Options
Assistance requested
Hey guys, I've been looking around for a good place to post my HJT log and from what I have read, you are a pretty smart bunch, so I would be very happy if you could give me a hand. I don't really know alot about spyware, etc. but I seem to be having some problems. I have run AVG, Ad-Aware, and Spybot a few times, but I think that using Hijack This will really help me out.
My log:
Any suggestions will be very much appreciated.
My log:
Logfile of HijackThis v1.99.1
Scan saved at 11:56:17 PM, on 6/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\lexpps.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Andrew\Application Data\osoa.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Xfire\Xfire.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Fraps\fraps.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.warwick.net/search_the_web.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.warwick.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.warwick.net/search_the_web.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Warwick Online
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Windows Taskbar Msngr] C:\WINDOWS\\\\\\\\\\\\\\
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Ncao] C:\Documents and Settings\Andrew\Application Data\osoa.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.warwick.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {131EB16C-BD58-443F-8151-6DFBB0DA1778} (Anark Client 3.0 ActiveX Control) - http://install.anark.com/client/version3/windows-ie/en/AMClient.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} (MavenBootInstallerAXControl Class) - http://client.maven.net/client/mavenBootInstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark.com/client/version2/windows-ie/en/AMClient.cab
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\fpj8031ue.dll
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Any suggestions will be very much appreciated.
0
Comments
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.
IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
My log from L2mfix
L2MFIX find log 1.03 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] "Asynchronous"=dword:00000000 "DllName"="" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Paths] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\aza40chqef4e0.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{6C95E096-1712-7040-8E51-D7E2A860544C}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="History" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt" "{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{C4EB303B-6FF6-4475-8220-90F1D5C1635A}"="" "{D2E1A702-3F81-4115-9F4A-210AFA74066F}"="" "{DC5C0B51-1AB1-4C7C-B824-9BCDC7BD7ECA}"="" "{FB3E608E-2DD4-4CF5-977B-490D2D789445}"="" "{79A3467F-5A12-43D4-AB62-5F455C05397A}"="" "{ADCD6F97-ECB8-4FE1-AFEB-BB954AE9EC5F}"="" "{370255FC-7EE2-4CB2-9761-4E8767E2CDEA}"="" "{859E92F7-D70C-4B46-B8D1-1FFA1523A7B9}"="" "{05234B65-B5E7-4C52-8786-B85961C1FD19}"="" "{A8193420-D4D7-4C32-A124-49D1C185771D}"="" "{A8946B7B-DD01-4F69-B913-0F480863EC69}"="" "{4BF3926C-2D7D-495D-963E-8130B522226C}"="" "{F3B5F845-AAFF-4067-905F-FF31436FD539}"="" "{40C30D56-79F9-43FE-B01F-C63BFBA08284}"="" "{48601496-ABDB-4F8E-A08C-585611C36BAE}"="" "{7528792A-C7CE-4CF9-84BC-860E1AECD504}"="" "{CD3255FD-6D82-449E-BB16-F32532494861}"="" "{FF405959-BEF0-464C-B286-7C19CF5B5A22}"="" "{59B18AAB-9509-47A7-8613-BDC3AA50BC59}"="" "{8F8DF6DC-5C61-41D3-B0CC-BCD3B6732253}"="" "{E153996A-4B18-445B-A379-BD39E04CC2D1}"="" "{72C88A63-7A81-4613-B0B1-6C995B99696E}"="" "{B80980C1-BE36-4549-99E7-D4C92273FDF0}"="" "{59B3A516-3213-4F2B-A098-4C77349E5982}"="" "{F6339569-D266-4877-BDA2-64ED1F310A74}"="" "{FCC67236-9383-4DB5-BFFF-4CCA7F34B2AB}"="" "{468AE181-DCDE-44B9-A6F8-0F9F4AF5A480}"="" "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension" "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension" "{18AC2719-22E9-4930-B2A7-521336A0D7BD}"="" "{0101C9A8-C769-40F6-8552-B2308D143B91}"="" "{4F94B948-D945-425D-8DB4-58EE91860C3F}"="" "{E2A0CE83-0289-4AE1-861C-0E97E3ACD71B}"="" "{913558FC-80DA-46CF-8B29-C75FFA70D65D}"="" "{94C24179-49BC-47F5-987E-2CA700E7773E}"="" "{37FF8120-D368-4E34-A59D-A4BB7BA3177F}"="" "{8A9069AC-90BA-4A2B-B591-56622476972D}"="" "{F156A9C4-7AC6-4F94-8532-26A47AF6F722}"="" "{4702F88B-1A0A-4211-952E-523A7B971739}"="" "{3D46BB53-177F-44A3-9F3F-D3F5053718B6}"="" "{25634E5C-5E37-4F9D-9ED7-4A7355095ED0}"="" "{E2CB0920-A189-424D-B9DD-394110938496}"="" "{D2CEFDAD-A25B-4F69-8F2F-0F9D2B09D0BE}"="" "{F545D250-3627-490C-AAED-90E73B9A7349}"="" "{861AC6C9-1C90-408E-8E44-ED637027E64C}"="" "{41D3BE1C-4142-4751-82CC-34F22E759C24}"="" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{DD591E0C-9BC4-4304-9B16-6D6D5FC564C2}"="" "{43872D27-A99E-48FD-B7DE-981DB5DC4067}"="" "{776E498E-3580-4C6D-8222-8A13324B1681}"="" "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}"="My Logitech Pictures" "{E081B1CB-FD31-43C6-82CF-E7A4F464530E}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{ADCD6F97-ECB8-4FE1-AFEB-BB954AE9EC5F}] @="" [HKEY_CLASSES_ROOT\CLSID\{ADCD6F97-ECB8-4FE1-AFEB-BB954AE9EC5F}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{ADCD6F97-ECB8-4FE1-AFEB-BB954AE9EC5F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{ADCD6F97-ECB8-4FE1-AFEB-BB954AE9EC5F}\InprocServer32] @="C:\\WINDOWS\\system32\\KTDFI.DLL" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{4BF3926C-2D7D-495D-963E-8130B522226C}] @="" [HKEY_CLASSES_ROOT\CLSID\{4BF3926C-2D7D-495D-963E-8130B522226C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{4BF3926C-2D7D-495D-963E-8130B522226C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{4BF3926C-2D7D-495D-963E-8130B522226C}\InprocServer32] @="C:\\WINDOWS\\system32\\wli.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{FF405959-BEF0-464C-B286-7C19CF5B5A22}] @="" [HKEY_CLASSES_ROOT\CLSID\{FF405959-BEF0-464C-B286-7C19CF5B5A22}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{FF405959-BEF0-464C-B286-7C19CF5B5A22}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{FF405959-BEF0-464C-B286-7C19CF5B5A22}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{59B3A516-3213-4F2B-A098-4C77349E5982}] @="" [HKEY_CLASSES_ROOT\CLSID\{59B3A516-3213-4F2B-A098-4C77349E5982}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{59B3A516-3213-4F2B-A098-4C77349E5982}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{59B3A516-3213-4F2B-A098-4C77349E5982}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{4F94B948-D945-425D-8DB4-58EE91860C3F}] @="" [HKEY_CLASSES_ROOT\CLSID\{4F94B948-D945-425D-8DB4-58EE91860C3F}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{4F94B948-D945-425D-8DB4-58EE91860C3F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{4F94B948-D945-425D-8DB4-58EE91860C3F}\InprocServer32] @="C:\\WINDOWS\\system32\\aysnt.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{25634E5C-5E37-4F9D-9ED7-4A7355095ED0}] @="" [HKEY_CLASSES_ROOT\CLSID\{25634E5C-5E37-4F9D-9ED7-4A7355095ED0}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{25634E5C-5E37-4F9D-9ED7-4A7355095ED0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{25634E5C-5E37-4F9D-9ED7-4A7355095ED0}\InprocServer32] @="C:\\WINDOWS\\system32\\LSXP2P32.DLL" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{E2CB0920-A189-424D-B9DD-394110938496}] @="" [HKEY_CLASSES_ROOT\CLSID\{E2CB0920-A189-424D-B9DD-394110938496}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{E2CB0920-A189-424D-B9DD-394110938496}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{E2CB0920-A189-424D-B9DD-394110938496}\InprocServer32] @="C:\\WINDOWS\\system32\\onepro32.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{D2CEFDAD-A25B-4F69-8F2F-0F9D2B09D0BE}] @="" [HKEY_CLASSES_ROOT\CLSID\{D2CEFDAD-A25B-4F69-8F2F-0F9D2B09D0BE}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{D2CEFDAD-A25B-4F69-8F2F-0F9D2B09D0BE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{D2CEFDAD-A25B-4F69-8F2F-0F9D2B09D0BE}\InprocServer32] @="C:\\WINDOWS\\system32\\mmv1_0.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{F545D250-3627-490C-AAED-90E73B9A7349}] @="" [HKEY_CLASSES_ROOT\CLSID\{F545D250-3627-490C-AAED-90E73B9A7349}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{F545D250-3627-490C-AAED-90E73B9A7349}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{F545D250-3627-490C-AAED-90E73B9A7349}\InprocServer32] @="C:\\WINDOWS\\system32\\MPC71CHS.DLL" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{861AC6C9-1C90-408E-8E44-ED637027E64C}] @="" [HKEY_CLASSES_ROOT\CLSID\{861AC6C9-1C90-408E-8E44-ED637027E64C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{861AC6C9-1C90-408E-8E44-ED637027E64C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{861AC6C9-1C90-408E-8E44-ED637027E64C}\InprocServer32] @="C:\\WINDOWS\\system32\\KFDKAZ.DLL" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{41D3BE1C-4142-4751-82CC-34F22E759C24}] @="" [HKEY_CLASSES_ROOT\CLSID\{41D3BE1C-4142-4751-82CC-34F22E759C24}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{41D3BE1C-4142-4751-82CC-34F22E759C24}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{41D3BE1C-4142-4751-82CC-34F22E759C24}\InprocServer32] @="C:\\WINDOWS\\system32\\sxpr.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{DD591E0C-9BC4-4304-9B16-6D6D5FC564C2}] @="" [HKEY_CLASSES_ROOT\CLSID\{DD591E0C-9BC4-4304-9B16-6D6D5FC564C2}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{DD591E0C-9BC4-4304-9B16-6D6D5FC564C2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{DD591E0C-9BC4-4304-9B16-6D6D5FC564C2}\InprocServer32] @="C:\\WINDOWS\\system32\\LI32.DLL" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{43872D27-A99E-48FD-B7DE-981DB5DC4067}] @="" [HKEY_CLASSES_ROOT\CLSID\{43872D27-A99E-48FD-B7DE-981DB5DC4067}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{43872D27-A99E-48FD-B7DE-981DB5DC4067}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{43872D27-A99E-48FD-B7DE-981DB5DC4067}\InprocServer32] @="C:\\WINDOWS\\system32\\NFTAPI.DLL" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{776E498E-3580-4C6D-8222-8A13324B1681}] @="" [HKEY_CLASSES_ROOT\CLSID\{776E498E-3580-4C6D-8222-8A13324B1681}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{776E498E-3580-4C6D-8222-8A13324B1681}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{776E498E-3580-4C6D-8222-8A13324B1681}\InprocServer32] @="C:\\WINDOWS\\system32\\DTSKCOPY.DLL" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{E081B1CB-FD31-43C6-82CF-E7A4F464530E}] @="" [HKEY_CLASSES_ROOT\CLSID\{E081B1CB-FD31-43C6-82CF-E7A4F464530E}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{E081B1CB-FD31-43C6-82CF-E7A4F464530E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{E081B1CB-FD31-43C6-82CF-E7A4F464530E}\InprocServer32] @="C:\\WINDOWS\\system32\\mnjter40.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: Locate .tmp files: ********************************************************************************** Directory Listing of system files: Volume in drive C has no label. Volume Serial Number is 1872-49FA Directory of C:\WINDOWS\System32 06/28/2005 09:38 PM 235,085 guard.tmp 06/28/2005 06:58 PM 235,085 k8jsli1718.dll 06/28/2005 06:22 PM 235,085 mnjter40.dll 06/28/2005 05:35 PM 235,085 aza40chqef4e0.dll 06/27/2005 09:42 PM 235,085 decpcsvc.dll 06/27/2005 03:21 PM 235,085 er.dll 06/26/2005 12:52 PM 234,272 en68l1ju1.dll 06/26/2005 08:40 AM 234,272 mvjsl9171.dll 06/25/2005 03:53 PM <DIR> DLLCACHE 06/24/2005 06:10 PM 235,398 JDDW400.DLL 06/24/2005 05:41 PM 234,953 irl8l53u1.dll 06/23/2005 10:23 PM 235,398 j4j60e1seh.dll 06/22/2005 06:01 PM 234,953 jl8407lqe.dll 06/22/2005 08:56 AM 234,953 dnlu0139e.dll 06/21/2005 09:58 PM 235,398 fpn8035ue.dll 06/18/2005 07:37 PM 234,784 dnns0157e.dll 06/17/2005 07:02 AM 235,061 MLXML3R.DLL 06/16/2005 09:44 PM 234,784 mvn4l95q1.dll 06/16/2005 09:40 PM 0 en26l1fs1.dll 06/16/2005 08:53 PM 233,427 LAXP2P32.DLL 06/16/2005 08:53 PM 235,376 mv4ul9h91.dll 06/16/2005 05:27 PM 233,427 gp8ol3l31.dll 06/16/2005 03:27 PM 235,061 mmv1_0.dll 06/15/2005 07:47 PM 235,061 kjrnel32.dll 06/15/2005 09:22 AM 235,061 dtscript.dll 06/13/2005 09:16 PM 235,061 lvnu0959e.dll 06/13/2005 08:21 AM 235,061 irjql5151.dll 06/10/2005 06:52 PM 235,061 h60qlgd5160.dll 06/10/2005 06:06 PM 235,061 lvn2095oe.dll 06/09/2005 06:37 AM 235,061 az1olg3316.dll 06/08/2005 07:49 AM 235,061 VOA.DLL 06/07/2005 02:28 PM 235,061 dgcpcsvc.dll 06/06/2005 08:17 AM 235,061 u6rulg9916.dll 06/05/2005 07:25 PM 235,061 h6n0lg5m16.dll 06/05/2005 11:51 AM 235,061 NLRRHOOK.DLL 06/03/2005 04:39 PM 233,655 h8j4li1q18.dll 06/01/2005 02:55 PM 235,061 ktpml7711.dll 06/01/2005 06:31 AM 235,061 rhpsnd.dll 05/27/2005 02:57 PM 235,061 enn6l15s1.dll 05/27/2005 07:35 AM 235,061 l4l6le3s1h.dll 05/26/2005 08:49 AM 235,061 hr8405lqe.dll 05/25/2005 06:30 PM 235,061 m8460ihse8460.dll 05/24/2005 09:34 PM 235,061 mv42l9ho1.dll 05/23/2005 09:22 PM 235,061 lv4409hqe.dll 05/22/2005 08:01 PM 235,061 lvn6095se.dll 05/22/2005 12:15 PM 235,009 mv0ol9d31.dll 05/21/2005 04:04 PM 235,009 it28l5fu1.dll 05/21/2005 09:23 AM 235,009 i6lolg3316.dll 05/20/2005 06:52 PM 235,796 s288lclu1fq8.dll 05/18/2005 06:58 PM 234,272 aysnt.dll 05/15/2005 08:33 AM 234,272 SkmRedir.dll 05/14/2005 12:20 PM 235,550 dn6u01j9e.dll 05/13/2005 06:34 AM 234,272 KYDHU1.DLL 05/12/2005 05:12 AM 235,550 CUMODEM.DLL 05/11/2005 06:13 PM 234,272 mbsec.dll 05/10/2005 08:38 PM 234,272 irj4l51q1.dll 05/10/2005 07:56 PM 234,272 nemkcert.dll 05/10/2005 07:56 PM 233,248 mwvcp71.dll 05/10/2005 07:14 PM 235,088 q6pslg7716.dll 05/10/2005 02:30 PM 233,248 dnr0019me.dll 05/06/2005 03:33 PM 234,797 mv4ql9h51.dll 05/06/2005 07:00 AM 233,248 fp0o03d3e.dll 05/04/2005 02:26 PM 233,629 l6p20g7oe6.dll 05/03/2005 05:14 PM 233,248 CASEQCHK.DLL 05/03/2005 05:13 PM 228,867 aafsipc.dll 05/03/2005 05:11 PM 230,203 mv8ql9l51.dll 05/03/2005 12:30 AM 228,867 dnj2011oe.dll 05/02/2005 03:54 PM 232,178 lv6609jse.dll 04/27/2005 07:39 AM 232,178 WSISCMGR.DLL 04/26/2005 11:54 PM 231,644 dnpo0173e.dll 04/25/2005 04:31 PM 228,743 k262lcjo1foc.dll 04/19/2005 01:03 PM 231,618 j4j6le1s1h.dll 04/19/2005 11:12 AM 231,618 dmbkpwr.dll 04/19/2005 07:51 AM 231,618 jtn4075qe.dll 04/18/2005 08:50 PM 231,618 lvns0957e.dll 04/17/2005 07:06 PM 229,217 bqowser.dll 04/15/2005 07:38 PM 231,644 kudmaori.dll 04/12/2005 09:02 PM 231,644 g6lmlg3116.dll 04/08/2005 02:35 PM 231,644 mbiwave.dll 04/07/2005 06:27 AM 231,644 iuetres.dll 04/04/2005 01:59 PM 231,644 kedmlt47.dll 04/02/2005 09:14 AM 231,644 o848lihu1848.dll 03/31/2005 12:17 PM 231,644 m4460ehseh460.dll 03/22/2005 11:06 PM 231,644 h8j40i1qe8.dll 03/22/2005 07:34 AM 231,644 Aldiodev.dll 03/17/2005 01:02 AM 231,644 k2440chqef4e0.dll 03/14/2005 05:53 AM 231,644 k8260ifse8260.dll 03/12/2005 12:12 PM 231,644 lv2s09f7e.dll 03/09/2005 06:37 PM 231,644 obbc32.dll 03/06/2005 02:57 PM 2,516 KGyGaAvL.sys 03/06/2005 12:11 PM 231,644 fplm0331e.dll 03/06/2005 09:38 AM 231,644 enlol1331.dll 03/05/2005 07:39 PM 231,644 lv4q09h5e.dll 03/05/2005 08:41 AM 231,618 enj4l11q1.dll 03/01/2005 05:53 PM 56 E2617F4637.sys 03/01/2005 03:34 PM 231,618 en0ul1d91.dll 03/01/2005 02:36 PM 231,618 l8n4li5q18.dll 02/27/2005 07:46 PM 231,618 en60l1jm1.dll 02/27/2005 09:12 AM 231,618 lvn0095me.dll 02/24/2005 02:35 PM 231,618 k2lqlc351f.dll 02/23/2005 11:06 PM 231,618 mdoert2.dll 02/21/2005 11:09 AM 231,618 l00ulad91d0.dll 02/21/2005 03:54 AM 231,618 s488lelu1hq8.dll 02/17/2005 11:58 PM 231,618 fpn6035se.dll 02/15/2005 08:08 AM 231,618 nflanman.dll 02/15/2005 08:03 AM 231,618 WRNSOCK.DLL 02/13/2005 03:46 PM 231,618 t88ulil918q.dll 02/13/2005 10:11 AM 231,618 c000ladm1d0a.dll 02/13/2005 09:42 AM 231,618 sjman32.dll 02/12/2005 07:15 PM 231,618 kt24l7fq1.dll 02/12/2005 12:41 PM 230,142 ir64l5jq1.dll 02/10/2005 06:38 PM 230,115 jt8407lqe.dll 02/08/2005 03:35 PM 231,144 JMSD400.DLL 02/07/2005 10:07 PM 228,914 mv24l9fq1.dll 02/06/2005 07:49 PM 231,144 m8ju0i19e8.dll 02/06/2005 03:41 PM 231,144 ir28l5fu1.dll 02/05/2005 10:35 PM 231,768 k4260efseh260.dll 02/04/2005 08:44 PM 228,923 k644lghq164e.dll 01/30/2005 12:37 PM 231,144 m228lcfu1f28.dll 01/30/2005 10:00 AM 231,144 h24m0ch1ef4.dll 01/29/2005 12:38 PM 229,000 m2nqlc551f.dll 01/28/2005 06:57 PM 229,000 dguiext.dll 09/16/2004 03:10 AM <DIR> Microsoft 03/08/2004 02:07 AM 231,644 enr2l19o1.dll 122 File(s) 27,734,383 bytes 2 Dir(s) 6,003,535,872 bytes freeFrom the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.
IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!