Help me out please, really appreciated !

Looks as though you have disabled quite a few of your programs ?? Should be a lot more to the HJT log than that,
Please enable all you have disabled
Need you to download a few tools as well

go Here and download and run VX2Finder(126).exe. Hit "Click to Find VX2.BetterInternet" and then click on "Make Log". Copy it and post it back in this thread.

Also go Here and download and run CWS HiddenDLLFinder. Follow the prompts and post the log it makes back in this thread.

Please Download
Silent Runners
Run it.
Post back the log from it please

Pocket KillBox unzip it and save it to your desk top
Don't do anything with this just yet

Post back a fresh HJT log as well please

0 Replies

Actually need you to download this one as well,
Findit.zip

Unzip it and double-click on Find.bat to run it. It should run for a few seconds, then open Output.txt file. Copy and paste the contents of output.txt here. Once that's done, close the text file and then press any key and the batch file will end.

Post that look here as well, you wont be able to fit them all in one reply but thats fine

0 Replies

Thanks for replying. Here is all the logs

* fresh hijack log *

Logfile of HijackThis v1.99.0
Scan saved at 6:21:24 PM, on 1/20/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Jack\Desktop\HijackThis.exe

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {49FAC937-0255-417C-F5CF-DBF2A1908CCC} - (no file)
O2 - BHO: (no name) - {8E3908A9-E51A-272A-E16F-0FDF0CF1E52E} - (no file)

* VX2 log *

Log for VX2.BetterInternet File Finder (ALL)

Files Found---

Additional Files---

Keys Under Notify---

Applets
Schedule
sclgntfy

Guardian Key--- is called:

Guardian Key--- :

User Agent String---
{C51E540C-C0FE-484C-AA63-00E552C043B0}

# Start of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
127.0.0.1 www.igetnet.com
127.0.0.1 code.ignphrases.com
127.0.0.1 clear-search.com
127.0.0.1 r1.clrsch.com
127.0.0.1 sds.clrsch.com
127.0.0.1 status.clrsch.com
127.0.0.1 www.clrsch.com
127.0.0.1 clr-sch.com
127.0.0.1 sds-qckads.com
127.0.0.1 status.qckads.com
69.20.16.183 auto.search.msn.com
69.20.16.183 search.netscape.com
69.20.16.183 ieautosearch
69.20.16.183 ieautosearch

* DLLCompare Log version(1.0.0.127) *

Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM32\aza6l3~1.dll Thu Dec 16 2004 3:42:56p ..S.R 224,520 219.26 K
C:\WINDOWS\SYSTEM32\azam0c~1.dll Sun Jan 16 2005 12:16:58p ..S.R 223,812 218.57 K
C:\WINDOWS\SYSTEM32\cpm.dll Sat Dec 18 2004 5:41:12p ..S.R 223,037 217.81 K
C:\WINDOWS\SYSTEM32\d8j0li~1.dll Sat Dec 18 2004 6:10:52p ..S.R 223,178 217.95 K
C:\WINDOWS\SYSTEM32\dn4401~1.dll Wed Dec 15 2004 3:37:52p ..S.R 224,520 219.26 K
C:\WINDOWS\SYSTEM32\dnnu01~1.dll Thu Jan 20 2005 4:47:16p ..S.R 225,689 220.40 K
C:\WINDOWS\SYSTEM32\dwcompos.dll Sat Dec 18 2004 2:54:34p ..S.R 223,132 217.90 K
C:\WINDOWS\SYSTEM32\dxnaddr.dll Sat Jan 1 2005 3:52:02a ..S.R 225,441 220.16 K
C:\WINDOWS\SYSTEM32\e2jm0c~1.dll Wed Dec 15 2004 11:37:06p ..S.R 224,520 219.26 K
C:\WINDOWS\SYSTEM32\e4020e~1.dll Sat Dec 18 2004 7:22:50a ..S.R 223,336 218.10 K
C:\WINDOWS\SYSTEM32\enlsl1~1.dll Thu Jan 20 2005 3:34:32p ..S.R 225,689 220.40 K
C:\WINDOWS\SYSTEM32\enn0l1~1.dll Fri Dec 17 2004 9:45:32p ..S.R 225,571 220.28 K
C:\WINDOWS\SYSTEM32\ennol1~1.dll Tue Dec 28 2004 10:39:34a ..S.R 225,396 220.11 K
C:\WINDOWS\SYSTEM32\enpml1~1.dll Thu Dec 30 2004 4:48:00a ..S.R 224,311 219.05 K
C:\WINDOWS\SYSTEM32\fn2021~1.dll Mon Dec 13 2004 3:27:14p ..S.R 224,520 219.26 K
C:\WINDOWS\SYSTEM32\gdtext.dll Sat Dec 18 2004 5:55:28a ..S.R 224,520 219.26 K
C:\WINDOWS\SYSTEM32\gp46l3~1.dll Mon Dec 13 2004 3:11:26p ..S.R 224,210 218.95 K
C:\WINDOWS\SYSTEM32\h0n0la~1.dll Mon Jan 17 2005 7:25:44p ..S.R 222,733 217.51 K
C:\WINDOWS\SYSTEM32\h40q0e~1.dll Sun Dec 12 2004 3:00:38p ..S.R 223,736 218.49 K
C:\WINDOWS\SYSTEM32\h40qle~1.dll Sun Dec 12 2004 10:33:24p ..S.R 224,736 219.47 K
C:\WINDOWS\SYSTEM32\h4l20e~1.dll Sun Dec 19 2004 4:52:44p ..S.R 222,909 217.68 K
C:\WINDOWS\SYSTEM32\i6240g~1.dll Sat Jan 15 2005 6:15:10p ..S.R 223,636 218.39 K
C:\WINDOWS\SYSTEM32\i6jqlg~1.dll Sat Jan 8 2005 8:19:18p ..S.R 224,223 218.96 K
C:\WINDOWS\SYSTEM32\i8loli~1.dll Tue Dec 28 2004 10:37:54a ..S.R 224,916 219.64 K
C:\WINDOWS\SYSTEM32\igjp81k.dll Sat Dec 18 2004 5:22:32p ..S.R 223,132 217.90 K
C:\WINDOWS\SYSTEM32\ir48l5~1.dll Wed Jan 19 2005 12:21:56a ..S.R 225,945 220.65 K
C:\WINDOWS\SYSTEM32\irj2l5~1.dll Tue Dec 21 2004 5:23:06a ..S.R 224,311 219.05 K
C:\WINDOWS\SYSTEM32\irjsl5~1.dll Sun Dec 12 2004 10:33:28p ..S.R 223,827 218.58 K
C:\WINDOWS\SYSTEM32\j8l40i~1.dll Sun Dec 19 2004 8:07:06a ..S.R 225,992 220.70 K
C:\WINDOWS\SYSTEM32\jt6u07~1.dll Tue Dec 28 2004 5:26:44a ..S.R 224,311 219.05 K
C:\WINDOWS\SYSTEM32\jtpo07~1.dll Fri Dec 17 2004 6:42:00p ..S.R 224,520 219.26 K
C:\WINDOWS\SYSTEM32\k4620e~1.dll Tue Dec 21 2004 12:55:24a ..S.R 224,311 219.05 K
C:\WINDOWS\SYSTEM32\k6260g~1.dll Thu Dec 16 2004 4:06:36p ..S.R 224,520 219.26 K
C:\WINDOWS\SYSTEM32\k8noli~1.dll Sun Dec 19 2004 4:32:36p ..S.R 224,033 218.78 K
C:\WINDOWS\SYSTEM32\kt26l7~1.dll Thu Dec 16 2004 3:44:54p ..S.R 224,520 219.26 K
C:\WINDOWS\SYSTEM32\ktrul7~1.dll Mon Dec 20 2004 3:09:00a ..S.R 224,700 219.43 K
C:\WINDOWS\SYSTEM32\l06o0a~1.dll Thu Jan 20 2005 3:02:40p ..S.R 225,172 219.89 K
C:\WINDOWS\SYSTEM32\l06ola~1.dll Mon Dec 13 2004 2:01:34p ..S.R 225,570 220.28 K
C:\WINDOWS\SYSTEM32\l64q0g~1.dll Fri Jan 7 2005 12:14:36a ..S.R 225,987 220.69 K
C:\WINDOWS\SYSTEM32\luprxy.dll Sun Dec 19 2004 7:39:52a ..S.R 225,554 220.27 K
C:\WINDOWS\SYSTEM32\lv2m09~1.dll Fri Jan 14 2005 11:43:22a ..S.R 223,210 217.98 K
C:\WINDOWS\SYSTEM32\m4820e~1.dll Mon Jan 17 2005 7:05:28p ..S.R 226,229 220.93 K
C:\WINDOWS\SYSTEM32\m828li~1.dll Sat Jan 8 2005 6:10:42p ..S.R 224,535 219.27 K
C:\WINDOWS\SYSTEM32\m8640i~1.dll Sat Jan 8 2005 8:04:48p ..S.R 223,175 217.94 K
C:\WINDOWS\SYSTEM32\m864li~1.dll Thu Dec 16 2004 11:04:34p ..S.R 224,520 219.26 K
C:\WINDOWS\SYSTEM32\mv2ol9~1.dll Sun Dec 19 2004 2:00:52a ..S.R 224,836 219.57 K
C:\WINDOWS\SYSTEM32\mvjul9~1.dll Mon Dec 20 2004 5:58:28p ..S.R 222,703 217.48 K
C:\WINDOWS\SYSTEM32\n26q0c~1.dll Fri Dec 17 2004 6:11:44p ..S.R 224,520 219.26 K
C:\WINDOWS\SYSTEM32\n42ule~1.dll Sat Dec 18 2004 5:41:12p ..S.R 224,961 219.69 K
C:\WINDOWS\SYSTEM32\n6n6lg~1.dll Tue Dec 21 2004 12:57:42a ..S.R 224,311 219.05 K
C:\WINDOWS\SYSTEM32\nhwrsde.dll Sat Dec 18 2004 7:22:50a ..S.R 223,132 217.90 K
C:\WINDOWS\SYSTEM32\p28q0c~1.dll Wed Dec 15 2004 11:08:24p ..S.R 224,520 219.26 K
C:\WINDOWS\SYSTEM32\p4p6le~1.dll Thu Dec 16 2004 3:59:20p ..S.R 224,520 219.26 K
C:\WINDOWS\SYSTEM32\p8r4li~1.dll Thu Jan 20 2005 4:41:26p ..S.R 223,209 217.98 K
C:\WINDOWS\SYSTEM32\pcpoops2.dll Wed Jan 19 2005 12:59:12a ..S.R 222,554 217.34 K
C:\WINDOWS\SYSTEM32\pi8q0c~1.dll Sat Dec 18 2004 5:32:04p ..S.R 225,165 219.89 K
C:\WINDOWS\SYSTEM32\ruvpsp.dll Sat Dec 18 2004 5:59:32p ..S.R 223,037 217.81 K
________________________________________________

1,372 items found: 1,372 files (57 H/S), 0 directories.
Total of file sizes: 274,904,496 bytes 262.17 M

Administrator Account = True

--------------------End log--------------------

* silent runners *

"Silent Runners.vbs", revision 29, launched at: 18:23
Output limited to non-default values, except where indicated by "{++}"
Operating System: Windows XP

Startup items buried in registry:
---------------------------------

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> CLSID InProcServer32 resolves to: "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> CLSID InProcServer32 resolves to: "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [file not found]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> CLSID InProcServer32 resolves to: "C:\Program Files\Microsoft Office\Office10\msohev.dll" [file not found]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> CLSID InProcServer32 resolves to: "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\NVCPL.DLL" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> CLSID InProcServer32 resolves to: "C:\Program Files\WinRAR\rarext.dll" [null data]
"{1C7493B8-ADF8-4A8A-B48A-53AFE918B117}" = (no title provided)
-> CLSID InProcServer32 resolves to: "blank" [file not found]
"{1406A802-54FA-4D11-88A0-B4C7F9468685}" = (no title provided)
-> CLSID InProcServer32 resolves to: "blank" [file not found]
"{C7A441C1-9EC5-457C-9802-7D57ED9FFEEF}" = (no title provided)
-> CLSID InProcServer32 resolves to: "blank" [file not found]
"{3C99EB25-125C-4CD7-9481-C897C2C8B111}" = (no title provided)
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\system32\lUprxy.dll" [null data]
"{64302F22-1A89-4955-ACD1-2913B793C311}" = (no title provided)
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\system32\wwspdmod.dll" [null data]
"{FFB4856B-3197-43C7-86B1-6217BE50E191}" = (no title provided)
-> CLSID InProcServer32 resolves to: "blank" [file not found]
"{30E090EB-6C52-412D-A40B-2D9DA4CB93B9}" = (no title provided)
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\system32\wlpsrcwp.dll" [null data]
"{D2E6C52C-F6A9-4DA9-AF33-4DD2466BC2CE}" = (no title provided)
-> CLSID InProcServer32 resolves to: "blank" [file not found]
"{3723FED2-9031-46E1-A30A-D5046114B43A}" = (no title provided)
-> CLSID InProcServer32 resolves to: "blank" [file not found]
"{FA16833A-1D28-44E0-B1ED-004644009591}" = (no title provided)
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\system32\mwiole32.dll" [null data]
"{89CC7B4E-0A4D-4C20-A1B6-E440CAC9E733}" = (no title provided)
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\system32\guard.tmp" [null data]
"{35D3B0BE-9754-4AA5-9C55-444C2FF54D9B}" = (no title provided)
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\system32\mklogmgr.dll" [null data]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> CLSID InProcServer32 resolves to: "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> CLSID InProcServer32 resolves to: "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{AEA6995A-2D31-4790-8866-4FA6F8F596F5}" = (no title provided)
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\system32\hW23msp.dll" [file not found]
"{B9626865-10A6-4839-A015-4DA33D162839}" = (no title provided)
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\system32\guard.tmp" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! "Applets\DLLName" = "C:\WINDOWS\system32\enlsl1371.dll" [null data]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]

----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------

* findit output.txt *

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is 8403-2473

Directory of C:\WINDOWS\System32

01/20/2005 05:04 PM <DIR> dllcache
01/20/2005 04:47 PM 225,689 dnnu0159e.dll
01/20/2005 04:41 PM 223,209 p8r4li9q18.dll
01/20/2005 03:34 PM 225,689 enlsl1371.dll
01/20/2005 03:02 PM 225,172 l06o0aj3edo.dll
01/19/2005 12:59 AM 222,554 PcpOops2.dll
01/19/2005 12:21 AM 225,945 ir48l5hu1.dll
01/17/2005 07:25 PM 222,733 h0n0la5m1d.dll
01/17/2005 07:05 PM 226,229 m4820eloehqc0.dll
01/16/2005 12:16 PM 223,812 azam0c11ef.dll
01/15/2005 06:15 PM 223,636 i6240gfqe62e0.dll
01/14/2005 11:43 AM 223,210 lv2m09f1e.dll
01/11/2005 06:11 AM 401,408 ?ti2evxx.exe
01/08/2005 08:19 PM 224,223 i6jqlg1516.dll
01/08/2005 08:04 PM 223,175 m8640ijqe8oe0.dll
01/08/2005 06:10 PM 224,535 m828lifu1828.dll
01/07/2005 12:14 AM 225,987 l64q0gh5e64.dll
01/01/2005 03:52 AM 225,441 dxnaddr.dll
12/30/2004 04:47 AM 224,311 enpml1711.dll
12/28/2004 10:39 AM 225,396 ennol1531.dll
12/28/2004 10:37 AM 224,916 i8loli3318.dll
12/28/2004 05:26 AM 224,311 jt6u07j9e.dll
12/21/2004 05:23 AM 224,311 irj2l51o1.dll
12/21/2004 12:57 AM 224,311 n6n6lg5s16.dll
12/21/2004 12:55 AM 224,311 k4620ejoehoc0.dll
12/20/2004 05:58 PM 222,703 mvjul9191.dll
12/20/2004 03:08 AM 224,700 ktrul7991.dll
12/19/2004 04:52 PM 222,909 h4l20e3oeh.dll
12/19/2004 04:32 PM 224,033 k8noli5318.dll
12/19/2004 08:07 AM 225,992 j8l40i3qe8.dll
12/19/2004 07:39 AM 225,554 lUprxy.dll
12/19/2004 02:00 AM 224,836 mv2ol9f31.dll
12/18/2004 06:10 PM 223,178 d8j0li1m18.dll
12/18/2004 05:59 PM 223,037 ruvpsp.dll
12/18/2004 05:41 PM 223,037 cpm.dll
12/18/2004 05:41 PM 224,961 n42ulef91h2.dll
12/18/2004 05:32 PM 225,165 pI8q0cl5efq.dll
12/18/2004 05:22 PM 223,132 igjp81k.dll
12/18/2004 02:54 PM 223,132 dwcompos.dll
12/18/2004 07:22 AM 223,132 nhwrsde.dll
12/18/2004 07:22 AM 223,336 e4020edoeh0c0.dll
12/18/2004 05:55 AM 224,520 gdtext.dll
12/17/2004 09:45 PM 225,571 enn0l15m1.dll
12/17/2004 06:41 PM 224,520 jtpo0773e.dll
12/17/2004 06:11 PM 224,520 n26q0cj5efo.dll
12/16/2004 11:04 PM 224,520 m864lijq18oe.dll
12/16/2004 04:06 PM 224,520 k6260gfse6260.dll
12/16/2004 03:59 PM 224,520 p4p6le7s1h.dll
12/16/2004 03:44 PM 224,520 kt26l7fs1.dll
12/16/2004 03:42 PM 224,520 aza6l3hs1.dll
12/15/2004 11:37 PM 224,520 e2jm0c11ef.dll
12/15/2004 11:08 PM 224,520 p28q0cl5efq.dll
12/15/2004 03:37 PM 224,520 dn4401hqe.dll
12/13/2004 03:27 PM 224,520 fn2021fmg.dll
12/13/2004 03:11 PM 224,210 gp46l3hs1.dll
12/13/2004 02:01 PM 225,570 l06olaj31do.dll
12/12/2004 10:33 PM 223,827 irjsl5171.dll
12/12/2004 10:33 PM 224,736 h40qled51h0.dll
12/12/2004 03:00 PM 223,736 h40q0ed5eh0.dll
58 File(s) 13,189,241 bytes
1 Dir(s) 20,127,576,064 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is 8403-2473

Directory of C:\WINDOWS\System32

01/20/2005 05:04 PM <DIR> dllcache
01/16/2005 08:15 PM <DIR> GroupPolicy
01/16/2005 07:27 PM 49,152 ykhg.exe
01/11/2005 06:11 AM 401,408 ?ti2evxx.exe
2 File(s) 450,560 bytes
2 Dir(s) 20,127,571,968 bytes free

---------- Files Named "Guard" -------------

Volume in drive C has no label.
Volume Serial Number is 8403-2473

Directory of C:\WINDOWS\System32

01/20/2005 04:55 PM 225,689 guard.tmp
1 File(s) 225,689 bytes
0 Dir(s) 20,127,571,968 bytes free

--------- Temp Files in System32 Directory --------

Volume in drive C has no label.
Volume Serial Number is 8403-2473

Directory of C:\WINDOWS\System32

01/20/2005 04:55 PM 225,689 guard.tmp
1 File(s) 225,689 bytes
0 Dir(s) 20,127,571,968 bytes free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{C51E540C-C0FE-484C-AA63-00E552C043B0}"=""

------------ Keys Under Notify ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Applets]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\enlsl1371.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

---------------- Xfind Results -----------------

C:\WINDOWS\System32\DNNU01~1.DLL +++ File read error

-------------- Locate.com Results ---------------

C:\WINDOWS\SYSTEM32\
azam0c~1.dll Sun Jan 16 2005 12:16:58p ..S.R 223,812 218.57 K
dnnu01~1.dll Thu Jan 20 2005 4:47:16p ..S.R 225,689 220.40 K
dxnaddr.dll Sat Jan 1 2005 3:52:02a ..S.R 225,441 220.16 K
enlsl1~1.dll Thu Jan 20 2005 3:34:32p ..S.R 225,689 220.40 K
ennol1~1.dll Tue Dec 28 2004 10:39:34a ..S.R 225,396 220.11 K
enpml1~1.dll Thu Dec 30 2004 4:48:00a ..S.R 224,311 219.05 K
h0n0la~1.dll Mon Jan 17 2005 7:25:44p ..S.R 222,733 217.51 K
i6240g~1.dll Sat Jan 15 2005 6:15:10p ..S.R 223,636 218.39 K
i6jqlg~1.dll Sat Jan 8 2005 8:19:18p ..S.R 224,223 218.96 K
i8loli~1.dll Tue Dec 28 2004 10:37:54a ..S.R 224,916 219.64 K
ir48l5~1.dll Wed Jan 19 2005 12:21:56a ..S.R 225,945 220.65 K
irj2l5~1.dll Tue Dec 21 2004 5:23:06a ..S.R 224,311 219.05 K
jt6u07~1.dll Tue Dec 28 2004 5:26:44a ..S.R 224,311 219.05 K
k4620e~1.dll Tue Dec 21 2004 12:55:24a ..S.R 224,311 219.05 K
l06o0a~1.dll Thu Jan 20 2005 3:02:40p ..S.R 225,172 219.89 K
l64q0g~1.dll Fri Jan 7 2005 12:14:36a ..S.R 225,987 220.69 K
lv2m09~1.dll Fri Jan 14 2005 11:43:22a ..S.R 223,210 217.98 K
m4820e~1.dll Mon Jan 17 2005 7:05:28p ..S.R 226,229 220.93 K
m828li~1.dll Sat Jan 8 2005 6:10:42p ..S.R 224,535 219.27 K
m8640i~1.dll Sat Jan 8 2005 8:04:48p ..S.R 223,175 217.94 K
n6n6lg~1.dll Tue Dec 21 2004 12:57:42a ..S.R 224,311 219.05 K
p8r4li~1.dll Thu Jan 20 2005 4:41:26p ..S.R 223,209 217.98 K
pcpoops2.dll Wed Jan 19 2005 12:59:12a ..S.R 222,554 217.34 K
ykhg.exe Sun Jan 16 2005 7:27:04p A..H. 49,152 48.00 K
ti2evx~1.exe Tue Jan 11 2005 6:11:36a ..SHR 401,408 392.00 K

25 items found: 25 files, 0 directories.
Total of file sizes: 5,613,666 bytes 5.35 M

0 Replies

You have been infected pretty badly,
But first I need to know if you had made any fix's using HJT, there should be quite a bit more showing up in your log,

0 Replies

i Just ran hijackthis like normal and saved the log. I did not make any changed in hijackthis at all.
I tried it againafter I restarted my computer.
Thank you for helping in advance.
here it is

Logfile of HijackThis v1.99.0
Scan saved at 9:22:54 PM, on 1/20/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe
C:\Documents and Settings\Jack\Desktop\HijackThis.exe

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {49FAC937-0255-417C-F5CF-DBF2A1908CCC} - (no file)
O2 - BHO: (no name) - {8E3908A9-E51A-272A-E16F-0FDF0CF1E52E} - (no file)

Please tell me what should I do. I have been stressing out with this problem for months.

0 Replies

This is very odd, You will have nothing left to your log when we are done with the removal of this infection,
I don't see a lot running in your start ups to begin with, Most noticable no Anti Virus,

But let see what we can do here to get this clean up, Then we need to get you an Anto Virus and some protection.

Print out the below instructions or say them to notepad so you have them handy,

Open Killbox, click the option Replace on Reboot & click the box Use Dummy

You'll see the path to the filename appear in the bottom box.

copy & paste 1 at a time starting.

C:\WINDOWS\SYSTEM32\dnnu0159e.dll

into the top box

Click the red X, Say yes to the message box that comes up, then say No to the next box asking you to reboot.

This is important, cause if you reboot before you are finished entering all the files, you will have to start over again.

Do the same for this entire list

C:\WINDOWS\System32\p8r4li9q18.dll
C:\WINDOWS\System32\enlsl1371.dll
C:\WINDOWS\System32\l06o0aj3edo.dll
C:\WINDOWS\System32\ PcpOops2.dll
C:\WINDOWS\System32\ ir48l5hu1.dll
C:\WINDOWS\System32\h0n0la5m1d.dll
C:\WINDOWS\System32\m4820eloehqc0.dll
C:\WINDOWS\System32\azam0c11ef.dll
C:\WINDOWS\System32\i6240gfqe62e0.dll
C:\WINDOWS\System32\lv2m09f1e.dll
C:\WINDOWS\System32\?ti2evxx.exe
C:\WINDOWS\System32\i6jqlg1516.dll
C:\WINDOWS\System32\m8640ijqe8oe0.dll
C:\WINDOWS\System32\m828lifu1828.dll
C:\WINDOWS\System32\ l64q0gh5e64.dll
C:\WINDOWS\System32\dxnaddr.dll
C:\WINDOWS\System32\enpml1711.dll
C:\WINDOWS\System32\ennol1531.dll
C:\WINDOWS\System32\i8loli3318.dll
C:\WINDOWS\System32\jt6u07j9e.dll
C:\WINDOWS\System32\ irj2l51o1.dll
C:\WINDOWS\System32\ n6n6lg5s16.dll
C:\WINDOWS\System32\k4620ejoehoc0.dll
C:\WINDOWS\System32\mvjul9191.dll
C:\WINDOWS\System32\ ktrul7991.dll
C:\WINDOWS\System32\ h4l20e3oeh.dll
C:\WINDOWS\System32\k8noli5318.dll
C:\WINDOWS\System32\j8l40i3qe8.dll
C:\WINDOWS\System32\lUprxy.dll
C:\WINDOWS\System32\ mv2ol9f31.dll
C:\WINDOWS\System32\d8j0li1m18.dll
C:\WINDOWS\System32\ruvpsp.dll
C:\WINDOWS\System32\cpm.dll
C:\WINDOWS\System32\n42ulef91h2.dll
C:\WINDOWS\System32\pI8q0cl5efq.dll
C:\WINDOWS\System32\igjp81k.dll
C:\WINDOWS\System32\dwcompos.dll
C:\WINDOWS\System32\nhwrsde.dll
C:\WINDOWS\System32\e4020edoeh0c0.dll
C:\WINDOWS\System32\gdtext.dll
C:\WINDOWS\System32\enn0l15m1.dll
C:\WINDOWS\System32\jtpo0773e.dll
C:\WINDOWS\System32\n26q0cj5efo.dll
C:\WINDOWS\System32\m864lijq18oe.dll
C:\WINDOWS\System32\k6260gfse6260.dll
C:\WINDOWS\System32\ p4p6le7s1h.dll
C:\WINDOWS\System32\kt26l7fs1.dll
C:\WINDOWS\System32\aza6l3hs1.dll
C:\WINDOWS\System32\e2jm0c11ef.dll
C:\WINDOWS\System32\ p28q0cl5efq.dll
C:\WINDOWS\System32\dn4401hqe.dll
C:\WINDOWS\System32\ fn2021fmg.dll
C:\WINDOWS\System32\gp46l3hs1.dll
C:\WINDOWS\System32\ l06olaj31do.dll
C:\WINDOWS\System32\irjsl5171.dll
C:\WINDOWS\System32\h40qled51h0.dll
C:\WINDOWS\System32\ h40q0ed5eh0.dll
C:\Windows\System32\Guard.tmp

Next,

Copy the contents of the Quote Box below to Notepad.
Click File menu -> Save and name the file as fix.reg
Change the Save as Type to All Files
Save this file on the desktop.

Quote:

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{C51E540C-C0FE-484C-AA63-00E552C043B0}"=-

Double-click on the fix.reg file you saved on your desktop, and when it prompts to merge say Yes, and this will clear some registry entries left behind by the process.

Reboot now

Open HJT put a check mark next to the following.

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {49FAC937-0255-417C-F5CF-DBF2A1908CCC} - (no file)
O2 - BHO: (no name) - {8E3908A9-E51A-272A-E16F-0FDF0CF1E52E} - (no file)

Post back a fresh Findit.zip log and a fresh HJT log please

0 Replies

hi Don,
thanks for replying,
I did all the instructions, but seems the HBO and redirect websites wont move

here is fresh HJT :

Logfile of HijackThis v1.99.0
Scan saved at 11:35:43 AM, on 1/21/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Jack\Desktop\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {49FAC937-0255-417C-F5CF-DBF2A1908CCC} - (no file)
O2 - BHO: (no name) - {8E3908A9-E51A-272A-E16F-0FDF0CF1E52E} - (no file)

* fresh findit *

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is 8403-2473

Directory of C:\WINDOWS\System32

01/21/2005 11:29 AM 56 l0r00a9med.dll
01/20/2005 09:27 PM 225,689 j44oleh31h4.dll
01/20/2005 05:04 PM <DIR> dllcache
01/19/2005 12:59 AM 222,554 PcpOops2.dll
01/19/2005 12:21 AM 225,945 ir48l5hu1.dll
01/11/2005 06:11 AM 401,408 ?ti2evxx.exe
01/07/2005 12:14 AM 225,987 l64q0gh5e64.dll
12/21/2004 05:23 AM 224,311 irj2l51o1.dll
12/21/2004 12:57 AM 224,311 n6n6lg5s16.dll
12/20/2004 03:08 AM 224,700 ktrul7991.dll
12/19/2004 04:52 PM 222,909 h4l20e3oeh.dll
12/19/2004 02:00 AM 224,836 mv2ol9f31.dll
12/16/2004 03:59 PM 224,520 p4p6le7s1h.dll
12/15/2004 11:08 PM 224,520 p28q0cl5efq.dll
12/13/2004 03:27 PM 224,520 fn2021fmg.dll
12/13/2004 02:01 PM 225,570 l06olaj31do.dll
12/12/2004 03:00 PM 223,736 h40q0ed5eh0.dll
16 File(s) 3,545,572 bytes
1 Dir(s) 20,122,259,456 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is 8403-2473

Directory of C:\WINDOWS\System32

01/20/2005 05:04 PM <DIR> dllcache
01/16/2005 08:15 PM <DIR> GroupPolicy
01/16/2005 07:27 PM 49,152 ykhg.exe
01/11/2005 06:11 AM 401,408 ?ti2evxx.exe
2 File(s) 450,560 bytes
2 Dir(s) 20,122,259,456 bytes free

---------- Files Named "Guard" -------------

Volume in drive C has no label.
Volume Serial Number is 8403-2473

Directory of C:\WINDOWS\System32

01/21/2005 11:35 AM 225,689 guard.tmp
1 File(s) 225,689 bytes
0 Dir(s) 20,122,259,456 bytes free

--------- Temp Files in System32 Directory --------

Volume in drive C has no label.
Volume Serial Number is 8403-2473

Directory of C:\WINDOWS\System32

01/21/2005 11:35 AM 225,689 guard.tmp
1 File(s) 225,689 bytes
0 Dir(s) 20,122,259,456 bytes free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{C51E540C-C0FE-484C-AA63-00E552C043B0}"=""

------------ Keys Under Notify ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Shell Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\j44oleh31h4.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

---------------- Xfind Results -----------------

C:\WINDOWS\System32\DJSCRIPT.DLL +++ File read error

-------------- Locate.com Results ---------------

C:\WINDOWS\SYSTEM32\
ir48l5~1.dll Wed Jan 19 2005 12:21:56a ..S.R 225,945 220.65 K
j44ole~1.dll Thu Jan 20 2005 9:27:34p ..S.R 225,689 220.40 K
l0r00a~1.dll Fri Jan 21 2005 11:29:36a ..S.R 56 0.05 K
l64q0g~1.dll Fri Jan 7 2005 12:14:36a ..S.R 225,987 220.69 K
pcpoops2.dll Wed Jan 19 2005 12:59:12a ..S.R 222,554 217.34 K
ykhg.exe Sun Jan 16 2005 7:27:04p A..H. 49,152 48.00 K
ti2evx~1.exe Tue Jan 11 2005 6:11:36a ..SHR 401,408 392.00 K

7 items found: 7 files, 0 directories.
Total of file sizes: 1,350,791 bytes 1.29 M

0 Replies

abc1234 Lets take a different approach with this,

Please download the following Look2me VX2 removal

Save the file to your desktop and double click l2mfix.exe.
Click the Install button to extract the files and follow the prompts,
Then open the newly added l2mfix folder on your desktop.
Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer it will take a few minutes and you may think nothing is happening but let it run, then, after a minute or 2, notepad will open with a log.
Copy the contents of that log and paste it into this thread.

0 Replies

Here you go. Thanks in advance ^^

2MFIX find log 1.02
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068f

f3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}"="Compressed (zipped) Folder"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{1C7493B8-ADF8-4A8A-B48A-53AFE918B117}"=""
"{1406A802-54FA-4D11-88A0-B4C7F9468685}"=""
"{C7A441C1-9EC5-457C-9802-7D57ED9FFEEF}"=""
"{3C99EB25-125C-4CD7-9481-C897C2C8B111}"=""
"{64302F22-1A89-4955-ACD1-2913B793C311}"=""
"{FFB4856B-3197-43C7-86B1-6217BE50E191}"=""
"{30E090EB-6C52-412D-A40B-2D9DA4CB93B9}"=""
"{D2E6C52C-F6A9-4DA9-AF33-4DD2466BC2CE}"=""
"{3723FED2-9031-46E1-A30A-D5046114B43A}"=""
"{FA16833A-1D28-44E0-B1ED-004644009591}"=""
"{6A6C9767-A685-49E3-91F6-0695CA61CA1A}"=""
"{FCCC96E0-E7DF-4C42-9B6A-F601BF302B94}"=""
"{89CC7B4E-0A4D-4C20-A1B6-E440CAC9E733}"=""
"{35D3B0BE-9754-4AA5-9C55-444C2FF54D9B}"=""
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{AEA6995A-2D31-4790-8866-4FA6F8F596F5}"=""
"{B9626865-10A6-4839-A015-4DA33D162839}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1C7493B8-ADF8-4A8A-B48A-53AFE918B117}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1C7493B8-ADF8-4A8A-B48A-53AFE918B117}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1C7493B8-ADF8-4A8A-B48A-53AFE918B117}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1C7493B8-ADF8-4A8A-B48A-53AFE918B117}\InprocServer32]
@="blank"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1406A802-54FA-4D11-88A0-B4C7F9468685}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1406A802-54FA-4D11-88A0-B4C7F9468685}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1406A802-54FA-4D11-88A0-B4C7F9468685}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1406A802-54FA-4D11-88A0-B4C7F9468685}\InprocServer32]
@="blank"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C7A441C1-9EC5-457C-9802-7D57ED9FFEEF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C7A441C1-9EC5-457C-9802-7D57ED9FFEEF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C7A441C1-9EC5-457C-9802-7D57ED9FFEEF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C7A441C1-9EC5-457C-9802-7D57ED9FFEEF}\InprocServer32]
@="blank"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3C99EB25-125C-4CD7-9481-C897C2C8B111}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3C99EB25-125C-4CD7-9481-C897C2C8B111}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3C99EB25-125C-4CD7-9481-C897C2C8B111}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3C99EB25-125C-4CD7-9481-C897C2C8B111}\InprocServer32]
@="C:\\WINDOWS\\system32\\lUprxy.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{64302F22-1A89-4955-ACD1-2913B793C311}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{64302F22-1A89-4955-ACD1-2913B793C311}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{64302F22-1A89-4955-ACD1-2913B793C311}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{64302F22-1A89-4955-ACD1-2913B793C311}\InprocServer32]
@="C:\\WINDOWS\\system32\\wwspdmod.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FFB4856B-3197-43C7-86B1-6217BE50E191}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FFB4856B-3197-43C7-86B1-6217BE50E191}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FFB4856B-3197-43C7-86B1-6217BE50E191}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FFB4856B-3197-43C7-86B1-6217BE50E191}\InprocServer32]
@="blank"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{30E090EB-6C52-412D-A40B-2D9DA4CB93B9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{30E090EB-6C52-412D-A40B-2D9DA4CB93B9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{30E090EB-6C52-412D-A40B-2D9DA4CB93B9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{30E090EB-6C52-412D-A40B-2D9DA4CB93B9}\InprocServer32]
@="C:\\WINDOWS\\system32\\wlpsrcwp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D2E6C52C-F6A9-4DA9-AF33-4DD2466BC2CE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D2E6C52C-F6A9-4DA9-AF33-4DD2466BC2CE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D2E6C52C-F6A9-4DA9-AF33-4DD2466BC2CE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D2E6C52C-F6A9-4DA9-AF33-4DD2466BC2CE}\InprocServer32]
@="blank"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3723FED2-9031-46E1-A30A-D5046114B43A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3723FED2-9031-46E1-A30A-D5046114B43A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3723FED2-9031-46E1-A30A-D5046114B43A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3723FED2-9031-46E1-A30A-D5046114B43A}\InprocServer32]
@="blank"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FA16833A-1D28-44E0-B1ED-004644009591}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FA16833A-1D28-44E0-B1ED-004644009591}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FA16833A-1D28-44E0-B1ED-004644009591}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FA16833A-1D28-44E0-B1ED-004644009591}\InprocServer32]
@="C:\\WINDOWS\\system32\\mwiole32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6A6C9767-A685-49E3-91F6-0695CA61CA1A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A6C9767-A685-49E3-91F6-0695CA61CA1A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A6C9767-A685-49E3-91F6-0695CA61CA1A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A6C9767-A685-49E3-91F6-0695CA61CA1A}\InprocServer32]
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FCCC96E0-E7DF-4C42-9B6A-F601BF302B94}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FCCC96E0-E7DF-4C42-9B6A-F601BF302B94}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FCCC96E0-E7DF-4C42-9B6A-F601BF302B94}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FCCC96E0-E7DF-4C42-9B6A-F601BF302B94}\InprocServer32]
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{89CC7B4E-0A4D-4C20-A1B6-E440CAC9E733}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{89CC7B4E-0A4D-4C20-A1B6-E440CAC9E733}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{89CC7B4E-0A4D-4C20-A1B6-E440CAC9E733}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{89CC7B4E-0A4D-4C20-A1B6-E440CAC9E733}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{35D3B0BE-9754-4AA5-9C55-444C2FF54D9B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{35D3B0BE-9754-4AA5-9C55-444C2FF54D9B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{35D3B0BE-9754-4AA5-9C55-444C2FF54D9B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{35D3B0BE-9754-4AA5-9C55-444C2FF54D9B}\InprocServer32]
@="C:\\WINDOWS\\system32\\dsskperf.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{AEA6995A-2D31-4790-8866-4FA6F8F596F5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AEA6995A-2D31-4790-8866-4FA6F8F596F5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AEA6995A-2D31-4790-8866-4FA6F8F596F5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AEA6995A-2D31-4790-8866-4FA6F8F596F5}\InprocServer32]
@="C:\\WINDOWS\\system32\\hW23msp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B9626865-10A6-4839-A015-4DA33D162839}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B9626865-10A6-4839-A015-4DA33D162839}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B9626865-10A6-4839-A015-4DA33D162839}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B9626865-10A6-4839-A015-4DA33D162839}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
aza20e~1.dll Sun Dec 19 2004 4:31:16p A.... 56 0.05 K
aza6l3~1.dll Fri Jan 21 2005 11:28:18a A.... 56 0.05 K
azam0c~1.dll Fri Jan 21 2005 11:17:52a A.... 56 0.05 K
cpm.dll Fri Jan 21 2005 11:23:18a A.... 56 0.05 K
d8j0li~1.dll Fri Jan 21 2005 11:22:14a A.... 56 0.05 K
divx.dll Tue Oct 26 2004 2:38:24p A.... 716,800 700.00 K
divxde~1.dll Tue Oct 26 2004 2:38:20p A.... 94,208 92.00 K
divxde~2.dll Tue Oct 26 2004 2:38:20p A.... 94,208 92.00 K
divxde~3.dll Tue Oct 26 2004 2:38:20p A.... 94,208 92.00 K
divx_x~1.dll Tue Oct 26 2004 2:38:20p A.... 206,336 201.50 K
divx_x~2.dll Tue Oct 26 2004 2:38:18p A.... 206,848 202.00 K
divx_x~3.dll Tue Oct 26 2004 2:38:20p A.... 528,384 516.00 K
dn4401~1.dll Fri Jan 21 2005 11:28:42a A.... 56 0.05 K
dnnu01~1.dll Fri Jan 21 2005 11:15:50a A.... 56 0.05 K
dnr801~1.dll Sun Dec 19 2004 11:07:38a A.... 56 0.05 K
dpu10.dll Tue Oct 26 2004 2:39:04p A.... 290,816 284.00 K
dpugui10.dll Tue Oct 26 2004 2:39:04p A.... 602,112 588.00 K
dpus10.dll Tue Oct 26 2004 2:39:04p A.... 335,872 328.00 K
dpv10.dll Tue Oct 26 2004 2:39:06p A.... 53,248 52.00 K
dulvx.dll Sat Jan 15 2005 4:17:02p A.... 99,328 97.00 K
dwcompos.dll Fri Jan 21 2005 11:23:50a A.... 56 0.05 K
dxnaddr.dll Fri Jan 21 2005 11:19:42a A.... 56 0.05 K
e2jm0c~1.dll Fri Jan 21 2005 11:28:26a A.... 56 0.05 K
e4020e~1.dll Fri Jan 21 2005 11:25:06a A.... 56 0.05 K
ecktm.dll Sun Jan 16 2005 7:26:26p A.... 99,328 97.00 K
enn0l1~1.dll Fri Jan 21 2005 11:25:28a A.... 56 0.05 K
ennol1~1.dll Fri Jan 21 2005 11:20:00a A.... 56 0.05 K
enpml1~1.dll Fri Jan 21 2005 11:19:52a A.... 56 0.05 K
ffeqn.dll Sun Jan 16 2005 3:36:08p A.... 99,328 97.00 K
gdtext.dll Fri Jan 21 2005 11:25:14a A.... 56 0.05 K
gold.dll Wed Dec 8 2004 3:36:04p A.... 75,776 74.00 K
gp46l3~1.dll Fri Jan 21 2005 11:28:58a A.... 56 0.05 K
h0n0la~1.dll Fri Jan 21 2005 11:17:36a A.... 56 0.05 K
h40qle~1.dll Fri Jan 21 2005 11:29:20a A.... 56 0.05 K
hp0023~1.dll Thu Jan 20 2005 3:29:30p ..... 223,209 217.98 K
i6240g~1.dll Fri Jan 21 2005 11:18:02a A.... 56 0.05 K
i6jqlg~1.dll Fri Jan 21 2005 11:18:32a A.... 56 0.05 K
i8loli~1.dll Fri Jan 21 2005 11:20:08a A.... 56 0.05 K
igjp81k.dll Fri Jan 21 2005 11:23:44a A.... 56 0.05 K
irjsl5~1.dll Fri Jan 21 2005 11:29:14a A.... 56 0.05 K
iv10b6~1.dll Tue Dec 28 2004 10:39:30a A.... 224,311 219.05 K
j8l40i~1.dll Fri Jan 21 2005 11:21:22a A.... 56 0.05 K
jigxj.dll Thu Jan 13 2005 11:09:34p A.... 98,816 96.50 K
jt6u07~1.dll Fri Jan 21 2005 11:20:16a A.... 56 0.05 K
jtpo07~1.dll Fri Jan 21 2005 11:26:08a A.... 56 0.05 K
k4620e~1.dll Fri Jan 21 2005 11:20:42a A.... 56 0.05 K
k6260g~1.dll Fri Jan 21 2005 11:27:56a A.... 56 0.05 K
k8noli~1.dll Fri Jan 21 2005 11:21:14a A.... 56 0.05 K
kt26l7~1.dll Fri Jan 21 2005 11:28:10a A.... 56 0.05 K
kt84l7~1.dll Wed Jan 12 2005 4:18:58p ..... 224,194 218.94 K
l06o0a~1.dll Fri Jan 21 2005 11:17:08a A.... 56 0.05 K
luprxy.dll Fri Jan 21 2005 11:21:30a A.... 56 0.05 K
lv2m09~1.dll Fri Jan 21 2005 11:18:10a A.... 56 0.05 K
m4820e~1.dll Fri Jan 21 2005 11:17:44a A.... 56 0.05 K
m828li~1.dll Fri Jan 21 2005 11:18:50a A.... 56 0.05 K
m8640i~1.dll Fri Jan 21 2005 11:18:40a A.... 56 0.05 K
m864li~1.dll Fri Jan 21 2005 11:26:30a A.... 56 0.05 K
mknsspc.dll Tue Dec 28 2004 10:41:20a A.... 224,311 219.05 K
msvcp71.dll Sat Dec 18 2004 5:51:00a A.... 499,712 488.00 K
mvjul9~1.dll Fri Jan 21 2005 11:20:50a A.... 56 0.05 K
mwiole32.dll Fri Jan 7 2005 11:28:32a A.... 225,441 220.16 K
n26q0c~1.dll Fri Jan 21 2005 11:26:16a A.... 56 0.05 K
n42ule~1.dll Fri Jan 21 2005 11:23:26a A.... 56 0.05 K
nhwrsde.dll Fri Jan 21 2005 11:24:58a A.... 56 0.05 K
opurl.dll Mon Jan 17 2005 10:03:40a A.... 99,328 97.00 K
p8r4li~1.dll Fri Jan 21 2005 11:16:58a A.... 56 0.05 K
pi8q0c~1.dll Fri Jan 21 2005 11:23:34a A.... 56 0.05 K
psikey.dll Tue Oct 26 2004 2:38:26p A.... 1,335,296 1.27 M
qt-mt331.dll Tue Oct 26 2004 2:39:06p A.... 3,375,104 3.22 M
ruvpsp.dll Fri Jan 21 2005 11:23:08a A.... 56 0.05 K
s6rs0g~1.dll Sun Dec 19 2004 1:47:30a A.... 224,303 219.04 K
sporder.dll Sun Dec 12 2004 2:53:16p A.... 8,464 8.27 K
thinin~1.dll Mon Dec 13 2004 4:04:06p A.... 109,568 107.00 K
txegu.dll Thu Jan 13 2005 11:10:22p A.... 99,328 97.00 K
uifsd.dll Sun Jan 16 2005 7:25:56p A.... 98,816 96.50 K
unicows.dll Tue Oct 26 2004 2:11:32p A.... 245,408 239.66 K
uukhn.dll Sun Jan 16 2005 3:35:24p A.... 98,816 96.50 K
wlpsrcwp.dll Sun Dec 19 2004 11:18:10a A.... 223,967 218.71 K
wpixn.dll Mon Jan 17 2005 10:03:18a A.... 98,816 96.50 K
wwspdmod.dll Sun Dec 19 2004 7:43:38a A.... 223,507 218.27 K
ypfhg.dll Sat Jan 15 2005 4:16:26p A.... 98,816 96.50 K

81 items found: 81 files, 0 directories.
Total of file sizes: 11,658,851 bytes 11.12 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 8403-2473

Directory of C:\WINDOWS\System32

0 Replies

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter,
next press any key to reboot your computer.
After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log.
Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

0 Replies

Help me out please, really appreciated !

Related Topics

Quick Links

My Account

able2know