To talk on Icrontic, just register!

It only takes 30 seconds.

Have an account? Sign in:

Forgot?

To reopen your thread, send a Private Message (PM) to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own thread instead.

 
Reply to Discussion Options
normal guy 1
Getting settled in
normal guy 1
5 Posts
17 May 2006, 7:17am

Help!! Adware and Pop-ups are Infuriating.

I have read the FAQs section and I've scanned my system with the updated spybot and Lava soft Ad ware programs, but the pop-ups still exist. Hello I've been having problems with frequent pop-ups that constantly interrupt me while i am using my web browsers.This happens all the time while i surf the net and it is extremely annoying. It currently affects all of my web browsers(IE Firefox Opera)

These are some of the sites that i have been plagued by.

http://www.zestyfind.com/cgi-bin/sea...?keywords=nile
http://www.mediapurchases.com/muon.html
http://www.intern-etadvertising.com/tau.html
http://www.dealiotoday.com/tau.html
http://www.buyer-shabit.com/tau.html
http://www.browserbuy-out.com/tau.html
http://ad.firstadsolution.com/rmtag2...t.com/tau.html
http://www.bigdiscountbuy.com/tau.html
http://count2.exitexchange.com/exit/1281705
://www.browserbuy-out.com/tau.html
http://www.announceme-nt.com/muon.html
http://www.wild-savings.com/tau.html
http://www.redemption-slip.com/tau.html
http://www.coupo-ns.com/tau.html

I downloaded Hijackthis and i scanned my system, while all other programs were closed and i saved the log.
This is my Hijack This log.

Logfile of HijackThis v1.99.1
Scan saved at 2:24:35 AM, on 5/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\gggg\Desktop\hijackthis\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\u0rula991d.dll
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

I am in dire need of your help. Thank you!
Trogan
Malware Remover
Trogan
7,405 Posts
17 May 2006, 7:40am
Hi normal guy 1, welcome to Short-Media

You have a Look2Me infection!


Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. Do not run the fix portion without fixing this first.
__________________ It's all 'bout Manchester United!


Proud member of ASAP since 2006

بِسۡمِ ٱللهِ ٱلرَّحۡمَـٰنِ ٱلرَّحِيم
normal guy 1
Getting settled in
normal guy 1
5 Posts
17 May 2006, 7:55am
Ok i did it




L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\n84slih7184.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{18F9FC18-4BFC-CC24-C436-5EEA282D9A5D}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{8019392E-DC2A-4BED-9F43-F6243967838F}"=""
"{177F85EF-CA11-476F-B74A-651A9ECF8AEB}"=""
"{FC7F5CEA-05CB-465C-ABA1-D7B1C0EE4B2E}"=""
"{1C6CE0CE-2002-4B89-8DAC-0CDE79913848}"=""
"{EA8EE447-1CC1-41BF-B312-BBE3CB0A208B}"=""
"{7CB9B28D-9E01-47B7-9004-935D3045BBD9}"=""
"{7F4B12CD-251C-42E4-B559-1C2BAEF02F35}"=""
"{09A084A8-4AE6-4450-9412-E8DFB63638CD}"=""
"{60255E2B-E31B-4EAE-95DE-FA3881E35AA8}"=""
"{38B5FC10-606A-4145-A293-8C6CC4B29ABD}"=""
"{1B10A595-7C40-4099-A683-46E7E8536971}"=""
"{D61C4824-C27C-47CB-BD69-04413524A275}"=""
"{68FB979E-6FD6-4E93-B485-3518D58EE8E0}"=""
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{950FF917-7A57-46BC-8017-59D9BF474000}"="Shell Extension for CDRW"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8019392E-DC2A-4BED-9F43-F6243967838F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8019392E-DC2A-4BED-9F43-F6243967838F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8019392E-DC2A-4BED-9F43-F6243967838F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8019392E-DC2A-4BED-9F43-F6243967838F}\InprocServer32]
@="C:\\WINDOWS\\system32\\dSdim.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FC7F5CEA-05CB-465C-ABA1-D7B1C0EE4B2E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FC7F5CEA-05CB-465C-ABA1-D7B1C0EE4B2E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FC7F5CEA-05CB-465C-ABA1-D7B1C0EE4B2E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FC7F5CEA-05CB-465C-ABA1-D7B1C0EE4B2E}\InprocServer32]
@="C:\\WINDOWS\\system32\\ofbc32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1C6CE0CE-2002-4B89-8DAC-0CDE79913848}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1C6CE0CE-2002-4B89-8DAC-0CDE79913848}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1C6CE0CE-2002-4B89-8DAC-0CDE79913848}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1C6CE0CE-2002-4B89-8DAC-0CDE79913848}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EA8EE447-1CC1-41BF-B312-BBE3CB0A208B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EA8EE447-1CC1-41BF-B312-BBE3CB0A208B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EA8EE447-1CC1-41BF-B312-BBE3CB0A208B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EA8EE447-1CC1-41BF-B312-BBE3CB0A208B}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7CB9B28D-9E01-47B7-9004-935D3045BBD9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7CB9B28D-9E01-47B7-9004-935D3045BBD9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7CB9B28D-9E01-47B7-9004-935D3045BBD9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7CB9B28D-9E01-47B7-9004-935D3045BBD9}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7F4B12CD-251C-42E4-B559-1C2BAEF02F35}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7F4B12CD-251C-42E4-B559-1C2BAEF02F35}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7F4B12CD-251C-42E4-B559-1C2BAEF02F35}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7F4B12CD-251C-42E4-B559-1C2BAEF02F35}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{09A084A8-4AE6-4450-9412-E8DFB63638CD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09A084A8-4AE6-4450-9412-E8DFB63638CD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09A084A8-4AE6-4450-9412-E8DFB63638CD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09A084A8-4AE6-4450-9412-E8DFB63638CD}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{60255E2B-E31B-4EAE-95DE-FA3881E35AA8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60255E2B-E31B-4EAE-95DE-FA3881E35AA8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60255E2B-E31B-4EAE-95DE-FA3881E35AA8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60255E2B-E31B-4EAE-95DE-FA3881E35AA8}\InprocServer32]
@="C:\\WINDOWS\\system32\\ogethk32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{38B5FC10-606A-4145-A293-8C6CC4B29ABD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{38B5FC10-606A-4145-A293-8C6CC4B29ABD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{38B5FC10-606A-4145-A293-8C6CC4B29ABD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{38B5FC10-606A-4145-A293-8C6CC4B29ABD}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1B10A595-7C40-4099-A683-46E7E8536971}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B10A595-7C40-4099-A683-46E7E8536971}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B10A595-7C40-4099-A683-46E7E8536971}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B10A595-7C40-4099-A683-46E7E8536971}\InprocServer32]
@="C:\\WINDOWS\\system32\\mhang.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D61C4824-C27C-47CB-BD69-04413524A275}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D61C4824-C27C-47CB-BD69-04413524A275}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D61C4824-C27C-47CB-BD69-04413524A275}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D61C4824-C27C-47CB-BD69-04413524A275}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{68FB979E-6FD6-4E93-B485-3518D58EE8E0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68FB979E-6FD6-4E93-B485-3518D58EE8E0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68FB979E-6FD6-4E93-B485-3518D58EE8E0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68FB979E-6FD6-4E93-B485-3518D58EE8E0}\InprocServer32]
@="C:\\WINDOWS\\system32\\kydcz1.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
aza801~1.dll Tue May 2 2006 6:16:36p ..S.R 233,558 228.08 K
didmo.dll Wed Apr 12 2006 9:31:38a ..S.R 235,420 229.90 K
dn4801~1.dll Mon Feb 20 2006 7:54:22p A.S.R 236,092 230.56 K
dn4o01~1.dll Mon Feb 20 2006 7:35:12p A.S.R 235,592 230.07 K
dnj801~1.dll Tue Apr 18 2006 2:41:56a ..S.R 233,582 228.11 K
dnvvox.dll Sun Feb 26 2006 12:27:40a A.S.R 237,036 231.48 K
dtprpres.dll Tue Apr 11 2006 11:52:00p ..S.R 234,222 228.73 K
en4ol1~1.dll Sun Feb 26 2006 12:26:34a A.S.R 237,036 231.48 K
f02mla~1.dll Fri Apr 14 2006 10:49:24a ..S.R 236,746 231.20 K
f2l0lc~1.dll Mon Apr 17 2006 10:50:34a ..S.R 236,746 231.20 K
fp4803~1.dll Mon Apr 17 2006 11:39:54p ..S.R 234,425 228.93 K
hr6m05~1.dll Mon Apr 17 2006 7:46:46p ..S.R 233,747 228.27 K
htl.dll Sun Apr 30 2006 8:57:00a ..S.R 234,438 228.94 K
iksso.dll Sat Apr 29 2006 10:39:10p ..S.R 237,036 231.48 K
j60slg~1.dll Mon May 15 2006 12:49:56p ..S.R 236,231 230.69 K
jnt500.dll Thu Feb 16 2006 2:29:02p A.S.R 234,018 228.53 K
kkdbu.dll Tue Apr 11 2006 7:36:18p ..S.R 237,036 231.48 K
kt42l7~1.dll Tue Feb 21 2006 2:14:22p A.S.R 236,803 231.25 K
kt88l7~1.dll Fri Feb 24 2006 9:01:54p A.S.R 234,191 228.70 K
l68mlg~1.dll Wed Apr 12 2006 4:17:14p ..S.R 234,222 228.73 K
ldngwrbk.dll Sun Apr 9 2006 6:17:18p ..S.R 237,036 231.48 K
lvj609~1.dll Sat Apr 29 2006 11:47:32p ..S.R 237,036 231.48 K
m0pola~1.dll Mon Feb 20 2006 6:15:22p A.S.R 234,018 228.53 K
mkc42u.dll Thu Feb 16 2006 12:24:44p A.S.R 234,018 228.53 K
mv66l9~1.dll Mon Feb 20 2006 6:19:42p A.S.R 236,920 231.37 K
n48ole~1.dll Sun Feb 26 2006 12:56:08a A.S.R 233,940 228.46 K
n6r2lg~1.dll Tue May 16 2006 2:05:04a ..S.R 234,888 229.38 K
n84sli~1.dll Tue May 16 2006 2:04:04a ..S.R 236,636 231.09 K
o084la~1.dll Thu Feb 23 2006 12:24:56p A.S.R 237,036 231.48 K
o8roli~1.dll Sun May 14 2006 5:15:50a ..S.R 234,438 228.94 K
ofbc32.dll Thu Feb 16 2006 2:42:58p A.S.R 234,018 228.53 K
p6n80g~1.dll Sun Feb 26 2006 12:58:08a A.S.R 237,036 231.48 K
r8r60i~1.dll Mon Feb 20 2006 2:33:26a A.S.R 234,716 229.21 K
rpaenh.dll Sat May 6 2006 1:54:02p ..S.R 234,438 228.94 K
shmsg.dll Tue Apr 11 2006 7:39:18p ..S.R 234,222 228.73 K
snsvc.dll Sun Apr 9 2006 4:15:58p ..S.R 237,036 231.48 K
srsvcs.dll Mon Feb 20 2006 1:39:30a A.S.R 234,923 229.41 K
syclient.dll Sat May 6 2006 1:53:36a ..S.R 234,438 228.94 K
t0r80a~1.dll Thu Apr 13 2006 1:12:32p ..S.R 235,420 229.90 K
tvcfgwmi.dll Sun Feb 26 2006 12:56:08a A.S.R 237,036 231.48 K
vvipxspx.dll Sun May 14 2006 10:03:56p ..S.R 236,231 230.69 K
wwcltui.dll Mon Apr 17 2006 5:49:44p ..S.R 236,746 231.20 K

42 items found: 42 files (42 H/S), 0 directories.
Total of file sizes: 9,890,403 bytes 9.43 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Tue May 16 2006 4:11:06p ..S.R 236,636 231.09 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 236,636 bytes 231.09 K
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 307D-7974

Directory of C:\WINDOWS\System32

05/17/2006 01:45 AM <DIR> ..
05/17/2006 01:45 AM <DIR> .
05/16/2006 04:11 PM 236,636 guard.tmp
05/16/2006 02:05 AM 234,888 n6r2lg9o16.dll
05/16/2006 02:04 AM 236,636 n84slih7184.dll
05/15/2006 12:49 PM 236,231 j60slgd7160.dll
05/14/2006 10:03 PM 236,231 vvipxspx.dll
05/14/2006 05:15 AM 234,438 o8roli9318.dll
05/06/2006 01:54 PM 234,438 rpaenh.dll
05/06/2006 01:53 AM 234,438 syclient.dll
05/02/2006 06:16 PM 233,558 aza801hue.dll
04/30/2006 08:56 AM 234,438 hTl.dll
04/29/2006 11:47 PM 237,036 lvj6091se.dll
04/29/2006 10:39 PM 237,036 iksso.dll
04/29/2006 10:14 PM <DIR> dllcache
04/18/2006 02:41 AM 233,582 dnj8011ue.dll
04/17/2006 11:39 PM 234,425 fp4803hue.dll
04/17/2006 07:46 PM 233,747 hr6m05j1e.dll
04/17/2006 05:49 PM 236,746 wwcltui.dll
04/17/2006 10:50 AM 236,746 f2l0lc3m1f.dll
04/14/2006 10:49 AM 236,746 f02mlaf11d2.dll
04/13/2006 01:12 PM 235,420 t0r80a9ued.dll
04/12/2006 04:17 PM 234,222 l68mlgl116q.dll
04/12/2006 09:31 AM 235,420 didmo.dll
04/11/2006 11:51 PM 234,222 dtprpres.dll
04/11/2006 07:39 PM 234,222 shmsg.dll
04/11/2006 07:36 PM 237,036 kkdbu.dll
04/09/2006 06:17 PM 237,036 lDngwrbk.dll
04/09/2006 04:15 PM 237,036 snsvc.dll
04/09/2006 03:33 PM <DIR> Microsoft
02/26/2006 12:58 AM 237,036 p6n80g5ue6.dll
02/26/2006 12:56 AM 237,036 tvcfgwmi.dll
02/26/2006 12:56 AM 233,940 n48olel31hq.dll
02/26/2006 12:27 AM 237,036 dnvvox.dll
02/26/2006 12:26 AM 237,036 en4ol1h31.dll
02/24/2006 09:01 PM 234,191 kt88l7lu1.dll
02/23/2006 12:24 PM 237,036 o084lalq1dqe.dll
02/21/2006 02:14 PM 236,803 kt42l7ho1.dll
02/20/2006 07:54 PM 236,092 dn4801hue.dll
02/20/2006 07:35 PM 235,592 dn4o01h3e.dll
02/20/2006 06:19 PM 236,920 mv66l9js1.dll
02/20/2006 06:15 PM 234,018 m0pola731d.dll
02/20/2006 02:33 AM 234,716 r8r60i9se8.dll
02/20/2006 01:39 AM 234,923 srsvcs.dll
02/16/2006 02:42 PM 234,018 ofbc32.dll
02/16/2006 02:29 PM 234,018 jnt500.dll
02/16/2006 12:24 PM 234,018 mkc42u.dll
02/15/2006 11:53 PM 234,018 fppq0375e.dll
02/15/2006 02:23 AM 236,877 f0j20a1oed.dll
02/06/2006 02:20 PM 236,094 jr2025fmg.dll
02/06/2006 12:39 PM 235,895 m628lgfu1628.dll
02/05/2006 10:10 AM 234,697 k8260ifse8260.dll
02/05/2006 07:26 AM 234,986 jtju0719e.dll
02/05/2006 03:04 AM 235,930 en68l1ju1.dll
02/05/2006 02:53 AM 234,648 lvpq0975e.dll
02/05/2006 01:27 AM 235,937 q868liju18o8.dll
02/05/2006 01:16 AM 234,470 dn0401dqe.dll
02/04/2006 10:57 AM 234,669 jtro0793e.dll
02/03/2006 01:36 PM 236,181 mv0ul9d91.dll
02/03/2006 06:15 AM 234,379 k426lefs1h26.dll
02/03/2006 06:01 AM 234,379 jt0m07d1e.dll
57 File(s) 13,420,199 bytes
4 Dir(s) 20,364,984,320 bytes free
Trogan
Malware Remover
Trogan
7,405 Posts
17 May 2006, 7:56am
Thanks for posting the log!

Next, close any browsers and programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. It will process then start. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
If after the reboot the log does not open double click on it in the l2mfix folder.
normal guy 1
Getting settled in
normal guy 1
5 Posts
17 May 2006, 8:22am
oki did what you said but when i looked in the folder i saw two notepads im not sure which one is the !st log i did and which one is the log you told me to do a while ago. and i also did the hijack this log




im not sure of this is the newest log or if this is the same log i sent you before. this one was the notepad with the heading called log.


L2mfix 051206
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (164 bytes security) (deflated 72%)



This is the notepad with the look2me heading.im not sure if this is the first log i did or if this is log you told me to do awhile ago.

L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\n84slih7184.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{18F9FC18-4BFC-CC24-C436-5EEA282D9A5D}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{8019392E-DC2A-4BED-9F43-F6243967838F}"=""
"{177F85EF-CA11-476F-B74A-651A9ECF8AEB}"=""
"{FC7F5CEA-05CB-465C-ABA1-D7B1C0EE4B2E}"=""
"{1C6CE0CE-2002-4B89-8DAC-0CDE79913848}"=""
"{EA8EE447-1CC1-41BF-B312-BBE3CB0A208B}"=""
"{7CB9B28D-9E01-47B7-9004-935D3045BBD9}"=""
"{7F4B12CD-251C-42E4-B559-1C2BAEF02F35}"=""
"{09A084A8-4AE6-4450-9412-E8DFB63638CD}"=""
"{60255E2B-E31B-4EAE-95DE-FA3881E35AA8}"=""
"{38B5FC10-606A-4145-A293-8C6CC4B29ABD}"=""
"{1B10A595-7C40-4099-A683-46E7E8536971}"=""
"{D61C4824-C27C-47CB-BD69-04413524A275}"=""
"{68FB979E-6FD6-4E93-B485-3518D58EE8E0}"=""
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{950FF917-7A57-46BC-8017-59D9BF474000}"="Shell Extension for CDRW"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8019392E-DC2A-4BED-9F43-F6243967838F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8019392E-DC2A-4BED-9F43-F6243967838F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8019392E-DC2A-4BED-9F43-F6243967838F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8019392E-DC2A-4BED-9F43-F6243967838F}\InprocServer32]
@="C:\\WINDOWS\\system32\\dSdim.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FC7F5CEA-05CB-465C-ABA1-D7B1C0EE4B2E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FC7F5CEA-05CB-465C-ABA1-D7B1C0EE4B2E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FC7F5CEA-05CB-465C-ABA1-D7B1C0EE4B2E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FC7F5CEA-05CB-465C-ABA1-D7B1C0EE4B2E}\InprocServer32]
@="C:\\WINDOWS\\system32\\ofbc32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1C6CE0CE-2002-4B89-8DAC-0CDE79913848}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1C6CE0CE-2002-4B89-8DAC-0CDE79913848}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1C6CE0CE-2002-4B89-8DAC-0CDE79913848}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1C6CE0CE-2002-4B89-8DAC-0CDE79913848}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EA8EE447-1CC1-41BF-B312-BBE3CB0A208B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EA8EE447-1CC1-41BF-B312-BBE3CB0A208B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EA8EE447-1CC1-41BF-B312-BBE3CB0A208B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EA8EE447-1CC1-41BF-B312-BBE3CB0A208B}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7CB9B28D-9E01-47B7-9004-935D3045BBD9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7CB9B28D-9E01-47B7-9004-935D3045BBD9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7CB9B28D-9E01-47B7-9004-935D3045BBD9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7CB9B28D-9E01-47B7-9004-935D3045BBD9}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7F4B12CD-251C-42E4-B559-1C2BAEF02F35}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7F4B12CD-251C-42E4-B559-1C2BAEF02F35}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7F4B12CD-251C-42E4-B559-1C2BAEF02F35}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7F4B12CD-251C-42E4-B559-1C2BAEF02F35}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{09A084A8-4AE6-4450-9412-E8DFB63638CD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09A084A8-4AE6-4450-9412-E8DFB63638CD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09A084A8-4AE6-4450-9412-E8DFB63638CD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09A084A8-4AE6-4450-9412-E8DFB63638CD}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{60255E2B-E31B-4EAE-95DE-FA3881E35AA8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60255E2B-E31B-4EAE-95DE-FA3881E35AA8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60255E2B-E31B-4EAE-95DE-FA3881E35AA8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60255E2B-E31B-4EAE-95DE-FA3881E35AA8}\InprocServer32]
@="C:\\WINDOWS\\system32\\ogethk32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{38B5FC10-606A-4145-A293-8C6CC4B29ABD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{38B5FC10-606A-4145-A293-8C6CC4B29ABD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{38B5FC10-606A-4145-A293-8C6CC4B29ABD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{38B5FC10-606A-4145-A293-8C6CC4B29ABD}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1B10A595-7C40-4099-A683-46E7E8536971}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B10A595-7C40-4099-A683-46E7E8536971}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B10A595-7C40-4099-A683-46E7E8536971}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B10A595-7C40-4099-A683-46E7E8536971}\InprocServer32]
@="C:\\WINDOWS\\system32\\mhang.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D61C4824-C27C-47CB-BD69-04413524A275}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D61C4824-C27C-47CB-BD69-04413524A275}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D61C4824-C27C-47CB-BD69-04413524A275}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D61C4824-C27C-47CB-BD69-04413524A275}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{68FB979E-6FD6-4E93-B485-3518D58EE8E0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68FB979E-6FD6-4E93-B485-3518D58EE8E0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68FB979E-6FD6-4E93-B485-3518D58EE8E0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68FB979E-6FD6-4E93-B485-3518D58EE8E0}\InprocServer32]
@="C:\\WINDOWS\\system32\\kydcz1.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
aza801~1.dll Tue May 2 2006 6:16:36p ..S.R 233,558 228.08 K
didmo.dll Wed Apr 12 2006 9:31:38a ..S.R 235,420 229.90 K
dn4801~1.dll Mon Feb 20 2006 7:54:22p A.S.R 236,092 230.56 K
dn4o01~1.dll Mon Feb 20 2006 7:35:12p A.S.R 235,592 230.07 K
dnj801~1.dll Tue Apr 18 2006 2:41:56a ..S.R 233,582 228.11 K
dnvvox.dll Sun Feb 26 2006 12:27:40a A.S.R 237,036 231.48 K
dtprpres.dll Tue Apr 11 2006 11:52:00p ..S.R 234,222 228.73 K
en4ol1~1.dll Sun Feb 26 2006 12:26:34a A.S.R 237,036 231.48 K
f02mla~1.dll Fri Apr 14 2006 10:49:24a ..S.R 236,746 231.20 K
f2l0lc~1.dll Mon Apr 17 2006 10:50:34a ..S.R 236,746 231.20 K
fp4803~1.dll Mon Apr 17 2006 11:39:54p ..S.R 234,425 228.93 K
hr6m05~1.dll Mon Apr 17 2006 7:46:46p ..S.R 233,747 228.27 K
htl.dll Sun Apr 30 2006 8:57:00a ..S.R 234,438 228.94 K
iksso.dll Sat Apr 29 2006 10:39:10p ..S.R 237,036 231.48 K
j60slg~1.dll Mon May 15 2006 12:49:56p ..S.R 236,231 230.69 K
jnt500.dll Thu Feb 16 2006 2:29:02p A.S.R 234,018 228.53 K
kkdbu.dll Tue Apr 11 2006 7:36:18p ..S.R 237,036 231.48 K
kt42l7~1.dll Tue Feb 21 2006 2:14:22p A.S.R 236,803 231.25 K
kt88l7~1.dll Fri Feb 24 2006 9:01:54p A.S.R 234,191 228.70 K
l68mlg~1.dll Wed Apr 12 2006 4:17:14p ..S.R 234,222 228.73 K
ldngwrbk.dll Sun Apr 9 2006 6:17:18p ..S.R 237,036 231.48 K
lvj609~1.dll Sat Apr 29 2006 11:47:32p ..S.R 237,036 231.48 K
m0pola~1.dll Mon Feb 20 2006 6:15:22p A.S.R 234,018 228.53 K
mkc42u.dll Thu Feb 16 2006 12:24:44p A.S.R 234,018 228.53 K
mv66l9~1.dll Mon Feb 20 2006 6:19:42p A.S.R 236,920 231.37 K
n48ole~1.dll Sun Feb 26 2006 12:56:08a A.S.R 233,940 228.46 K
n6r2lg~1.dll Tue May 16 2006 2:05:04a ..S.R 234,888 229.38 K
n84sli~1.dll Tue May 16 2006 2:04:04a ..S.R 236,636 231.09 K
o084la~1.dll Thu Feb 23 2006 12:24:56p A.S.R 237,036 231.48 K
o8roli~1.dll Sun May 14 2006 5:15:50a ..S.R 234,438 228.94 K
ofbc32.dll Thu Feb 16 2006 2:42:58p A.S.R 234,018 228.53 K
p6n80g~1.dll Sun Feb 26 2006 12:58:08a A.S.R 237,036 231.48 K
r8r60i~1.dll Mon Feb 20 2006 2:33:26a A.S.R 234,716 229.21 K
rpaenh.dll Sat May 6 2006 1:54:02p ..S.R 234,438 228.94 K
shmsg.dll Tue Apr 11 2006 7:39:18p ..S.R 234,222 228.73 K
snsvc.dll Sun Apr 9 2006 4:15:58p ..S.R 237,036 231.48 K
srsvcs.dll Mon Feb 20 2006 1:39:30a A.S.R 234,923 229.41 K
syclient.dll Sat May 6 2006 1:53:36a ..S.R 234,438 228.94 K
t0r80a~1.dll Thu Apr 13 2006 1:12:32p ..S.R 235,420 229.90 K
tvcfgwmi.dll Sun Feb 26 2006 12:56:08a A.S.R 237,036 231.48 K
vvipxspx.dll Sun May 14 2006 10:03:56p ..S.R 236,231 230.69 K
wwcltui.dll Mon Apr 17 2006 5:49:44p ..S.R 236,746 231.20 K

42 items found: 42 files (42 H/S), 0 directories.
Total of file sizes: 9,890,403 bytes 9.43 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Tue May 16 2006 4:11:06p ..S.R 236,636 231.09 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 236,636 bytes 231.09 K
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 307D-7974

Directory of C:\WINDOWS\System32

05/17/2006 01:45 AM <DIR> ..
05/17/2006 01:45 AM <DIR> .
05/16/2006 04:11 PM 236,636 guard.tmp
05/16/2006 02:05 AM 234,888 n6r2lg9o16.dll
05/16/2006 02:04 AM 236,636 n84slih7184.dll
05/15/2006 12:49 PM 236,231 j60slgd7160.dll
05/14/2006 10:03 PM 236,231 vvipxspx.dll
05/14/2006 05:15 AM 234,438 o8roli9318.dll
05/06/2006 01:54 PM 234,438 rpaenh.dll
05/06/2006 01:53 AM 234,438 syclient.dll
05/02/2006 06:16 PM 233,558 aza801hue.dll
04/30/2006 08:56 AM 234,438 hTl.dll
04/29/2006 11:47 PM 237,036 lvj6091se.dll
04/29/2006 10:39 PM 237,036 iksso.dll
04/29/2006 10:14 PM <DIR> dllcache
04/18/2006 02:41 AM 233,582 dnj8011ue.dll
04/17/2006 11:39 PM 234,425 fp4803hue.dll
04/17/2006 07:46 PM 233,747 hr6m05j1e.dll
04/17/2006 05:49 PM 236,746 wwcltui.dll
04/17/2006 10:50 AM 236,746 f2l0lc3m1f.dll
04/14/2006 10:49 AM 236,746 f02mlaf11d2.dll
04/13/2006 01:12 PM 235,420 t0r80a9ued.dll
04/12/2006 04:17 PM 234,222 l68mlgl116q.dll
04/12/2006 09:31 AM 235,420 didmo.dll
04/11/2006 11:51 PM 234,222 dtprpres.dll
04/11/2006 07:39 PM 234,222 shmsg.dll
04/11/2006 07:36 PM 237,036 kkdbu.dll
04/09/2006 06:17 PM 237,036 lDngwrbk.dll
04/09/2006 04:15 PM 237,036 snsvc.dll
04/09/2006 03:33 PM <DIR> Microsoft
02/26/2006 12:58 AM 237,036 p6n80g5ue6.dll
02/26/2006 12:56 AM 237,036 tvcfgwmi.dll
02/26/2006 12:56 AM 233,940 n48olel31hq.dll
02/26/2006 12:27 AM 237,036 dnvvox.dll
02/26/2006 12:26 AM 237,036 en4ol1h31.dll
02/24/2006 09:01 PM 234,191 kt88l7lu1.dll
02/23/2006 12:24 PM 237,036 o084lalq1dqe.dll
02/21/2006 02:14 PM 236,803 kt42l7ho1.dll
02/20/2006 07:54 PM 236,092 dn4801hue.dll
02/20/2006 07:35 PM 235,592 dn4o01h3e.dll
02/20/2006 06:19 PM 236,920 mv66l9js1.dll
02/20/2006 06:15 PM 234,018 m0pola731d.dll
02/20/2006 02:33 AM 234,716 r8r60i9se8.dll
02/20/2006 01:39 AM 234,923 srsvcs.dll
02/16/2006 02:42 PM 234,018 ofbc32.dll
02/16/2006 02:29 PM 234,018 jnt500.dll
02/16/2006 12:24 PM 234,018 mkc42u.dll
02/15/2006 11:53 PM 234,018 fppq0375e.dll
02/15/2006 02:23 AM 236,877 f0j20a1oed.dll
02/06/2006 02:20 PM 236,094 jr2025fmg.dll
02/06/2006 12:39 PM 235,895 m628lgfu1628.dll
02/05/2006 10:10 AM 234,697 k8260ifse8260.dll
02/05/2006 07:26 AM 234,986 jtju0719e.dll
02/05/2006 03:04 AM 235,930 en68l1ju1.dll
02/05/2006 02:53 AM 234,648 lvpq0975e.dll
02/05/2006 01:27 AM 235,937 q868liju18o8.dll
02/05/2006 01:16 AM 234,470 dn0401dqe.dll
02/04/2006 10:57 AM 234,669 jtro0793e.dll
02/03/2006 01:36 PM 236,181 mv0ul9d91.dll
02/03/2006 06:15 AM 234,379 k426lefs1h26.dll
02/03/2006 06:01 AM 234,379 jt0m07d1e.dll
57 File(s) 13,420,199 bytes
4 Dir(s) 20,364,984,320 bytes free

Hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 2:20:55 AM, on 5/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Opera\Opera.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\gggg\Desktop\hijackthis\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\n84slih7184.dll
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

Which log is the 1st one and which log is the one you told me to do awhile ago
Trogan
Malware Remover
Trogan
7,405 Posts
17 May 2006, 6:47pm
That isn't the correct logfile. Post the other one in your next reply.

For now, please do the following:

Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\n84slih7184.dll

- Close ALL open windows (especially Internet Explorer!)
Click Fix Checked


Reboot your computer and post a new HJT log, along with the other file please.
normal guy 1
Getting settled in
normal guy 1
5 Posts
17 May 2006, 8:58pm
Ok i did exactly what you told me to do.



This is the new Hjt log.

Logfile of HijackThis v1.99.1
Scan saved at 2:46:42 PM, on 5/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\gggg\Desktop\hijackthis\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

and this is the other file that you told me to send.

L2mfix 051206
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!
Killing 'smss.exe'
\SystemRoot\System32\smss.exe (584)
Killing 'winlogon.exe'
winlogon.exe (676)
Killing 'explorer.exe'
C:\WINDOWS\Explorer.EXE (2328)
Killing 'rundll32.exe'
rundll32.exe "C:\WINDOWS\system32\mctlsapi.dll",DllGetVersion (1520)
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
Deleting: C:\WINDOWS\system32\aza801hue.dll
Successfully Deleted: C:\WINDOWS\system32\aza801hue.dll
Deleting: C:\WINDOWS\system32\didmo.dll
Successfully Deleted: C:\WINDOWS\system32\didmo.dll
Deleting: C:\WINDOWS\system32\dn0401dqe.dll
Successfully Deleted: C:\WINDOWS\system32\dn0401dqe.dll
Deleting: C:\WINDOWS\system32\dn4801hue.dll
Successfully Deleted: C:\WINDOWS\system32\dn4801hue.dll
Deleting: C:\WINDOWS\system32\dn4o01h3e.dll
Successfully Deleted: C:\WINDOWS\system32\dn4o01h3e.dll
Deleting: C:\WINDOWS\system32\dnj8011ue.dll
Successfully Deleted: C:\WINDOWS\system32\dnj8011ue.dll
Deleting: C:\WINDOWS\system32\dnvvox.dll
Successfully Deleted: C:\WINDOWS\system32\dnvvox.dll
Deleting: C:\WINDOWS\system32\dtprpres.dll
Successfully Deleted: C:\WINDOWS\system32\dtprpres.dll
Deleting: C:\WINDOWS\system32\en4ol1h31.dll
Successfully Deleted: C:\WINDOWS\system32\en4ol1h31.dll
Deleting: C:\WINDOWS\system32\en68l1ju1.dll
Successfully Deleted: C:\WINDOWS\system32\en68l1ju1.dll
Deleting: C:\WINDOWS\system32\f02mlaf11d2.dll
Successfully Deleted: C:\WINDOWS\system32\f02mlaf11d2.dll
Deleting: C:\WINDOWS\system32\f0j20a1oed.dll
Successfully Deleted: C:\WINDOWS\system32\f0j20a1oed.dll
Deleting: C:\WINDOWS\system32\f2l0lc3m1f.dll
Successfully Deleted: C:\WINDOWS\system32\f2l0lc3m1f.dll
Deleting: C:\WINDOWS\system32\fp4803hue.dll
Successfully Deleted: C:\WINDOWS\system32\fp4803hue.dll
Deleting: C:\WINDOWS\system32\fppq0375e.dll
Successfully Deleted: C:\WINDOWS\system32\fppq0375e.dll
Deleting: C:\WINDOWS\system32\h04mlah11d4.dll
Successfully Deleted: C:\WINDOWS\system32\h04mlah11d4.dll
Deleting: C:\WINDOWS\system32\hr6m05j1e.dll
Successfully Deleted: C:\WINDOWS\system32\hr6m05j1e.dll
Deleting: C:\WINDOWS\system32\hrrq0595e.dll
Successfully Deleted: C:\WINDOWS\system32\hrrq0595e.dll
Deleting: C:\WINDOWS\system32\hTl.dll
Successfully Deleted: C:\WINDOWS\system32\hTl.dll
Deleting: C:\WINDOWS\system32\iksso.dll
Successfully Deleted: C:\WINDOWS\system32\iksso.dll
Deleting: C:\WINDOWS\system32\j60slgd7160.dll
Successfully Deleted: C:\WINDOWS\system32\j60slgd7160.dll
Deleting: C:\WINDOWS\system32\jnt500.dll
Successfully Deleted: C:\WINDOWS\system32\jnt500.dll
Deleting: C:\WINDOWS\system32\jr2025fmg.dll
Successfully Deleted: C:\WINDOWS\system32\jr2025fmg.dll
Deleting: C:\WINDOWS\system32\jt0m07d1e.dll
Successfully Deleted: C:\WINDOWS\system32\jt0m07d1e.dll
Deleting: C:\WINDOWS\system32\jtju0719e.dll
Successfully Deleted: C:\WINDOWS\system32\jtju0719e.dll
Deleting: C:\WINDOWS\system32\jtro0793e.dll
Successfully Deleted: C:\WINDOWS\system32\jtro0793e.dll
Deleting: C:\WINDOWS\system32\k426lefs1h26.dll
Successfully Deleted: C:\WINDOWS\system32\k426lefs1h26.dll
Deleting: C:\WINDOWS\system32\k8260ifse8260.dll
Successfully Deleted: C:\WINDOWS\system32\k8260ifse8260.dll
Deleting: C:\WINDOWS\system32\kkdbu.dll
Successfully Deleted: C:\WINDOWS\system32\kkdbu.dll
Deleting: C:\WINDOWS\system32\kt42l7ho1.dll
Successfully Deleted: C:\WINDOWS\system32\kt42l7ho1.dll
Deleting: C:\WINDOWS\system32\kt88l7lu1.dll
Successfully Deleted: C:\WINDOWS\system32\kt88l7lu1.dll
Deleting: C:\WINDOWS\system32\l68mlgl116q.dll
Successfully Deleted: C:\WINDOWS\system32\l68mlgl116q.dll
Deleting: C:\WINDOWS\system32\lDngwrbk.dll
Successfully Deleted: C:\WINDOWS\system32\lDngwrbk.dll
Deleting: C:\WINDOWS\system32\lvj6091se.dll
Successfully Deleted: C:\WINDOWS\system32\lvj6091se.dll
Deleting: C:\WINDOWS\system32\lvpq0975e.dll
Successfully Deleted: C:\WINDOWS\system32\lvpq0975e.dll
Deleting: C:\WINDOWS\system32\m0pola731d.dll
Successfully Deleted: C:\WINDOWS\system32\m0pola731d.dll
Deleting: C:\WINDOWS\system32\m628lgfu1628.dll
Successfully Deleted: C:\WINDOWS\system32\m628lgfu1628.dll
Deleting: C:\WINDOWS\system32\mctlsapi.dll
Successfully Deleted: C:\WINDOWS\system32\mctlsapi.dll
Deleting: C:\WINDOWS\system32\mkc42u.dll
Successfully Deleted: C:\WINDOWS\system32\mkc42u.dll
Deleting: C:\WINDOWS\system32\mv0ul9d91.dll
Successfully Deleted: C:\WINDOWS\system32\mv0ul9d91.dll
Deleting: C:\WINDOWS\system32\mv66l9js1.dll
Successfully Deleted: C:\WINDOWS\system32\mv66l9js1.dll
Deleting: C:\WINDOWS\system32\n48olel31hq.dll
Successfully Deleted: C:\WINDOWS\system32\n48olel31hq.dll
Deleting: C:\WINDOWS\system32\n4n60e5seh.dll
Successfully Deleted: C:\WINDOWS\system32\n4n60e5seh.dll
Deleting: C:\WINDOWS\system32\n6r2lg9o16.dll
Successfully Deleted: C:\WINDOWS\system32\n6r2lg9o16.dll
Deleting: C:\WINDOWS\system32\o084lalq1dqe.dll
Successfully Deleted: C:\WINDOWS\system32\o084lalq1dqe.dll
Deleting: C:\WINDOWS\system32\o8480ihue8480.dll
Successfully Deleted: C:\WINDOWS\system32\o8480ihue8480.dll
Deleting: C:\WINDOWS\system32\o8roli9318.dll
Successfully Deleted: C:\WINDOWS\system32\o8roli9318.dll
Deleting: C:\WINDOWS\system32\ofbc32.dll
Successfully Deleted: C:\WINDOWS\system32\ofbc32.dll
Deleting: C:\WINDOWS\system32\p6n80g5ue6.dll
Successfully Deleted: C:\WINDOWS\system32\p6n80g5ue6.dll
Deleting: C:\WINDOWS\system32\q868liju18o8.dll
Successfully Deleted: C:\WINDOWS\system32\q868liju18o8.dll
Deleting: C:\WINDOWS\system32\r8r60i9se8.dll
Successfully Deleted: C:\WINDOWS\system32\r8r60i9se8.dll
Deleting: C:\WINDOWS\system32\rpaenh.dll
Successfully Deleted: C:\WINDOWS\system32\rpaenh.dll
Deleting: C:\WINDOWS\system32\shmsg.dll
Successfully Deleted: C:\WINDOWS\system32\shmsg.dll
Deleting: C:\WINDOWS\system32\snsvc.dll
Successfully Deleted: C:\WINDOWS\system32\snsvc.dll
Deleting: C:\WINDOWS\system32\srsvcs.dll
Successfully Deleted: C:\WINDOWS\system32\srsvcs.dll
Deleting: C:\WINDOWS\system32\syclient.dll
Successfully Deleted: C:\WINDOWS\system32\syclient.dll
Deleting: C:\WINDOWS\system32\t0r80a9ued.dll
Successfully Deleted: C:\WINDOWS\system32\t0r80a9ued.dll
Deleting: C:\WINDOWS\system32\tvcfgwmi.dll
Successfully Deleted: C:\WINDOWS\system32\tvcfgwmi.dll
Deleting: C:\WINDOWS\system32\vvipxspx.dll
Successfully Deleted: C:\WINDOWS\system32\vvipxspx.dll
Deleting: C:\WINDOWS\system32\wwcltui.dll
Successfully Deleted: C:\WINDOWS\system32\wwcltui.dll

msg11?.dll
0 file(s) copied.



Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnce]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\h04mlah11d4.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\aza801hue.dll
C:\WINDOWS\system32\didmo.dll
C:\WINDOWS\system32\dn0401dqe.dll
C:\WINDOWS\system32\dn4801hue.dll
C:\WINDOWS\system32\dn4o01h3e.dll
C:\WINDOWS\system32\dnj8011ue.dll
C:\WINDOWS\system32\dnvvox.dll
C:\WINDOWS\system32\dtprpres.dll
C:\WINDOWS\system32\en4ol1h31.dll
C:\WINDOWS\system32\en68l1ju1.dll
C:\WINDOWS\system32\f02mlaf11d2.dll
C:\WINDOWS\system32\f0j20a1oed.dll
C:\WINDOWS\system32\f2l0lc3m1f.dll
C:\WINDOWS\system32\fp4803hue.dll
C:\WINDOWS\system32\fppq0375e.dll
C:\WINDOWS\system32\h04mlah11d4.dll
C:\WINDOWS\system32\hr6m05j1e.dll
C:\WINDOWS\system32\hrrq0595e.dll
C:\WINDOWS\system32\hTl.dll
C:\WINDOWS\system32\iksso.dll
C:\WINDOWS\system32\j60slgd7160.dll
C:\WINDOWS\system32\jnt500.dll
C:\WINDOWS\system32\jr2025fmg.dll
C:\WINDOWS\system32\jt0m07d1e.dll
C:\WINDOWS\system32\jtju0719e.dll
C:\WINDOWS\system32\jtro0793e.dll
C:\WINDOWS\system32\k426lefs1h26.dll
C:\WINDOWS\system32\k8260ifse8260.dll
C:\WINDOWS\system32\kkdbu.dll
C:\WINDOWS\system32\kt42l7ho1.dll
C:\WINDOWS\system32\kt88l7lu1.dll
C:\WINDOWS\system32\l68mlgl116q.dll
C:\WINDOWS\system32\lDngwrbk.dll
C:\WINDOWS\system32\lvj6091se.dll
C:\WINDOWS\system32\lvpq0975e.dll
C:\WINDOWS\system32\m0pola731d.dll
C:\WINDOWS\system32\m628lgfu1628.dll
C:\WINDOWS\system32\mctlsapi.dll
C:\WINDOWS\system32\mkc42u.dll
C:\WINDOWS\system32\mv0ul9d91.dll
C:\WINDOWS\system32\mv66l9js1.dll
C:\WINDOWS\system32\n48olel31hq.dll
C:\WINDOWS\system32\n4n60e5seh.dll
C:\WINDOWS\system32\n6r2lg9o16.dll
C:\WINDOWS\system32\o084lalq1dqe.dll
C:\WINDOWS\system32\o8480ihue8480.dll
C:\WINDOWS\system32\o8roli9318.dll
C:\WINDOWS\system32\ofbc32.dll
C:\WINDOWS\system32\p6n80g5ue6.dll
C:\WINDOWS\system32\q868liju18o8.dll
C:\WINDOWS\system32\r8r60i9se8.dll
C:\WINDOWS\system32\rpaenh.dll
C:\WINDOWS\system32\shmsg.dll
C:\WINDOWS\system32\snsvc.dll
C:\WINDOWS\system32\srsvcs.dll
C:\WINDOWS\system32\syclient.dll
C:\WINDOWS\system32\t0r80a9ued.dll
C:\WINDOWS\system32\tvcfgwmi.dll
C:\WINDOWS\system32\vvipxspx.dll
C:\WINDOWS\system32\wwcltui.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8019392E-DC2A-4BED-9F43-F6243967838F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8019392E-DC2A-4BED-9F43-F6243967838F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8019392E-DC2A-4BED-9F43-F6243967838F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8019392E-DC2A-4BED-9F43-F6243967838F}\InprocServer32]
@="C:\\WINDOWS\\system32\\dSdim.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FC7F5CEA-05CB-465C-ABA1-D7B1C0EE4B2E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FC7F5CEA-05CB-465C-ABA1-D7B1C0EE4B2E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FC7F5CEA-05CB-465C-ABA1-D7B1C0EE4B2E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FC7F5CEA-05CB-465C-ABA1-D7B1C0EE4B2E}\InprocServer32]
@="C:\\WINDOWS\\system32\\ofbc32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1C6CE0CE-2002-4B89-8DAC-0CDE79913848}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1C6CE0CE-2002-4B89-8DAC-0CDE79913848}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1C6CE0CE-2002-4B89-8DAC-0CDE79913848}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1C6CE0CE-2002-4B89-8DAC-0CDE79913848}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EA8EE447-1CC1-41BF-B312-BBE3CB0A208B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EA8EE447-1CC1-41BF-B312-BBE3CB0A208B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EA8EE447-1CC1-41BF-B312-BBE3CB0A208B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EA8EE447-1CC1-41BF-B312-BBE3CB0A208B}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7CB9B28D-9E01-47B7-9004-935D3045BBD9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7CB9B28D-9E01-47B7-9004-935D3045BBD9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7CB9B28D-9E01-47B7-9004-935D3045BBD9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7CB9B28D-9E01-47B7-9004-935D3045BBD9}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7F4B12CD-251C-42E4-B559-1C2BAEF02F35}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7F4B12CD-251C-42E4-B559-1C2BAEF02F35}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7F4B12CD-251C-42E4-B559-1C2BAEF02F35}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7F4B12CD-251C-42E4-B559-1C2BAEF02F35}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{09A084A8-4AE6-4450-9412-E8DFB63638CD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09A084A8-4AE6-4450-9412-E8DFB63638CD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09A084A8-4AE6-4450-9412-E8DFB63638CD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09A084A8-4AE6-4450-9412-E8DFB63638CD}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{60255E2B-E31B-4EAE-95DE-FA3881E35AA8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60255E2B-E31B-4EAE-95DE-FA3881E35AA8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60255E2B-E31B-4EAE-95DE-FA3881E35AA8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60255E2B-E31B-4EAE-95DE-FA3881E35AA8}\InprocServer32]
@="C:\\WINDOWS\\system32\\ogethk32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{38B5FC10-606A-4145-A293-8C6CC4B29ABD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{38B5FC10-606A-4145-A293-8C6CC4B29ABD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{38B5FC10-606A-4145-A293-8C6CC4B29ABD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{38B5FC10-606A-4145-A293-8C6CC4B29ABD}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1B10A595-7C40-4099-A683-46E7E8536971}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B10A595-7C40-4099-A683-46E7E8536971}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B10A595-7C40-4099-A683-46E7E8536971}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B10A595-7C40-4099-A683-46E7E8536971}\InprocServer32]
@="C:\\WINDOWS\\system32\\mhang.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D61C4824-C27C-47CB-BD69-04413524A275}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D61C4824-C27C-47CB-BD69-04413524A275}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D61C4824-C27C-47CB-BD69-04413524A275}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D61C4824-C27C-47CB-BD69-04413524A275}\InprocServer32]
@="C:\\WINDOWS\\system32\\mctlsapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{68FB979E-6FD6-4E93-B485-3518D58EE8E0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68FB979E-6FD6-4E93-B485-3518D58EE8E0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68FB979E-6FD6-4E93-B485-3518D58EE8E0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68FB979E-6FD6-4E93-B485-3518D58EE8E0}\InprocServer32]
@="C:\\WINDOWS\\system32\\kydcz1.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{8019392E-DC2A-4BED-9F43-F6243967838F}"=-
"{177F85EF-CA11-476F-B74A-651A9ECF8AEB}"=-
"{FC7F5CEA-05CB-465C-ABA1-D7B1C0EE4B2E}"=-
"{1C6CE0CE-2002-4B89-8DAC-0CDE79913848}"=-
"{EA8EE447-1CC1-41BF-B312-BBE3CB0A208B}"=-
"{7CB9B28D-9E01-47B7-9004-935D3045BBD9}"=-
"{7F4B12CD-251C-42E4-B559-1C2BAEF02F35}"=-
"{09A084A8-4AE6-4450-9412-E8DFB63638CD}"=-
"{60255E2B-E31B-4EAE-95DE-FA3881E35AA8}"=-
"{38B5FC10-606A-4145-A293-8C6CC4B29ABD}"=-
"{1B10A595-7C40-4099-A683-46E7E8536971}"=-
"{D61C4824-C27C-47CB-BD69-04413524A275}"=-
"{68FB979E-6FD6-4E93-B485-3518D58EE8E0}"=-
[-HKEY_CLASSES_ROOT\CLSID\{8019392E-DC2A-4BED-9F43-F6243967838F}]
[-HKEY_CLASSES_ROOT\CLSID\{177F85EF-CA11-476F-B74A-651A9ECF8AEB}]
[-HKEY_CLASSES_ROOT\CLSID\{FC7F5CEA-05CB-465C-ABA1-D7B1C0EE4B2E}]
[-HKEY_CLASSES_ROOT\CLSID\{1C6CE0CE-2002-4B89-8DAC-0CDE79913848}]
[-HKEY_CLASSES_ROOT\CLSID\{EA8EE447-1CC1-41BF-B312-BBE3CB0A208B}]
[-HKEY_CLASSES_ROOT\CLSID\{7CB9B28D-9E01-47B7-9004-935D3045BBD9}]
[-HKEY_CLASSES_ROOT\CLSID\{7F4B12CD-251C-42E4-B559-1C2BAEF02F35}]
[-HKEY_CLASSES_ROOT\CLSID\{09A084A8-4AE6-4450-9412-E8DFB63638CD}]
[-HKEY_CLASSES_ROOT\CLSID\{60255E2B-E31B-4EAE-95DE-FA3881E35AA8}]
[-HKEY_CLASSES_ROOT\CLSID\{38B5FC10-606A-4145-A293-8C6CC4B29ABD}]
[-HKEY_CLASSES_ROOT\CLSID\{1B10A595-7C40-4099-A683-46E7E8536971}]
[-HKEY_CLASSES_ROOT\CLSID\{D61C4824-C27C-47CB-BD69-04413524A275}]
[-HKEY_CLASSES_ROOT\CLSID\{68FB979E-6FD6-4E93-B485-3518D58EE8E0}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/aza801hue.dll (164 bytes security) (deflated 4%)
adding: dlls/didmo.dll (164 bytes security) (deflated 5%)
adding: dlls/dn0401dqe.dll (164 bytes security) (deflated 4%)
adding: dlls/dn4801hue.dll (164 bytes security) (deflated 5%)
adding: dlls/dn4o01h3e.dll (164 bytes security) (deflated 5%)
adding: dlls/dnj8011ue.dll (164 bytes security) (deflated 4%)
adding: dlls/dnvvox.dll (164 bytes security) (deflated 6%)
adding: dlls/dtprpres.dll (164 bytes security) (deflated 4%)
adding: dlls/en4ol1h31.dll (164 bytes security) (deflated 6%)
adding: dlls/en68l1ju1.dll (164 bytes security) (deflated 5%)
adding: dlls/f02mlaf11d2.dll (164 bytes security) (deflated 5%)
adding: dlls/f0j20a1oed.dll (164 bytes security) (deflated 5%)
adding: dlls/f2l0lc3m1f.dll (164 bytes security) (deflated 5%)
adding: dlls/fp4803hue.dll (164 bytes security) (deflated 5%)
adding: dlls/fppq0375e.dll (164 bytes security) (deflated 4%)
adding: dlls/h04mlah11d4.dll (164 bytes security) (deflated 6%)
adding: dlls/hr6m05j1e.dll (164 bytes security) (deflated 4%)
adding: dlls/hrrq0595e.dll (164 bytes security) (deflated 6%)
adding: dlls/hTl.dll (164 bytes security) (deflated 5%)
adding: dlls/iksso.dll (164 bytes security) (deflated 6%)
adding: dlls/j60slgd7160.dll (164 bytes security) (deflated 5%)
adding: dlls/jnt500.dll (164 bytes security) (deflated 4%)
adding: dlls/jr2025fmg.dll (164 bytes security) (deflated 5%)
adding: dlls/jt0m07d1e.dll (164 bytes security) (deflated 4%)
adding: dlls/jtju0719e.dll (164 bytes security) (deflated 5%)
adding: dlls/jtro0793e.dll (164 bytes security) (deflated 4%)
adding: dlls/k426lefs1h26.dll (164 bytes security) (deflated 4%)
adding: dlls/k8260ifse8260.dll (164 bytes security) (deflated 5%)
adding: dlls/kkdbu.dll (164 bytes security) (deflated 6%)
adding: dlls/kt42l7ho1.dll (164 bytes security) (deflated 5%)
adding: dlls/kt88l7lu1.dll (164 bytes security) (deflated 4%)
adding: dlls/l68mlgl116q.dll (164 bytes security) (deflated 4%)
adding: dlls/lDngwrbk.dll (164 bytes security) (deflated 6%)
adding: dlls/lvj6091se.dll (164 bytes security) (deflated 6%)
adding: dlls/lvpq0975e.dll (164 bytes security) (deflated 5%)
adding: dlls/m0pola731d.dll (164 bytes security) (deflated 4%)
adding: dlls/m628lgfu1628.dll (164 bytes security) (deflated 5%)
adding: dlls/mctlsapi.dll (164 bytes security) (deflated 6%)
adding: dlls/mkc42u.dll (164 bytes security) (deflated 4%)
adding: dlls/mv0ul9d91.dll (164 bytes security) (deflated 5%)
adding: dlls/mv66l9js1.dll (164 bytes security) (deflated 5%)
adding: dlls/n48olel31hq.dll (164 bytes security) (deflated 4%)
adding: dlls/n4n60e5seh.dll (164 bytes security) (deflated 6%)
adding: dlls/n6r2lg9o16.dll (164 bytes security) (deflated 5%)
adding: dlls/o084lalq1dqe.dll (164 bytes security) (deflated 6%)
adding: dlls/o8480ihue8480.dll (164 bytes security) (deflated 6%)
adding: dlls/o8roli9318.dll (164 bytes security) (deflated 5%)
adding: dlls/ofbc32.dll (164 bytes security) (deflated 4%)
adding: dlls/p6n80g5ue6.dll (164 bytes security) (deflated 6%)
adding: dlls/q868liju18o8.dll (164 bytes security) (deflated 5%)
adding: dlls/r8r60i9se8.dll (164 bytes security) (deflated 5%)
adding: dlls/rpaenh.dll (164 bytes security) (deflated 5%)
adding: dlls/shmsg.dll (164 bytes security) (deflated 4%)
adding: dlls/snsvc.dll (164 bytes security) (deflated 6%)
adding: dlls/srsvcs.dll (164 bytes security) (deflated 5%)
adding: dlls/syclient.dll (164 bytes security) (deflated 5%)
adding: dlls/t0r80a9ued.dll (164 bytes security) (deflated 5%)
adding: dlls/tvcfgwmi.dll (164 bytes security) (deflated 6%)
adding: dlls/vvipxspx.dll (164 bytes security) (deflated 5%)
adding: dlls/wwcltui.dll (164 bytes security) (deflated 5%)
adding: backregs/09A084A8-4AE6-4450-9412-E8DFB63638CD.reg (212 bytes security) (deflated 70%)
adding: backregs/1B10A595-7C40-4099-A683-46E7E8536971.reg (212 bytes security) (deflated 70%)
adding: backregs/1C6CE0CE-2002-4B89-8DAC-0CDE79913848.reg (212 bytes security) (deflated 70%)
adding: backregs/38B5FC10-606A-4145-A293-8C6CC4B29ABD.reg (212 bytes security) (deflated 70%)
adding: backregs/60255E2B-E31B-4EAE-95DE-FA3881E35AA8.reg (212 bytes security) (deflated 70%)
adding: backregs/68FB979E-6FD6-4E93-B485-3518D58EE8E0.reg (212 bytes security) (deflated 70%)
adding: backregs/7CB9B28D-9E01-47B7-9004-935D3045BBD9.reg (212 bytes security) (deflated 70%)
adding: backregs/7F4B12CD-251C-42E4-B559-1C2BAEF02F35.reg (212 bytes security) (deflated 70%)
adding: backregs/8019392E-DC2A-4BED-9F43-F6243967838F.reg (212 bytes security) (deflated 70%)
adding: backregs/D61C4824-C27C-47CB-BD69-04413524A275.reg (212 bytes security) (deflated 70%)
adding: backregs/EA8EE447-1CC1-41BF-B312-BBE3CB0A208B.reg (212 bytes security) (deflated 70%)
adding: backregs/FC7F5CEA-05CB-465C-ABA1-D7B1C0EE4B2E.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
Trogan
Malware Remover
Trogan
7,405 Posts
17 May 2006, 9:12pm
Thanks for posting the logs!

Your HJT log is clean!


Just a couple of questions:

1) What Anti-Virus program do you have? Is it McAfee?
2) Do you have/use a firewall?
3) How is the computer?
normal guy 1
Getting settled in
normal guy 1
5 Posts
17 May 2006, 9:20pm
Man you were extremely helpful and quick to respond.I can't thank you enough for helping me. thank God no more annoying pop-ups.
Thank you!


I do use a firewall
And i use spybot,lavasoft AD-Adware, and spyblaster


how can i prevent this from happening again ?
Trogan
Malware Remover
Trogan
7,405 Posts
17 May 2006, 10:28pm
You didn't answer question 1. Please let me know.

how can i prevent this from happening again ?
Here you go:

Secure your Internet Explorer by going here and following the instructions there.

Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.

Use a firewall to help prevent your PC(s) from being usurped by undesireables. If you don't have a Firewall, then choose one from the list here

Install an Anti-Virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often. If you don't have an Anti-Virus program, choose one from the list here

Install and keep updated, Ad-Aware SE and Spybot Search & Destroy.
Run them both on a regular basis, following the manufacturer's recommendations.

Install and keep updated, SpywareBlaster and SpywareGuard

Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.

Clear your Temp folders.
Go to Start > Control Panel > Internet Options.
Under the General tab click the Delete Files... button; check the Delete all offline content box and press OK. Next, click the Delete Cookies... button and press OK

Go to "Start" -> "Run" and type in the box: "cleanmgr" press OK. Select the drive where your Operating System is installed (Default is C:) and press OK. Let Disk Cleanup scan your system for files to remove (it takes a few minutes!). On the next screen make sure these 3 options are checked and then press "OK" to remove:
  • Temporary Files
  • Temporary Internet Files
  • Recycle Bin
Also, go to Start > Find/Search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

Empty/delete the entire contents from the following folders:

C:\Windows\temp
C:\temp <-- if you have one.
Note: Empty contents but don't delete the folder(s) itself.

Clear out temp files from the following location. Change "username" to whatever you have on your computer.

C:\Documents and Settings\username\Local Settings\Temp\

In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.

Empty the Recycle Bin!

Hide system files
It is very important that system files and folders are hidden again, so that they DO NOT get deleted by mistake. To hide system files and folders, do the following for your operating system...

Windows XP
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading, uncheck Do not show hidden files and folders
* Check the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.


For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.

Go to Start | Run | type msconfig | Press Enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.

Check the box labelled 'Turn off System restore'.

Reboot! Go back in and Turn System Restore Back on. A new Restore Point will be created automatically.

Note that all previous restore points will be lost.
Similar Threads
Thread Thread Starter Forum Replies Last Post
Need help removing some spyware & unwanted pop ups[inactive] Boc Resolved / Inactive 20 9 Feb 2006 11:02am
Adware and Internet Explorer Error messages jdmrsex Resolved / Inactive 10 22 Jun 2005 3:52pm
Start page is about:blank w/ mad pop ups Bninja9 Resolved / Inactive 2 12 Mar 2005 4:45am
Xlime/OfferOptimizer Pop Ups JeddJr Resolved / Inactive 7 10 Oct 2004 12:30am
xadso.offeroptimizer & ads234 pop ups hurst083 Resolved / Inactive 1 14 Sep 2004 12:22am

Go Back   Icrontic Forums > Malware Help > Spyware & Virus Removal > Resolved / Inactive
Reload this Page Help!! Adware and Pop-ups are Infuriating.
Jump to
This Thread Search this Thread
Search this Thread:

Advanced Search

Today's Posts - Mark All Read - Contact Us - Icrontic.com - Archive - Top

Current time: 9:11am (GMT)
Powered by vBulletin®
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Get Vanilla instead. Trust me.