|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#31
June 7th, 2005, 01:07 AM
|
||||
|
||||
|
(l2mfix cont.)
Second Pass Scanning Second pass Completed! Backing Up: C:\WINDOWS\system32\aosldpc.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\arsldpc.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\bmowser.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\ciutil.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\csgbkend.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\czm.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\dDnim.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\demstor.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\dqskadp.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\dround3d.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\dtnhupnp.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\duocx.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\dvnaddr.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\dwime.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\foifs.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\fpru0399e.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\fqntext.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\g8400ihme84a0.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\heink.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\iaagehlp.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\iFssam.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\ir04l5dq1.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\irlml5311.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\irn2l55o1.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\kkdro.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\lrrhelp.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\lvlq0935e.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\lvn6095se.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\lwpcd11n.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\m4nqle551h.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\mcxml4.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\Mfgsys.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\mifutil.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\MMC42ENU.DLL 1 file(s) copied. Backing Up: C:\WINDOWS\system32\mmxml4r.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\mnfutil.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\mnl_mtf.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\molvpx.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\mufutil.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\mxvcr71.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\myxml2r.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\nvtcfgx.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\nxtshell.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\o6lulg3916.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\ozhlp30e.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\pdgfilt.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\rjchost.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\s0880aluedq80.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\secsccp.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\sqarddlg.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\sssyrps.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\tTpi3.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\tyaffic.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\uirdpa.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\vboy.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\vqoy.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\wp2help.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\wvnnls.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\wxadmoe.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\xclehlp.dll 1 file(s) copied.
|
|
#32
June 7th, 2005, 01:09 AM
|
||||
|
||||
|
(l2mfix cont.)
deleting: C:\WINDOWS\system32\aosldpc.dll Successfully Deleted: C:\WINDOWS\system32\aosldpc.dll deleting: C:\WINDOWS\system32\arsldpc.dll Successfully Deleted: C:\WINDOWS\system32\arsldpc.dll deleting: C:\WINDOWS\system32\bmowser.dll Successfully Deleted: C:\WINDOWS\system32\bmowser.dll deleting: C:\WINDOWS\system32\ciutil.dll Successfully Deleted: C:\WINDOWS\system32\ciutil.dll deleting: C:\WINDOWS\system32\csgbkend.dll Successfully Deleted: C:\WINDOWS\system32\csgbkend.dll deleting: C:\WINDOWS\system32\czm.dll Successfully Deleted: C:\WINDOWS\system32\czm.dll deleting: C:\WINDOWS\system32\dDnim.dll Successfully Deleted: C:\WINDOWS\system32\dDnim.dll deleting: C:\WINDOWS\system32\demstor.dll Successfully Deleted: C:\WINDOWS\system32\demstor.dll deleting: C:\WINDOWS\system32\dqskadp.dll Successfully Deleted: C:\WINDOWS\system32\dqskadp.dll deleting: C:\WINDOWS\system32\dround3d.dll Successfully Deleted: C:\WINDOWS\system32\dround3d.dll deleting: C:\WINDOWS\system32\dtnhupnp.dll Successfully Deleted: C:\WINDOWS\system32\dtnhupnp.dll deleting: C:\WINDOWS\system32\duocx.dll Successfully Deleted: C:\WINDOWS\system32\duocx.dll deleting: C:\WINDOWS\system32\dvnaddr.dll Successfully Deleted: C:\WINDOWS\system32\dvnaddr.dll deleting: C:\WINDOWS\system32\dwime.dll Successfully Deleted: C:\WINDOWS\system32\dwime.dll deleting: C:\WINDOWS\system32\foifs.dll Successfully Deleted: C:\WINDOWS\system32\foifs.dll deleting: C:\WINDOWS\system32\fpru0399e.dll Successfully Deleted: C:\WINDOWS\system32\fpru0399e.dll deleting: C:\WINDOWS\system32\fqntext.dll Successfully Deleted: C:\WINDOWS\system32\fqntext.dll deleting: C:\WINDOWS\system32\g8400ihme84a0.dll Successfully Deleted: C:\WINDOWS\system32\g8400ihme84a0.dll deleting: C:\WINDOWS\system32\heink.dll Successfully Deleted: C:\WINDOWS\system32\heink.dll deleting: C:\WINDOWS\system32\iaagehlp.dll Successfully Deleted: C:\WINDOWS\system32\iaagehlp.dll deleting: C:\WINDOWS\system32\iFssam.dll Successfully Deleted: C:\WINDOWS\system32\iFssam.dll deleting: C:\WINDOWS\system32\ir04l5dq1.dll Successfully Deleted: C:\WINDOWS\system32\ir04l5dq1.dll deleting: C:\WINDOWS\system32\irlml5311.dll Successfully Deleted: C:\WINDOWS\system32\irlml5311.dll deleting: C:\WINDOWS\system32\irn2l55o1.dll Successfully Deleted: C:\WINDOWS\system32\irn2l55o1.dll deleting: C:\WINDOWS\system32\kkdro.dll Successfully Deleted: C:\WINDOWS\system32\kkdro.dll deleting: C:\WINDOWS\system32\lrrhelp.dll Successfully Deleted: C:\WINDOWS\system32\lrrhelp.dll deleting: C:\WINDOWS\system32\lvlq0935e.dll Successfully Deleted: C:\WINDOWS\system32\lvlq0935e.dll deleting: C:\WINDOWS\system32\lvn6095se.dll Successfully Deleted: C:\WINDOWS\system32\lvn6095se.dll deleting: C:\WINDOWS\system32\lwpcd11n.dll Successfully Deleted: C:\WINDOWS\system32\lwpcd11n.dll deleting: C:\WINDOWS\system32\m4nqle551h.dll Successfully Deleted: C:\WINDOWS\system32\m4nqle551h.dll deleting: C:\WINDOWS\system32\mcxml4.dll Successfully Deleted: C:\WINDOWS\system32\mcxml4.dll deleting: C:\WINDOWS\system32\Mfgsys.dll Successfully Deleted: C:\WINDOWS\system32\Mfgsys.dll deleting: C:\WINDOWS\system32\mifutil.dll Successfully Deleted: C:\WINDOWS\system32\mifutil.dll deleting: C:\WINDOWS\system32\MMC42ENU.DLL Successfully Deleted: C:\WINDOWS\system32\MMC42ENU.DLL deleting: C:\WINDOWS\system32\mmxml4r.dll Successfully Deleted: C:\WINDOWS\system32\mmxml4r.dll deleting: C:\WINDOWS\system32\mnfutil.dll Successfully Deleted: C:\WINDOWS\system32\mnfutil.dll deleting: C:\WINDOWS\system32\mnl_mtf.dll Successfully Deleted: C:\WINDOWS\system32\mnl_mtf.dll deleting: C:\WINDOWS\system32\molvpx.dll Successfully Deleted: C:\WINDOWS\system32\molvpx.dll deleting: C:\WINDOWS\system32\mufutil.dll Successfully Deleted: C:\WINDOWS\system32\mufutil.dll deleting: C:\WINDOWS\system32\mxvcr71.dll Successfully Deleted: C:\WINDOWS\system32\mxvcr71.dll deleting: C:\WINDOWS\system32\myxml2r.dll Successfully Deleted: C:\WINDOWS\system32\myxml2r.dll deleting: C:\WINDOWS\system32\nvtcfgx.dll Successfully Deleted: C:\WINDOWS\system32\nvtcfgx.dll deleting: C:\WINDOWS\system32\nxtshell.dll Successfully Deleted: C:\WINDOWS\system32\nxtshell.dll deleting: C:\WINDOWS\system32\o6lulg3916.dll Successfully Deleted: C:\WINDOWS\system32\o6lulg3916.dll deleting: C:\WINDOWS\system32\ozhlp30e.dll Successfully Deleted: C:\WINDOWS\system32\ozhlp30e.dll deleting: C:\WINDOWS\system32\pdgfilt.dll Successfully Deleted: C:\WINDOWS\system32\pdgfilt.dll deleting: C:\WINDOWS\system32\rjchost.dll Successfully Deleted: C:\WINDOWS\system32\rjchost.dll deleting: C:\WINDOWS\system32\s0880aluedq80.dll Successfully Deleted: C:\WINDOWS\system32\s0880aluedq80.dll deleting: C:\WINDOWS\system32\secsccp.dll Successfully Deleted: C:\WINDOWS\system32\secsccp.dll deleting: C:\WINDOWS\system32\sqarddlg.dll Successfully Deleted: C:\WINDOWS\system32\sqarddlg.dll deleting: C:\WINDOWS\system32\sssyrps.dll Successfully Deleted: C:\WINDOWS\system32\sssyrps.dll deleting: C:\WINDOWS\system32\tTpi3.dll Successfully Deleted: C:\WINDOWS\system32\tTpi3.dll deleting: C:\WINDOWS\system32\tyaffic.dll Successfully Deleted: C:\WINDOWS\system32\tyaffic.dll deleting: C:\WINDOWS\system32\uirdpa.dll Successfully Deleted: C:\WINDOWS\system32\uirdpa.dll deleting: C:\WINDOWS\system32\vboy.dll Successfully Deleted: C:\WINDOWS\system32\vboy.dll deleting: C:\WINDOWS\system32\vqoy.dll Successfully Deleted: C:\WINDOWS\system32\vqoy.dll deleting: C:\WINDOWS\system32\wp2help.dll Successfully Deleted: C:\WINDOWS\system32\wp2help.dll deleting: C:\WINDOWS\system32\wvnnls.dll Successfully Deleted: C:\WINDOWS\system32\wvnnls.dll deleting: C:\WINDOWS\system32\wxadmoe.dll Successfully Deleted: C:\WINDOWS\system32\wxadmoe.dll deleting: C:\WINDOWS\system32\xclehlp.dll Successfully Deleted: C:\WINDOWS\system32\xclehlp.dll
|
|
#33
June 7th, 2005, 01:13 AM
|
||||
|
||||
|
(l2mfix cont.)
Zipping up files for submission: adding: aosldpc.dll (164 bytes security) (deflated 4%) adding: arsldpc.dll (164 bytes security) (deflated 5%) adding: bmowser.dll (164 bytes security) (deflated 4%) adding: ciutil.dll (164 bytes security) (deflated 5%) adding: csgbkend.dll (164 bytes security) (deflated 4%) adding: czm.dll (164 bytes security) (deflated 6%) adding: dDnim.dll (164 bytes security) (deflated 5%) adding: demstor.dll (164 bytes security) (deflated 5%) adding: dqskadp.dll (164 bytes security) (deflated 4%) adding: dround3d.dll (164 bytes security) (deflated 5%) adding: dtnhupnp.dll (164 bytes security) (deflated 4%) adding: duocx.dll (164 bytes security) (deflated 5%) adding: dvnaddr.dll (164 bytes security) (deflated 5%) adding: dwime.dll (164 bytes security) (deflated 6%) adding: foifs.dll (164 bytes security) (deflated 4%) adding: fpru0399e.dll (164 bytes security) (deflated 4%) adding: fqntext.dll (164 bytes security) (deflated 4%) adding: g8400ihme84a0.dll (164 bytes security) (deflated 5%) adding: heink.dll (164 bytes security) (deflated 5%) adding: iaagehlp.dll (164 bytes security) (deflated 4%) adding: iFssam.dll (164 bytes security) (deflated 6%) adding: ir04l5dq1.dll (164 bytes security) (deflated 5%) adding: irlml5311.dll (164 bytes security) (deflated 5%) adding: irn2l55o1.dll (164 bytes security) (deflated 6%) adding: kkdro.dll (164 bytes security) (deflated 5%) adding: lrrhelp.dll (164 bytes security) (deflated 5%) adding: lvlq0935e.dll (164 bytes security) (deflated 5%) adding: lvn6095se.dll (164 bytes security) (deflated 5%) adding: lwpcd11n.dll (164 bytes security) (deflated 4%) adding: m4nqle551h.dll (164 bytes security) (deflated 5%) adding: mcxml4.dll (164 bytes security) (deflated 5%) adding: Mfgsys.dll (164 bytes security) (deflated 4%) adding: mifutil.dll (164 bytes security) (deflated 5%) adding: MMC42ENU.DLL (164 bytes security) (deflated 6%) adding: mmxml4r.dll (164 bytes security) (deflated 5%) adding: mnfutil.dll (164 bytes security) (deflated 5%) adding: mnl_mtf.dll (164 bytes security) (deflated 4%) adding: molvpx.dll (164 bytes security) (deflated 5%) adding: mufutil.dll (164 bytes security) (deflated 5%) adding: mxvcr71.dll (164 bytes security) (deflated 5%) adding: myxml2r.dll (164 bytes security) (deflated 5%) adding: nvtcfgx.dll (164 bytes security) (deflated 4%) adding: nxtshell.dll (164 bytes security) (deflated 4%) adding: o6lulg3916.dll (164 bytes security) (deflated 4%) adding: ozhlp30e.dll (164 bytes security) (deflated 5%) adding: pdgfilt.dll (164 bytes security) (deflated 5%) adding: rjchost.dll (164 bytes security) (deflated 5%) adding: s0880aluedq80.dll (164 bytes security) (deflated 4%) adding: secsccp.dll (164 bytes security) (deflated 5%) adding: sqarddlg.dll (164 bytes security) (deflated 4%) adding: sssyrps.dll (164 bytes security) (deflated 4%) adding: tTpi3.dll (164 bytes security) (deflated 5%) adding: tyaffic.dll (164 bytes security) (deflated 4%) adding: uirdpa.dll (164 bytes security) (deflated 4%) adding: vboy.dll (164 bytes security) (deflated 5%) adding: vqoy.dll (164 bytes security) (deflated 5%) adding: wp2help.dll (164 bytes security) (deflated 5%) adding: wvnnls.dll (164 bytes security) (deflated 4%) adding: wxadmoe.dll (164 bytes security) (deflated 6%) adding: xclehlp.dll (164 bytes security) (deflated 4%) adding: clear.reg (164 bytes security) (deflated 36%) adding: echo.reg (164 bytes security) (deflated 11%) adding: direct.txt (164 bytes security) (stored 0%) adding: lo2.txt (164 bytes security) (deflated 87%) adding: readme.txt (164 bytes security) (deflated 49%) adding: report.txt (164 bytes security) (deflated 65%) adding: test.txt (164 bytes security) (deflated 84%) adding: test2.txt (164 bytes security) (deflated 17%) adding: test3.txt (164 bytes security) (deflated 17%) adding: test5.txt (164 bytes security) (deflated 17%) adding: xfind.txt (164 bytes security) (deflated 79%) adding: backregs/31022F6B-7005-4538-833E-8EA34077E12F.reg (164 bytes security) (deflated 70%) adding: backregs/BAB9258C-D81D-4B52-A790-F04D2708EB83.reg (164 bytes security) (deflated 70%) adding: backregs/shell.reg (164 bytes security) (deflated 73%) Restoring Registry Permissions: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Revoking access for predefined group "Administrators" Inherited ACE can not be revoked here! Inherited ACE can not be revoked here! Registry permissions set too: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-NI) ALLOW Read BUILTIN\Users (ID-IO) ALLOW Read BUILTIN\Users (ID-NI) ALLOW Read BUILTIN\Power Users (ID-IO) ALLOW Read BUILTIN\Power Users (ID-NI) ALLOW Full access BUILTIN\Administrators (ID-IO) ALLOW Full access BUILTIN\Administrators (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access CREATOR OWNER Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrators ... successful deleting local copy: aosldpc.dll deleting local copy: arsldpc.dll deleting local copy: bmowser.dll deleting local copy: ciutil.dll deleting local copy: csgbkend.dll deleting local copy: czm.dll deleting local copy: dDnim.dll deleting local copy: demstor.dll deleting local copy: dqskadp.dll deleting local copy: dround3d.dll deleting local copy: dtnhupnp.dll deleting local copy: duocx.dll deleting local copy: dvnaddr.dll deleting local copy: dwime.dll deleting local copy: foifs.dll deleting local copy: fpru0399e.dll deleting local copy: fqntext.dll deleting local copy: g8400ihme84a0.dll deleting local copy: heink.dll deleting local copy: iaagehlp.dll deleting local copy: iFssam.dll deleting local copy: ir04l5dq1.dll deleting local copy: irlml5311.dll deleting local copy: irn2l55o1.dll deleting local copy: kkdro.dll deleting local copy: lrrhelp.dll deleting local copy: lvlq0935e.dll deleting local copy: lvn6095se.dll deleting local copy: lwpcd11n.dll deleting local copy: m4nqle551h.dll deleting local copy: mcxml4.dll deleting local copy: Mfgsys.dll deleting local copy: mifutil.dll deleting local copy: MMC42ENU.DLL deleting local copy: mmxml4r.dll deleting local copy: mnfutil.dll deleting local copy: mnl_mtf.dll deleting local copy: molvpx.dll deleting local copy: mufutil.dll deleting local copy: mxvcr71.dll deleting local copy: myxml2r.dll deleting local copy: nvtcfgx.dll deleting local copy: nxtshell.dll deleting local copy: o6lulg3916.dll deleting local copy: ozhlp30e.dll deleting local copy: pdgfilt.dll deleting local copy: rjchost.dll deleting local copy: s0880aluedq80.dll deleting local copy: secsccp.dll deleting local copy: sqarddlg.dll deleting local copy: sssyrps.dll deleting local copy: tTpi3.dll deleting local copy: tyaffic.dll deleting local copy: uirdpa.dll deleting local copy: vboy.dll deleting local copy: vqoy.dll deleting local copy: wp2help.dll deleting local copy: wvnnls.dll deleting local copy: wxadmoe.dll deleting local copy: xclehlp.dll The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] "Asynchronous"=dword:00000000 "DllName"="" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown"
|
|
#34
June 7th, 2005, 01:16 AM
|
||||
|
||||
|
(l2mfix cont.)
The following are the files found: **************************************************************************** C:\WINDOWS\system32\aosldpc.dll C:\WINDOWS\system32\arsldpc.dll C:\WINDOWS\system32\bmowser.dll C:\WINDOWS\system32\ciutil.dll C:\WINDOWS\system32\csgbkend.dll C:\WINDOWS\system32\czm.dll C:\WINDOWS\system32\dDnim.dll C:\WINDOWS\system32\demstor.dll C:\WINDOWS\system32\dqskadp.dll C:\WINDOWS\system32\dround3d.dll C:\WINDOWS\system32\dtnhupnp.dll C:\WINDOWS\system32\duocx.dll C:\WINDOWS\system32\dvnaddr.dll C:\WINDOWS\system32\dwime.dll C:\WINDOWS\system32\foifs.dll C:\WINDOWS\system32\fpru0399e.dll C:\WINDOWS\system32\fqntext.dll C:\WINDOWS\system32\g8400ihme84a0.dll C:\WINDOWS\system32\heink.dll C:\WINDOWS\system32\iaagehlp.dll C:\WINDOWS\system32\iFssam.dll C:\WINDOWS\system32\ir04l5dq1.dll C:\WINDOWS\system32\irlml5311.dll C:\WINDOWS\system32\irn2l55o1.dll C:\WINDOWS\system32\kkdro.dll C:\WINDOWS\system32\lrrhelp.dll C:\WINDOWS\system32\lvlq0935e.dll C:\WINDOWS\system32\lvn6095se.dll C:\WINDOWS\system32\lwpcd11n.dll C:\WINDOWS\system32\m4nqle551h.dll C:\WINDOWS\system32\mcxml4.dll C:\WINDOWS\system32\Mfgsys.dll C:\WINDOWS\system32\mifutil.dll C:\WINDOWS\system32\MMC42ENU.DLL C:\WINDOWS\system32\mmxml4r.dll C:\WINDOWS\system32\mnfutil.dll C:\WINDOWS\system32\mnl_mtf.dll C:\WINDOWS\system32\molvpx.dll C:\WINDOWS\system32\mufutil.dll C:\WINDOWS\system32\mxvcr71.dll C:\WINDOWS\system32\myxml2r.dll C:\WINDOWS\system32\nvtcfgx.dll C:\WINDOWS\system32\nxtshell.dll C:\WINDOWS\system32\o6lulg3916.dll C:\WINDOWS\system32\ozhlp30e.dll C:\WINDOWS\system32\pdgfilt.dll C:\WINDOWS\system32\rjchost.dll C:\WINDOWS\system32\s0880aluedq80.dll C:\WINDOWS\system32\secsccp.dll C:\WINDOWS\system32\sqarddlg.dll C:\WINDOWS\system32\sssyrps.dll C:\WINDOWS\system32\tTpi3.dll C:\WINDOWS\system32\tyaffic.dll C:\WINDOWS\system32\uirdpa.dll C:\WINDOWS\system32\vboy.dll C:\WINDOWS\system32\vqoy.dll C:\WINDOWS\system32\wp2help.dll C:\WINDOWS\system32\wvnnls.dll C:\WINDOWS\system32\wxadmoe.dll C:\WINDOWS\system32\xclehlp.dll Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{31022F6B-7005-4538-833E-8EA34077E12F}"=- "{BAB9258C-D81D-4B52-A790-F04D2708EB83}"=- [-HKEY_CLASSES_ROOT\CLSID\{31022F6B-7005-4538-833E-8EA34077E12F}] [-HKEY_CLASSES_ROOT\CLSID\{BAB9258C-D81D-4B52-A790-F04D2708EB83}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" **************************************************************************** Desktop.ini Contents: **************************************************************************** ****************************************************************************
|
|
#35
June 7th, 2005, 01:18 AM
|
||||
|
||||
|
New HijackThis Log:
Logfile of HijackThis v1.99.1 Scan saved at 9:47:36 PM, on 6/6/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\unuzpr.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\POP-UP~1\PSFree.exe C:\Program Files\Messenger\MSMSGS.EXE C:\PROGRA~1\ezula\mmod.exe C:\PROGRA~1\Web Offer\wo.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\explorer.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yc...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cus...://my.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...://my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [C-Media Mixer] NOT_Mixer.exe /startup O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [TkBellExe] "NOT_C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\unuzpr.exe reg_run O4 - HKLM\..\Run: [tsvcin] C:\Documents and Settings\Preferred Customer\n20050308.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [audiodev] NOT_C:\WINDOWS\System32\audiodev.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yah.../ymmapi_416.dll O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/gam...aploader_v6.cab O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
|
|
#37
June 7th, 2005, 03:12 AM
|
|||
|
|||
|
You are welcome Snow!
You might want to print these instructions for reference or copy and paste them into notepad and save them on your desktop, as you will be off the internet while using HijackThis. If you have any questions before starting the fix, please don't hesitate to ask! Please go to Start > Control Panel > Add/Remove programs and remove: Ezula or Ezula TopText Web Offer DealsOnline Next... Please download and run LSPFix from here: http://www.cexx.org/lspfix.htm Just scroll down the page and click on the link to download LSPFix.exe Save it to a convenient place such as your Desktop and run LSPFix.exe On the opening screen, click "I know what I'm doing".. Check all instances of winlspak.dll and dolsp.dll (and nothing else), and move them to the "Remove" pane. Then click Finish. Next... Download Ad-Aware SE Personal Edition version 1.06 from: http://www.lavasoft.de/support/download/ Run Adaware, click the "Check for Updates now" link. Install the latest reference file Just update it for now, you will scan with it later! Next... Download Spybot - Search & Destroy 1.4 from. http://www.spybot.info/en/download/index.html Make sure you are online, run Spybot - Search & Destroy, click the "Check for Updates now" link. Install the latest reference file. Just update it for now, you will scan with it later! Please download CCleaner: http://www.ccleaner.com Install the program, you will scan with it later. Boot into Safe Mode. Restart your computer, start tapping F8 when your computer first starts booting, there will be a menu displayed > select Safe Mode. Next... Logoff your internet/network connection. Run HijackThis, click scan, place a checkmark next to the following items. Close all browsers and any other windows or the fix may not work! Click "fix checked". It is OK if some of these items are no longer listed. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yc...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cus...://my.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...://my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo. O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\unuzpr.exe reg_run O4 - HKLM\..\Run: [tsvcin] C:\Documents and Settings\Preferred Customer\n20050308.EXE O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe Do you have any idea what this is? If not, please browse to the file, right-click the file > select properties is there a version tab? If so what information is displayed? Please treat this file with caution, it may be malware. O4 - HKLM\..\Run: [C-Media Mixer] NOT_Mixer.exe /startup This one doesn't look right, note the NOT_C:\ do you have a drive called NOT_C:\ ? O4 - HKLM\..\Run: [TkBellExe] "NOT_C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot These are resource hogs that can be fixed also: O4 - HKLM\..\Run: [TkBellExe] "NOT_C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE Next... Make sure your computer is configured to show all files and folders. Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden Files and Folders heading select Show Hidden Files and Folders. Uncheck hide extensions for known file types. Uncheck the Hide Protected Operating System Files option. Click Yes to confirm. Click OK. Search for and delete the following files: C:\WINDOWS\system32\unuzpr.exe C:\Documents and Settings\Preferred Customer\n20050308.EXE Search for and delete the following folders: C:\PROGRA~1\ezula < delete the entire ezula folder C:\PROGRA~1\Web Offer < delete the entire Web Offer folder Next... Run CCleaner. On the Windows tab, click Run cleaner. On the Applications tab, click Run Cleaner. Next... Perform a full system scan with Adaware, allow it to remove anything it finds. It may ask if it can run the next time your computer boots, allow it to do so. Next... Run Spybot Search & Destroy Scan and fix all items checked in RED. Reboot normally. Please post a fresh HijackThis log. Tom
__________________
HijackThis Ad-aware Spybot Search & Destroy SpywareBlaster SpywareGuard Housecall Online A/V Scan Please read the stickys at the top of the forum before posting!
|
|
#38
June 7th, 2005, 12:51 PM
|
||||
|
||||
|
Quote:
Tom, This was my attempt at altering the registry on things that didn't look right. Instead of deleting something potentially needed, I commented it out with the "NOT", so that I could restore it if it horked something. This particular one was a RealPlayer auto update that lived in the task bar. I will follow all your directions, and repost soon. Thanks!! ~Snow
|
|
#39
June 7th, 2005, 01:33 PM
|
||||
|
||||
|
Quote:
This one is software that came with my son's MP3 player that ran in the taskbar at startup as well.
|
|
#40
June 7th, 2005, 01:34 PM
|
|||
|
|||
|
Quote:
Now that's a new one for me. Somebody once told me you should learn one new word a day  Tom
|
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
