed.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o2lulc391f.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o4pq0e75eh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o648lghu1648.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o6660gjse6o60.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ogffilt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\p6n8lg5u16.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\pGpnetsh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\r06u0aj9edo.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\r08s0al7edq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\r0p80a7ued.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rRsppp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rVschap.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\srardssp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sydll.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\tFembed.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\tzolhelp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\uprrtosa.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wmcltui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\woaueng1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wvpui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\xnsp1res.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINDOWS\system32\aumparse.dll
Successfully Deleted: C:\WINDOWS\system32\aumparse.dll
deleting: C:\WINDOWS\system32\az18lg5u16.dll
Successfully Deleted: C:\WINDOWS\system32\az18lg5u16.dll
deleting: C:\WINDOWS\system32\aza0l55m1.dll
Successfully Deleted: C:\WINDOWS\system32\aza0l55m1.dll
deleting: C:\WINDOWS\system32\aza4l11q1.dll
Successfully Deleted: C:\WINDOWS\system32\aza4l11q1.dll
deleting: C:\WINDOWS\system32\aza8lg5u16.dll
Successfully Deleted: C:\WINDOWS\system32\aza8lg5u16.dll
deleting: C:\WINDOWS\system32\azaml5311.dll
Successfully Deleted: C:\WINDOWS\system32\azaml5311.dll
deleting: C:\WINDOWS\system32\azaml5l11.dll
Successfully Deleted: C:\WINDOWS\system32\azaml5l11.dll
deleting: C:\WINDOWS\system32\coedui.dll
Successfully Deleted: C:\WINDOWS\system32\coedui.dll
deleting: C:\WINDOWS\system32\d00mlad11d0.dll
Successfully Deleted: C:\WINDOWS\system32\d00mlad11d0.dll
deleting: C:\WINDOWS\system32\dBdim.dll
Successfully Deleted: C:\WINDOWS\system32\dBdim.dll
deleting: C:\WINDOWS\system32\dddmo.dll
Successfully Deleted: C:\WINDOWS\system32\dddmo.dll
deleting: C:\WINDOWS\system32\deconfig.dll
Successfully Deleted: C:\WINDOWS\system32\deconfig.dll
deleting: C:\WINDOWS\system32\djmv2clt.dll
Successfully Deleted: C:\WINDOWS\system32\djmv2clt.dll
deleting: C:\WINDOWS\system32\dtlayx.dll
Successfully Deleted: C:\WINDOWS\system32\dtlayx.dll
deleting: C:\WINDOWS\system32\dukquota.dll
Successfully Deleted: C:\WINDOWS\system32\dukquota.dll
deleting: C:\WINDOWS\system32\dvnput8.dll
Successfully Deleted: C:\WINDOWS\system32\dvnput8.dll
deleting: C:\WINDOWS\system32\dziman32.dll
Successfully Deleted: C:\WINDOWS\system32\dziman32.dll
deleting: C:\WINDOWS\system32\e2202cfmgf2a2.dll
Successfully Deleted: C:\WINDOWS\system32\e2202cfmgf2a2.dll
deleting: C:\WINDOWS\system32\en26l1fs1.dll
Successfully Deleted: C:\WINDOWS\system32\en26l1fs1.dll
deleting: C:\WINDOWS\system32\en48l1hu1.dll
Successfully Deleted: C:\WINDOWS\system32\en48l1hu1.dll
deleting: C:\WINDOWS\system32\en4ql1h51.dll
Successfully Deleted: C:\WINDOWS\system32\en4ql1h51.dll
deleting: C:\WINDOWS\system32\en62l1jo1.dll
Successfully Deleted: C:\WINDOWS\system32\en62l1jo1.dll
deleting: C:\WINDOWS\system32\enj4l11q1.dll
Successfully Deleted: C:\WINDOWS\system32\enj4l11q1.dll
deleting: C:\WINDOWS\system32\enl0l13m1.dll
Successfully Deleted: C:\WINDOWS\system32\enl0l13m1.dll
deleting: C:\WINDOWS\system32\enlsl1371.dll
Successfully Deleted: C:\WINDOWS\system32\enlsl1371.dll
deleting: C:\WINDOWS\system32\ennol1531.dll
Successfully Deleted: C:\WINDOWS\system32\ennol1531.dll
deleting: C:\WINDOWS\system32\enp8l17u1.dll
Successfully Deleted: C:\WINDOWS\system32\enp8l17u1.dll
deleting: C:\WINDOWS\system32\enpql1751.dll
Successfully Deleted: C:\WINDOWS\system32\enpql1751.dll
deleting: C:\WINDOWS\system32\enpsl1771.dll
Successfully Deleted: C:\WINDOWS\system32\enpsl1771.dll
deleting: C:\WINDOWS\system32\enr8l19u1.dll
Successfully Deleted: C:\WINDOWS\system32\enr8l19u1.dll
deleting: C:\WINDOWS\system32\f0j2la1o1d.dll
Successfully Deleted: C:\WINDOWS\system32\f0j2la1o1d.dll
deleting: C:\WINDOWS\system32\f2l02c3mgf.dll
Successfully Deleted: C:\WINDOWS\system32\f2l02c3mgf.dll
deleting: C:\WINDOWS\system32\f4l00e3meh.dll
Successfully Deleted: C:\WINDOWS\system32\f4l00e3meh.dll
deleting: C:\WINDOWS\system32\fjusd.dll
Successfully Deleted: C:\WINDOWS\system32\fjusd.dll
deleting: C:\WINDOWS\system32\g040lahm1d4a.dll
Successfully Deleted: C:\WINDOWS\system32\g040lahm1d4a.dll
deleting: C:\WINDOWS\system32\g4jo0e13eh.dll
Successfully Deleted: C:\WINDOWS\system32\g4jo0e13eh.dll
deleting: C:\WINDOWS\system32\g622lgfo162c.dll
Successfully Deleted: C:\WINDOWS\system32\g622lgfo162c.dll
deleting: C:\WINDOWS\system32\GXCollection.dll
Successfully Deleted: C:\WINDOWS\system32\GXCollection.dll
deleting: C:\WINDOWS\system32\h24mlch11f4.dll
Successfully Deleted: C:\WINDOWS\system32\h24mlch11f4.dll
deleting: C:\WINDOWS\system32\h60qlgd5160.dll
Successfully Deleted: C:\WINDOWS\system32\h60qlgd5160.dll
deleting: C:\WINDOWS\system32\h6j4lg1q16.dll
Successfully Deleted: C:\WINDOWS\system32\h6j4lg1q16.dll
deleting: C:\WINDOWS\system32\h6n00g5me6.dll
Successfully Deleted: C:\WINDOWS\system32\h6n00g5me6.dll
deleting: C:\WINDOWS\system32\hdpertrm.dll
Successfully Deleted: C:\WINDOWS\system32\hdpertrm.dll
deleting: C:\WINDOWS\system32\hr0s05d7e.dll
Successfully Deleted: C:\WINDOWS\system32\hr0s05d7e.dll
deleting: C:\WINDOWS\system32\hr4605hse.dll
Successfully Deleted: C:\WINDOWS\system32\hr4605hse.dll
deleting: C:\WINDOWS\system32\hr8u05l9e.dll
Successfully Deleted: C:\WINDOWS\system32\hr8u05l9e.dll
deleting: C:\WINDOWS\system32\hrj8051ue.dll
Successfully Deleted: C:\WINDOWS\system32\hrj8051ue.dll
deleting: C:\WINDOWS\system32\hrl6053se.dll
Successfully Deleted: C:\WINDOWS\system32\hrl6053se.dll
deleting: C:\WINDOWS\system32\hrls0537e.dll
Successfully Deleted: C:\WINDOWS\system32\hrls0537e.dll
deleting: C:\WINDOWS\system32\hrns0557e.dll
Successfully Deleted: C:\WINDOWS\system32\hrns0557e.dll
deleting: C:\WINDOWS\system32\hrr6059se.dll
Successfully Deleted: C:\WINDOWS\system32\hrr6059se.dll
deleting: C:\WINDOWS\system32\hrrs0597e.dll
Successfully Deleted: C:\WINDOWS\system32\hrrs0597e.dll
deleting: C:\WINDOWS\system32\i624lgfq162e.dll
Successfully Deleted: C:\WINDOWS\system32\i624lgfq162e.dll
deleting: C:\WINDOWS\system32\i642lgho164c.dll
Successfully Deleted: C:\WINDOWS\system32\i642lgho164c.dll
deleting: C:\WINDOWS\system32\IfagXpr5.dll
Successfully Deleted: C:\WINDOWS\system32\IfagXpr5.dll
deleting: C:\WINDOWS\system32\imxwan.dll
Successfully Deleted: C:\WINDOWS\system32\imxwan.dll
deleting: C:\WINDOWS\system32\ir8ml5l11.dll
Successfully Deleted: C:\WINDOWS\system32\ir8ml5l11.dll
deleting: C:\WINDOWS\system32\irj0l51m1.dll
Successfully Deleted: C:\WINDOWS\system32\irj0l51m1.dll
deleting: C:\WINDOWS\system32\irl2l53o1.dll
Successfully Deleted: C:\WINDOWS\system32\irl2l53o1.dll
deleting: C:\WINDOWS\system32\irlml5311.dll
Successfully Deleted: C:\WINDOWS\system32\irlml5311.dll
deleting: C:\WINDOWS\system32\irn0l55m1.dll
Successfully Deleted: C:\WINDOWS\system32\irn0l55m1.dll
deleting: C:\WINDOWS\system32\j00s0ad7ed0.dll
Successfully Deleted: C:\WINDOWS\system32\j00s0ad7ed0.dll
deleting: C:\WINDOWS\system32\j0p0la7m1d.dll
Successfully Deleted: C:\WINDOWS\system32\j0p0la7m1d.dll
deleting: C:\WINDOWS\system32\j4n20e5oeh.dll
Successfully Deleted: C:\WINDOWS\system32\j4n20e5oeh.dll
deleting: C:\WINDOWS\system32\j62qlgf5162.dll
Successfully Deleted: C:\WINDOWS\system32\j62qlgf5162.dll
deleting: C:\WINDOWS\system32\jQvaee.dll
Successfully Deleted: C:\WINDOWS\system32\jQvaee.dll
deleting: C:\WINDOWS\system32\kddsl1.dll
Successfully Deleted: C:\WINDOWS\system32\kddsl1.dll
deleting: C:\WINDOWS\system32\kfdusr.dll
Successfully Deleted: C:\WINDOWS\system32\kfdusr.dll
deleting: C:\WINDOWS\system32\kldlv.dll
Successfully Deleted: C:\WINDOWS\system32\kldlv.dll
deleting: C:\WINDOWS\system32\kt80l7lm1.dll
Successfully Deleted: C:\WINDOWS\system32\kt80l7lm1.dll
deleting: C:\WINDOWS\system32\ktrul7991.dll
Successfully Deleted: C:\WINDOWS\system32\ktrul7991.dll
deleting: C:\WINDOWS\system32\kydtuf.dll
Successfully Deleted: C:\WINDOWS\system32\kydtuf.dll
deleting: C:\WINDOWS\system32\l02s0af7ed2.dll
Successfully Deleted: C:\WINDOWS\system32\l02s0af7ed2.dll
deleting: C:\WINDOWS\system32\l0j80a1ued.dll
Successfully Deleted: C:\WINDOWS\system32\l0j80a1ued.dll
deleting: C:\WINDOWS\system32\l62slgf7162.dll
Successfully Deleted: C:\WINDOWS\system32\l62slgf7162.dll
deleting: C:\WINDOWS\system32\lubmp13n.dll
Successfully Deleted: C:\WINDOWS\system32\lubmp13n.dll
deleting: C:\WINDOWS\system32\lv2009fme.dll
Successfully Deleted: C:\WINDOWS\system32\lv2009fme.dll
deleting: C:\WINDOWS\system32\lv2m09f1e.dll
Successfully Deleted: C:\WINDOWS\system32\lv2m09f1e.dll
deleting: C:\WINDOWS\system32\lv8o09l3e.dll
Successfully Deleted: C:\WINDOWS\system32\lv8o09l3e.dll
deleting: C:\WINDOWS\system32\lvj0091me.dll
Successfully Deleted: C:\WINDOWS\system32\lvj0091me.dll
deleting: C:\WINDOWS\system32\lvl4093qe.dll
Successfully Deleted: C:\WINDOWS\system32\lvl4093qe.dll
deleting: C:\WINDOWS\system32\m6julg1916.dll
Successfully Deleted: C:\WINDOWS\system32\m6julg1916.dll
deleting: C:\WINDOWS\system32\mhpmsp.dll
Successfully Deleted: C:\WINDOWS\system32\mhpmsp.dll
deleting: C:\WINDOWS\system32\mkdtcuiu.dll
Successfully Deleted: C:\WINDOWS\system32\mkdtcuiu.dll
deleting: C:\WINDOWS\system32\mxdtcprx.dll
Successfully Deleted: C:\WINDOWS\system32\mxdtcprx.dll
deleting: C:\WINDOWS\system32\mxls31.dll
Successfully Deleted: C:\WINDOWS\system32\mxls31.dll
deleting: C:\WINDOWS\system32\n4p40e7qeh.dll
Successfully Deleted: C:\WINDOWS\system32\n4p40e7qeh.dll
deleting: C:\WINDOWS\system32\n6n6lg5s16.dll
Successfully Deleted: C:\WINDOWS\system32\n6n6lg5s16.dll
deleting: C:\WINDOWS\system32\nqtapi32.dll
Successfully Deleted: C:\WINDOWS\system32\nqtapi32.dll
deleting: C:\WINDOWS\system32\nvtui1.dll
Successfully Deleted: C:\WINDOWS\system32\nvtui1.dll
deleting: C:\WINDOWS\system32\o0lu0a39ed.dll
Successfully Deleted: C:\WINDOWS\system32\o0lu0a39ed.dll
deleting: C:\WINDOWS\system32\o2lulc391f.dll
Successfully Deleted: C:\WINDOWS\system32\o2lulc391f.dll
deleting: C:\WINDOWS\system32\o4pq0e75eh.dll
Successfully Deleted: C:\WINDOWS\system32\o4pq0e75eh.dll
deleting: C:\WINDOWS\system32\o648lghu1648.dll
Successfully Deleted: C:\WINDOWS\system32\o648lghu1648.dll
deleting: C:\WINDOWS\system32\o6660gjse6o60.dll
Successfully Deleted: C:\WINDOWS\system32\o6660gjse6o60.dll
deleting: C:\WINDOWS\system32\ogffilt.dll
Successfully Deleted: C:\WINDOWS\system32\ogffilt.dll
deleting: C:\WINDOWS\system32\p6n8lg5u16.dll
Successfully Deleted: C:\WINDOWS\system32\p6n8lg5u16.dll
deleting: C:\WINDOWS\system32\pGpnetsh.dll
Successfully Deleted: C:\WINDOWS\system32\pGpnetsh.dll
deleting: C:\WINDOWS\system32\r06u0aj9edo.dll
Successfully Deleted: C:\WINDOWS\system32\r06u0aj9edo.dll
deleting: C:\WINDOWS\system32\r08s0al7edq.dll
Successfully Deleted: C:\WINDOWS\system32\r08s0al7edq.dll
deleting: C:\WINDOWS\system32\r0p80a7ued.dll
Successfully Deleted: C:\WINDOWS\system32\r0p80a7ued.dll
deleting: C:\WINDOWS\system32\rRsppp.dll
Successfully Deleted: C:\WINDOWS\system32\rRsppp.dll
deleting: C:\WINDOWS\system32\rVschap.dll
Successfully Deleted: C:\WINDOWS\system32\rVschap.dll
deleting: C:\WINDOWS\system32\srardssp.dll
Successfully Deleted: C:\WINDOWS\system32\srardssp.dll
deleting: C:\WINDOWS\system32\sydll.dll
Successfully Deleted: C:\WINDOWS\system32\sydll.dll
deleting: C:\WINDOWS\system32\tFembed.dll
Successfully Deleted: C:\WINDOWS\system32\tFembed.dll
deleting: C:\WINDOWS\system32\tzolhelp.dll
Successfully Deleted: C:\WINDOWS\system32\tzolhelp.dll
deleting: C:\WINDOWS\system32\uprrtosa.dll
Successfully Deleted: C:\WINDOWS\system32\uprrtosa.dll
deleting: C:\WINDOWS\system32\wmcltui.dll
Successfully Deleted: C:\WINDOWS\system32\wmcltui.dll
deleting: C:\WINDOWS\system32\woaueng1.dll
Successfully Deleted: C:\WINDOWS\system32\woaueng1.dll
deleting: C:\WINDOWS\system32\wvpui.dll
Successfully Deleted: C:\WINDOWS\system32\wvpui.dll
deleting: C:\WINDOWS\system32\xnsp1res.dll
Successfully Deleted: C:\WINDOWS\system32\xnsp1res.dll
deleting: C:\WINDOWS\system32\guard.tmp

Desktop.ini sucessfully removed

Zipping up files for submission:
adding: aumparse.dll (deflated 5%)
adding: az18lg5u16.dll (deflated 4%)
adding: aza0l55m1.dll (deflated 4%)
adding: aza4l11q1.dll (deflated 5%)
adding: aza8lg5u16.dll (deflated 6%)
adding: azaml5311.dll (deflated 5%)
adding: azaml5l11.dll (deflated 5%)
adding: coedui.dll (deflated 5%)
adding: d00mlad11d0.dll (deflated 4%)
adding: dBdim.dll (deflated 5%)
adding: dddmo.dll (deflated 6%)
adding: deconfig.dll (deflated 4%)
adding: djmv2clt.dll (deflated 5%)
adding: dtlayx.dll (deflated 4%)
adding: dukquota.dll (deflated 4%)
adding: dvnput8.dll (deflated 5%)
adding: dziman32.dll (deflated 4%)
adding: e2202cfmgf2a2.dll (deflated 5%)
adding: en26l1fs1.dll (deflated 4%)
adding: en48l1hu1.dll (deflated 5%)
adding: en4ql1h51.dll (deflated 5%)
adding: en62l1jo1.dll (deflated 5%)
adding: enj4l11q1.dll (deflated 6%)
adding: enl0l13m1.dll (deflated 5%)
adding: enlsl1371.dll (deflated 4%)
adding: ennol1531.dll (deflated 4%)
adding: enp8l17u1.dll (deflated 6%)
adding: enpql1751.dll (deflated 5%)
adding: enpsl1771.dll (deflated 5%)
adding: enr8l19u1.dll (deflated 4%)
adding: f0j2la1o1d.dll (deflated 5%)
adding: f2l02c3mgf.dll (deflated 4%)
adding: f4l00e3meh.dll (deflated 5%)
adding: fjusd.dll (deflated 4%)
adding: g040lahm1d4a.dll (deflated 5%)
adding: g4jo0e13eh.dll (deflated 5%)
adding: g622lgfo162c.dll (deflated 4%)
adding: GXCollection.dll (deflated 4%)
adding: h24mlch11f4.dll (deflated 5%)
adding: h60qlgd5160.dll (deflated 4%)
adding: h6j4lg1q16.dll (deflated 4%)
adding: h6n00g5me6.dll (deflated 5%)
adding: hdpertrm.dll (deflated 4%)
adding: hr0s05d7e.dll (deflated 5%)
adding: hr4605hse.dll (deflated 5%)
adding: hr8u05l9e.dll (deflated 5%)
adding: hrj8051ue.dll (deflated 5%)
adding: hrl6053se.dll (deflated 5%)
adding: hrls0537e.dll (deflated 5%)
adding: hrns0557e.dll (deflated 4%)
adding: hrr6059se.dll (deflated 5%)
adding: hrrs0597e.dll (deflated 5%)
adding: i624lgfq162e.dll (deflated 4%)
adding: i642lgho164c.dll (deflated 5%)
adding: IfagXpr5.dll (deflated 4%)
adding: imxwan.dll (deflated 4%)
adding: ir8ml5l11.dll (deflated 4%)
adding: irj0l51m1.dll (deflated 5%)
adding: irl2l53o1.dll (deflated 4%)
adding: irlml5311.dll (deflated 5%)
adding: irn0l55m1.dll (deflated 5%)
adding: j00s0ad7ed0.dll (deflated 4%)
adding: j0p0la7m1d.dll (deflated 5%)
adding: j4n20e5oeh.dll (deflated 4%)
adding: j62qlgf5162.dll (deflated 6%)
adding: jQvaee.dll (deflated 5%)
adding: kddsl1.dll (deflated 5%)
adding: kfdusr.dll (deflated 4%)
adding: kldlv.dll (deflated 4%)
adding: kt80l7lm1.dll (deflated 5%)
adding: ktrul7991.dll (deflated 4%)
adding: kydtuf.dll (deflated 4%)
adding: l02s0af7ed2.dll (deflated 5%)
adding: l0j80a1ued.dll (deflated 4%)
adding: l62slgf7162.dll (deflated 4%)
adding: lubmp13n.dll (deflated 5%)
adding: lv2009fme.dll (deflated 4%)
adding: lv2m09f1e.dll (deflated 4%)
adding: lv8o09l3e.dll (deflated 5%)
adding: lvj0091me.dll (deflated 4%)
adding: lvl4093qe.dll (deflated 4%)
adding: m6julg1916.dll (deflated 5%)
adding: mhpmsp.dll (deflated 5%)
adding: mkdtcuiu.dll (deflated 5%)
adding: mxdtcprx.dll (deflated 4%)
adding: mxls31.dll (deflated 5%)
adding: n4p40e7qeh.dll (deflated 4%)
adding: n6n6lg5s16.dll (deflated 5%)
adding: nqtapi32.dll (deflated 4%)
adding: nvtui1.dll (deflated 4%)
adding: o0lu0a39ed.dll (deflated 5%)
adding: o2lulc391f.dll (deflated 5%)
adding: o4pq0e75eh.dll (deflated 5%)
adding: o648lghu1648.dll (deflated 5%)
adding: o6660gjse6o60.dll (deflated 4%)
adding: ogffilt.dll (deflated 5%)
adding: p6n8lg5u16.dll (deflated 5%)
adding: pGpnetsh.dll (deflated 4%)
adding: r06u0aj9edo.dll (deflated 5%)
adding: r08s0al7edq.dll (deflated 6%)
adding: r0p80a7ued.dll (deflated 5%)
adding: rRsppp.dll (deflated 4%)
adding: rVschap.dll (deflated 4%)
adding: srardssp.dll (deflated 4%)
adding: sydll.dll (deflated 4%)
adding: tFembed.dll (deflated 4%)
adding: tzolhelp.dll (deflated 4%)
adding: uprrtosa.dll (deflated 4%)
adding: wmcltui.dll (deflated 4%)
adding: woaueng1.dll (deflated 4%)
adding: wvpui.dll (deflated 5%)
adding: xnsp1res.dll (deflated 4%)
adding: guard.tmp (deflated 4%)
adding: echo.reg (deflated 11%)
adding: clear.reg (deflated 22%)
adding: desktop.ini (stored 0%)
adding: readme.txt (deflated 52%)
adding: direct.txt (stored 0%)
adding: report.txt (deflated 68%)
adding: report1.txt (deflated 68%)
adding: lo2.txt (deflated 88%)
adding: test2.txt (stored 0%)
adding: test3.txt (stored 0%)
adding: test5.txt (stored 0%)
adding: test.txt (deflated 85%)
adding: xfind.txt (deflated 80%)
adding: backregs/notibac.reg (deflated 87%)
adding: backregs/shell.reg (deflated 74%)
adding: backregs/F867E9E1-B802-4A12-8225-C7A0C741ECD6.reg (deflated 70%)

Restoring Registry Permissions:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
Warning (option /rgaci)) - There is no ACE to remove!

Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful

Restoring Windows Update Certificates.:

deleting local copy: aumparse.dll
deleting local copy: az18lg5u16.dll
deleting local copy: aza0l55m1.dll
deleting local copy: aza4l11q1.dll
deleting local copy: aza8lg5u16.dll
deleting local copy: azaml5311.dll
deleting local copy: azaml5l11.dll
deleting local copy: coedui.dll
deleting local copy: d00mlad11d0.dll
deleting local copy: dBdim.dll
deleting local copy: dddmo.dll
deleting local copy: deconfig.dll
deleting local copy: djmv2clt.dll
deleting local copy: dtlayx.dll
deleting local copy: dukquota.dll
deleting local copy: dvnput8.dll
deleting local copy: dziman32.dll
deleting local copy: e2202cfmgf2a2.dll
deleting local copy: en26l1fs1.dll
deleting local copy: en48l1hu1.dll
deleting local copy: en4ql1h51.dll
deleting local copy: en62l1jo1.dll
deleting local copy: enj4l11q1.dll
deleting local copy: enl0l13m1.dll
deleting local copy: enlsl1371.dll
deleting local copy: ennol1531.dll
deleting local copy: enp8l17u1.dll
deleting local copy: enpql1751.dll
deleting local copy: enpsl1771.dll
deleting local copy: enr8l19u1.dll
deleting local copy: f0j2la1o1d.dll
deleting local copy: f2l02c3mgf.dll
deleting local copy: f4l00e3meh.dll
deleting local copy: fjusd.dll
deleting local copy: g040lahm1d4a.dll
deleting local copy: g4jo0e13eh.dll
deleting local copy: g622lgfo162c.dll
deleting local copy: GXCollection.dll
deleting local copy: h24mlch11f4.dll
deleting local copy: h60qlgd5160.dll
deleting local copy: h6j4lg1q16.dll
deleting local copy: h6n00g5me6.dll
deleting local copy: hdpertrm.dll
deleting local copy: hr0s05d7e.dll
deleting local copy: hr4605hse.dll
deleting local copy: hr8u05l9e.dll
deleting local copy: hrj8051ue.dll
deleting local copy: hrl6053se.dll
deleting local copy: hrls0537e.dll
deleting local copy: hrns0557e.dll
deleting local copy: hrr6059se.dll
deleting local copy: hrrs0597e.dll
deleting local copy: i624lgfq162e.dll
deleting local copy: i642lgho164c.dll
deleting local copy: IfagXpr5.dll
deleting local copy: imxwan.dll
deleting local copy: ir8ml5l11.dll
deleting local copy: irj0l51m1.dll
deleting local copy: irl2l53o1.dll
deleting local copy: irlml5311.dll
deleting local copy: irn0l55m1.dll
deleting local copy: j00s0ad7ed0.dll
deleting local copy: j0p0la7m1d.dll
deleting local copy: j4n20e5oeh.dll
deleting local copy: j62qlgf5162.dll
deleting local copy: jQvaee.dll
deleting local copy: kddsl1.dll
deleting local copy: kfdusr.dll
deleting local copy: kldlv.dll
deleting local copy: kt80l7lm1.dll
deleting local copy: ktrul7991.dll
deleting local copy: kydtuf.dll
deleting local copy: l02s0af7ed2.dll
deleting local copy: l0j80a1ued.dll
deleting local copy: l62slgf7162.dll
deleting local copy: lubmp13n.dll
deleting local copy: lv2009fme.dll
deleting local copy: lv2m09f1e.dll
deleting local copy: lv8o09l3e.dll
deleting local copy: lvj0091me.dll
deleting local copy: lvl4093qe.dll
deleting local copy: m6julg1916.dll
deleting local copy: mhpmsp.dll
deleting local copy: mkdtcuiu.dll
deleting local copy: mxdtcprx.dll
deleting local copy: mxls31.dll
deleting local copy: n4p40e7qeh.dll
deleting local copy: n6n6lg5s16.dll
deleting local copy: nqtapi32.dll
deleting local copy: nvtui1.dll
deleting local copy: o0lu0a39ed.dll
deleting local copy: o2lulc391f.dll
deleting local copy: o4pq0e75eh.dll
deleting local copy: o648lghu1648.dll
deleting local copy: o6660gjse6o60.dll
deleting local copy: ogffilt.dll
deleting local copy: p6n8lg5u16.dll
deleting local copy: pGpnetsh.dll
deleting local copy: r06u0aj9edo.dll
deleting local copy: r08s0al7edq.dll
deleting local copy: r0p80a7ued.dll
deleting local copy: rRsppp.dll
deleting local copy: rVschap.dll
deleting local copy: srardssp.dll
deleting local copy: sydll.dll
deleting local copy: tFembed.dll
deleting local copy: tzolhelp.dll
deleting local copy: uprrtosa.dll
deleting local copy: wmcltui.dll
deleting local copy: woaueng1.dll
deleting local copy: wvpui.dll
deleting local copy: xnsp1res.dll
deleting local copy: guard.tmp

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunServices]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\enl6l13s1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000

The following are the files found:
****************************************************************************
C:\WINDOWS\system32\aumparse.dll
C:\WINDOWS\system32\az18lg5u16.dll
C:\WINDOWS\system32\aza0l55m1.dll
C:\WINDOWS\system32\aza4l11q1.dll
C:\WINDOWS\system32\aza8lg5u16.dll
C:\WINDOWS\system32\azaml5311.dll
C:\WINDOWS\system32\azaml5l11.dll
C:\WINDOWS\system32\coedui.dll
C:\WINDOWS\system32\d00mlad11d0.dll
C:\WINDOWS\system32\dBdim.dll
C:\WINDOWS\system32\dddmo.dll
C:\WINDOWS\system32\deconfig.dll
C:\WINDOWS\system32\djmv2clt.dll
C:\WINDOWS\system32\dtlayx.dll
C:\WINDOWS\system32\dukquota.dll
C:\WINDOWS\system32\dvnput8.dll
C:\WINDOWS\system32\dziman32.dll
C:\WINDOWS\system32\e2202cfmgf2a2.dll
C:\WINDOWS\system32\en26l1fs1.dll
C:\WINDOWS\system32\en48l1hu1.dll
C:\WINDOWS\system32\en4ql1h51.dll
C:\WINDOWS\system32\en62l1jo1.dll
C:\WINDOWS\system32\enj4l11q1.dll
C:\WINDOWS\system32\enl0l13m1.dll
C:\WINDOWS\system32\enlsl1371.dll
C:\WINDOWS\system32\ennol1531.dll
C:\WINDOWS\system32\enp8l17u1.dll
C:\WINDOWS\system32\enpql1751.dll
C:\WINDOWS\system32\enpsl1771.dll
C:\WINDOWS\system32\enr8l19u1.dll
C:\WINDOWS\system32\f0j2la1o1d.dll
C:\WINDOWS\system32\f2l02c3mgf.dll
C:\WINDOWS\system32\f4l00e3meh.dll
C:\WINDOWS\system32\fjusd.dll
C:\WINDOWS\system32\g040lahm1d4a.dll
C:\WINDOWS\system32\g4jo0e13eh.dll
C:\WINDOWS\system32\g622lgfo162c.dll
C:\WINDOWS\system32\GXCollection.dll
C:\WINDOWS\system32\h24mlch11f4.dll
C:\WINDOWS\system32\h60qlgd5160.dll
C:\WINDOWS\system32\h6j4lg1q16.dll
C:\WINDOWS\system32\h6n00g5me6.dll
C:\WINDOWS\system32\hdpertrm.dll
C:\WINDOWS\system32\hr0s05d7e.dll
C:\WINDOWS\system32\hr4605hse.dll
C:\WINDOWS\system32\hr8u05l9e.dll
C:\WINDOWS\system32\hrj8051ue.dll
C:\WINDOWS\system32\hrl6053se.dll
C:\WINDOWS\system32\hrls0537e.dll
C:\WINDOWS\system32\hrns0557e.dll
C:\WINDOWS\system32\hrr6059se.dll
C:\WINDOWS\system32\hrrs0597e.dll
C:\WINDOWS\system32\i624lgfq162e.dll
C:\WINDOWS\system32\i642lgho164c.dll
C:\WINDOWS\system32\IfagXpr5.dll
C:\WINDOWS\system32\imxwan.dll
C:\WINDOWS\system32\ir8ml5l11.dll
C:\WINDOWS\system32\irj0l51m1.dll
C:\WINDOWS\system32\irl2l53o1.dll
C:\WINDOWS\system32\irlml5311.dll
C:\WINDOWS\system32\irn0l55m1.dll
C:\WINDOWS\system32\j00s0ad7ed0.dll
C:\WINDOWS\system32\j0p0la7m1d.dll
C:\WINDOWS\system32\j4n20e5oeh.dll
C:\WINDOWS\system32\j62qlgf5162.dll
C:\WINDOWS\system32\jQvaee.dll
C:\WINDOWS\system32\kddsl1.dll
C:\WINDOWS\system32\kfdusr.dll
C:\WINDOWS\system32\kldlv.dll
C:\WINDOWS\system32\kt80l7lm1.dll
C:\WINDOWS\system32\ktrul7991.dll
C:\WINDOWS\system32\kydtuf.dll
C:\WINDOWS\system32\l02s0af7ed2.dll
C:\WINDOWS\system32\l0j80a1ued.dll
C:\WINDOWS\system32\l62slgf7162.dll
C:\WINDOWS\system32\lubmp13n.dll
C:\WINDOWS\system32\lv2009fme.dll
C:\WINDOWS\system32\lv2m09f1e.dll
C:\WINDOWS\system32\lv8o09l3e.dll
C:\WINDOWS\system32\lvj0091me.dll
C:\WINDOWS\system32\lvl4093qe.dll
C:\WINDOWS\system32\m6julg1916.dll
C:\WINDOWS\system32\mhpmsp.dll
C:\WINDOWS\system32\mkdtcuiu.dll
C:\WINDOWS\system32\mxdtcprx.dll
C:\WINDOWS\system32\mxls31.dll
C:\WINDOWS\system32\n4p40e7qeh.dll
C:\WINDOWS\system32\n6n6lg5s16.dll
C:\WINDOWS\system32\nqtapi32.dll
C:\WINDOWS\system32\nvtui1.dll
C:\WINDOWS\system32\o0lu0a39ed.dll
C:\WINDOWS\system32\o2lulc391f.dll
C:\WINDOWS\system32\o4pq0e75eh.dll
C:\WINDOWS\system32\o648lghu1648.dll
C:\WINDOWS\system32\o6660gjse6o60.dll
C:\WINDOWS\system32\ogffilt.dll
C:\WINDOWS\system32\p6n8lg5u16.dll
C:\WINDOWS\system32\pGpnetsh.dll
C:\WINDOWS\system32\r06u0aj9edo.dll
C:\WINDOWS\system32\r08s0al7edq.dll
C:\WINDOWS\system32\r0p80a7ued.dll
C:\WINDOWS\system32\rRsppp.dll
C:\WINDOWS\system32\rVschap.dll
C:\WINDOWS\system32\srardssp.dll
C:\WINDOWS\system32\sydll.dll
C:\WINDOWS\system32\tFembed.dll
C:\WINDOWS\system32\tzolhelp.dll
C:\WINDOWS\system32\uprrtosa.dll
C:\WINDOWS\system32\wmcltui.dll
C:\WINDOWS\system32\woaueng1.dll
C:\WINDOWS\system32\wvpui.dll
C:\WINDOWS\system32\xnsp1res.dll
C:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{F867E9E1-B802-4A12-8225-C7A0C741ECD6}"=-
[-HKEY_CLASSES_ROOT\CLSID\{F867E9E1-B802-4A12-8225-C7A0C741ECD6}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
****************************************************************************

Ja Hijackthis logi:

Logfile of HijackThis v1.99.1
Scan saved at 21:28:52, on 22.9.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\nero\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\nero\InCD\InCD.exe
D:\Program Files\Spyware\gcasServ.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Phone\Skype.exe
D:\Program Files\Spyware\gcasDtServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\nero\InCD\InCD.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Spyware\gcasServ.exe"
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "E:\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\enl6l13s1.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\nero\InCD\InCDsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

Toymaatti · Sep 22, 2005

No eihän se sitten suostunut lähtemään.
Kokeillaan seuraavaksi Kill2Me:llä

http://www.bleepingcomputer.com/files/Merijn/kill2me.zip

Sammuta varmuudeksi MS Antispywaren real-time protection ettei se vaan estä puhdistusta.

Eli lataa, pura zippi, klikkaa kill2me.exe ja anna sen jauhaa. Kerro lähtikö HjT:tä se 020 rivi.

Sitten huomasin lokissa tuon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Tuo on varmaankin poistetun Nortonin jämä, koska sulla on AVG ja Zone. Eli fixaa tuo HjT:llä ja poista Symantec Shared kansio vikasietotilassa.

Nellimak · Sep 22, 2005

Hijackthis rivi 020 näyttää tältä:

O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\q086lals1dq6.dll

Eli ei auttanut tuo Kill2Me.

Muuten fixasin tuon symantecin ja kävin poistamassa safe mode puolella symantec sheared kansion.

Edelleen tuli harmikseni spotresults-popup!

Toymaatti · Sep 22, 2005

Kokeillaas sitten VX2Finderia.
Pidä se MS Antispyware edelleen suljettuna.
Eli lataa, käynnistä, klikkaa > Click to Find VX2Betterinternet, anna poistaa jos jotain löytyy.

http://www.downloads.subratam.org/VX2Finder.exe

Oliko vaikutusta HjT:n 020 riviin?

ratnunter · Sep 23, 2005

kyllä toi Look2Me on, melkein uusin variantti

saattaa olla että ton lmfixin joutuu vetään 4-5 kertaakin, esim:
http://www.geekstogo.com/forum/index.php?act=ST&f=37&t=44900

l2mfixin tekijä antoi tällasen neuvon:

aja toi l2mfiksi , mutta siinä vaiheessa kun pitäs käynnistää uudelleen paina cancel
avaa hijackthis, fiksaa toi 020 winlogon notify rivin kohde
ja käynnistä manuaalisesti uudelleen

jos ei toi toimi niin sitte aja l2mfix useaan kertaan

Nellimak · Sep 25, 2005

ajoin l2mfixin viiteen kertaan läpi ja en saa 020 riviä millään pois. Nyt se näyttää tältä:

O20 - Winlogon Notify: MSSYCLM - C:\WINDOWS\system32\hr0u05d9e.dll

Eli tuntuu muuttuvan tuo dll-tiedosto.

Onneksi sentään drwatsonin ei käynnistele konetta enää uudelleen kun poistin windows sp 2 ja palautin sen kuitenkin uudelleen systen restore toiminnolla, tuntui kummasti auttavan siihen ongelmaan...

Popuppeja tulee vieläkin, mutta enää harvakseltaan ,että jotain olemme onnistuneet korjaamaan. Asensin kyllä google toolbarin, oisko se auttanut hieman.

Tässä vielä tämän hetkinen hijackthis logi, jos vaikka katsastaisitte sen läpi...

Logfile of HijackThis v1.99.1
Scan saved at 0:13:30, on 26.9.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\nero\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\nero\InCD\InCD.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Phone\Skype.exe
D:\Program Files\Spyware\gcasDtServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\nero\InCD\InCD.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Spyware\gcasServ.exe"
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "E:\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: MSSYCLM - C:\WINDOWS\system32\hr0u05d9e.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\nero\InCD\InCDsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

-kemisti- · Sep 26, 2005

Lokissa on se sama 020-örkki, mikä ennenkin. Kokeilitko myös tätä tapaa? ->
"aja toi l2mfiksi , mutta siinä vaiheessa kun pitäs käynnistää uudelleen paina cancel
avaa hijackthis, fiksaa toi 020 winlogon notify rivin kohde
ja käynnistä manuaalisesti uudelleen"

Nellimak · Sep 26, 2005

Hei -kemisti-!
Kyllä niin tein kuin neuvottiin, olen neuvojen orja vielä näissä virus ym. hommissa. Ja kyllä se l2mfix auttaa sen verran, että muuttuu tuo 020 rivi, koska nyt se näyttää tältä:

O20 - Winlogon Notify: policies - C:\WINDOWS\system32\lvj4091qe.dll

Onkohan minun koneessa jokin örkki-ohjelma joka aina muuttaa tuon vai onko palomuurista vahingossa päästetty jokin örkki läpi?

Pitäisköhän tehdä toi l2mfix moneen kertaan ja katsoa sitten mitä tulee logiin.

Mutta ajaisinko vain l2mfix run fixia monta kertaa vai pitääkö ajaa koko homma second.batin kanssa?

Toymaatti · Sep 26, 2005

Onneksi sentään drwatsonin ei käynnistele konetta enää uudelleen kun poistin windows sp 2
ja palautin sen kuitenkin uudelleen systen restore toiminnolla
Click to expand...

Jos Look2Me fixaus olisi onnistunut niin tuo olisi palauttanut myös sen takaisin.

Ajoit siis l2mfixin viidesti läpi, jos annoit koneen bootata(uudelleenkäynnistyä) aina fixien välillä
niin kokeile fixata(l2mfix.bat ja vaihtoehto2) ilman väliboottia ja fixaa aina välillä Hijakilla se 020 rivi.

Nellimak · Sep 27, 2005

Hei Kaikki Minua Auttaneet!

Nyt taisin onnistua poistamaan look2me ongelman. Ainakin se 020 rivi poistui. Popupeista en vielä tiedä kun innoissani heti tänne kirjoitin. Mutta miten nyt pystyn suojaamaan koneeni parhaiten?

Tässä hetkellä on palomuuri, windows päivitykset, adaware, spywareblaster, virustorjunta, spyware doctor ja microsoftin antispyware käytössä.

Tässä vielä hijackthis-logi:

Logfile of HijackThis v1.99.1
Scan saved at 12:27:10, on 27.9.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\nero\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\nero\InCD\InCD.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Phone\Skype.exe
D:\Program Files\Spyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\nero\InCD\InCD.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Spyware\gcasServ.exe"
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "E:\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\guard.tmp
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\nero\InCD\InCDsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

Log in or Sign up

DrWatson postmortem Debugger ja IE:n pop upit!

Nellimak Member

-kemisti- Active member

Nellimak Member

-kemisti- Active member

Nellimak Member

-kemisti- Active member

Nellimak Member

Toymaatti Active member

Nellimak Member

Toymaatti Active member

Nellimak Member

Toymaatti Active member

Nellimak Member

Toymaatti Active member

ratnunter Regular member

Nellimak Member

-kemisti- Active member

Nellimak Member

Toymaatti Active member

Nellimak Member

Share This Page

Log in or Sign up

DrWatson postmortem Debugger ja IE:n pop upit!

Nellimak Member

-kemisti- Active member

Nellimak Member

-kemisti- Active member

Nellimak Member

-kemisti- Active member

Nellimak Member

Toymaatti Active member

Nellimak Member

Toymaatti Active member

Nellimak Member

Toymaatti Active member

Nellimak Member

Toymaatti Active member

ratnunter Regular member

Nellimak Member

-kemisti- Active member

Nellimak Member

Toymaatti Active member

Nellimak Member

Share This Page

Useful Searches