Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Computer restarting randomly Computer restarting randomly
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 02-05-2007, 10:23 AM   #1 (permalink)
Registered User
 
Join Date: May 2006
Posts: 22
OS: XP


Computer restarting randomly
After I turn on my computer, after a little while it restarts, I cant determine whats causing the problem. Here is the HijackThis Log. Hope you guys can help.

Logfile of HijackThis v1.99.1
Scan saved at 17:17:07, on 05/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\qmpxrng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Owner\Desktop\two.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dumprep.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\qmpxrngA.exe
C:\windows\system32\dwdsregt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dwwin.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tesco.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qgb9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qgb9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qgb9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qgb9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eyeseek.com/firstsite.asp?b=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.eyeseek.com/firstsite.asp?b=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.tesco.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tesco.net
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\qwvaf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,bsdepfj.exe
O2 - BHO: Glwcick Class - {BDF4E4DF-B6BB-4ECE-8CD9-1880DEC7B82F} - C:\WINDOWS\system32\lqe2z.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Owner\Desktop\two.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e33.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e33.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e33.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Xerox One Touch\OneTouchMon.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [qmpxrngA] C:\WINDOWS\qmpxrngA.exe
O4 - HKLM\..\Run: [{53-3A-A5-58-ZN}] C:\windows\system32\dwdsregt.exe GEN001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files...reeInstall.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molb...4/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Filter: text/html - {8660A526-27A4-4FBD-85B2-857E82A25971} - C:\WINDOWS\system32\lqe2z.dll
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\m6julg1916.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\qmpxrng.exe
mrqwerty is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-05-2007, 01:37 PM   #2 (permalink)
TSF Enthusiast
 
src2206's Avatar
 
Join Date: Apr 2006
Location: Kolkata, India
Posts: 2,051
OS: WinXP Pro SP2, Edubuntu 7.10

My System

Send a message via Yahoo to src2206
Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.
__________________
Utsyabye Byasane Chaibo Doorbhikhkhe Rashtrabiplabe
Rajwadware Shasane Cha Ya Tishtati Sa Bandhaba- The oldest defination of a FRIEND in Sanskrit by Chanakya.
Registered Linux user #426065

If you feel TSF helped you, then please help TSF by making a donation HERE.
src2206 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-05-2007, 09:47 PM   #3 (permalink)
TSF Enthusiast
 
src2206's Avatar
 
Join Date: Apr 2006
Location: Kolkata, India
Posts: 2,051
OS: WinXP Pro SP2, Edubuntu 7.10

My System

Send a message via Yahoo to src2206
Post
Hello and welcome to TSF .

You may like to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools located near the top of this page, then click Subscribe to this Thread. Make sure it is set to Instant email Notification, then click Subscribe.

Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Your computer is highly infected with different types of malwares. So multiple steps will be required to clean your system. Please stick with me patiently throughout this process.

---------------------------------------------------------------------------------------------

Please print out or copy these instructions/tutorial to Notepad as the internet will not (while in Safe Mode) be available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

_______________________________________________________________________________


Download this file -

http://download.bleepingcomputer.com...h/combofix.exe

**Save it to your desktop**

Double click combofix.exe & follow the prompts.

* Please disable your Antivirus' Script Blockers for they would interfere with combofix

When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouse click combofix's window whilst it's running. That may cause it to stall.

___________________________________________________________________________________


Please run HJT system scan again and post the content of the log file it produces.

_________________________________________________________________

Please provide the following logs with your next post:

ComboFix.txt
HJT (The last one)

The above fix should solve your restarting problem so that we can attack the other infections. So let me know whether your system has improved.
__________________
Utsyabye Byasane Chaibo Doorbhikhkhe Rashtrabiplabe
Rajwadware Shasane Cha Ya Tishtati Sa Bandhaba- The oldest defination of a FRIEND in Sanskrit by Chanakya.
Registered Linux user #426065

If you feel TSF helped you, then please help TSF by making a donation HERE.
src2206 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-06-2007, 09:06 AM   #4 (permalink)
Registered User
 
Join Date: May 2006
Posts: 22
OS: XP


Hello. thanks for helping.

Here is the ComboFix txt.

"Fix" - 07-02-06 15:47:55 Service Pack 2
ComboFix 07-02-06.3 - Running from: "C:\Documents and Settings\Fix\Desktop"

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{574a4356-777e-4747-9034-956a7d99df62}]
@=""

[HKEY_CLASSES_ROOT\clsid\{574a4356-777e-4747-9034-956a7d99df62}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{574a4356-777e-4747-9034-956a7d99df62}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{574a4356-777e-4747-9034-956a7d99df62}\InprocServer32]
@="C:\\WINDOWS\\system32\\merle32.dll"
"ThreadingModel"="Apartment"Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{1a81bbfb-62d6-49b1-9d10-258df36c7127}]
@=""

[HKEY_CLASSES_ROOT\clsid\{1a81bbfb-62d6-49b1-9d10-258df36c7127}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{1a81bbfb-62d6-49b1-9d10-258df36c7127}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{1a81bbfb-62d6-49b1-9d10-258df36c7127}\InprocServer32]
@="C:\\WINDOWS\\system32\\bpowselc.dll"
"ThreadingModel"="Apartment"Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{aa00ddc4-0b98-4238-97f4-d8b9bf5efd47}]
@=""

[HKEY_CLASSES_ROOT\clsid\{aa00ddc4-0b98-4238-97f4-d8b9bf5efd47}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{aa00ddc4-0b98-4238-97f4-d8b9bf5efd47}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{aa00ddc4-0b98-4238-97f4-d8b9bf5efd47}\InprocServer32]
@="C:\\WINDOWS\\system32\\aba20g3oe6.dll"
"ThreadingModel"="Apartment"Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{668c2ccb-c297-4c2d-855a-67bdf5f5317a}]
@=""

[HKEY_CLASSES_ROOT\clsid\{668c2ccb-c297-4c2d-855a-67bdf5f5317a}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{668c2ccb-c297-4c2d-855a-67bdf5f5317a}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{668c2ccb-c297-4c2d-855a-67bdf5f5317a}\InprocServer32]
@="C:\\WINDOWS\\system32\\pDpnetsh.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\system32\aaas0997e.dll
C:\WINDOWS\system32\aamlib.dll
C:\WINDOWS\system32\aba20g3oe6.dll
C:\WINDOWS\system32\adi2cqag.dll
C:\WINDOWS\system32\adicap.dll
C:\WINDOWS\system32\aediosrv.dll
C:\WINDOWS\system32\afl71.dll
C:\WINDOWS\system32\ajaslgd7160.dll
C:\WINDOWS\system32\akaol1931.dll
C:\WINDOWS\system32\alao05h3e.dll
C:\WINDOWS\system32\apao05h3e.dll
C:\WINDOWS\system32\arthz.dll
C:\WINDOWS\system32\arycfilt.dll
C:\WINDOWS\system32\ataulah91d4.dll
C:\WINDOWS\system32\auipdlxx.dll
C:\WINDOWS\system32\avipdlxx.dll
C:\WINDOWS\system32\axicap.dll
C:\WINDOWS\system32\az1009hme.dll
C:\WINDOWS\system32\az1205doe.dll
C:\WINDOWS\system32\az12099oe.dll
C:\WINDOWS\system32\az120g3oe6.dll
C:\WINDOWS\system32\az14055qe.dll
C:\WINDOWS\system32\az16lifs1826.dll
C:\WINDOWS\system32\az18l51u1.dll
C:\WINDOWS\system32\az18l7hu1.dll
C:\WINDOWS\system32\az18lcju1fo8.dll
C:\WINDOWS\system32\az1m0e71eh.dll
C:\WINDOWS\system32\az1o05h3e.dll
C:\WINDOWS\system32\az1o0a33ed.dll
C:\WINDOWS\system32\az1o0c93ef.dll
C:\WINDOWS\system32\az1q0715e.dll
C:\WINDOWS\system32\az1q0cd5ef0.dll
C:\WINDOWS\system32\az1s0af7ed2.dll
C:\WINDOWS\system32\az1s0g37e6.dll
C:\WINDOWS\system32\az1slel71hq.dll
C:\WINDOWS\system32\az1slgd7160.dll
C:\WINDOWS\system32\az1ul7l91.dll
C:\WINDOWS\system32\az1ulc791f.dll
C:\WINDOWS\system32\az3205doe.dll
C:\WINDOWS\system32\az32099oe.dll
C:\WINDOWS\system32\az3m0e71eh.dll
C:\WINDOWS\system32\az3o05h3e.dll
C:\WINDOWS\system32\az3ulc791f.dll
C:\WINDOWS\system32\az5205doe.dll
C:\WINDOWS\system32\az5m0e71eh.dll
C:\WINDOWS\system32\aza0033me.dll
C:\WINDOWS\system32\aza0071me.dll
C:\WINDOWS\system32\aza009hme.dll
C:\WINDOWS\system32\aza00ejmehoa0.dll
C:\WINDOWS\system32\aza00ghme64a0.dll
C:\WINDOWS\system32\aza205doe.dll
C:\WINDOWS\system32\aza2099oe.dll
C:\WINDOWS\system32\aza20g3oe6.dll
C:\WINDOWS\system32\aza4055qe.dll
C:\WINDOWS\system32\aza40a7qed.dll
C:\WINDOWS\system32\aza40efqeh2e0.dll
C:\WINDOWS\system32\aza40glqe6qe0.dll
C:\WINDOWS\system32\aza40idqe80e0.dll
C:\WINDOWS\system32\aza60chsef460.dll
C:\WINDOWS\system32\aza6la9s1d.dll
C:\WINDOWS\system32\aza6lifs1826.dll
C:\WINDOWS\system32\aza80e1ueh.dll
C:\WINDOWS\system32\aza8l39u1.dll
C:\WINDOWS\system32\aza8l51u1.dll
C:\WINDOWS\system32\aza8l7hu1.dll
C:\WINDOWS\system32\aza8lcju1fo8.dll
C:\WINDOWS\system32\aza8li7u18.dll
C:\WINDOWS\system32\azam07f1e.dll
C:\WINDOWS\system32\azam0e71eh.dll
C:\WINDOWS\system32\azao05h3e.dll
C:\WINDOWS\system32\azao0773e.dll
C:\WINDOWS\system32\azao0a33ed.dll
C:\WINDOWS\system32\azao0c93ef.dll
C:\WINDOWS\system32\azaol1931.dll
C:\WINDOWS\system32\azaq0335e.dll
C:\WINDOWS\system32\azaq0715e.dll
C:\WINDOWS\system32\azaq09h5e.dll
C:\WINDOWS\system32\azaq0cd5ef0.dll
C:\WINDOWS\system32\azaq0ej5eho.dll
C:\WINDOWS\system32\azaql9751.dll
C:\WINDOWS\system32\azas0997e.dll
C:\WINDOWS\system32\azas0af7ed2.dll
C:\WINDOWS\system32\azas0g37e6.dll
C:\WINDOWS\system32\azasl7371.dll
C:\WINDOWS\system32\azaslcf71f2.dll
C:\WINDOWS\system32\azasled71h0.dll
C:\WINDOWS\system32\azaslel71hq.dll
C:\WINDOWS\system32\azaslgd7160.dll
C:\WINDOWS\system32\azau0id9e80.dll
C:\WINDOWS\system32\azaul7l91.dll
C:\WINDOWS\system32\azaulah91d4.dll
C:\WINDOWS\system32\azaulc791f.dll
C:\WINDOWS\system32\azaulcf91f2.dll
C:\WINDOWS\system32\azaulg5916.dll
C:\WINDOWS\system32\azc009hme.dll
C:\WINDOWS\system32\azc205doe.dll
C:\WINDOWS\system32\azc2099oe.dll
C:\WINDOWS\system32\azc20g3oe6.dll
C:\WINDOWS\system32\azc8lcju1fo8.dll
C:\WINDOWS\system32\azcm0e71eh.dll
C:\WINDOWS\system32\azco05h3e.dll
C:\WINDOWS\system32\azcq0cd5ef0.dll
C:\WINDOWS\system32\azcs0g37e6.dll
C:\WINDOWS\system32\azculc791f.dll
C:\WINDOWS\system32\aze205doe.dll
C:\WINDOWS\system32\aze2099oe.dll
C:\WINDOWS\system32\azem0e71eh.dll
C:\WINDOWS\system32\azeo05h3e.dll
C:\WINDOWS\system32\azg205doe.dll
C:\WINDOWS\system32\batsprx2.dll
C:\WINDOWS\system32\bctsprx2.dll
C:\WINDOWS\system32\bihci.dll
C:\WINDOWS\system32\bihserv.dll
C:\WINDOWS\system32\bjowser.dll
C:\WINDOWS\system32\bJtt.dll
C:\WINDOWS\system32\bmhserv.dll
C:\WINDOWS\system32\bpowselc.dll
C:\WINDOWS\system32\bVsesrv.dll
C:\WINDOWS\system32\c4002edmgh0a2.dll
C:\WINDOWS\system32\cbmodem.dll
C:\WINDOWS\system32\ccsbrkr.dll
C:\WINDOWS\system32\cDtsrvut.dll
C:\WINDOWS\system32\cempobj.dll
C:\WINDOWS\system32\cEtsrvps.dll
C:\WINDOWS\system32\cfcfg32.dll
C:\WINDOWS\system32\cfseqchk.dll
C:\WINDOWS\system32\cfyptui.dll
C:\WINDOWS\system32\ckPasswd.dll
C:\WINDOWS\system32\ckyptsvc.dll
C:\WINDOWS\system32\cmmcat.dll
C:\WINDOWS\system32\CndbLangJA.dll
C:\WINDOWS\system32\cPiscii.dll
C:\WINDOWS\system32\cPmocx.dll
C:\WINDOWS\system32\cpseqchk.dll
C:\WINDOWS\system32\ctyptui.dll
C:\WINDOWS\system32\cviconfg.dll
C:\WINDOWS\system32\cyPasswd.dll
C:\WINDOWS\system32\d8j02i1mg8.dll
C:\WINDOWS\system32\d8j0li1m18.dll
C:\WINDOWS\system32\damstor.dll
C:\WINDOWS\system32\dbstyle.dll
C:\WINDOWS\system32\dEtaclen.dll
C:\WINDOWS\system32\dgcprop.dll
C:\WINDOWS\system32\dhsec.dll
C:\WINDOWS\system32\diskadp.dll
C:\WINDOWS\system32\djutil.dll
C:\WINDOWS\system32\dKdim.dll
C:\WINDOWS\system32\dmauth.dll
C:\WINDOWS\system32\dn8001lme.dll
C:\WINDOWS\system32\dn8201loe.dll
C:\WINDOWS\system32\dnjm0111e.dll
C:\WINDOWS\system32\dnlo0133e.dll
C:\WINDOWS\system32\dnp6017se.dll
C:\WINDOWS\system32\dtmap.dll
C:\WINDOWS\system32\dwkquota.dll
C:\WINDOWS\system32\dwsynth.dll
C:\WINDOWS\system32\dXd8thk.dll
C:\WINDOWS\system32\dydmo.dll
C:\WINDOWS\system32\e0jmla111d.dll
C:\WINDOWS\system32\e4020edoeh0c0.dll
C:\WINDOWS\system32\e402ledo1h0c.dll
C:\WINDOWS\system32\e6020gdoe60c0.dll
C:\WINDOWS\system32\eb4ul1h91.dll
C:\WINDOWS\system32\ectmgr.dll
C:\WINDOWS\system32\ef4ul1h91.dll
C:\WINDOWS\system32\en00l1dm1.dll
C:\WINDOWS\system32\en46l1hs1.dll
C:\WINDOWS\system32\en4ul1h91.dll
C:\WINDOWS\system32\en6ol1j31.dll
C:\WINDOWS\system32\en8ql1l51.dll
C:\WINDOWS\system32\enn2l15o1.dll
C:\WINDOWS\system32\ennsl1571.dll
C:\WINDOWS\system32\enr8l19u1.dll
C:\WINDOWS\system32\enrol1931.dll
C:\WINDOWS\system32\f00olad31d0.dll
C:\WINDOWS\system32\f2l00c3mef.dll
C:\WINDOWS\system32\f4l02e3mgh.dll
C:\WINDOWS\system32\f82mlif1182.dll
C:\WINDOWS\system32\fdsxp32.dll
C:\WINDOWS\system32\fisst.dll
C:\WINDOWS\system32\fjrq0395e.dll
C:\WINDOWS\system32\fjscfgwz.dll
C:\WINDOWS\system32\fjsevent.dll
C:\WINDOWS\system32\fn0021dmg.dll
C:\WINDOWS\system32\fnl0213mg.dll
C:\WINDOWS\system32\fp4603hse.dll
C:\WINDOWS\system32\fp6003jme.dll
C:\WINDOWS\system32\fp8s03l7e.dll
C:\WINDOWS\system32\fpj0031me.dll
C:\WINDOWS\system32\fpj4031qe.dll
C:\WINDOWS\system32\fpjo0313e.dll
C:\WINDOWS\system32\fpl0033me.dll
C:\WINDOWS\system32\fPl02e3mgh.dll
C:\WINDOWS\system32\fplo0333e.dll
C:\WINDOWS\system32\fplq0335e.dll
C:\WINDOWS\system32\fprq0395e.dll
C:\WINDOWS\system32\ftj4031qe.dll
C:\WINDOWS\system32\ful0213mg.dll
C:\WINDOWS\system32\g0220afoed2c0.dll
C:\WINDOWS\system32\g6400ghme64a0.dll
C:\WINDOWS\system32\g6lm0g31e6.dll
C:\WINDOWS\system32\g8040idqe80e0.dll
C:\WINDOWS\system32\gp0ql3d51.dll
C:\WINDOWS\system32\gp46l3hs1.dll
C:\WINDOWS\system32\gp82l3lo1.dll
C:\WINDOWS\system32\gpj8l31u1.dll
C:\WINDOWS\system32\gpl0l33m1.dll
C:\WINDOWS\system32\gpnsl3571.dll
C:\WINDOWS\system32\gpr8l39u1.dll
C:\WINDOWS\system32\gprul3991.dll
C:\WINDOWS\system32\h20q0cd5ef0.dll
C:\WINDOWS\system32\h24m0ch1ef4.dll
C:\WINDOWS\system32\h4l2le3o1h.dll
C:\WINDOWS\system32\h6l20g3oe6.dll
C:\WINDOWS\system32\her0059me.dll
C:\WINDOWS\system32\hjicons.dll
C:\WINDOWS\system32\hK4m0ch1ef4.dll
C:\WINDOWS\system32\hr0205doe.dll
C:\WINDOWS\system32\hr4o05h3e.dll
C:\WINDOWS\system32\hr6205joe.dll
C:\WINDOWS\system32\hr8u05l9e.dll
C:\WINDOWS\system32\hrn4055qe.dll
C:\WINDOWS\system32\hrr0059me.dll
C:\WINDOWS\system32\hrrq0595e.dll
C:\WINDOWS\system32\i0lo0a33ed.dll
C:\WINDOWS\system32\i4240efqeh2e0.dll
C:\WINDOWS\system32\i4600ejmehoa0.dll
C:\WINDOWS\system32\i460lejm1hoa.dll
C:\WINDOWS\system32\i8nm0i51e8.dll
C:\WINDOWS\system32\ibitpki.dll
C:\WINDOWS\system32\ibxsap.dll
C:\WINDOWS\system32\icstFunc.dll
C:\WINDOWS\system32\idclass.dll
C:\WINDOWS\system32\igss.dll
C:\WINDOWS\system32\iifxdgps.dll
C:\WINDOWS\system32\iijp81k.dll
C:\WINDOWS\system32\ijakeng.dll
C:\WINDOWS\system32\imdkcs32.dll
C:\WINDOWS\system32\imstFunc.dll
C:\WINDOWS\system32\imwphbk.dll
C:\WINDOWS\system32\inign32.dll
C:\WINDOWS\system32\iosecsvc.dll
C:\WINDOWS\system32\iQsrad.dll
C:\WINDOWS\system32\ir0ul5d91.dll
C:\WINDOWS\system32\ir24l5fq1.dll
C:\WINDOWS\system32\ir2ul5f91.dll
C:\WINDOWS\system32\ir4ol5h31.dll
C:\WINDOWS\system32\ir84l5lq1.dll
C:\WINDOWS\system32\irj8l51u1.dll
C:\WINDOWS\system32\irjql5151.dll
C:\WINDOWS\system32\irlsl5371.dll
C:\WINDOWS\system32\irn4l55q1.dll
C:\WINDOWS\system32\irp6l57s1.dll
C:\WINDOWS\system32\issetup.dll
C:\WINDOWS\system32\iXlmdev5.dll
C:\WINDOWS\system32\ixm32.dll
C:\WINDOWS\system32\ixrtrmgr.dll
C:\WINDOWS\system32\j2n20c5oef.dll
C:\WINDOWS\system32\j2n2lc5o1f.dll
C:\WINDOWS\system32\j40sled71h0.dll
C:\WINDOWS\system32\j60s0gd7e60.dll
C:\WINDOWS\system32\j60slgd7160.dll
C:\WINDOWS\system32\j8p00i7me8.dll
C:\WINDOWS\system32\jPvart.dll
C:\WINDOWS\system32\jt0u07d9e.dll
C:\WINDOWS\system32\jt2607fse.dll
C:\WINDOWS\system32\jt2m07f1e.dll
C:\WINDOWS\system32\jt4q07h5e.dll
C:\WINDOWS\system32\jtj0071me.dll
C:\WINDOWS\system32\jtjq0715e.dll
C:\WINDOWS\system32\jtls0737e.dll
C:\WINDOWS\system32\jtpo0773e.dll
C:\WINDOWS\system32\jtrs0797e.dll
C:\WINDOWS\system32\jvproxy.dll
C:\WINDOWS\system32\k008ladu1d08.dll
C:\WINDOWS\system32\k0800almedqa0.dll
C:\WINDOWS\system32\k2lq0c35ef.dll
C:\WINDOWS\system32\k2lqlc351f.dll
C:\WINDOWS\system32\k4lq0e35eh.dll
C:\WINDOWS\system32\k4pm0e71eh.dll
C:\WINDOWS\system32\k826lifs1826.dll
C:\WINDOWS\system32\kacom.dll
C:\WINDOWS\system32\kadru1.dll
C:\WINDOWS\system32\kcdusa.dll
C:\WINDOWS\system32\kedhe319.dll
C:\WINDOWS\system32\kedit.dll
C:\WINDOWS\system32\kfdnecNT.dll
C:\WINDOWS\system32\khdbe.dll
C:\WINDOWS\system32\khdfc.dll
C:\WINDOWS\system32\kir2l79o1.dll
C:\WINDOWS\system32\kjdbr.dll
C:\WINDOWS\system32\kjdmlt47.dll
C:\WINDOWS\system32\klcom.dll
C:\WINDOWS\system32\kldibm02.dll
C:\WINDOWS\system32\kldlt1.dll
C:\WINDOWS\system32\km48l7hu1.dll
C:\WINDOWS\system32\kmda1.dll
C:\WINDOWS\system32\kndlt1.dll
C:\WINDOWS\system32\kO800almedqa0.dll
C:\WINDOWS\system32\kpdnecNT.dll
C:\WINDOWS\system32\kqdca.dll
C:\WINDOWS\system32\kt26l7fs1.dll
C:\WINDOWS\system32\kt48l7hu1.dll
C:\WINDOWS\system32\kt8ul7l91.dll
C:\WINDOWS\system32\ktl2l73o1.dll
C:\WINDOWS\system32\ktlsl7371.dll
C:\WINDOWS\system32\ktnml7511.dll
C:\WINDOWS\system32\ktpol7731.dll
C:\WINDOWS\system32\ktr2l79o1.dll
C:\WINDOWS\system32\kudcan.dll
C:\WINDOWS\system32\kudjpn.dll
C:\WINDOWS\system32\kudru1.dll
C:\WINDOWS\system32\kvdfi.dll
C:\WINDOWS\system32\kxdlt1.dll
C:\WINDOWS\system32\kydmac.dll
C:\WINDOWS\system32\l02s0af7ed2.dll
C:\WINDOWS\system32\l22slcf71f2.dll
C:\WINDOWS\system32\l26olcj31fo.dll
C:\WINDOWS\system32\l4j80e1ueh.dll
C:\WINDOWS\system32\l64q0gh5e64.dll
C:\WINDOWS\system32\l80u0id9e80.dll
C:\WINDOWS\system32\LAXP2P32.DLL
C:\WINDOWS\system32\ljxlmpm.dll
C:\WINDOWS\system32\lkpsd11n.dll
C:\WINDOWS\system32\lnrhelp.dll
C:\WINDOWS\system32\LRBLGF.DLL
C:\WINDOWS\system32\lrcdll.dll
C:\WINDOWS\system32\lt4027hmg.dll
C:\WINDOWS\system32\lv4009hme.dll
C:\WINDOWS\system32\lv4q09h5e.dll
C:\WINDOWS\system32\lvj2091oe.dll
C:\WINDOWS\system32\lvl4093qe.dll
C:\WINDOWS\system32\lvpq0975e.dll
C:\WINDOWS\system32\lvr2099oe.dll
C:\WINDOWS\system32\lvrs0997e.dll
C:\WINDOWS\system32\LWamCpl.dll
C:\WINDOWS\system32\lxcalsec.dll
C:\WINDOWS\system32\lyrmonui.dll
C:\WINDOWS\system32\m0nqla551d.dll
C:\WINDOWS\system32\m0rm0a91ed.dll
C:\WINDOWS\system32\m2460chsef460.dll
C:\WINDOWS\system32\m282lclo1fqc.dll
C:\WINDOWS\system32\m4pole731h.dll
C:\WINDOWS\system32\m6ls0g37e6.dll
C:\WINDOWS\system32\m6lslg3716.dll
C:\WINDOWS\system32\m8280ifue8280.dll
C:\WINDOWS\system32\maexcl40.dll
C:\WINDOWS\system32\maimg32.dll
C:\WINDOWS\system32\majava.dll
C:\WINDOWS\system32\mbdsrv32.dll
C:\WINDOWS\system32\mbhcp.dll
C:\WINDOWS\system32\mbvidctl.dll
C:\WINDOWS\system32\mdcomput.dll
C:\WINDOWS\system32\mehcp.dll
C:\WINDOWS\system32\merle32.dll
C:\WINDOWS\system32\mexclu.dll
C:\WINDOWS\system32\mhdtcuiu.dll
C:\WINDOWS\system32\mhgsvc.dll
C:\WINDOWS\system32\mjr.dll
C:\WINDOWS\system32\mljet35.dll
C:\WINDOWS\system32\mmawt.dll
C:\WINDOWS\system32\mmltus40.dll
C:\WINDOWS\system32\mn28l9fu1.dll
C:\WINDOWS\system32\mnvci70.dll
C:\WINDOWS\system32\mogsvc.dll
C:\WINDOWS\system32\mpctfp.dll
C:\WINDOWS\system32\mv04l9dq1.dll
C:\WINDOWS\system32\mv0ul9d91.dll
C:\WINDOWS\system32\mv28l9fu1.dll
C:\WINDOWS\system32\mv2ol9f31.dll
C:\WINDOWS\system32\mv8ml9l11.dll
C:\WINDOWS\system32\mv8ql9l51.dll
C:\WINDOWS\system32\mvidntld.dll
C:\WINDOWS\system32\mvlvw7.dll
C:\WINDOWS\system32\mvn6l95s1.dll
C:\WINDOWS\system32\mvp0l97m1.dll
C:\WINDOWS\system32\mvpql9751.dll
C:\WINDOWS\system32\mwdtcuiu.dll
C:\WINDOWS\system32\mxaudite.dll
C:\WINDOWS\system32\myricons.dll
C:\WINDOWS\system32\myvcr71.dll
C:\WINDOWS\system32\mzjter40.dll
C:\WINDOWS\system32\mzvcp70.dll
C:\WINDOWS\system32\mzvcp71.dll
C:\WINDOWS\system32\n0p40a7qed.dll
C:\WINDOWS\system32\n0p4la7q1d.dll
C:\WINDOWS\system32\n22u0cf9ef2.dll
C:\WINDOWS\system32\n22ulcf91f2.dll
C:\WINDOWS\system32\n46q0ej5eho.dll
C:\WINDOWS\system32\nfiew.dll
C:\WINDOWS\system32\ngoglnt.dll
C:\WINDOWS\system32\ngrsit.dll
C:\WINDOWS\system32\ngrsnl.dll
C:\WINDOWS\system32\Nhindeo.dll
C:\WINDOWS\system32\nirszht.dll
C:\WINDOWS\system32\nkrsnl.dll
C:\WINDOWS\system32\nn4_disp.dll
C:\WINDOWS\system32\norsit.dll
C:\WINDOWS\system32\notui1.dll
C:\WINDOWS\system32\nrrspt.dll
C:\WINDOWS\system32\numsmgr.dll
C:\WINDOWS\system32\nytui2.dll
C:\WINDOWS\system32\nzrsnl.dll
C:\WINDOWS\system32\o0ro0a93ed.dll
C:\WINDOWS\system32\o2ns0c57ef.dll
C:\WINDOWS\system32\o2nslc571f.dll
C:\WINDOWS\system32\o2pqlc751f.dll
C:\WINDOWS\system32\o2ro0c93ef.dll
C:\WINDOWS\system32\o448lehu1h48.dll
C:\WINDOWS\system32\o466lejs1ho6.dll
C:\WINDOWS\system32\o6840glqe6qe0.dll
C:\WINDOWS\system32\o684lglq16qe.dll
C:\WINDOWS\system32\ocbc32gt.dll
C:\WINDOWS\system32\oce2.dll
C:\WINDOWS\system32\ocuninst.dll
C:\WINDOWS\system32\ofesvr.dll
C:\WINDOWS\system32\okesvr32.dll
C:\WINDOWS\system32\olbcji32.dll
C:\WINDOWS\system32\onbc32.dll
C:\WINDOWS\system32\opeprn.dll
C:\WINDOWS\system32\Osmdspif.dll
C:\WINDOWS\system32\ovbcji32.dll
C:\WINDOWS\system32\owuninst.dll
C:\WINDOWS\system32\oxe2disp.dll
C:\WINDOWS\system32\oyengl32.dll
C:\WINDOWS\system32\oyhlp30e.dll
C:\WINDOWS\system32\p04ulah91d4.dll
C:\WINDOWS\system32\p4p60e7seh.dll
C:\WINDOWS\system32\p4p6le7s1h.dll
C:\WINDOWS\system32\p66s0gj7e6o.dll
C:\WINDOWS\system32\p66slgj716o.dll
C:\WINDOWS\system32\pbflbmsg.dll
C:\WINDOWS\system32\pcotowiz.dll
C:\WINDOWS\system32\pDpnetsh.dll
C:\WINDOWS\system32\pgintui.dll
C:\WINDOWS\system32\phapi.dll
C:\WINDOWS\system32\PmthonCOM22.dll
C:\WINDOWS\system32\pqisdecd.dll
C:\WINDOWS\system32\psdgen.dll
C:\WINDOWS\system32\psrfos.dll
C:\WINDOWS\system32\ptisdecd.dll
C:\WINDOWS\system32\pwpusd.dll
C:\WINDOWS\system32\pyintui.dll
C:\WINDOWS\system32\pzustab.dll
C:\WINDOWS\system32\q068laju1do8.dll
C:\WINDOWS\system32\q268lcju1fo8.dll
C:\WINDOWS\system32\q4nule591h.dll
C:\WINDOWS\system32\q6nulg5916.dll
C:\WINDOWS\system32\q8860ilse8q60.dll
C:\WINDOWS\system32\qrartz.dll
C:\WINDOWS\system32\qTnulg5916.dll
C:\WINDOWS\system32\r0r6la9s1d.dll
C:\WINDOWS\system32\r28s0cl7efq.dll
C:\WINDOWS\system32\r48slel71hq.dll
C:\WINDOWS\system32\r8p8li7u18.dll
C:\WINDOWS\system32\rjnd.dll
C:\WINDOWS\system32\rjpcfgex.dll
C:\WINDOWS\system32\rkvpsp.dll
C:\WINDOWS\system32\romotepg.dll
C:\WINDOWS\system32\ror20.dll
C:\WINDOWS\system32\ruvpsp.dll
C:\WINDOWS\system32\rvpwsx.dll
C:\WINDOWS\system32\rXsmxs.dll
C:\WINDOWS\system32\rzcss.dll
C:\WINDOWS\system32\s0pu0a79ed.dll
C:\WINDOWS\system32\s2pulc791f.dll
C:\WINDOWS\system32\SGMONW32.dll
C:\WINDOWS\system32\siell.dll
C:\WINDOWS\system32\sirobj.dll
C:\WINDOWS\system32\siscrap.dll
C:\WINDOWS\system32\situpdll.dll
C:\WINDOWS\system32\sne.dll
C:\WINDOWS\system32\sofolder.dll
C:\WINDOWS\system32\soorprop.dll
C:\WINDOWS\system32\susbkup.dll
C:\WINDOWS\system32\sWfrcdlg.dll
C:\WINDOWS\system32\swi_ci.dll
C:\WINDOWS\system32\SXMONW32.dll
C:\WINDOWS\system32\t2r80c9uef.dll
C:\WINDOWS\system32\t68u0gl9e6q.dll
C:\WINDOWS\system32\tqappcmp.dll
C:\WINDOWS\system32\tyext.dll
C:\WINDOWS\system32\ubrsvpia.dll
C:\WINDOWS\system32\ucrvpa.dll
C:\WINDOWS\system32\uhnpui.dll
C:\WINDOWS\system32\uknpui.dll
C:\WINDOWS\system32\umiime.dll
C:\WINDOWS\system32\ump10.dll
C:\WINDOWS\system32\uviime.dll
C:\WINDOWS\system32\uyl.dll
C:\WINDOWS\system32\uzrrtosa.dll
C:\WINDOWS\system32\uzrsvpia.dll
C:\WINDOWS\system32\VLDisply.dll
C:\WINDOWS\system32\vppodbc.dll
C:\WINDOWS\system32\vur.dll
C:\WINDOWS\system32\wcbhits.dll
C:\WINDOWS\system32\wdock32.dll
C:\WINDOWS\system32\wdpshell.dll
C:\WINDOWS\system32\wepshell.dll
C:\WINDOWS\system32\whock32.dll
C:\WINDOWS\system32\wip.dll
C:\WINDOWS\system32\WKDMPS.dll
C:\WINDOWS\system32\wlpdxm.dll
C:\WINDOWS\system32\woninet.dll
C:\WINDOWS\system32\wpbcheck.dll
C:\WINDOWS\system32\wradefui.dll
C:\WINDOWS\system32\wsnipsec.dll
C:\WINDOWS\system32\wtsys.dll
C:\WINDOWS\system32\wwsdmoe.dll
C:\WINDOWS\system32\wxaueng.dll
C:\WINDOWS\system32\wYvemsp.dll
C:\WINDOWS\system32\WZDMPS.dll




(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\deskbar.exe
C:\deskbar_e31.exe
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\newname.dat
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\taskkill.com
C:\INSTALL.LOG
C:\tigen001.exe
C:\WINDOWS\offun.exe
C:\Program Files\Common Files\{3C853~1
C:\Program Files\Common Files\{9C853~1
C:\Program Files\Deskbar
C:\Program Files\InetGet2


((((((((((((((((((((((((((((((( Files Created from 2007-01-06 to 2007-02-06 ))))))))))))))))))))))))))))))))))


2007-02-06 15:55 <DIR> d-------- C:\WINDOWS\ERDNT
2007-02-05 17:16 <DIR> d-------- C:\hijackthis
2007-02-04 21:58 234,226 -r--s---- C:\WINDOWS\system32\xfsp3res.dll
2007-02-04 21:16 2,560 --a------ C:\Program Files\dellater.exe
2007-02-04 21:04 2,560 --a------ C:\dellater.exe
2007-02-04 20:04 78,336 --a------ C:\WINDOWS\wnu_205.exe
2007-02-04 20:04 3 --a------ C:\WINDOWS\unq32.dat
2007-02-04 19:22 <DIR> d-------- C:\DOCUME~1\Fix\Application Data\Apple Computer
2007-02-04 17:54 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-02-04 17:02 52,161 --a------ C:\DOCUME~1\Fix\mt-uninstaller.exe
2007-02-04 16:47 <DIR> d-------- C:\DOCUME~1\Fix\Application Data\Lavasoft
2007-02-04 16:29 <DIR> d-------- C:\DOCUME~1\Fix\Application Data\AOL
2007-02-04 16:28 <DIR> d-------- C:\DOCUME~1\Fix\Application Data\Real
2007-02-04 16:27 1,048,576 --ah----- C:\DOCUME~1\Fix\NTUSER.DAT
2007-02-04 16:27 <DIR> d-a------ C:\DOCUME~1\Fix\WINDOWS
2007-02-04 16:27 <DIR> d-a------ C:\DOCUME~1\Fix\Application Data\Symantec
2007-02-04 16:27 <DIR> d-a------ C:\DOCUME~1\Fix\Application Data\Sonic
2007-02-04 16:27 <DIR> d-a------ C:\DOCUME~1\Fix\Application Data\SampleView
2007-02-04 16:27 <DIR> d-a------ C:\DOCUME~1\Fix\.javaws
2007-02-04 16:17 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-02-04 16:17 <DIR> d-a------ C:\DOCUME~1\ADMINI~1\WINDOWS
2007-02-04 16:17 <DIR> d-a------ C:\DOCUME~1\ADMINI~1\Application Data\Symantec
2007-02-04 16:17 <DIR> d-a------ C:\DOCUME~1\ADMINI~1\Application Data\Sonic
2007-02-04 16:17 <DIR> d-a------ C:\DOCUME~1\ADMINI~1\Application Data\SampleView
2007-02-04 16:17 <DIR> d-a------ C:\DOCUME~1\ADMINI~1\.javaws
2007-01-21 13:10 233,497 -r--s---- C:\WINDOWS\system32\fgsres.dll
2007-01-20 23:56 233,497 -r--s---- C:\WINDOWS\system32\phort_res.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-04 20:35 -------- d--h----- C:\Program Files\installshield installation information
2007-02-04 20:02 -------- d-------- C:\Program Files\Common Files\logitech
2007-02-04 19:22 -------- d-------- C:\Documents and Settings\Fix\Application Data\apple computer
2007-02-04 18:20 -------- d-------- C:\Program Files\logitech
2007-02-04 18:02 -------- d-a------ C:\Documents and Settings\Fix\Application Data\microsoft
2007-02-04 16:47 -------- d-------- C:\Documents and Settings\Fix\Application Data\lavasoft
2007-02-04 16:29 -------- d-------- C:\Documents and Settings\Fix\Application Data\aol
2007-02-04 16:28 -------- d-------- C:\Documents and Settings\Fix\Application Data\real
2006-12-05 19:20 233497 -r--s---- C:\WINDOWS\system32\nxwrses.dll
2006-11-29 16:43 43520 --a------ C:\WINDOWS\system32\cmdlineext03.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\%FP%Friendly fts.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fts"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\VoyagerTest\\fts.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCXMNTR"
"hkey"="HKLM"
"command"="ALCXMNTR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccRegVfy"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csrss]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndrff_e33"
"hkey"="HKLM"
"command"="C:\\\\dfndrff_e33.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndrff_e33"
"hkey"="HKLM"
"command"="C:\\\\dfndrff_e33.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dslagent"
"hkey"="HKLM"
"command"="dslagent.exe USB"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GSICONEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gsicon"
"hkey"="HKLM"
"command"="gsicon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\hkcmd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpsysdrv"
"hkey"="HKLM"
"command"="c:\\windows\\system\\hpsysdrv.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IMJPMIG"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IndexSearch"
"hkey"="HKLM"
"command"="C:\\Program Files\\Scansoft\\PaperPort\\IndexSearch.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cfgwiz"
"hkey"="HKLM"
"command"="C:\\Program Files\\Norton Internet Security\\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE \"REBOOT\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kybrdff_e33"
"hkey"="HKLM"
"command"="C:\\\\kybrdff_e33.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BackWeb-8876480"
"hkey"="HKCU"
"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ImScInst"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwnmff_e33"
"hkey"="HKLM"
"command"="C:\\\\nwnmff_e33.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Norton SystemWorks\\Norton Ghost\\Agent\\GhostTray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton SystemWorks]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cfgwiz"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OneTouchMon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Xerox One Touch\\OneTouchMon.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAS_Check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="udcpas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\DriveCleaner 2006 Free\\udcpas.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PP8 Reminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="navLoad"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Scansoft\\PaperPort\\WebEreg\\NAVBrowser.exe\" -r \"C:\\Program Files\\Scansoft\\PaperPort\\WebEreg\\navLoad.ini\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ps2"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\ps2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pVRV3eP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ujtnzbw"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\ujtnzbw.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qmpxrngA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qmpxrngA"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\qmpxrngA.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RECGUARD"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6_Check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="udcsdr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\DriveCleaner 2006 Free\\udcsdr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_05\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svdhost]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="svdhost"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\1031\\svdhost.lnk"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vcqpg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="anfvfa"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\anfvfa.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VTTimer"
"hkey"="HKLM"
"command"="VTTimer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="start"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\system32\\1031\\start.lnk\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{53-3A-A5-58-ZN}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dwdsregt"
"hkey"="HKLM"
"command"="C:\\windows\\system32\\dwdsregt.exe GEN001"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=dword:00000002
"NISUM"=dword:00000002
"ccPxySvc"=dword:00000002
"ccEvtMgr"=dword:00000002
"Speed Disk service"=dword:00000002
"SPBBCSvc"=dword:00000003
"SNDSrvc"=dword:00000003
"SAVScan"=dword:00000003
"NSCService"=dword:00000003
"NProtectService"=dword:00000002
"NPFMntor"=dword:00000002
"Norton Ghost"=dword:00000002
"navapsvc"=dword:00000002
"ccSetMgr"=dword:00000002
"comHost"=dword:00000003
"ccProxy"=dword:00000002
"ccISPwdSvc"=dword:00000003
"xmlprov"=dword:00000003
"WZCSVC"=dword:00000002
"wuauserv"=dword:00000002
"WmiApSrv"=dword:00000003
"WmdmPmSN"=dword:00000003
"winmgmt"=dword:00000002
"Windows Overlay Components"=dword:00000002
"WebClient"=dword:00000002
"W32Time"=dword:00000002
"VSS"=dword:00000003
"UPS"=dword:00000003
"upnphost"=dword:00000003
"UMWdf"=dword:00000002
"TrkWks"=dword:00000002
"Themes"=dword:00000002
"TermService"=dword:00000003
"TapiSrv"=dword:00000003
"SysmonLog"=dword:00000003
"SwPrv"=dword:00000003
"stisvc"=dword:00000002
"SSDPSRV"=dword:00000003
"Spooler"=dword:00000002
"ShellHWDetection"=dword:00000002
"SENS"=dword:00000002
"seclogon"=dword:00000002
"Schedule"=dword:00000002
"SCardSvr"=dword:00000003
"SamSs"=dword:00000002
"RSVP"=dword:00000003
"RDSessMgr"=dword:00000003
"RasMan"=dword:00000003
"RasAuto"=dword:00000002
"ProtectedStorage"=dword:00000002
"PolicyAgent"=dword:00000002
"PlugPlay"=dword:00000002
"NtmsSvc"=dword:00000003
"NtLmSsp"=dword:00000003
"Nla"=dword:00000003
"Netman"=dword:00000003
"Netlogon"=dword:00000003
"MSIServer"=dword:00000003
"MSDTC"=dword:00000003
"mnmsrvc"=dword:00000003
"LmHosts"=dword:00000002
"LexBceS"=dword:00000002
"lanmanworkstation"=dword:00000002
"lanmanserver"=dword:00000002
"iPodService"=dword:00000003
"ImapiService"=dword:00000003
"IDriverT"=dword:00000003
"HTTPFilter"=dword:00000003
"helpsvc"=dword:00000002
"GEARSecurity"=dword:00000002
"Fax"=dword:00000003
"FastUserSwitchingCompatibility"=dword:00000003
"EventSystem"=dword:00000003
"Eventlog"=dword:00000002
"ERSvc"=dword:00000002
"Dnscache"=dword:00000002
"dmserver"=dword:00000003
"dmadmin"=dword:00000003
"Dhcp"=dword:00000002
"CryptSvc"=dword:00000003
"COMSysApp"=dword:00000003
"CiSvc"=dword:00000003
"Browser"=dword:00000002
"BITS"=dword:00000002
"AudioSrv"=dword:00000002
"Ati HotKey Poller"=dword:00000002
"aspnet_state"=dword:00000003
"AppMgmt"=dword:00000003
"AOLService"=dword:00000002
"AOL ACS"=dword:00000002
"ALG"=dword:00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wbsys.dll"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec Network Driver Update Warning"="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\SNDWarn.EXE"
"Symantec NetDriver Warning"="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\SNDWarn.EXE"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Symantec Network Driver Update Warning"="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\SNDWarn.EXE"
"Symantec NetDriver Warning"="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\SNDWarn.EXE"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command D:\Info.exe folder.htt 480 480

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14afc656-2ce6-11d8-877c-806d6172696f}]
Shell\AutoRun\command D:\Info.exe folder.htt 480 480


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-06 15:59:23



---------------------------------------------------------------
---------------------------------------------------------------
---------------------------------------------------------------
---------------------------------------------------------------

Here is the HJT Log.

Logfile of HijackThis v1.99.1
Scan saved at 16:02:37, on 06/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qgb9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qgb9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qgb9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.tesco.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tesco.net
O2 - BHO: Glwcick Class - {BDF4E4DF-B6BB-4ECE-8CD9-1880DEC7B82F} - C:\WINDOWS\system32\lqe2z.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [{53-3A-A5-58-ZN}] C:\windows\system32\dwdsregt.exe GEN001
O4 - HKLM\..\Run: [Yahoo] "C:\WINDOWS\system32\1031\start.lnk"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [svdhost] C:\WINDOWS\system32\1031\svdhost.lnk
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [SDR6_Check] "C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [qmpxrngA] C:\WINDOWS\qmpxrngA.exe
O4 - HKLM\..\Run: [pVRV3eP] C:\WINDOWS\system32\ujtnzbw.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PP8 Reminder] "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PAS_Check] "C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe"
O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Xerox One Touch\OneTouchMon.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e33.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e33.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e33.exe
O4 - HKLM\..\Run: [csrss] C:\\dfndrff_e33.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKCU\..\Run: [vcqpg] C:\WINDOWS\system32\anfvfa.exe reg_run
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files...reeInstall.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molb...4/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\qmpxrng.exe
mrqwerty is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-07-2007, 08:58 AM   #5 (permalink)
TSF Enthusiast
 
src2206's Avatar
 
Join Date: Apr 2006
Location: Kolkata, India
Posts: 2,051
OS: WinXP Pro SP2, Edubuntu 7.10

My System

Send a message via Yahoo to src2206
Post
Hello mrqwerty

Please follow the next set of instructions very carefully and in the exact given order.

Downloads

1. Please download Cleanup! and install it. You will use this later. Do not install if you are using the 64 bit version of windows.

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

If you find the above link is taking you to a out of service page, please use the following link to download this program:

http://www.stevengould.org/downloads...CleanUp452.exe


2. Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.


3. Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:BFU).

Do not do anything with these yet!

___________________________________________________________________________________


Show Hidden Files and Folders

Go to My Computer >Tools >Folder Options >View tab and select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK.

______________________________________________


Fix

Delete NT Services

Go to Start>Run and type or copy paste the following command, then press Enter:

sc stop "Windows Overlay Components"

Now, Go to Start>Run and type or copy paste the following command, then press Enter:

sc delete "Windows Overlay Components"

_______________________________________________________________


Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

____________________________________________________________


Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

DriveCleaner 2006 Free

______________________________________________________________

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

O2 - BHO: Glwcick Class - {BDF4E4DF-B6BB-4ECE-8CD9-1880DEC7B82F} - C:\WINDOWS\system32\lqe2z.dll (file missing)
O4 - HKLM\..\Run: [{53-3A-A5-58-ZN}] C:\windows\system32\dwdsregt.exe GEN001
O4 - HKLM\..\Run: [Yahoo] "C:\WINDOWS\system32\1031\start.lnk
O4 - HKLM\..\Run: [svdhost] C:\WINDOWS\system32\1031\svdhost.lnk
O4 - HKLM\..\Run: [SDR6_Check] "C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe"
O4 - HKLM\..\Run: [PAS_Check] "C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe"
O4 - HKLM\..\Run: [qmpxrngA] C:\WINDOWS\qmpxrngA.exe
O4 - HKLM\..\Run: [pVRV3eP] C:\WINDOWS\system32\ujtnzbw.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [vcqpg] C:\WINDOWS\system32\anfvfa.exe reg_run
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files...reeInstall.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll

Please remember to close all other windows, including browsers then click Fix checked.

___________________________________________________________


Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\Program Files\Common Files\ DriveCleaner 2006 Free
C:\Program Files\ DriveCleaner 2006 Free
C:\Documents and Settings\Fix\ mt-uninstaller.exe