1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help my Internet explorer has been hijacked!!!

Discussion in 'Virus & Other Malware Removal' started by jmm2, Feb 15, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. jmm2

    jmm2 Thread Starter

    Joined:
    Feb 10, 2005
    Messages:
    34
    My daughter's computer, which doesn't have e-mail address or a printer, has some wierd hijack that takes her to a google for porn sites when she opens her Internet Explorer. My daughter is 13. I have tried Spyware, and Spybot and Hijackthis. Nothing works. These programs delete the files and then they are right back again. I have an emachine with Windows XP. I downloaded the l2mfix and ran a scan as per instructions in that thread I did not attempt to fix the files without first posting the log here. Can someone please take a look and let me know if it is okay to proceed with the fix /Option 2? Here is the log:


    L2MFIX find log 1.02b
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Control Panel]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\d6j02g1mg6.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    @=""
    "DLLName"="igfxsrvc.dll"
    "Asynchronous"=dword:00000001
    "Impersonate"=dword:00000001
    "Unlock"="WinlogonUnlockEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{20582C8D-5D56-48DA-B114-4E63AE2067B7}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{D1FB6C78-10FD-45cd-8FF4-8267D62992FB}"="CompuServe"
    "{F802F260-519B-11D1-BB5D-0060974C6013}"="ICQ Shell Extension"
    "{955B7B84-5308-419c-8ED8-0B9CA3C56985}"="America Online"
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
    "{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
    "{9050DE57-B3A9-4895-A137-53CA7D0714D7}"=""
    "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"

    **********************************************************************************
     
  2. jmm2

    jmm2 Thread Starter

    Joined:
    Feb 10, 2005
    Messages:
    34
    Here is the rest of it that wouldn't fit in the first post. Looks unfixable, doesn't it? :eek: Please help!!!


    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{9050DE57-B3A9-4895-A137-53CA7D0714D7}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9050DE57-B3A9-4895-A137-53CA7D0714D7}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9050DE57-B3A9-4895-A137-53CA7D0714D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9050DE57-B3A9-4895-A137-53CA7D0714D7}\InprocServer32]
    @="C:\\WINDOWS\\system32\\whvcore.dll"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    aza00e~1.dll Sat Jan 1 2005 11:18:14a ..S.R 223,393 218.16 K
    aza0l5~1.dll Wed Jan 12 2005 4:23:14p ..S.R 225,568 220.28 K
    aza0l7~1.dll Sat Jan 1 2005 11:16:08p ..S.R 224,406 219.14 K
    aza4li~1.dll Mon Jan 10 2005 8:09:56p ..... 224,207 218.95 K
    aza6l1~1.dll Sun Jan 2 2005 8:23:28p ..S.R 225,000 219.73 K
    azaolc~1.dll Sun Jan 9 2005 10:55:38a ..S.R 223,037 217.81 K
    azaq0a~1.dll Wed Dec 22 2004 5:07:26p ..S.R 225,178 219.90 K
    azaslc~1.dll Wed Dec 22 2004 7:39:16p ..S.R 223,232 218.00 K
    azau07~1.dll Tue Feb 8 2005 5:06:46p ..S.R 222,834 217.61 K
    azaul9~1.dll Sun Dec 19 2004 12:42:16p ..S.R 225,163 219.88 K
    azaula~1.dll Sun Dec 19 2004 11:00:36a ..S.R 223,326 218.09 K
    cjga.dll Wed Jan 5 2005 7:30:24p A.... 36,352 35.50 K
    cmmocx.dll Thu Dec 9 2004 3:03:16p ..S.R 223,195 217.96 K
    ctbview.dll Tue Feb 15 2005 5:17:56p ..S.R 222,686 217.46 K
    cwm.dll Wed Dec 22 2004 5:15:52p ..S.R 223,183 217.95 K
    cyfview.dll Sun Dec 12 2004 5:18:38p ..S.R 223,195 217.96 K
    d2j00c~1.dll Tue Dec 28 2004 3:20:44p ..S.R 224,274 219.02 K
    d4j00e~1.dll Sun Dec 19 2004 12:52:40p ..S.R 225,221 219.94 K
    d6j02g~1.dll Tue Feb 15 2005 4:58:34p ..S.R 226,115 220.81 K
    djskadp.dll Thu Jan 13 2005 4:00:46p ..S.R 224,207 218.95 K
    dn0401~1.dll Sun Dec 12 2004 4:55:52p ..S.R 223,195 217.96 K
    dn8s01~1.dll Wed Jan 12 2005 7:22:12p ..S.R 224,988 219.71 K
    docore.dll Tue Jan 11 2005 8:46:08p A.... 151,552 148.00 K
    dolsp.dll Tue Jan 11 2005 8:46:10p A.... 139,264 136.00 K
    dosync.dll Tue Jan 11 2005 8:46:04p A.... 114,688 112.00 K
    e002la~1.dll Tue Dec 14 2004 8:09:42p ..S.R 225,184 219.91 K
    en02l1~1.dll Sun Dec 26 2004 5:26:14p ..S.R 225,463 220.18 K
    en4ml1~1.dll Thu Dec 23 2004 10:00:30p ..S.R 225,403 220.12 K
    en60l1~1.dll Sun Dec 19 2004 4:29:00p ..S.R 224,291 219.03 K
    en68l1~1.dll Thu Jan 27 2005 4:31:34p ..S.R 226,068 220.77 K
    enj8l1~1.dll Sun Dec 19 2004 4:21:56p ..S.R 225,041 219.77 K
    ennml1~1.dll Sat Jan 1 2005 2:54:20p ..S.R 224,184 218.93 K
    ennul1~1.dll Thu Dec 23 2004 9:56:58p ..S.R 226,213 220.91 K
    enp8l1~1.dll Sat Jan 1 2005 11:25:36a ..S.R 224,904 219.63 K
    f22m0c~1.dll Mon Dec 20 2004 4:29:50p ..S.R 223,505 218.27 K
    f22mlc~1.dll Fri Dec 31 2004 2:44:50p ..S.R 226,184 220.88 K
    f6j20g~1.dll Tue Jan 4 2005 4:59:30p ..S.R 224,742 219.47 K
    f8j20i~1.dll Thu Dec 16 2004 10:22:56p ..S.R 223,385 218.15 K
    fp0u03~1.dll Mon Dec 6 2004 3:04:16p ..S.R 224,135 218.88 K
    fp2603~1.dll Sat Dec 18 2004 8:26:36p ..S.R 225,786 220.49 K
    fz2mlc~1.dll Thu Jan 27 2005 4:31:34p ..S.R 224,207 218.95 K
    g4400e~1.dll Mon Dec 20 2004 10:03:34a ..S.R 223,427 218.19 K
    g440le~1.dll Sat Jan 1 2005 12:55:02a ..S.R 224,077 218.82 K
    g6040g~1.dll Fri Dec 24 2004 10:26:04p ..S.R 224,668 219.40 K
    g6lm0g~1.dll Sat Jan 1 2005 11:40:34a ..S.R 223,169 217.94 K
    gdtuname.dll Thu Feb 10 2005 6:01:08p ..S.R 226,115 220.81 K
    gp02l3~1.dll Mon Dec 20 2004 6:05:52p ..S.R 224,586 219.32 K
    gp0ul3~1.dll Thu Jan 6 2005 6:39:02p ..... 223,159 217.93 K
    gpj0l3~1.dll Fri Dec 24 2004 12:22:38p ..S.R 225,275 219.99 K
    h0l20a~1.dll Fri Dec 31 2004 11:08:16p ..S.R 223,263 218.03 K
    h62olg~1.dll Tue Feb 15 2005 5:39:56p ..S.R 222,686 217.46 K
    h8j4li~1.dll Thu Dec 9 2004 3:03:16p ..S.R 224,613 219.35 K
    hr2005~1.dll Sun Dec 12 2004 9:13:30p ..... 225,184 219.91 K
    hrj005~1.dll Wed Dec 8 2004 9:53:14p ..S.R 223,262 218.03 K
    hrj205~1.dll Fri Dec 31 2004 7:02:34p ..S.R 223,248 218.02 K
    hrnm05~1.dll Fri Dec 17 2004 8:23:44p ..S.R 225,163 219.88 K
    i060la~1.dll Sun Dec 12 2004 5:32:26p ..... 225,184 219.91 K
    i0nm0a~1.dll Sun Dec 12 2004 5:11:08p ..S.R 223,345 218.11 K
    idpromon.dll Thu Dec 9 2004 5:09:32p ..S.R 223,195 217.96 K
    if40l5~1.dll Sun Jan 23 2005 6:58:36p ..S.R 224,207 218.95 K
    iqclass.dll Wed Jan 12 2005 7:22:14p ..S.R 224,207 218.95 K
    iqmui.dll Tue Feb 15 2005 4:32:34p ..S.R 226,115 220.81 K
    ir40l5~1.dll Fri Dec 10 2004 3:11:46p ..S.R 224,240 218.98 K
    ir64l5~1.dll Mon Jan 10 2005 9:24:56p ..S.R 222,473 217.26 K
    irj2l5~1.dll Wed Dec 22 2004 11:01:18a ..S.R 222,815 217.59 K
    irl2l5~1.dll Sat Jan 29 2005 5:05:18p ..S.R 225,442 220.16 K
    irl4l5~1.dll Tue Dec 21 2004 4:55:18p ..... 224,818 219.55 K
    j24olc~1.dll Sun Dec 19 2004 7:05:50p ..S.R 223,230 217.99 K
    jaaw400.dll Thu Feb 10 2005 7:15:14p ..S.R 226,115 220.81 K
    jt0m07~1.dll Wed Dec 15 2004 7:56:22p ..S.R 223,027 217.80 K
    jt2007~1.dll Wed Dec 22 2004 7:03:10p ..S.R 224,289 219.03 K
    jt4207~1.dll Thu Dec 23 2004 8:47:22p ..S.R 224,509 219.25 K
    jt6s07~1.dll Fri Dec 10 2004 5:17:46p ..... 223,195 217.96 K
    jt8807~1.dll Fri Dec 31 2004 9:59:42p ..S.R 223,920 218.67 K
    jt8m07~1.dll Sat Jan 8 2005 6:24:30p ..S.R 226,126 220.82 K
    jtl407~1.dll Sat Jan 15 2005 11:49:32p ..S.R 224,644 219.38 K
    jtlu07~1.dll Sun Jan 2 2005 1:43:06p ..S.R 223,970 218.72 K
    jtnq07~1.dll Thu Dec 9 2004 5:04:16p ..S.R 223,195 217.96 K
    k026la~1.dll Sat Jan 8 2005 3:33:16a ..S.R 225,722 220.43 K
    k0lq0a~1.dll Fri Dec 17 2004 3:50:12p ..S.R 223,915 218.66 K
    k0pm0a~1.dll Wed Dec 15 2004 5:53:32p ..... 223,027 217.80 K
    kpdaze.dll Sun Dec 12 2004 5:26:30p ..S.R 223,815 218.57 K
    ktl6l7~1.dll Sat Jan 8 2005 6:02:22p ..S.R 223,026 217.80 K
    ktn0l7~1.dll Sun Dec 12 2004 11:47:10a ..S.R 224,973 219.70 K
    l0n4la~1.dll Wed Dec 22 2004 9:43:30a ..S.R 223,383 218.14 K
    l28m0c~1.dll Sun Jan 2 2005 8:30:46p ..S.R 223,215 217.98 K
    l2j80c~1.dll Thu Jan 13 2005 4:00:44p ..S.R 225,019 219.74 K
    l4r00e~1.dll Sun Jan 23 2005 6:58:36p ..S.R 224,301 219.04 K
    l4r0le~1.dll Tue Jan 4 2005 4:43:56p ..S.R 223,033 217.80 K
    l68m0g~1.dll Sun Dec 19 2004 12:51:10p ..S.R 225,393 220.11 K
    l68mlg~1.dll Thu Dec 23 2004 12:47:14p ..S.R 224,262 219.00 K
    l80uli~1.dll Sun Jan 30 2005 7:09:22p ..S.R 224,207 218.95 K
    l8l60i~1.dll Mon Dec 20 2004 4:36:56p ..S.R 224,021 218.77 K
    lvl609~1.dll Sat Dec 18 2004 11:47:34p ..S.R 225,802 220.51 K
    m0460a~1.dll Wed Jan 19 2005 8:46:00p ..S.R 224,847 219.57 K
    m0lsla~1.dll Fri Dec 31 2004 5:18:24p ..S.R 224,763 219.49 K
    m2lslc~1.dll Wed Dec 22 2004 5:15:50p ..S.R 224,915 219.64 K
    m4lsle~1.dll Fri Dec 17 2004 9:24:04a ..S.R 223,385 218.15 K
    m6640g~1.dll Wed Dec 15 2004 8:19:54p ..... 223,385 218.15 K
    m6julg~1.dll Sat Jan 22 2005 6:35:24p ..S.R 226,123 220.82 K
    mcsip32.dll Wed Jan 12 2005 4:23:14p ..S.R 224,207 218.95 K
    mlnsspc.dll Wed Jan 12 2005 4:09:36p ..S.R 224,207 218.95 K
    mpfa.dll Wed Dec 22 2004 9:20:16a A.... 30,720 30.00 K
    mqmxsdk.dll Wed Jan 19 2005 8:46:00p ..S.R 224,207 218.95 K
     
  3. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    Go ahead with part two and post the results.

    Then please post a hijackthis log.
     
  4. jmm2

    jmm2 Thread Starter

    Joined:
    Feb 10, 2005
    Messages:
    34
    Thank You!!!!! :)
     
  5. jmm2

    jmm2 Thread Starter

    Joined:
    Feb 10, 2005
    Messages:
    34
    Okay, I ran the step 2. It instructs me to verify the registry entries by double clicking the cleanup.reg in the l2mfix folder. I don't see that in the folder. All I have in there is 1. Run Find Log
    2. Run Fix
    3. View Read Me
    4. Merge Winlogon Notify Defaults
    5. fix Autoexec.nt/cmd.exe error
    E. Exit

    I'm not sure what to do from here. Any suggestions? :eek:

    Here is the fix logL2Mfix 1.02b

    Running From:
    C:\Documents and Settings\Kayla Clay\Desktop\l2mfix



    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (CI) DENY --C------- Everyone
    (ID-NI) ALLOW Read BUILTIN\Users
    (ID-IO) ALLOW Read BUILTIN\Users
    (ID-NI) ALLOW Full access BUILTIN\Administrators
    (ID-IO) ALLOW Full access BUILTIN\Administrators
    (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-IO) ALLOW Full access CREATOR OWNER



    Setting registry permissions:


    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!


    Denying C access for really "Everyone"
    - adding new ACCESS DENY entry
    - removing existing ACCESS DENY entry


    Registry Permissions set too:

    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (CI) DENY --C------- Everyone
    (ID-NI) ALLOW Read BUILTIN\Users
    (ID-IO) ALLOW Read BUILTIN\Users
    (ID-NI) ALLOW Full access BUILTIN\Administrators
    (ID-IO) ALLOW Full access BUILTIN\Administrators
    (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-IO) ALLOW Full access CREATOR OWNER



    Setting up for Reboot


    Starting Reboot!

    C:\Documents and Settings\Kayla Clay\Desktop\l2mfix
    System Rebooted!

    Running From:
    C:\Documents and Settings\Kayla Clay\Desktop\l2mfix

    killing explorer and rundll32.exe

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 [email protected]
    Killing PID 1604 'explorer.exe'

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 [email protected]
    Killing PID 544 'rundll32.exe'
    Killing PID 1380 'rundll32.exe'

    Scanning First Pass. Please Wait!

    First Pass Completed

    Second Pass Scanning

    Second pass Completed!
    Backing Up: C:\WINDOWS\system32\alwav.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\aza00ehmeh4a0.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\aza0l5hm1.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\aza0l75m1.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\aza4li1q18.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\aza6l15s1.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\azaolch31f4.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\azaq0a35ed.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\azaslc371f.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\azau0739e.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\azaul9991.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\azaulaf91d2.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\cMmocx.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\cTbview.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\cwm.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\cyfview.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\d2j00c1mef.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\d4j00e1meh.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\djskadp.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\dn0401dqe.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\dn8s01l7e.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\e002lado1d0c.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\en02l1do1.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\en4ml1h11.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\en60l1jm1.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\en68l1ju1.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\enj8l11u1.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\ennml1511.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\ennul1591.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\enp8l17u1.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\f22m0cf1ef2.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\f22mlcf11f2.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\f6j20g1oe6.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\f8j20i1oe8.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\fp0u03d9e.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\fp2603fse.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\fZ2mlcf11f2.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\g4400ehmeh4a0.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\g440lehm1h4a.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\g6040gdqe60e0.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\g6lm0g31e6.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\gdtuname.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\gp02l3do1.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\gp0ul3d91.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\gpj0l31m1.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\h0l20a3oed.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\h62olgf3162.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\h8j4li1q18.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\hr2005fme.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\hrj0051me.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\hrj2051oe.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\hrnm0551e.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\i060lajm1doa.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\i0nm0a51ed.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\idpromon.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\if40l5hm1.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\iqclass.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\iqmui.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\ir40l5hm1.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\ir64l5jq1.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\irj2l51o1.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\irl2l53o1.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\irl4l53q1.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\j24olch31f4.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\jaaw400.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\jt0m07d1e.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\jt2007fme.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\jt4207hoe.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\jt6s07j7e.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\jt8807lue.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\jt8m07l1e.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\jtl4073qe.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\jtlu0739e.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\jtnq0755e.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\k026lafs1d26.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\k0lq0a35ed.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\k0pm0a71ed.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\kpdaze.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\ktl6l73s1.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\ktn0l75m1.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\l0n4la5q1d.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\l28m0cl1efq.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\l2j80c1uef.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\l4r00e9meh.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\l4r0le9m1h.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\l68m0gl1e6q.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\l68mlgl116q.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\l80ulid9180.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\l8l60i3se8.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\lvl6093se.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\m0460ahsed460.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\m0lsla371d.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\m2lslc371f.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\m4lsle371h.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\m6640gjqe6oe0.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\m6julg1916.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\mcsip32.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\mlnsspc.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\mqmxsdk.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\mv08l9du1.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\mvl6l93s1.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\mvlml9311.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\mvnql9551.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\mvrul9991.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\myjter40.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\MyPMSNSv.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\mzc70.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\n02u0af9ed2.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\n02ulaf91d2.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\n2n60c5sef.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\n4r20e9oeh.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\n6l80g3ue6.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\n6n60g5se6.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\n88olil318q.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\o0ro0a93ed.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\o4lu0e39eh.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\o6pq0g75e6.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\onengl32.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\ootext32.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\p8r40i9qe8.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\pgflbmsg.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\pjapi.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\pvbase.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\q0680ajuedo80.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\q0nu0a59ed.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\q4860elsehq60.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\qbdwipes.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\qLnu0a59ed.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\qR680ajuedo80.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\rMsmans.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\s8880ilue8q80.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\slimeng.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\smreamci.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\spssetup.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\sscfiles.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\t0r8la9u1d.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\tdbyuv.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\u8ruli9918.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\ugerenv.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\uirvoica.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\vxmredir.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\waaservc.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\whvcore.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\wrp.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\xglehlp.dll
    1 file(s) copied.
    deleting: C:\WINDOWS\system32\alwav.dll
    Successfully Deleted: C:\WINDOWS\system32\alwav.dll
    deleting: C:\WINDOWS\system32\aza00ehmeh4a0.dll
    Successfully Deleted: C:\WINDOWS\system32\aza00ehmeh4a0.dll
    deleting: C:\WINDOWS\system32\aza0l5hm1.dll
    Successfully Deleted: C:\WINDOWS\system32\aza0l5hm1.dll
    deleting: C:\WINDOWS\system32\aza0l75m1.dll
    Successfully Deleted: C:\WINDOWS\system32\aza0l75m1.dll
    deleting: C:\WINDOWS\system32\aza4li1q18.dll
    Successfully Deleted: C:\WINDOWS\system32\aza4li1q18.dll
    deleting: C:\WINDOWS\system32\aza6l15s1.dll
    Successfully Deleted: C:\WINDOWS\system32\aza6l15s1.dll
    deleting: C:\WINDOWS\system32\azaolch31f4.dll
    Successfully Deleted: C:\WINDOWS\system32\azaolch31f4.dll
    deleting: C:\WINDOWS\system32\azaq0a35ed.dll
    Successfully Deleted: C:\WINDOWS\system32\azaq0a35ed.dll
    deleting: C:\WINDOWS\system32\azaslc371f.dll
    Successfully Deleted: C:\WINDOWS\system32\azaslc371f.dll
    deleting: C:\WINDOWS\system32\azau0739e.dll
    Successfully Deleted: C:\WINDOWS\system32\azau0739e.dll
    deleting: C:\WINDOWS\system32\azaul9991.dll
    Successfully Deleted: C:\WINDOWS\system32\azaul9991.dll
    deleting: C:\WINDOWS\system32\azaulaf91d2.dll
    Successfully Deleted: C:\WINDOWS\system32\azaulaf91d2.dll
    deleting: C:\WINDOWS\system32\cMmocx.dll
    Successfully Deleted: C:\WINDOWS\system32\cMmocx.dll
    deleting: C:\WINDOWS\system32\cTbview.dll
    Successfully Deleted: C:\WINDOWS\system32\cTbview.dll
    deleting: C:\WINDOWS\system32\cwm.dll
    Successfully Deleted: C:\WINDOWS\system32\cwm.dll
    deleting: C:\WINDOWS\system32\cyfview.dll
    Successfully Deleted: C:\WINDOWS\system32\cyfview.dll
    deleting: C:\WINDOWS\system32\d2j00c1mef.dll
    Successfully Deleted: C:\WINDOWS\system32\d2j00c1mef.dll
    deleting: C:\WINDOWS\system32\d4j00e1meh.dll
    Successfully Deleted: C:\WINDOWS\system32\d4j00e1meh.dll
    deleting: C:\WINDOWS\system32\djskadp.dll
    Successfully Deleted: C:\WINDOWS\system32\djskadp.dll
    deleting: C:\WINDOWS\system32\dn0401dqe.dll
    Successfully Deleted: C:\WINDOWS\system32\dn0401dqe.dll
    deleting: C:\WINDOWS\system32\dn8s01l7e.dll
    Successfully Deleted: C:\WINDOWS\system32\dn8s01l7e.dll
    deleting: C:\WINDOWS\system32\e002lado1d0c.dll
    Successfully Deleted: C:\WINDOWS\system32\e002lado1d0c.dll
    deleting: C:\WINDOWS\system32\en02l1do1.dll
    Successfully Deleted: C:\WINDOWS\system32\en02l1do1.dll
    deleting: C:\WINDOWS\system32\en4ml1h11.dll
    Successfully Deleted: C:\WINDOWS\system32\en4ml1h11.dll
    deleting: C:\WINDOWS\system32\en60l1jm1.dll
    Successfully Deleted: C:\WINDOWS\system32\en60l1jm1.dll
    deleting: C:\WINDOWS\system32\en68l1ju1.dll
    Successfully Deleted: C:\WINDOWS\system32\en68l1ju1.dll
    deleting: C:\WINDOWS\system32\enj8l11u1.dll
    Successfully Deleted: C:\WINDOWS\system32\enj8l11u1.dll
    deleting: C:\WINDOWS\system32\ennml1511.dll
    Successfully Deleted: C:\WINDOWS\system32\ennml1511.dll
    deleting: C:\WINDOWS\system32\ennul1591.dll
    Successfully Deleted: C:\WINDOWS\system32\ennul1591.dll
    deleting: C:\WINDOWS\system32\enp8l17u1.dll
    Successfully Deleted: C:\WINDOWS\system32\enp8l17u1.dll
    deleting: C:\WINDOWS\system32\f22m0cf1ef2.dll
    Successfully Deleted: C:\WINDOWS\system32\f22m0cf1ef2.dll
    deleting: C:\WINDOWS\system32\f22mlcf11f2.dll
    Successfully Deleted: C:\WINDOWS\system32\f22mlcf11f2.dll
    deleting: C:\WINDOWS\system32\f6j20g1oe6.dll
    Successfully Deleted: C:\WINDOWS\system32\f6j20g1oe6.dll
    deleting: C:\WINDOWS\system32\f8j20i1oe8.dll
    Successfully Deleted: C:\WINDOWS\system32\f8j20i1oe8.dll
    deleting: C:\WINDOWS\system32\fp0u03d9e.dll
    Successfully Deleted: C:\WINDOWS\system32\fp0u03d9e.dll
    deleting: C:\WINDOWS\system32\fp2603fse.dll
    Successfully Deleted: C:\WINDOWS\system32\fp2603fse.dll
    deleting: C:\WINDOWS\system32\fZ2mlcf11f2.dll
    Successfully Deleted: C:\WINDOWS\system32\fZ2mlcf11f2.dll
    deleting: C:\WINDOWS\system32\g4400ehmeh4a0.dll
    Successfully Deleted: C:\WINDOWS\system32\g4400ehmeh4a0.dll
    deleting: C:\WINDOWS\system32\g440lehm1h4a.dll
    Successfully Deleted: C:\WINDOWS\system32\g440lehm1h4a.dll
    deleting: C:\WINDOWS\system32\g6040gdqe60e0.dll
    Successfully Deleted: C:\WINDOWS\system32\g6040gdqe60e0.dll
    deleting: C:\WINDOWS\system32\g6lm0g31e6.dll
    Successfully Deleted: C:\WINDOWS\system32\g6lm0g31e6.dll
    deleting: C:\WINDOWS\system32\gdtuname.dll
    Successfully Deleted: C:\WINDOWS\system32\gdtuname.dll
    deleting: C:\WINDOWS\system32\gp02l3do1.dll
    Successfully Deleted: C:\WINDOWS\system32\gp02l3do1.dll
    deleting: C:\WINDOWS\system32\gp0ul3d91.dll
    Successfully Deleted: C:\WINDOWS\system32\gp0ul3d91.dll
    deleting: C:\WINDOWS\system32\gpj0l31m1.dll
    Successfully Deleted: C:\WINDOWS\system32\gpj0l31m1.dll
    deleting: C:\WINDOWS\system32\h0l20a3oed.dll
    Successfully Deleted: C:\WINDOWS\system32\h0l20a3oed.dll
    deleting: C:\WINDOWS\system32\h62olgf3162.dll
    Successfully Deleted: C:\WINDOWS\system32\h62olgf3162.dll
    deleting: C:\WINDOWS\system32\h8j4li1q18.dll
    Successfully Deleted: C:\WINDOWS\system32\h8j4li1q18.dll
    deleting: C:\WINDOWS\system32\hr2005fme.dll
    Successfully Deleted: C:\WINDOWS\system32\hr2005fme.dll
    deleting: C:\WINDOWS\system32\hrj0051me.dll
    Successfully Deleted: C:\WINDOWS\system32\hrj0051me.dll
    deleting: C:\WINDOWS\system32\hrj2051oe.dll
    Successfully Deleted: C:\WINDOWS\system32\hrj2051oe.dll
    deleting: C:\WINDOWS\system32\hrnm0551e.dll
    Successfully Deleted: C:\WINDOWS\system32\hrnm0551e.dll
    deleting: C:\WINDOWS\system32\i060lajm1doa.dll
    Successfully Deleted: C:\WINDOWS\system32\i060lajm1doa.dll
    deleting: C:\WINDOWS\system32\i0nm0a51ed.dll
    Successfully Deleted: C:\WINDOWS\system32\i0nm0a51ed.dll
    deleting: C:\WINDOWS\system32\idpromon.dll
    Successfully Deleted: C:\WINDOWS\system32\idpromon.dll
    deleting: C:\WINDOWS\system32\if40l5hm1.dll
    Successfully Deleted: C:\WINDOWS\system32\if40l5hm1.dll
    deleting: C:\WINDOWS\system32\iqclass.dll
    Successfully Deleted: C:\WINDOWS\system32\iqclass.dll
    deleting: C:\WINDOWS\system32\iqmui.dll
    Successfully Deleted: C:\WINDOWS\system32\iqmui.dll
    deleting: C:\WINDOWS\system32\ir40l5hm1.dll
    Successfully Deleted: C:\WINDOWS\system32\ir40l5hm1.dll
    deleting: C:\WINDOWS\system32\ir64l5jq1.dll
    Successfully Deleted: C:\WINDOWS\system32\ir64l5jq1.dll
    deleting: C:\WINDOWS\system32\irj2l51o1.dll
    Successfully Deleted: C:\WINDOWS\system32\irj2l51o1.dll
    deleting: C:\WINDOWS\system32\irl2l53o1.dll
    Successfully Deleted: C:\WINDOWS\system32\irl2l53o1.dll
    deleting: C:\WINDOWS\system32\irl4l53q1.dll
    Successfully Deleted: C:\WINDOWS\system32\irl4l53q1.dll
    deleting: C:\WINDOWS\system32\j24olch31f4.dll
    Successfully Deleted: C:\WINDOWS\system32\j24olch31f4.dll
    deleting: C:\WINDOWS\system32\jaaw400.dll
    Successfully Deleted: C:\WINDOWS\system32\jaaw400.dll
    deleting: C:\WINDOWS\system32\jt0m07d1e.dll
    Successfully Deleted: C:\WINDOWS\system32\jt0m07d1e.dll
    deleting: C:\WINDOWS\system32\jt2007fme.dll
    Successfully Deleted: C:\WINDOWS\system32\jt2007fme.dll
    deleting: C:\WINDOWS\system32\jt4207hoe.dll
    Successfully Deleted: C:\WINDOWS\system32\jt4207hoe.dll
    deleting: C:\WINDOWS\system32\jt6s07j7e.dll
    Successfully Deleted: C:\WINDOWS\system32\jt6s07j7e.dll
    deleting: C:\WINDOWS\system32\jt8807lue.dll
    Successfully Deleted: C:\WINDOWS\system32\jt8807lue.dll
    deleting: C:\WINDOWS\system32\jt8m07l1e.dll
    Successfully Deleted: C:\WINDOWS\system32\jt8m07l1e.dll
    deleting: C:\WINDOWS\system32\jtl4073qe.dll
    Successfully Deleted: C:\WINDOWS\system32\jtl4073qe.dll
    deleting: C:\WINDOWS\system32\jtlu0739e.dll
    Successfully Deleted: C:\WINDOWS\system32\jtlu0739e.dll
    deleting: C:\WINDOWS\system32\jtnq0755e.dll
    Successfully Deleted: C:\WINDOWS\system32\jtnq0755e.dll
    deleting: C:\WINDOWS\system32\k026lafs1d26.dll
    Successfully Deleted: C:\WINDOWS\system32\k026lafs1d26.dll
    deleting: C:\WINDOWS\system32\k0lq0a35ed.dll
    Successfully Deleted: C:\WINDOWS\system32\k0lq0a35ed.dll
    deleting: C:\WINDOWS\system32\k0pm0a71ed.dll
    Successfully Deleted: C:\WINDOWS\system32\k0pm0a71ed.dll
    deleting: C:\WINDOWS\system32\kpdaze.dll
    Successfully Deleted: C:\WINDOWS\system32\kpdaze.dll
    deleting: C:\WINDOWS\system32\ktl6l73s1.dll
    Successfully Deleted: C:\WINDOWS\system32\ktl6l73s1.dll
    deleting: C:\WINDOWS\system32\ktn0l75m1.dll
    Successfully Deleted: C:\WINDOWS\system32\ktn0l75m1.dll
    deleting: C:\WINDOWS\system32\l0n4la5q1d.dll
    Successfully Deleted: C:\WINDOWS\system32\l0n4la5q1d.dll
    deleting: C:\WINDOWS\system32\l28m0cl1efq.dll
    Successfully Deleted: C:\WINDOWS\system32\l28m0cl1efq.dll
    deleting: C:\WINDOWS\system32\l2j80c1uef.dll
    Successfully Deleted: C:\WINDOWS\system32\l2j80c1uef.dll
    deleting: C:\WINDOWS\system32\l4r00e9meh.dll
    Successfully Deleted: C:\WINDOWS\system32\l4r00e9meh.dll
    deleting: C:\WINDOWS\system32\l4r0le9m1h.dll
    Successfully Deleted: C:\WINDOWS\system32\l4r0le9m1h.dll
    deleting: C:\WINDOWS\system32\l68m0gl1e6q.dll
    Successfully Deleted: C:\WINDOWS\system32\l68m0gl1e6q.dll
    deleting: C:\WINDOWS\system32\l68mlgl116q.dll
    Successfully Deleted: C:\WINDOWS\system32\l68mlgl116q.dll
    deleting: C:\WINDOWS\system32\l80ulid9180.dll
    Successfully Deleted: C:\WINDOWS\system32\l80ulid9180.dll
    deleting: C:\WINDOWS\system32\l8l60i3se8.dll
    Successfully Deleted: C:\WINDOWS\system32\l8l60i3se8.dll
    deleting: C:\WINDOWS\system32\lvl6093se.dll
    Successfully Deleted: C:\WINDOWS\system32\lvl6093se.dll
    deleting: C:\WINDOWS\system32\m0460ahsed460.dll
    Successfully Deleted: C:\WINDOWS\system32\m0460ahsed460.dll
    deleting: C:\WINDOWS\system32\m0lsla371d.dll
    Successfully Deleted: C:\WINDOWS\system32\m0lsla371d.dll
    deleting: C:\WINDOWS\system32\m2lslc371f.dll
    Successfully Deleted: C:\WINDOWS\system32\m2lslc371f.dll
    deleting: C:\WINDOWS\system32\m4lsle371h.dll
    Successfully Deleted: C:\WINDOWS\system32\m4lsle371h.dll
    deleting: C:\WINDOWS\system32\m6640gjqe6oe0.dll
    Successfully Deleted: C:\WINDOWS\system32\m6640gjqe6oe0.dll
    deleting: C:\WINDOWS\system32\m6julg1916.dll
    Successfully Deleted: C:\WINDOWS\system32\m6julg1916.dll
    deleting: C:\WINDOWS\system32\mcsip32.dll
    Successfully Deleted: C:\WINDOWS\system32\mcsip32.dll
    deleting: C:\WINDOWS\system32\mlnsspc.dll
    Successfully Deleted: C:\WINDOWS\system32\mlnsspc.dll
    deleting: C:\WINDOWS\system32\mqmxsdk.dll
    Successfully Deleted: C:\WINDOWS\system32\mqmxsdk.dll
    deleting: C:\WINDOWS\system32\mv08l9du1.dll
    Successfully Deleted: C:\WINDOWS\system32\mv08l9du1.dll
    deleting: C:\WINDOWS\system32\mvl6l93s1.dll
    Successfully Deleted: C:\WINDOWS\system32\mvl6l93s1.dll
    deleting: C:\WINDOWS\system32\mvlml9311.dll
    Successfully Deleted: C:\WINDOWS\system32\mvlml9311.dll
    deleting: C:\WINDOWS\system32\mvnql9551.dll
    Successfully Deleted: C:\WINDOWS\system32\mvnql9551.dll
    deleting: C:\WINDOWS\system32\mvrul9991.dll
    Successfully Deleted: C:\WINDOWS\system32\mvrul9991.dll
    deleting: C:\WINDOWS\system32\myjter40.dll
    Successfully Deleted: C:\WINDOWS\system32\myjter40.dll
    deleting: C:\WINDOWS\system32\MyPMSNSv.dll
    Successfully Deleted: C:\WINDOWS\system32\MyPMSNSv.dll
    deleting: C:\WINDOWS\system32\mzc70.dll
    Successfully Deleted: C:\WINDOWS\system32\mzc70.dll
    deleting: C:\WINDOWS\system32\n02u0af9ed2.dll
    Successfully Deleted: C:\WINDOWS\system32\n02u0af9ed2.dll
    deleting: C:\WINDOWS\system32\n02ulaf91d2.dll
    Successfully Deleted: C:\WINDOWS\system32\n02ulaf91d2.dll
    deleting: C:\WINDOWS\system32\n2n60c5sef.dll
    Successfully Deleted: C:\WINDOWS\system32\n2n60c5sef.dll
    deleting: C:\WINDOWS\system32\n4r20e9oeh.dll
    Successfully Deleted: C:\WINDOWS\system32\n4r20e9oeh.dll
    deleting: C:\WINDOWS\system32\n6l80g3ue6.dll
    Successfully Deleted: C:\WINDOWS\system32\n6l80g3ue6.dll
    deleting: C:\WINDOWS\system32\n6n60g5se6.dll
    Successfully Deleted: C:\WINDOWS\system32\n6n60g5se6.dll
    deleting: C:\WINDOWS\system32\n88olil318q.dll
    Successfully Deleted: C:\WINDOWS\system32\n88olil318q.dll
    deleting: C:\WINDOWS\system32\o0ro0a93ed.dll
    Successfully Deleted: C:\WINDOWS\system32\o0ro0a93ed.dll
    deleting: C:\WINDOWS\system32\o4lu0e39eh.dll
    Successfully Deleted: C:\WINDOWS\system32\o4lu0e39eh.dll
    deleting: C:\WINDOWS\system32\o6pq0g75e6.dll
    Successfully Deleted: C:\WINDOWS\system32\o6pq0g75e6.dll
    deleting: C:\WINDOWS\system32\onengl32.dll
    Successfully Deleted: C:\WINDOWS\system32\onengl32.dll
    deleting: C:\WINDOWS\system32\ootext32.dll
    Successfully Deleted: C:\WINDOWS\system32\ootext32.dll
    deleting: C:\WINDOWS\system32\p8r40i9qe8.dll
    Successfully Deleted: C:\WINDOWS\system32\p8r40i9qe8.dll
    deleting: C:\WINDOWS\system32\pgflbmsg.dll
    Successfully Deleted: C:\WINDOWS\system32\pgflbmsg.dll
    deleting: C:\WINDOWS\system32\pjapi.dll
    Successfully Deleted: C:\WINDOWS\system32\pjapi.dll
    deleting: C:\WINDOWS\system32\pvbase.dll
    Successfully Deleted: C:\WINDOWS\system32\pvbase.dll
    deleting: C:\WINDOWS\system32\q0680ajuedo80.dll
    Successfully Deleted: C:\WINDOWS\system32\q0680ajuedo80.dll
    deleting: C:\WINDOWS\system32\q0nu0a59ed.dll
    Successfully Deleted: C:\WINDOWS\system32\q0nu0a59ed.dll
    deleting: C:\WINDOWS\system32\q4860elsehq60.dll
    Successfully Deleted: C:\WINDOWS\system32\q4860elsehq60.dll
    deleting: C:\WINDOWS\system32\qbdwipes.dll
    Successfully Deleted: C:\WINDOWS\system32\qbdwipes.dll
    deleting: C:\WINDOWS\system32\qLnu0a59ed.dll
    Successfully Deleted: C:\WINDOWS\system32\qLnu0a59ed.dll
    deleting: C:\WINDOWS\system32\qR680ajuedo80.dll
    Successfully Deleted: C:\WINDOWS\system32\qR680ajuedo80.dll
    deleting: C:\WINDOWS\system32\rMsmans.dll
    Successfully Deleted: C:\WINDOWS\system32\rMsmans.dll
    deleting: C:\WINDOWS\system32\s8880ilue8q80.dll
    Successfully Deleted: C:\WINDOWS\system32\s8880ilue8q80.dll
    deleting: C:\WINDOWS\system32\slimeng.dll
    Successfully Deleted: C:\WINDOWS\system32\slimeng.dll
    deleting: C:\WINDOWS\system32\smreamci.dll
    Successfully Deleted: C:\WINDOWS\system32\smreamci.dll
    deleting: C:\WINDOWS\system32\spssetup.dll
    Successfully Deleted: C:\WINDOWS\system32\spssetup.dll
    deleting: C:\WINDOWS\system32\sscfiles.dll
    Successfully Deleted: C:\WINDOWS\system32\sscfiles.dll
    deleting: C:\WINDOWS\system32\t0r8la9u1d.dll
    Successfully Deleted: C:\WINDOWS\system32\t0r8la9u1d.dll
    deleting: C:\WINDOWS\system32\tdbyuv.dll
    Successfully Deleted: C:\WINDOWS\system32\tdbyuv.dll
    deleting: C:\WINDOWS\system32\u8ruli9918.dll
    Successfully Deleted: C:\WINDOWS\system32\u8ruli9918.dll
    deleting: C:\WINDOWS\system32\ugerenv.dll
    Successfully Deleted: C:\WINDOWS\system32\ugerenv.dll
    deleting: C:\WINDOWS\system32\uirvoica.dll
    Successfully Deleted: C:\WINDOWS\system32\uirvoica.dll
    deleting: C:\WINDOWS\system32\vxmredir.dll
    Successfully Deleted: C:\WINDOWS\system32\vxmredir.dll
    deleting: C:\WINDOWS\system32\waaservc.dll
    Successfully Deleted: C:\WINDOWS\system32\waaservc.dll
    deleting: C:\WINDOWS\system32\whvcore.dll
    Successfully Deleted: C:\WINDOWS\system32\whvcore.dll
    deleting: C:\WINDOWS\system32\wrp.dll
    Successfully Deleted: C:\WINDOWS\system32\wrp.dll
    deleting: C:\WINDOWS\system32\xglehlp.dll
    Successfully Deleted: C:\WINDOWS\system32\xglehlp.dll

    Desktop.ini sucessfully removed
     
  6. jmm2

    jmm2 Thread Starter

    Joined:
    Feb 10, 2005
    Messages:
    34
    here is the rest that woudn't fit in the above post.

    Desktop.ini sucessfully removed

    Zipping up files for submission:
    adding: alwav.dll (140 bytes security) (deflated 5%)
    adding: aza00ehmeh4a0.dll (140 bytes security) (deflated 4%)
    adding: aza0l5hm1.dll (140 bytes security) (deflated 5%)
    adding: aza0l75m1.dll (140 bytes security) (deflated 4%)
    adding: aza4li1q18.dll (140 bytes security) (deflated 4%)
    adding: aza6l15s1.dll (140 bytes security) (deflated 4%)
    adding: azaolch31f4.dll (140 bytes security) (deflated 4%)
    adding: azaq0a35ed.dll (140 bytes security) (deflated 5%)
    adding: azaslc371f.dll (140 bytes security) (deflated 4%)
    adding: azau0739e.dll (140 bytes security) (deflated 4%)
    adding: azaul9991.dll (140 bytes security) (deflated 5%)
    adding: azaulaf91d2.dll (140 bytes security) (deflated 4%)
    adding: cMmocx.dll (140 bytes security) (deflated 4%)
    adding: cTbview.dll (140 bytes security) (deflated 3%)
    adding: cwm.dll (140 bytes security) (deflated 4%)
    adding: cyfview.dll (140 bytes security) (deflated 4%)
    adding: d2j00c1mef.dll (140 bytes security) (deflated 4%)
    adding: d4j00e1meh.dll (140 bytes security) (deflated 5%)
    adding: djskadp.dll (140 bytes security) (deflated 4%)
    adding: dn0401dqe.dll (140 bytes security) (deflated 4%)
    adding: dn8s01l7e.dll (140 bytes security) (deflated 4%)
    adding: e002lado1d0c.dll (140 bytes security) (deflated 5%)
    adding: en02l1do1.dll (140 bytes security) (deflated 5%)
    adding: en4ml1h11.dll (140 bytes security) (deflated 5%)
    adding: en60l1jm1.dll (140 bytes security) (deflated 4%)
    adding: en68l1ju1.dll (140 bytes security) (deflated 5%)
    adding: enj8l11u1.dll (140 bytes security) (deflated 4%)
    adding: ennml1511.dll (140 bytes security) (deflated 4%)
    adding: ennul1591.dll (140 bytes security) (deflated 5%)
    adding: enp8l17u1.dll (140 bytes security) (deflated 4%)
    adding: f22m0cf1ef2.dll (140 bytes security) (deflated 4%)
    adding: f22mlcf11f2.dll (140 bytes security) (deflated 5%)
    adding: f6j20g1oe6.dll (140 bytes security) (deflated 4%)
    adding: f8j20i1oe8.dll (140 bytes security) (deflated 4%)
    adding: fp0u03d9e.dll (140 bytes security) (deflated 4%)
    adding: fp2603fse.dll (140 bytes security) (deflated 5%)
    adding: fZ2mlcf11f2.dll (140 bytes security) (deflated 4%)
    adding: g4400ehmeh4a0.dll (140 bytes security) (deflated 4%)
    adding: g440lehm1h4a.dll (140 bytes security) (deflated 4%)
    adding: g6040gdqe60e0.dll (140 bytes security) (deflated 4%)
    adding: g6lm0g31e6.dll (140 bytes security) (deflated 4%)
    adding: gdtuname.dll (140 bytes security) (deflated 5%)
    adding: gp02l3do1.dll (140 bytes security) (deflated 4%)
    adding: gp0ul3d91.dll (140 bytes security) (deflated 4%)
    adding: gpj0l31m1.dll (140 bytes security) (deflated 5%)
    adding: h0l20a3oed.dll (140 bytes security) (deflated 4%)
    adding: h62olgf3162.dll (140 bytes security) (deflated 3%)
    adding: h8j4li1q18.dll (140 bytes security) (deflated 4%)
    adding: hr2005fme.dll (140 bytes security) (deflated 5%)
    adding: hrj0051me.dll (140 bytes security) (deflated 4%)
    adding: hrj2051oe.dll (140 bytes security) (deflated 4%)
    adding: hrnm0551e.dll (140 bytes security) (deflated 5%)
    adding: i060lajm1doa.dll (140 bytes security) (deflated 5%)
    adding: i0nm0a51ed.dll (140 bytes security) (deflated 4%)
    adding: idpromon.dll (140 bytes security) (deflated 4%)
    adding: if40l5hm1.dll (140 bytes security) (deflated 4%)
    adding: iqclass.dll (140 bytes security) (deflated 4%)
    adding: iqmui.dll (140 bytes security) (deflated 5%)
    adding: ir40l5hm1.dll (140 bytes security) (deflated 4%)
    adding: ir64l5jq1.dll (140 bytes security) (deflated 3%)
    adding: irj2l51o1.dll (140 bytes security) (deflated 4%)
    adding: irl2l53o1.dll (140 bytes security) (deflated 5%)
    adding: irl4l53q1.dll (140 bytes security) (deflated 4%)
    adding: j24olch31f4.dll (140 bytes security) (deflated 4%)
    adding: jaaw400.dll (140 bytes security) (deflated 5%)
    adding: jt0m07d1e.dll (140 bytes security) (deflated 4%)
    adding: jt2007fme.dll (140 bytes security) (deflated 4%)
    adding: jt4207hoe.dll (140 bytes security) (deflated 4%)
    adding: jt6s07j7e.dll (140 bytes security) (deflated 4%)
    adding: jt8807lue.dll (140 bytes security) (deflated 4%)
    adding: jt8m07l1e.dll (140 bytes security) (deflated 5%)
    adding: jtl4073qe.dll (140 bytes security) (deflated 4%)
    adding: jtlu0739e.dll (140 bytes security) (deflated 4%)
    adding: jtnq0755e.dll (140 bytes security) (deflated 4%)
    adding: k026lafs1d26.dll (140 bytes security) (deflated 5%)
    adding: k0lq0a35ed.dll (140 bytes security) (deflated 4%)
    adding: k0pm0a71ed.dll (140 bytes security) (deflated 4%)
    adding: kpdaze.dll (140 bytes security) (deflated 4%)
    adding: ktl6l73s1.dll (140 bytes security) (deflated 4%)
    adding: ktn0l75m1.dll (140 bytes security) (deflated 4%)
    adding: l0n4la5q1d.dll (140 bytes security) (deflated 4%)
    adding: l28m0cl1efq.dll (140 bytes security) (deflated 4%)
    adding: l2j80c1uef.dll (140 bytes security) (deflated 4%)
    adding: l4r00e9meh.dll (140 bytes security) (deflated 4%)
    adding: l4r0le9m1h.dll (140 bytes security) (deflated 4%)
    adding: l68m0gl1e6q.dll (140 bytes security) (deflated 5%)
    adding: l68mlgl116q.dll (140 bytes security) (deflated 4%)
    adding: l80ulid9180.dll (140 bytes security) (deflated 4%)
    adding: l8l60i3se8.dll (140 bytes security) (deflated 4%)
    adding: lvl6093se.dll (140 bytes security) (deflated 5%)
    adding: m0460ahsed460.dll (140 bytes security) (deflated 4%)
    adding: m0lsla371d.dll (140 bytes security) (deflated 4%)
    adding: m2lslc371f.dll (140 bytes security) (deflated 4%)
    adding: m4lsle371h.dll (140 bytes security) (deflated 4%)
    adding: m6640gjqe6oe0.dll (140 bytes security) (deflated 4%)
    adding: m6julg1916.dll (140 bytes security) (deflated 5%)
    adding: mcsip32.dll (140 bytes security) (deflated 4%)
    adding: mlnsspc.dll (140 bytes security) (deflated 4%)
    adding: mqmxsdk.dll (140 bytes security) (deflated 4%)
    adding: mv08l9du1.dll (140 bytes security) (deflated 4%)
    adding: mvl6l93s1.dll (140 bytes security) (deflated 5%)
    adding: mvlml9311.dll (140 bytes security) (deflated 4%)
    adding: mvnql9551.dll (140 bytes security) (deflated 4%)
    adding: mvrul9991.dll (140 bytes security) (deflated 4%)
    adding: myjter40.dll (140 bytes security) (deflated 4%)
    adding: MyPMSNSv.dll (140 bytes security) (deflated 5%)
    adding: mzc70.dll (140 bytes security) (deflated 4%)
    adding: n02u0af9ed2.dll (140 bytes security) (deflated 4%)
    adding: n02ulaf91d2.dll (140 bytes security) (deflated 4%)
    adding: n2n60c5sef.dll (140 bytes security) (deflated 4%)
    adding: n4r20e9oeh.dll (140 bytes security) (deflated 4%)
    adding: n6l80g3ue6.dll (140 bytes security) (deflated 4%)
    adding: n6n60g5se6.dll (140 bytes security) (deflated 3%)
    adding: n88olil318q.dll (140 bytes security) (deflated 4%)
    adding: o0ro0a93ed.dll (140 bytes security) (deflated 5%)
    adding: o4lu0e39eh.dll (140 bytes security) (deflated 5%)
    adding: o6pq0g75e6.dll (140 bytes security) (deflated 4%)
    adding: onengl32.dll (140 bytes security) (deflated 5%)
    adding: ootext32.dll (140 bytes security) (deflated 4%)
    adding: p8r40i9qe8.dll (140 bytes security) (deflated 5%)
    adding: pgflbmsg.dll (140 bytes security) (deflated 4%)
    adding: pjapi.dll (140 bytes security) (deflated 4%)
    adding: pvbase.dll (140 bytes security) (deflated 5%)
    adding: q0680ajuedo80.dll (140 bytes security) (deflated 4%)
    adding: q0nu0a59ed.dll (140 bytes security) (deflated 5%)
    adding: q4860elsehq60.dll (140 bytes security) (deflated 4%)
    adding: qbdwipes.dll (140 bytes security) (deflated 3%)
    adding: qLnu0a59ed.dll (140 bytes security) (deflated 4%)
    adding: qR680ajuedo80.dll (140 bytes security) (deflated 3%)
    adding: rMsmans.dll (140 bytes security) (deflated 5%)
    adding: s8880ilue8q80.dll (140 bytes security) (deflated 5%)
    adding: slimeng.dll (140 bytes security) (deflated 5%)
    adding: smreamci.dll (140 bytes security) (deflated 4%)
    adding: spssetup.dll (140 bytes security) (deflated 5%)
    adding: sscfiles.dll (140 bytes security) (deflated 5%)
    adding: t0r8la9u1d.dll (140 bytes security) (deflated 4%)
    adding: tdbyuv.dll (140 bytes security) (deflated 4%)
    adding: u8ruli9918.dll (140 bytes security) (deflated 4%)
    adding: ugerenv.dll (140 bytes security) (deflated 4%)
    adding: uirvoica.dll (140 bytes security) (deflated 4%)
    adding: vxmredir.dll (140 bytes security) (deflated 4%)
    adding: waaservc.dll (140 bytes security) (deflated 4%)
    adding: whvcore.dll (140 bytes security) (deflated 5%)
    adding: wrp.dll (140 bytes security) (deflated 4%)
    adding: xglehlp.dll (140 bytes security) (deflated 5%)
    adding: clear.reg (140 bytes security) (deflated 22%)
    adding: echo.reg (140 bytes security) (deflated 9%)
    adding: desktop.ini (140 bytes security) (deflated 13%)
    adding: direct.txt (140 bytes security) (stored 0%)
    adding: lo2.txt (140 bytes security) (deflated 89%)
    adding: readme.txt (140 bytes security) (deflated 49%)
    adding: report.txt (140 bytes security) (deflated 70%)
    adding: test.txt (140 bytes security) (deflated 85%)
    adding: test2.txt (140 bytes security) (stored 0%)
    adding: test3.txt (140 bytes security) (stored 0%)
    adding: test5.txt (140 bytes security) (stored 0%)
    adding: xfind.txt (140 bytes security) (deflated 81%)
    adding: backregs/9050DE57-B3A9-4895-A137-53CA7D0714D7.reg (140 bytes security) (deflated 70%)
    adding: backregs/shell.reg (140 bytes security) (deflated 73%)

    Restoring Registry Permissions:


    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!


    Revoking access for really "Everyone"


    Registry permissions set too:

    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (ID-NI) ALLOW Read BUILTIN\Users
    (ID-IO) ALLOW Read BUILTIN\Users
    (ID-NI) ALLOW Full access BUILTIN\Administrators
    (ID-IO) ALLOW Full access BUILTIN\Administrators
    (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-IO) ALLOW Full access CREATOR OWNER


    Restoring Sedebugprivilege:

    Granting SeDebugPrivilege to Administrators ... successful

    deleting local copy: alwav.dll
    deleting local copy: aza00ehmeh4a0.dll
    deleting local copy: aza0l5hm1.dll
    deleting local copy: aza0l75m1.dll
    deleting local copy: aza4li1q18.dll
    deleting local copy: aza6l15s1.dll
    deleting local copy: azaolch31f4.dll
    deleting local copy: azaq0a35ed.dll
    deleting local copy: azaslc371f.dll
    deleting local copy: azau0739e.dll
    deleting local copy: azaul9991.dll
    deleting local copy: azaulaf91d2.dll
    deleting local copy: cMmocx.dll
    deleting local copy: cTbview.dll
    deleting local copy: cwm.dll
    deleting local copy: cyfview.dll
    deleting local copy: d2j00c1mef.dll
    deleting local copy: d4j00e1meh.dll
    deleting local copy: djskadp.dll
    deleting local copy: dn0401dqe.dll
    deleting local copy: dn8s01l7e.dll
    deleting local copy: e002lado1d0c.dll
    deleting local copy: en02l1do1.dll
    deleting local copy: en4ml1h11.dll
    deleting local copy: en60l1jm1.dll
    deleting local copy: en68l1ju1.dll
    deleting local copy: enj8l11u1.dll
    deleting local copy: ennml1511.dll
    deleting local copy: ennul1591.dll
    deleting local copy: enp8l17u1.dll
    deleting local copy: f22m0cf1ef2.dll
    deleting local copy: f22mlcf11f2.dll
    deleting local copy: f6j20g1oe6.dll
    deleting local copy: f8j20i1oe8.dll
    deleting local copy: fp0u03d9e.dll
    deleting local copy: fp2603fse.dll
    deleting local copy: fZ2mlcf11f2.dll
    deleting local copy: g4400ehmeh4a0.dll
    deleting local copy: g440lehm1h4a.dll
    deleting local copy: g6040gdqe60e0.dll
    deleting local copy: g6lm0g31e6.dll
    deleting local copy: gdtuname.dll
    deleting local copy: gp02l3do1.dll
    deleting local copy: gp0ul3d91.dll
    deleting local copy: gpj0l31m1.dll
    deleting local copy: h0l20a3oed.dll
    deleting local copy: h62olgf3162.dll
    deleting local copy: h8j4li1q18.dll
    deleting local copy: hr2005fme.dll
    deleting local copy: hrj0051me.dll
    deleting local copy: hrj2051oe.dll
    deleting local copy: hrnm0551e.dll
    deleting local copy: i060lajm1doa.dll
    deleting local copy: i0nm0a51ed.dll
    deleting local copy: idpromon.dll
    deleting local copy: if40l5hm1.dll
    deleting local copy: iqclass.dll
    deleting local copy: iqmui.dll
    deleting local copy: ir40l5hm1.dll
    deleting local copy: ir64l5jq1.dll
    deleting local copy: irj2l51o1.dll
    deleting local copy: irl2l53o1.dll
    deleting local copy: irl4l53q1.dll
    deleting local copy: j24olch31f4.dll
    deleting local copy: jaaw400.dll
    deleting local copy: jt0m07d1e.dll
    deleting local copy: jt2007fme.dll
    deleting local copy: jt4207hoe.dll
    deleting local copy: jt6s07j7e.dll
    deleting local copy: jt8807lue.dll
    deleting local copy: jt8m07l1e.dll
    deleting local copy: jtl4073qe.dll
    deleting local copy: jtlu0739e.dll
    deleting local copy: jtnq0755e.dll
    deleting local copy: k026lafs1d26.dll
    deleting local copy: k0lq0a35ed.dll
    deleting local copy: k0pm0a71ed.dll
    deleting local copy: kpdaze.dll
    deleting local copy: ktl6l73s1.dll
    deleting local copy: ktn0l75m1.dll
    deleting local copy: l0n4la5q1d.dll
    deleting local copy: l28m0cl1efq.dll
    deleting local copy: l2j80c1uef.dll
    deleting local copy: l4r00e9meh.dll
    deleting local copy: l4r0le9m1h.dll
    deleting local copy: l68m0gl1e6q.dll
    deleting local copy: l68mlgl116q.dll
    deleting local copy: l80ulid9180.dll
    deleting local copy: l8l60i3se8.dll
    deleting local copy: lvl6093se.dll
    deleting local copy: m0460ahsed460.dll
    deleting local copy: m0lsla371d.dll
    deleting local copy: m2lslc371f.dll
    deleting local copy: m4lsle371h.dll
    deleting local copy: m6640gjqe6oe0.dll
    deleting local copy: m6julg1916.dll
    deleting local copy: mcsip32.dll
    deleting local copy: mlnsspc.dll
    deleting local copy: mqmxsdk.dll
    deleting local copy: mv08l9du1.dll
    deleting local copy: mvl6l93s1.dll
    deleting local copy: mvlml9311.dll
    deleting local copy: mvnql9551.dll
    deleting local copy: mvrul9991.dll
    deleting local copy: myjter40.dll
    deleting local copy: MyPMSNSv.dll
    deleting local copy: mzc70.dll
    deleting local copy: n02u0af9ed2.dll
    deleting local copy: n02ulaf91d2.dll
    deleting local copy: n2n60c5sef.dll
    deleting local copy: n4r20e9oeh.dll
    deleting local copy: n6l80g3ue6.dll
    deleting local copy: n6n60g5se6.dll
    deleting local copy: n88olil318q.dll
    deleting local copy: o0ro0a93ed.dll
    deleting local copy: o4lu0e39eh.dll
    deleting local copy: o6pq0g75e6.dll
    deleting local copy: onengl32.dll
    deleting local copy: ootext32.dll
    deleting local copy: p8r40i9qe8.dll
    deleting local copy: pgflbmsg.dll
    deleting local copy: pjapi.dll
    deleting local copy: pvbase.dll
    deleting local copy: q0680ajuedo80.dll
    deleting local copy: q0nu0a59ed.dll
    deleting local copy: q4860elsehq60.dll
    deleting local copy: qbdwipes.dll
    deleting local copy: qLnu0a59ed.dll
    deleting local copy: qR680ajuedo80.dll
    deleting local copy: rMsmans.dll
    deleting local copy: s8880ilue8q80.dll
    deleting local copy: slimeng.dll
    deleting local copy: smreamci.dll
    deleting local copy: spssetup.dll
    deleting local copy: sscfiles.dll
    deleting local copy: t0r8la9u1d.dll
    deleting local copy: tdbyuv.dll
    deleting local copy: u8ruli9918.dll
    deleting local copy: ugerenv.dll
    deleting local copy: uirvoica.dll
    deleting local copy: vxmredir.dll
    deleting local copy: waaservc.dll
    deleting local copy: whvcore.dll
    deleting local copy: wrp.dll
    deleting local copy: xglehlp.dll

    The following Is the Current Export of the Winlogon notify key:
    ****************************************************************************
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    @=""
    "DLLName"="igfxsrvc.dll"
    "Asynchronous"=dword:00000001
    "Impersonate"=dword:00000001
    "Unlock"="WinlogonUnlockEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001


    The following are the files found:
    ****************************************************************************
    C:\WINDOWS\system32\alwav.dll
    C:\WINDOWS\system32\aza00ehmeh4a0.dll
    C:\WINDOWS\system32\aza0l5hm1.dll
    C:\WINDOWS\system32\aza0l75m1.dll
    C:\WINDOWS\system32\aza4li1q18.dll
    C:\WINDOWS\system32\aza6l15s1.dll
    C:\WINDOWS\system32\azaolch31f4.dll
    C:\WINDOWS\system32\azaq0a35ed.dll
    C:\WINDOWS\system32\azaslc371f.dll
    C:\WINDOWS\system32\azau0739e.dll
    C:\WINDOWS\system32\azaul9991.dll
    C:\WINDOWS\system32\azaulaf91d2.dll
    C:\WINDOWS\system32\cMmocx.dll
    C:\WINDOWS\system32\cTbview.dll
    C:\WINDOWS\system32\cwm.dll
    C:\WINDOWS\system32\cyfview.dll
    C:\WINDOWS\system32\d2j00c1mef.dll
    C:\WINDOWS\system32\d4j00e1meh.dll
    C:\WINDOWS\system32\djskadp.dll
    C:\WINDOWS\system32\dn0401dqe.dll
    C:\WINDOWS\system32\dn8s01l7e.dll
    C:\WINDOWS\system32\e002lado1d0c.dll
    C:\WINDOWS\system32\en02l1do1.dll
    C:\WINDOWS\system32\en4ml1h11.dll
    C:\WINDOWS\system32\en60l1jm1.dll
    C:\WINDOWS\system32\en68l1ju1.dll
    C:\WINDOWS\system32\enj8l11u1.dll
    C:\WINDOWS\system32\ennml1511.dll
    C:\WINDOWS\system32\ennul1591.dll
    C:\WINDOWS\system32\enp8l17u1.dll
    C:\WINDOWS\system32\f22m0cf1ef2.dll
    C:\WINDOWS\system32\f22mlcf11f2.dll
    C:\WINDOWS\system32\f6j20g1oe6.dll
    C:\WINDOWS\system32\f8j20i1oe8.dll
    C:\WINDOWS\system32\fp0u03d9e.dll
    C:\WINDOWS\system32\fp2603fse.dll
    C:\WINDOWS\system32\fZ2mlcf11f2.dll
    C:\WINDOWS\system32\g4400ehmeh4a0.dll
    C:\WINDOWS\system32\g440lehm1h4a.dll
    C:\WINDOWS\system32\g6040gdqe60e0.dll
    C:\WINDOWS\system32\g6lm0g31e6.dll
    C:\WINDOWS\system32\gdtuname.dll
    C:\WINDOWS\system32\gp02l3do1.dll
    C:\WINDOWS\system32\gp0ul3d91.dll
    C:\WINDOWS\system32\gpj0l31m1.dll
    C:\WINDOWS\system32\h0l20a3oed.dll
    C:\WINDOWS\system32\h62olgf3162.dll
    C:\WINDOWS\system32\h8j4li1q18.dll
    C:\WINDOWS\system32\hr2005fme.dll
    C:\WINDOWS\system32\hrj0051me.dll
    C:\WINDOWS\system32\hrj2051oe.dll
    C:\WINDOWS\system32\hrnm0551e.dll
    C:\WINDOWS\system32\i060lajm1doa.dll
    C:\WINDOWS\system32\i0nm0a51ed.dll
    C:\WINDOWS\system32\idpromon.dll
    C:\WINDOWS\system32\if40l5hm1.dll
    C:\WINDOWS\system32\iqclass.dll
    C:\WINDOWS\system32\iqmui.dll
    C:\WINDOWS\system32\ir40l5hm1.dll
    C:\WINDOWS\system32\ir64l5jq1.dll
    C:\WINDOWS\system32\irj2l51o1.dll
    C:\WINDOWS\system32\irl2l53o1.dll
    C:\WINDOWS\system32\irl4l53q1.dll
    C:\WINDOWS\system32\j24olch31f4.dll
    C:\WINDOWS\system32\jaaw400.dll
    C:\WINDOWS\system32\jt0m07d1e.dll
    C:\WINDOWS\system32\jt2007fme.dll
    C:\WINDOWS\system32\jt4207hoe.dll
    C:\WINDOWS\system32\jt6s07j7e.dll
    C:\WINDOWS\system32\jt8807lue.dll
    C:\WINDOWS\system32\jt8m07l1e.dll
    C:\WINDOWS\system32\jtl4073qe.dll
    C:\WINDOWS\system32\jtlu0739e.dll
    C:\WINDOWS\system32\jtnq0755e.dll
    C:\WINDOWS\system32\k026lafs1d26.dll
    C:\WINDOWS\system32\k0lq0a35ed.dll
    C:\WINDOWS\system32\k0pm0a71ed.dll
    C:\WINDOWS\system32\kpdaze.dll
    C:\WINDOWS\system32\ktl6l73s1.dll
    C:\WINDOWS\system32\ktn0l75m1.dll
    C:\WINDOWS\system32\l0n4la5q1d.dll
    C:\WINDOWS\system32\l28m0cl1efq.dll
    C:\WINDOWS\system32\l2j80c1uef.dll
    C:\WINDOWS\system32\l4r00e9meh.dll
    C:\WINDOWS\system32\l4r0le9m1h.dll
    C:\WINDOWS\system32\l68m0gl1e6q.dll
    C:\WINDOWS\system32\l68mlgl116q.dll
    C:\WINDOWS\system32\l80ulid9180.dll
    C:\WINDOWS\system32\l8l60i3se8.dll
    C:\WINDOWS\system32\lvl6093se.dll
    C:\WINDOWS\system32\m0460ahsed460.dll
    C:\WINDOWS\system32\m0lsla371d.dll
    C:\WINDOWS\system32\m2lslc371f.dll
    C:\WINDOWS\system32\m4lsle371h.dll
    C:\WINDOWS\system32\m6640gjqe6oe0.dll
    C:\WINDOWS\system32\m6julg1916.dll
    C:\WINDOWS\system32\mcsip32.dll
    C:\WINDOWS\system32\mlnsspc.dll
    C:\WINDOWS\system32\mqmxsdk.dll
    C:\WINDOWS\system32\mv08l9du1.dll
    C:\WINDOWS\system32\mvl6l93s1.dll
    C:\WINDOWS\system32\mvlml9311.dll
    C:\WINDOWS\system32\mvnql9551.dll
    C:\WINDOWS\system32\mvrul9991.dll
    C:\WINDOWS\system32\myjter40.dll
    C:\WINDOWS\system32\MyPMSNSv.dll
    C:\WINDOWS\system32\mzc70.dll
    C:\WINDOWS\system32\n02u0af9ed2.dll
    C:\WINDOWS\system32\n02ulaf91d2.dll
    C:\WINDOWS\system32\n2n60c5sef.dll
    C:\WINDOWS\system32\n4r20e9oeh.dll
    C:\WINDOWS\system32\n6l80g3ue6.dll
    C:\WINDOWS\system32\n6n60g5se6.dll
    C:\WINDOWS\system32\n88olil318q.dll
    C:\WINDOWS\system32\o0ro0a93ed.dll
    C:\WINDOWS\system32\o4lu0e39eh.dll
    C:\WINDOWS\system32\o6pq0g75e6.dll
    C:\WINDOWS\system32\onengl32.dll
    C:\WINDOWS\system32\ootext32.dll
    C:\WINDOWS\system32\p8r40i9qe8.dll
    C:\WINDOWS\system32\pgflbmsg.dll
    C:\WINDOWS\system32\pjapi.dll
    C:\WINDOWS\system32\pvbase.dll
    C:\WINDOWS\system32\q0680ajuedo80.dll
    C:\WINDOWS\system32\q0nu0a59ed.dll
    C:\WINDOWS\system32\q4860elsehq60.dll
    C:\WINDOWS\system32\qbdwipes.dll
    C:\WINDOWS\system32\qLnu0a59ed.dll
    C:\WINDOWS\system32\qR680ajuedo80.dll
    C:\WINDOWS\system32\rMsmans.dll
    C:\WINDOWS\system32\s8880ilue8q80.dll
    C:\WINDOWS\system32\slimeng.dll
    C:\WINDOWS\system32\smreamci.dll
    C:\WINDOWS\system32\spssetup.dll
    C:\WINDOWS\system32\sscfiles.dll
    C:\WINDOWS\system32\t0r8la9u1d.dll
    C:\WINDOWS\system32\tdbyuv.dll
    C:\WINDOWS\system32\u8ruli9918.dll
    C:\WINDOWS\system32\ugerenv.dll
    C:\WINDOWS\system32\uirvoica.dll
    C:\WINDOWS\system32\vxmredir.dll
    C:\WINDOWS\system32\waaservc.dll
    C:\WINDOWS\system32\whvcore.dll
    C:\WINDOWS\system32\wrp.dll
    C:\WINDOWS\system32\xglehlp.dll

    Registry Entries that were Deleted:
    Please verify that the listing looks ok.
    If there was something deleted wrongly there are backups in the backreg folder.
    ****************************************************************************
    REGEDIT4

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{9050DE57-B3A9-4895-A137-53CA7D0714D7}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{9050DE57-B3A9-4895-A137-53CA7D0714D7}]
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{20582C8D-5D56-48DA-B114-4E63AE2067B7}"=-
    "SV1"=""
    ****************************************************************************
    Desktop.ini Contents:
    ****************************************************************************
    [.ShellClassInfo]
    CLSID={645FF040-5081-101B-9F08-00AA002F954E}
    <IDone>{20582C8D-5D56-48DA-B114-4E63AE2067B7}</IDone>
    <IDtwo>DS3</IDtwo>
    <VERSION>200</VERSION>
    ****************************************************************************
    
     
  7. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    I don't know why you still see that message. It is no longer needed. Maybe you have an earlier version but not the earliest.

    In the earliest version he used to have you merge that file manually, and that's why that message. In the later versions that is no longer the case and as your log says:
    I had a look at the second.bat in the newest version and cleanup.reg would have been deleted. That message is no longer there either. It is not needed. I am not sure which version you used. But it looks ok. That message is a leftover.

    However, go to your l2mfix folder and have a look for the backreg folder. Those are the backups made after the deletions. Do not double click on anything there. We don't want to re-enter into the registry.

    If you are uncomfortable you can run part one again and post the log. But I am sure things are clean.

    May I see a hijackthis log please? Ther is a new version of hijackthis. Please be sure yours is updated before you post.

    It should be version 1.99.1


    You can download here:
    http://www.merijn.org/files/hijackthis.zip

    Create a new folder on the desktop or My Documents etc (Anything not in a temporary location) and extract Hijackthis into it.

    Run hijackthis and press the scan button. When the scan has finished, Click Save Log. Post the log here.

    Do not fix anything, this is just a diagnostic. It shows both good and bad entries.
     
  8. jmm2

    jmm2 Thread Starter

    Joined:
    Feb 10, 2005
    Messages:
    34
    Well, that's what I thought, also. I ran steps 1 and 2 again. But when I open IE I still get the google page of porn sites. I am soooo frustrated with this. I did dl and attempt to run HiJackThis v1.99.0 and it won't let me. Each attempt to run a scan is met with an error message that state: Hijack this has encountered a problem and needs to close. I would appreciate any advice you could give me.
     
  9. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    You may have had a bad download. Try a new download and see if that one runs.

    Otherwise, find hijackthis.exe and rename it to anything.exe

    Run the newly renamed file and see if it will scan. Let me know how you do.
     
  10. jmm2

    jmm2 Thread Starter

    Joined:
    Feb 10, 2005
    Messages:
    34
    I downloaded and ran HiJackThis 1.99.1 and it let me run a scan. But it cautions to check with an expert so I know what to 'fix.' Here is the log. Can you tellme if there's anything here I SHOULDN'T fix. Please and thank you.
    Scan saved at 6:46:20 PM, on 2/17/2005
    Platform: Windows XP SP1 (WLogfile of HijackThis v1.99.1
    inNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\eMachines Bay Reader\shwiconem.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\lgzcmj.exe
    C:\WINDOWS\bipgyavbk.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\SStb.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\WINDOWS\lt.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\ifconfig.exe
    C:\PROGRA~1\Toolbar\TBPS.exe
    C:\PROGRA~1\Toolbar\TBPSSvc.exe
    C:\WINDOWS\System32\nmmop.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ifconfig.exe
    C:\PROGRA~1\Toolbar\PIB.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\WINDOWS\System32\myjbvm60.exe
    C:\Program Files\Common Files\WinTools\WToolsS.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe
    C:\Program Files\Common Files\WinTools\WSup.exe
    C:\Documents and Settings\Kayla Clay\Local Settings\Temp\Temporary Directory 1 for 1.99.1 hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\KAYLAC~1\LOCALS~1\Temp\sp.dll/sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50162
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\KAYLAC~1\LOCALS~1\Temp\sp.dll/sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 66.180.173.39 www.google.ae
    O1 - Hosts: 66.180.173.39 www.google.am
    O1 - Hosts: 66.180.173.39 www.google.as
    O1 - Hosts: 66.180.173.39 www.google.at
    O1 - Hosts: 66.180.173.39 www.google.az
    O1 - Hosts: 66.180.173.39 www.google.be
    O1 - Hosts: 66.180.173.39 www.google.bi
    O1 - Hosts: 66.180.173.39 www.google.ca
    O1 - Hosts: 66.180.173.39 www.google.cd
    O1 - Hosts: 66.180.173.39 www.google.cg
    O1 - Hosts: 66.180.173.39 www.google.ch
    O1 - Hosts: 66.180.173.39 www.google.ci
    O1 - Hosts: 66.180.173.39 www.google.cl
    O1 - Hosts: 66.180.173.39 www.google.co.cr
    O1 - Hosts: 66.180.173.39 www.google.co.hu
    O1 - Hosts: 66.180.173.39 www.google.co.il
    O1 - Hosts: 66.180.173.39 www.google.co.in
    O1 - Hosts: 66.180.173.39 www.google.co.je
    O1 - Hosts: 66.180.173.39 www.google.co.jp
    O1 - Hosts: 66.180.173.39 www.google.co.ke
    O1 - Hosts: 66.180.173.39 www.google.co.kr
    O1 - Hosts: 66.180.173.39 www.google.co.ls
    O1 - Hosts: 66.180.173.39 www.google.co.nz
    O1 - Hosts: 66.180.173.39 www.google.co.th
    O1 - Hosts: 66.180.173.39 www.google.co.ug
    O1 - Hosts: 66.180.173.39 www.google.co.uk
    O1 - Hosts: 66.180.173.39 www.google.co.ve
    O1 - Hosts: 66.180.173.39 www.google.com
    O1 - Hosts: 66.180.173.39 www.google.com.ag
    O1 - Hosts: 66.180.173.39 www.google.com.ar
    O1 - Hosts: 66.180.173.39 www.google.com.au
    O1 - Hosts: 66.180.173.39 www.google.com.br
    O1 - Hosts: 66.180.173.39 www.google.com.co
    O1 - Hosts: 66.180.173.39 www.google.com.cu
    O1 - Hosts: 66.180.173.39 www.google.com.do
    O1 - Hosts: 66.180.173.39 www.google.com.ec
    O1 - Hosts: 66.180.173.39 www.google.com.fj
    O1 - Hosts: 66.180.173.39 www.google.com.gi
    O1 - Hosts: 66.180.173.39 www.google.com.gr
    O1 - Hosts: 66.180.173.39 www.google.com.gt
    O1 - Hosts: 66.180.173.39 www.google.com.hk
    O1 - Hosts: 66.180.173.39 www.google.com.ly
    O1 - Hosts: 66.180.173.39 www.google.com.mt
    O1 - Hosts: 66.180.173.39 www.google.com.mx
    O1 - Hosts: 66.180.173.39 www.google.com.my
    O1 - Hosts: 66.180.173.39 www.google.com.na
    O1 - Hosts: 66.180.173.39 www.google.com.nf
    O1 - Hosts: 66.180.173.39 www.google.com.ni
    O1 - Hosts: 66.180.173.39 www.google.com.np
    O1 - Hosts: 66.180.173.39 www.google.com.pa
    O1 - Hosts: 66.180.173.39 www.google.com.pe
    O1 - Hosts: 66.180.173.39 www.google.com.ph
    O1 - Hosts: 66.180.173.39 www.google.com.pk
    O1 - Hosts: 66.180.173.39 www.google.com.pr
    O1 - Hosts: 66.180.173.39 www.google.com.py
    O1 - Hosts: 66.180.173.39 www.google.com.sa
    O1 - Hosts: 66.180.173.39 www.google.com.sg
    O1 - Hosts: 66.180.173.39 www.google.com.sv
    O1 - Hosts: 66.180.173.39 www.google.com.tr
    O1 - Hosts: 66.180.173.39 www.google.com.tw
    O1 - Hosts: 66.180.173.39 www.google.com.ua
    O1 - Hosts: 66.180.173.39 www.google.com.uy
    O1 - Hosts: 66.180.173.39 www.google.com.vc
    O1 - Hosts: 66.180.173.39 www.google.com.vn
    O1 - Hosts: 66.180.173.39 www.google.de
    O1 - Hosts: 66.180.173.39 www.google.dj
    O1 - Hosts: 66.180.173.39 www.google.dk
    O1 - Hosts: 66.180.173.39 www.google.es
    O1 - Hosts: 66.180.173.39 www.google.fi
    O1 - Hosts: 66.180.173.39 www.google.fm
    O1 - Hosts: 66.180.173.39 www.google.fr
    O1 - Hosts: 66.180.173.39 www.google.gg
    O1 - Hosts: 66.180.173.39 www.google.gl
    O1 - Hosts: 66.180.173.39 www.google.gm
    O1 - Hosts: 66.180.173.39 www.google.hn
    O1 - Hosts: 66.180.173.39 www.google.ie
    O1 - Hosts: 66.180.173.39 www.google.it
    O1 - Hosts: 66.180.173.39 www.google.kz
    O1 - Hosts: 66.180.173.39 www.google.li
    O1 - Hosts: 66.180.173.39 www.google.lt
    O1 - Hosts: 66.180.173.39 www.google.lu
    O1 - Hosts: 66.180.173.39 www.google.lv
    O1 - Hosts: 66.180.173.39 www.google.mn
    O1 - Hosts: 66.180.173.39 www.google.ms
    O1 - Hosts: 66.180.173.39 www.google.mu
    O1 - Hosts: 66.180.173.39 www.google.mw
    O1 - Hosts: 66.180.173.39 www.google.nl
    O1 - Hosts: 66.180.173.39 www.google.no
    O1 - Hosts: 66.180.173.39 www.google.off.ai
    O1 - Hosts: 66.180.173.39 www.google.pl
    O1 - Hosts: 66.180.173.39 www.google.pn
    O1 - Hosts: 66.180.173.39 www.google.pt
    O1 - Hosts: 66.180.173.39 www.google.ro
    O1 - Hosts: 66.180.173.39 www.google.ru
    O1 - Hosts: 66.180.173.39 www.google.rw
    O1 - Hosts: 66.180.173.39 www.google.se
    O1 - Hosts: 66.180.173.39 www.google.sh
    O1 - Hosts: 66.180.173.39 www.google.sk
    O1 - Hosts: 66.180.173.39 www.google.sm
    O1 - Hosts: 66.180.173.39 www.google.td
    O1 - Hosts: 66.180.173.39 www.google.tm
    O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - C:\DOCUME~1\KAYLAC~1\LOCALS~1\Temp\prrvuupvwzj.dll
    O2 - BHO: (no name) - {63CB40DD-A99A-4038-86FF-E94DA7E234CA} - C:\WINDOWS\System32\cjga.dll
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
    O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [uhyn] C:\WINDOWS\uhyn.exe
    O4 - HKLM\..\Run: [dujkpfxt] C:\WINDOWS\System32\lgzcmj.exe
    O4 - HKLM\..\Run: [zjgbdc] C:\WINDOWS\System32\zjgbdc.exe
    O4 - HKLM\..\Run: [Yantert] C:\WINDOWS\bruzmoh.exe
    O4 - HKLM\..\Run: [C:\WINDOWS\bipgyavbk.exe] C:\WINDOWS\bipgyavbk.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SStb.exe] SStb.exe
    O4 - HKLM\..\Run: [mscdex32] C:\WINDOWS\System32\mscdex32.exe
    O4 - HKLM\..\Run: [ifconfig.exe] C:\WINDOWS\System32\ifconfig.exe
    O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [qs8U3sW] nmmop.exe
    O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [bBr8RiatQ] myjbvm60.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: D-link AirPlus G DWL-G120 Wireless USB.lnk = ?
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm00668US
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
    O18 - Filter: text/html - {DFEB0A78-8CE2-4DD0-ABA9-68255CF4A444} - C:\WINDOWS\System32\cjga.dll
    O18 - Filter: text/plain - {DFEB0A78-8CE2-4DD0-ABA9-68255CF4A444} - C:\WINDOWS\System32\cjga.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
     
  11. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    Go to Add/remove programs and remove:
    "Window Search" and *Win Tools*
    You will be given a security code to insert, do so
    And reboot when done.

    If not there then use these two uninstallers:

    http://lop.com/new_uninstall.exe
    http://lop.com/toolbar_uninstall.exe
    ------------------


    Download this tool. Extract and run it after you have signed off and disconnected from the internet.
    https://beta.activeupdate.trendmicro.com/fixtool/fixagentv1.0007.zip
    --------


    Download CWShredder . Run it right after you have run the previous tool.
    http://www.intermute.com/spysubtract/cwshredder_download.html
    ----------
    Download the Hoster from this link:
    http://members.aol.com/toadbee/hoster.zip

    Unzip it to your desktop.

    Run the Hoster and click "Restore Original Hosts" and press "OK" then Exit the Hoster.
    ------------------
    Restart. There will be much more to do. Post a new Hijackthis log and we will continue.
     
  12. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    Also, be sure to disable Spybot's Tea Timer when you are doing the repairs toprevent it from interfering.
     
  13. jmm2

    jmm2 Thread Starter

    Joined:
    Feb 10, 2005
    Messages:
    34
    I can't thank you enough for all this help! I did everything you said to do. I couldn't find The 'Web Search' so I ran the exe tools, then did everything else you suggested. Then I ran another hijackthis scan as you suggested and here is the log: Logfile of HijackThis v1.99.1
    Scan saved at 8:14:12 PM, on 2/18/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\PROGRA~1\Toolbar\TBPSSvc.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\eMachines Bay Reader\shwiconem.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\lgzcmj.exe
    C:\WINDOWS\bipgyavbk.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ifconfig.exe
    C:\PROGRA~1\Toolbar\TBPS.exe
    C:\WINDOWS\System32\nmmop.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ifconfig.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\WINDOWS\System32\myjbvm60.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\PROGRA~1\Toolbar\PIB.exe
    C:\Program Files\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe
    C:\Documents and Settings\Kayla Clay\Local Settings\Temp\Temporary Directory 2 for 1.99.1 hijackthis.zip\HijackThis.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50162
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 66.180.173.39 www.google.ae
    O1 - Hosts: 66.180.173.39 www.google.am
    O1 - Hosts: 66.180.173.39 www.google.as
    O1 - Hosts: 66.180.173.39 www.google.at
    O1 - Hosts: 66.180.173.39 www.google.az
    O1 - Hosts: 66.180.173.39 www.google.be
    O1 - Hosts: 66.180.173.39 www.google.bi
    O1 - Hosts: 66.180.173.39 www.google.ca
    O1 - Hosts: 66.180.173.39 www.google.cd
    O1 - Hosts: 66.180.173.39 www.google.cg
    O1 - Hosts: 66.180.173.39 www.google.ch
    O1 - Hosts: 66.180.173.39 www.google.ci
    O1 - Hosts: 66.180.173.39 www.google.cl
    O1 - Hosts: 66.180.173.39 www.google.co.cr
    O1 - Hosts: 66.180.173.39 www.google.co.hu
    O1 - Hosts: 66.180.173.39 www.google.co.il
    O1 - Hosts: 66.180.173.39 www.google.co.in
    O1 - Hosts: 66.180.173.39 www.google.co.je
    O1 - Hosts: 66.180.173.39 www.google.co.jp
    O1 - Hosts: 66.180.173.39 www.google.co.ke
    O1 - Hosts: 66.180.173.39 www.google.co.kr
    O1 - Hosts: 66.180.173.39 www.google.co.ls
    O1 - Hosts: 66.180.173.39 www.google.co.nz
    O1 - Hosts: 66.180.173.39 www.google.co.th
    O1 - Hosts: 66.180.173.39 www.google.co.ug
    O1 - Hosts: 66.180.173.39 www.google.co.uk
    O1 - Hosts: 66.180.173.39 www.google.co.ve
    O1 - Hosts: 66.180.173.39 www.google.com
    O1 - Hosts: 66.180.173.39 www.google.com.ag
    O1 - Hosts: 66.180.173.39 www.google.com.ar
    O1 - Hosts: 66.180.173.39 www.google.com.au
    O1 - Hosts: 66.180.173.39 www.google.com.br
    O1 - Hosts: 66.180.173.39 www.google.com.co
    O1 - Hosts: 66.180.173.39 www.google.com.cu
    O1 - Hosts: 66.180.173.39 www.google.com.do
    O1 - Hosts: 66.180.173.39 www.google.com.ec
    O1 - Hosts: 66.180.173.39 www.google.com.fj
    O1 - Hosts: 66.180.173.39 www.google.com.gi
    O1 - Hosts: 66.180.173.39 www.google.com.gr
    O1 - Hosts: 66.180.173.39 www.google.com.gt
    O1 - Hosts: 66.180.173.39 www.google.com.hk
    O1 - Hosts: 66.180.173.39 www.google.com.ly
    O1 - Hosts: 66.180.173.39 www.google.com.mt
    O1 - Hosts: 66.180.173.39 www.google.com.mx
    O1 - Hosts: 66.180.173.39 www.google.com.my
    O1 - Hosts: 66.180.173.39 www.google.com.na
    O1 - Hosts: 66.180.173.39 www.google.com.nf
    O1 - Hosts: 66.180.173.39 www.google.com.ni
    O1 - Hosts: 66.180.173.39 www.google.com.np
    O1 - Hosts: 66.180.173.39 www.google.com.pa
    O1 - Hosts: 66.180.173.39 www.google.com.pe
    O1 - Hosts: 66.180.173.39 www.google.com.ph
    O1 - Hosts: 66.180.173.39 www.google.com.pk
    O1 - Hosts: 66.180.173.39 www.google.com.pr
    O1 - Hosts: 66.180.173.39 www.google.com.py
    O1 - Hosts: 66.180.173.39 www.google.com.sa
    O1 - Hosts: 66.180.173.39 www.google.com.sg
    O1 - Hosts: 66.180.173.39 www.google.com.sv
    O1 - Hosts: 66.180.173.39 www.google.com.tr
    O1 - Hosts: 66.180.173.39 www.google.com.tw
    O1 - Hosts: 66.180.173.39 www.google.com.ua
    O1 - Hosts: 66.180.173.39 www.google.com.uy
    O1 - Hosts: 66.180.173.39 www.google.com.vc
    O1 - Hosts: 66.180.173.39 www.google.com.vn
    O1 - Hosts: 66.180.173.39 www.google.de
    O1 - Hosts: 66.180.173.39 www.google.dj
    O1 - Hosts: 66.180.173.39 www.google.dk
    O1 - Hosts: 66.180.173.39 www.google.es
    O1 - Hosts: 66.180.173.39 www.google.fi
    O1 - Hosts: 66.180.173.39 www.google.fm
    O1 - Hosts: 66.180.173.39 www.google.fr
    O1 - Hosts: 66.180.173.39 www.google.gg
    O1 - Hosts: 66.180.173.39 www.google.gl
    O1 - Hosts: 66.180.173.39 www.google.gm
    O1 - Hosts: 66.180.173.39 www.google.hn
    O1 - Hosts: 66.180.173.39 www.google.ie
    O1 - Hosts: 66.180.173.39 www.google.it
    O1 - Hosts: 66.180.173.39 www.google.kz
    O1 - Hosts: 66.180.173.39 www.google.li
    O1 - Hosts: 66.180.173.39 www.google.lt
    O1 - Hosts: 66.180.173.39 www.google.lu
    O1 - Hosts: 66.180.173.39 www.google.lv
    O1 - Hosts: 66.180.173.39 www.google.mn
    O1 - Hosts: 66.180.173.39 www.google.ms
    O1 - Hosts: 66.180.173.39 www.google.mu
    O1 - Hosts: 66.180.173.39 www.google.mw
    O1 - Hosts: 66.180.173.39 www.google.nl
    O1 - Hosts: 66.180.173.39 www.google.no
    O1 - Hosts: 66.180.173.39 www.google.off.ai
    O1 - Hosts: 66.180.173.39 www.google.pl
    O1 - Hosts: 66.180.173.39 www.google.pn
    O1 - Hosts: 66.180.173.39 www.google.pt
    O1 - Hosts: 66.180.173.39 www.google.ro
    O1 - Hosts: 66.180.173.39 www.google.ru
    O1 - Hosts: 66.180.173.39 www.google.rw
    O1 - Hosts: 66.180.173.39 www.google.se
    O1 - Hosts: 66.180.173.39 www.google.sh
    O1 - Hosts: 66.180.173.39 www.google.sk
    O1 - Hosts: 66.180.173.39 www.google.sm
    O1 - Hosts: 66.180.173.39 www.google.td
    O1 - Hosts: 66.180.173.39 www.google.tm
    O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file
     
  14. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
  15. jmm2

    jmm2 Thread Starter

    Joined:
    Feb 10, 2005
    Messages:
    34
    Hey, I just realized that the log fit in ONE post this time. :) Does this mean we're getting closer to being 'fixed?' You kind of scared me with that "there's much more to do" comment. *g*

    What is the diagnosis? Is it a Torjan or a virus. I 'd just like to give it a name other than royal PIA. [/end lame attempt to be funny. *g*]
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/331052

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice