Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can not remove loadingwebsite [resolved]

Started by TonyGM , Apr 03 2005 04:37 AM

  • This topic is locked This topic is locked

#1
TonyGM
Posted 03 April 2005 - 04:37 AM

TonyGM

    New Member

  • Member
  • Pip
  • 5 posts
Several viruses and spywares have been removed ;) BUT "loadinwebsite.com" still appears as soon as i connect to internet ;) .

Also hosts file is modified or even created in a metter of seconds if I delete it with this content:

69.20.16.183 auto.search.msn.com
69.20.16.183 search.netscape.com
69.20.16.183 ieautosearch
127.0.0.1 www.igetnet.com
127.0.0.1 code.ignphrases.com
127.0.0.1 clear-search.com
127.0.0.1 r1.clrsch.com
127.0.0.1 sds.clrsch.com
127.0.0.1 status.clrsch.com
127.0.0.1 www.clrsch.com
127.0.0.1 clr-sch.com
127.0.0.1 sds-qckads.com
127.0.0.1 status.qckads.com



Here is HJT's log:
Logfile of HijackThis v1.98.2
Scan saved at 12:12:11, on 3/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Logitech\QCDriver2\LVCOMS.EXE
C:\Archivos de programa\Logitech\ImageStudio\LogiTray.exe
C:\Archivos de programa\Browser MOUSE\mouse32a.exe
C:\ARCHIV~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\CDROM\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [LVCOMS] C:\Archivos de programa\Archivos comunes\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Archivos de programa\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Archivos de programa\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Archivos de programa\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AWMON] "C:\ARCHIV~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

Ad-aware, SpyBot, Panda Platinum & Panda Activescan don't find anything.

Could someone point me in the appropiate direction? :tazz:

Thanks in advance
  • 0

Advertisements

#2
g2i2r4
Posted 03 April 2005 - 08:12 AM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Maybe AdWatch is getting in your way. Disable it for a minute.

Download Hoster
Unzip it to a convenient place and open the program.
Choose "Restore Original Hosts" and press "OK".
Close the program.

Than reboot and make sure AdWatch is enabled again.

Let me know how things are now.
  • 0

#3
TonyGM
Posted 04 April 2005 - 09:55 AM

TonyGM

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Uninstalled all Lavasoftware. Wasn't really working.
HOSTS keep getting modified.
  • 0

#4
g2i2r4
Posted 04 April 2005 - 04:11 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Download L2mfix.

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
  • 0

#5
TonyGM
Posted 04 April 2005 - 04:56 PM

TonyGM

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here's the log
Do really everything have a meaning? (jeje)


L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\hr4805hue.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{FB554129-9B07-14B7-B2E3-0CD047049B9B}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Hoja de propiedades de archivos multimedia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Administraci¢n de esc ner ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="P gina de seguridad NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="P gina de propiedades del archivo de documentos OLE"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensiones de interfaz para uso compartido"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n CPL del adaptador de pantalla"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n CPL del monitor de pantalla"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n de paneo de pantalla del Panel de control"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="P gina de seguridad DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="P gina de compatibilidad"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extensi¢n de copia de discos"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensiones del shell para objetos de la red de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Administraci¢n de monitor ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Administraci¢n de impresora ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensiones del shell para compresi¢n de archivos"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extensi¢n del shell de impresora en Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Men£ de contexto de cifrado"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Malet¡n"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extensi¢n de icono de HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fuentes"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Perfil de ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="P gina de seguridad de impresoras"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensiones de interfaz para uso compartido"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extensi¢n PKO cifrada"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extensi¢n de firma cifrada"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Conexiones de red"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Conexiones de red"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&C maras y esc neres"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&C maras y esc neres"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&C maras y esc neres"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&C maras y esc neres"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&C maras y esc neres"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensiones del shell para Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="V¡nculos a datos de Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tareas programadas"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barra de tareas y men£ Inicio"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Buscar"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ayuda y soporte t‚cnico"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ayuda y soporte t‚cnico"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ejecutar..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Correo electr¢nico"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fuentes"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Herramientas administrativas"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barra de herramientas de Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Estado de la descarga"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Carpeta Shell aumentada"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Carpeta 2 Shell aumentada"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Banda del explorador de Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Banda de b£squeda"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Banda multimedia"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="B£squeda en panel"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="B£squeda Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilidad de opciones del  rbol de Registro"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Direcci¢n"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Cuadro de la direcci¢n"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autocompletar de Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autocompleta MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Lista autocompleta MRU personalizada"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barra de progreso emergente"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizador de Barra de direcciones"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autocompleta de la historia de Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autocompleta de la carpeta Shell de Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Contenedor de la Lista m£ltiple de Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Men£ de sitio de bandas Shell"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barra de escritorio Shell"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Asistencia al usuario"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Configuraci¢n de carpeta global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Servicio de Historial de las direcciones URL de Microsoft"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historial"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Archivos temporales de Internet"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Archivos temporales de Internet"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Hook de b£squeda de direcciones URL de Microsoft"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Pantalla de bienvenida de IE4 Suite"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Banda de Explorador"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Carpeta del cach‚ de ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Carpeta de suscripciones"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Administrador de aplicaciones de Shell"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Enumerador de aplicaciones instaladas"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extractor de vistas en miniatura de archivos GDI+"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Controlador de la informaci¢n de resumen para vistas en miniatura (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extractor de vistas en miniatura HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Asistente para la publicaci¢n en Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Pedido de impresiones v¡a web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objeto de Asistente de publicaci¢n de shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Asistente para obtener pasaporte"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Cuentas de usuario"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Carpeta de archivos sin conexi¢n"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Personas..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}"="Componente de extensi¢n del n£cleo de CorelDRAW"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{B446400D-0030-457b-8F64-422A19605186}"="Logitech Gallery"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Carpetas Web"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{63B76D76-E96E-4B1F-9520-BF5472595CE0}"=""
"{B9F43F2C-CC2C-461D-8B9B-F10FED3739A4}"=""
"{E11634F0-8394-47FA-A270-BB4A0FE6182A}"=""
"{E17CCF17-2C04-41A6-976C-5A349B1DD539}"=""
"{FA6C1FD0-0339-405E-B2F9-067C9F2F145C}"=""
"{7BBA0E7C-83CD-4791-B55F-A23B87AD90D6}"=""
"{3ADA6243-E436-4048-84B1-01D1F835E6B6}"=""
"{83CD629D-4EB9-4E2B-8464-4AF97D69CC64}"=""
"{868CFA96-4CEE-401E-98FF-2366333F65B5}"=""
"{0068C007-3636-4D54-80A8-F189E285BE3B}"=""
"{46171491-B9DC-4BB5-AB28-D437818776E8}"=""
"{60BEC017-8F58-4B7A-A50B-5B6D44DE8636}"=""
"{286FED4F-CD95-4DD8-905A-7E368F1AA0FE}"=""
"{B8E3AA2A-3599-4961-8CD4-2B736131C0CE}"=""
"{1F67AB38-BD1B-43DA-96DE-3107ADF78164}"=""
"{E7A27D1B-A9BA-443A-91A4-4FDEF2994169}"=""
"{B41D92F8-4A90-404D-B1A2-AA70B2A42818}"=""
"{5BD707B0-84B8-446B-82BD-68E185B6E935}"=""
"{4D19F175-A439-4E1C-BBFE-D7FB01E8B7CA}"=""
"{E1CBAE73-9176-4771-9657-1556ED33BB88}"=""
"{265E56BA-CF13-4B59-9481-8F4A1CFE322D}"=""
"{E49F1E5A-2411-4191-918B-DF262740ED02}"=""
"{F046E409-D25B-4B57-839D-6B9FB6D0D933}"=""
"{CC6E82DC-DB63-4FC0-843C-EF1788F9D187}"=""
"{E59A9F33-5266-4E28-BFC0-B0B5811989E3}"=""
"{A58CAB2E-9F95-4917-AF62-C4B8D465471A}"=""
"{C9676BC3-3D29-4EDB-82CE-EC418066A0D5}"=""
"{51EB7761-A26C-454D-89A1-C91398DDC3C6}"=""
"{B68B738D-7301-4739-8EC5-72604E811D01}"=""
"{036ADB14-BAC1-446C-94F6-E0B61965019E}"=""
"{51FCF010-E386-4A2C-A577-EA0A355F8FFC}"=""
"{D9F9301D-0E36-44CF-B601-2B698B6A4A12}"=""
"{3520A7A3-6940-4EAA-A82D-DD059451A3AA}"=""
"{34C3F086-F471-4B79-9EFF-ADC76DAC93F1}"=""
"{2ADC937C-456E-436F-8E2E-96907D76E9CE}"=""
"{283ECD9B-7F4D-41F1-8491-CE31F7DFBF47}"=""
"{6B63DC7B-D5EC-41C6-81C3-A6D7238B2407}"=""
"{24998752-A2CD-4AD0-B046-B85DF4757AEC}"=""
"{241D66F0-B1A8-49D3-A537-AC5BFDFDF59B}"=""
"{C0BE84B8-D13A-4BAE-8C7A-F7726C122EA1}"=""
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{1FEAB994-393B-4887-B5C9-EB5FD2A3DA3D}"=""
"{D84FDE4C-B768-4BF2-9D6C-85C3BAC96BCD}"=""
"{11D5B99D-0E2C-49A3-AF8A-189F63DC268B}"=""
"{7B0EEBE2-8A2E-44C3-A546-6E889755E4B1}"=""
"{B7DF7F2D-A374-4361-8A04-4DA41D666A4E}"=""
"{B17242A4-1CE9-42F5-8B50-AFC643E46AC2}"=""
"{76C3A3BA-7768-45F2-B8AF-8CECFDE3D759}"=""
"{51327B52-710D-416C-BB30-0F4B64EC1B6F}"=""
"{73916D1C-3BC3-481D-9E7F-164C0B55FA37}"=""
"{D68520D5-78C2-4058-A497-DDD90520435E}"=""
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Archivo de canal"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Acceso directo al canal"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Objeto de control de canal"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{5B10B255-F9EE-4C73-A3BC-4E6D18BFA81D}"=""
"{D91242AE-946A-4A67-96B6-7A301CF675C5}"=""
"{B9C2003E-C9DE-4282-99C3-57D3420B5BDB}"=""
"{C1693661-4FF3-43F8-9EB0-143EDF7BE1FA}"=""
"{A49D6FFB-2221-4F7D-BD87-028A74A8854A}"=""
"{4E0DB7F2-D831-42BB-8E56-5408EE390646}"=""
"{7830E099-E65C-4EFD-9B37-1753F8965F39}"=""
"{D71E8B00-53A1-4321-B578-D7EEFDEEBC61}"=""
"{65756541-C65C-11CD-0000-4B656E696100}"="Panda Antivirus"
"{5B8350F6-BEE9-4044-9332-E90296D070C0}"=""
"{760D4764-2A07-4F33-8ECA-DC9F627DF2EE}"=""
"{DA5BEE64-6FFB-480D-B504-7E2CFAAD3106}"=""
"{DE09E084-2CFC-401C-825D-B257BBCD540B}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B9F43F2C-CC2C-461D-8B9B-F10FED3739A4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B9F43F2C-CC2C-461D-8B9B-F10FED3739A4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B9F43F2C-CC2C-461D-8B9B-F10FED3739A4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B9F43F2C-CC2C-461D-8B9B-F10FED3739A4}\InprocServer32]
@="C:\\WINDOWS\\system32\\pzchdprf.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E11634F0-8394-47FA-A270-BB4A0FE6182A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E11634F0-8394-47FA-A270-BB4A0FE6182A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E11634F0-8394-47FA-A270-BB4A0FE6182A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E11634F0-8394-47FA-A270-BB4A0FE6182A}\InprocServer32]
@="C:\\WINDOWS\\system32\\wT2topl.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7BBA0E7C-83CD-4791-B55F-A23B87AD90D6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7BBA0E7C-83CD-4791-B55F-A23B87AD90D6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7BBA0E7C-83CD-4791-B55F-A23B87AD90D6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7BBA0E7C-83CD-4791-B55F-A23B87AD90D6}\InprocServer32]
@="C:\\WINDOWS\\system32\\awdiosrv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3ADA6243-E436-4048-84B1-01D1F835E6B6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3ADA6243-E436-4048-84B1-01D1F835E6B6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3ADA6243-E436-4048-84B1-01D1F835E6B6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3ADA6243-E436-4048-84B1-01D1F835E6B6}\InprocServer32]
@="C:\\WINDOWS\\system32\\CNMVIEW.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{83CD629D-4EB9-4E2B-8464-4AF97D69CC64}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{83CD629D-4EB9-4E2B-8464-4AF97D69CC64}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{83CD629D-4EB9-4E2B-8464-4AF97D69CC64}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{83CD629D-4EB9-4E2B-8464-4AF97D69CC64}\InprocServer32]
@="C:\\WINDOWS\\system32\\dksynth.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{868CFA96-4CEE-401E-98FF-2366333F65B5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{868CFA96-4CEE-401E-98FF-2366333F65B5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{868CFA96-4CEE-401E-98FF-2366333F65B5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{868CFA96-4CEE-401E-98FF-2366333F65B5}\InprocServer32]
@="C:\\WINDOWS\\system32\\iwwdial.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0068C007-3636-4D54-80A8-F189E285BE3B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0068C007-3636-4D54-80A8-F189E285BE3B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0068C007-3636-4D54-80A8-F189E285BE3B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0068C007-3636-4D54-80A8-F189E285BE3B}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{46171491-B9DC-4BB5-AB28-D437818776E8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{46171491-B9DC-4BB5-AB28-D437818776E8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{46171491-B9DC-4BB5-AB28-D437818776E8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{46171491-B9DC-4BB5-AB28-D437818776E8}\InprocServer32]
@="C:\\WINDOWS\\system32\\cputil.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{60BEC017-8F58-4B7A-A50B-5B6D44DE8636}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60BEC017-8F58-4B7A-A50B-5B6D44DE8636}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60BEC017-8F58-4B7A-A50B-5B6D44DE8636}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60BEC017-8F58-4B7A-A50B-5B6D44DE8636}\InprocServer32]
@="C:\\WINDOWS\\system32\\SVSTOOLS.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{286FED4F-CD95-4DD8-905A-7E368F1AA0FE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{286FED4F-CD95-4DD8-905A-7E368F1AA0FE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{286FED4F-CD95-4DD8-905A-7E368F1AA0FE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{286FED4F-CD95-4DD8-905A-7E368F1AA0FE}\InprocServer32]
@="C:\\WINDOWS\\system32\\mev1_0.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B8E3AA2A-3599-4961-8CD4-2B736131C0CE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B8E3AA2A-3599-4961-8CD4-2B736131C0CE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B8E3AA2A-3599-4961-8CD4-2B736131C0CE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B8E3AA2A-3599-4961-8CD4-2B736131C0CE}\InprocServer32]
@="C:\\WINDOWS\\system32\\cpyptnet.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1F67AB38-BD1B-43DA-96DE-3107ADF78164}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1F67AB38-BD1B-43DA-96DE-3107ADF78164}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1F67AB38-BD1B-43DA-96DE-3107ADF78164}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1F67AB38-BD1B-43DA-96DE-3107ADF78164}\InprocServer32]
@="C:\\WINDOWS\\system32\\csmpstui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E7A27D1B-A9BA-443A-91A4-4FDEF2994169}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E7A27D1B-A9BA-443A-91A4-4FDEF2994169}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E7A27D1B-A9BA-443A-91A4-4FDEF2994169}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E7A27D1B-A9BA-443A-91A4-4FDEF2994169}\InprocServer32]
@="C:\\WINDOWS\\system32\\rhched32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B41D92F8-4A90-404D-B1A2-AA70B2A42818}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B41D92F8-4A90-404D-B1A2-AA70B2A42818}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B41D92F8-4A90-404D-B1A2-AA70B2A42818}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B41D92F8-4A90-404D-B1A2-AA70B2A42818}\InprocServer32]
@="C:\\WINDOWS\\system32\\dc32gt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5BD707B0-84B8-446B-82BD-68E185B6E935}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5BD707B0-84B8-446B-82BD-68E185B6E935}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5BD707B0-84B8-446B-82BD-68E185B6E935}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5BD707B0-84B8-446B-82BD-68E185B6E935}\InprocServer32]
@="C:\\WINDOWS\\system32\\kmdhe220.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4D19F175-A439-4E1C-BBFE-D7FB01E8B7CA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4D19F175-A439-4E1C-BBFE-D7FB01E8B7CA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4D19F175-A439-4E1C-BBFE-D7FB01E8B7CA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4D19F175-A439-4E1C-BBFE-D7FB01E8B7CA}\InprocServer32]
@="C:\\WINDOWS\\system32\\dyskadp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E1CBAE73-9176-4771-9657-1556ED33BB88}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E1CBAE73-9176-4771-9657-1556ED33BB88}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E1CBAE73-9176-4771-9657-1556ED33BB88}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E1CBAE73-9176-4771-9657-1556ED33BB88}\InprocServer32]
@="C:\\WINDOWS\\system32\\mcrmsg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{265E56BA-CF13-4B59-9481-8F4A1CFE322D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{265E56BA-CF13-4B59-9481-8F4A1CFE322D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{265E56BA-CF13-4B59-9481-8F4A1CFE322D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{265E56BA-CF13-4B59-9481-8F4A1CFE322D}\InprocServer32]
@="C:\\WINDOWS\\system32\\rYsmontr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E49F1E5A-2411-4191-918B-DF262740ED02}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E49F1E5A-2411-4191-918B-DF262740ED02}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E49F1E5A-2411-4191-918B-DF262740ED02}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E49F1E5A-2411-4191-918B-DF262740ED02}\InprocServer32]
@="C:\\WINDOWS\\system32\\bdowselc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F046E409-D25B-4B57-839D-6B9FB6D0D933}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F046E409-D25B-4B57-839D-6B9FB6D0D933}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F046E409-D25B-4B57-839D-6B9FB6D0D933}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F046E409-D25B-4B57-839D-6B9FB6D0D933}\InprocServer32]
@="C:\\WINDOWS\\system32\\PUIKey.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CC6E82DC-DB63-4FC0-843C-EF1788F9D187}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CC6E82DC-DB63-4FC0-843C-EF1788F9D187}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CC6E82DC-DB63-4FC0-843C-EF1788F9D187}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CC6E82DC-DB63-4FC0-843C-EF1788F9D187}\InprocServer32]
@="C:\\WINDOWS\\system32\\wxascr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E59A9F33-5266-4E28-BFC0-B0B5811989E3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E59A9F33-5266-4E28-BFC0-B0B5811989E3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E59A9F33-5266-4E28-BFC0-B0B5811989E3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E59A9F33-5266-4E28-BFC0-B0B5811989E3}\InprocServer32]
@="C:\\WINDOWS\\system32\\shxcoins.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A58CAB2E-9F95-4917-AF62-C4B8D465471A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A58CAB2E-9F95-4917-AF62-C4B8D465471A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A58CAB2E-9F95-4917-AF62-C4B8D465471A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A58CAB2E-9F95-4917-AF62-C4B8D465471A}\InprocServer32]
@="C:\\WINDOWS\\system32\\aycups.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C9676BC3-3D29-4EDB-82CE-EC418066A0D5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C9676BC3-3D29-4EDB-82CE-EC418066A0D5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C9676BC3-3D29-4EDB-82CE-EC418066A0D5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C9676BC3-3D29-4EDB-82CE-EC418066A0D5}\InprocServer32]
@="C:\\WINDOWS\\system32\\mbcertui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{51EB7761-A26C-454D-89A1-C91398DDC3C6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{51EB7761-A26C-454D-89A1-C91398DDC3C6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{51EB7761-A26C-454D-89A1-C91398DDC3C6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{51EB7761-A26C-454D-89A1-C91398DDC3C6}\InprocServer32]
@="C:\\WINDOWS\\system32\\SCFM1032.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B68B738D-7301-4739-8EC5-72604E811D01}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B68B738D-7301-4739-8EC5-72604E811D01}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B68B738D-7301-4739-8EC5-72604E811D01}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B68B738D-7301-4739-8EC5-72604E811D01}\InprocServer32]
@="C:\\WINDOWS\\system32\\kidtat.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{036ADB14-BAC1-446C-94F6-E0B61965019E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{036ADB14-BAC1-446C-94F6-E0B61965019E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{036ADB14-BAC1-446C-94F6-E0B61965019E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{036ADB14-BAC1-446C-94F6-E0B61965019E}\InprocServer32]
@="C:\\WINDOWS\\system32\\kcdycc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{51FCF010-E386-4A2C-A577-EA0A355F8FFC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{51FCF010-E386-4A2C-A577-EA0A355F8FFC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{51FCF010-E386-4A2C-A577-EA0A355F8FFC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{51FCF010-E386-4A2C-A577-EA0A355F8FFC}\InprocServer32]
@="C:\\WINDOWS\\system32\\BPOWSEUI.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3520A7A3-6940-4EAA-A82D-DD059451A3AA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3520A7A3-6940-4EAA-A82D-DD059451A3AA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3520A7A3-6940-4EAA-A82D-DD059451A3AA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3520A7A3-6940-4EAA-A82D-DD059451A3AA}\InprocServer32]
@="C:\\WINDOWS\\system32\\lznkinfo.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2ADC937C-456E-436F-8E2E-96907D76E9CE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2ADC937C-456E-436F-8E2E-96907D76E9CE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2ADC937C-456E-436F-8E2E-96907D76E9CE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2ADC937C-456E-436F-8E2E-96907D76E9CE}\InprocServer32]
@="C:\\WINDOWS\\system32\\wlvdmoe.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{283ECD9B-7F4D-41F1-8491-CE31F7DFBF47}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{283ECD9B-7F4D-41F1-8491-CE31F7DFBF47}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{283ECD9B-7F4D-41F1-8491-CE31F7DFBF47}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{283ECD9B-7F4D-41F1-8491-CE31F7DFBF47}\InprocServer32]
@="C:\\WINDOWS\\system32\\dumsvinn.dLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6B63DC7B-D5EC-41C6-81C3-A6D7238B2407}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B63DC7B-D5EC-41C6-81C3-A6D7238B2407}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B63DC7B-D5EC-41C6-81C3-A6D7238B2407}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B63DC7B-D5EC-41C6-81C3-A6D7238B2407}\InprocServer32]
@="C:\\WINDOWS\\system32\\rygapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{24998752-A2CD-4AD0-B046-B85DF4757AEC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{24998752-A2CD-4AD0-B046-B85DF4757AEC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{24998752-A2CD-4AD0-B046-B85DF4757AEC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{24998752-A2CD-4AD0-B046-B85DF4757AEC}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{241D66F0-B1A8-49D3-A537-AC5BFDFDF59B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{241D66F0-B1A8-49D3-A537-AC5BFDFDF59B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{241D66F0-B1A8-49D3-A537-AC5BFDFDF59B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{241D66F0-B1A8-49D3-A537-AC5BFDFDF59B}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C0BE84B8-D13A-4BAE-8C7A-F7726C122EA1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0BE84B8-D13A-4BAE-8C7A-F7726C122EA1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0BE84B8-D13A-4BAE-8C7A-F7726C122EA1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0BE84B8-D13A-4BAE-8C7A-F7726C122EA1}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1FEAB994-393B-4887-B5C9-EB5FD2A3DA3D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1FEAB994-393B-4887-B5C9-EB5FD2A3DA3D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1FEAB994-393B-4887-B5C9-EB5FD2A3DA3D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1FEAB994-393B-4887-B5C9-EB5FD2A3DA3D}\InprocServer32]
@="C:\\WINDOWS\\system32\\rdutetab.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D84FDE4C-B768-4BF2-9D6C-85C3BAC96BCD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D84FDE4C-B768-4BF2-9D6C-85C3BAC96BCD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D84FDE4C-B768-4BF2-9D6C-85C3BAC96BCD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D84FDE4C-B768-4BF2-9D6C-85C3BAC96BCD}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{11D5B99D-0E2C-49A3-AF8A-189F63DC268B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11D5B99D-0E2C-49A3-AF8A-189F63DC268B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11D5B99D-0E2C-49A3-AF8A-189F63DC268B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11D5B99D-0E2C-49A3-AF8A-189F63DC268B}\InprocServer32]
@="C:\\WINDOWS\\system32\\cvfgnt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7B0EEBE2-8A2E-44C3-A546-6E889755E4B1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B0EEBE2-8A2E-44C3-A546-6E889755E4B1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B0EEBE2-8A2E-44C3-A546-6E889755E4B1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B0EEBE2-8A2E-44C3-A546-6E889755E4B1}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B7DF7F2D-A374-4361-8A04-4DA41D666A4E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B7DF7F2D-A374-4361-8A04-4DA41D666A4E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B7DF7F2D-A374-4361-8A04-4DA41D666A4E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B7DF7F2D-A374-4361-8A04-4DA41D666A4E}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B17242A4-1CE9-42F5-8B50-AFC643E46AC2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B17242A4-1CE9-42F5-8B50-AFC643E46AC2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B17242A4-1CE9-42F5-8B50-AFC643E46AC2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B17242A4-1CE9-42F5-8B50-AFC643E46AC2}\InprocServer32]
@="C:\\WINDOWS\\system32\\mjmtapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{76C3A3BA-7768-45F2-B8AF-8CECFDE3D759}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{76C3A3BA-7768-45F2-B8AF-8CECFDE3D759}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{76C3A3BA-7768-45F2-B8AF-8CECFDE3D759}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{76C3A3BA-7768-45F2-B8AF-8CECFDE3D759}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{51327B52-710D-416C-BB30-0F4B64EC1B6F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{51327B52-710D-416C-BB30-0F4B64EC1B6F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{51327B52-710D-416C-BB30-0F4B64EC1B6F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{51327B52-710D-416C-BB30-0F4B64EC1B6F}\InprocServer32]
@="C:\\WINDOWS\\system32\\ktdcan.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{73916D1C-3BC3-481D-9E7F-164C0B55FA37}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{73916D1C-3BC3-481D-9E7F-164C0B55FA37}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{73916D1C-3BC3-481D-9E7F-164C0B55FA37}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{73916D1C-3BC3-481D-9E7F-164C0B55FA37}\InprocServer32]
@="C:\\WINDOWS\\system32\\saecli.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D68520D5-78C2-4058-A497-DDD90520435E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D68520D5-78C2-4058-A497-DDD90520435E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D68520D5-78C2-4058-A497-DDD90520435E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D68520D5-78C2-4058-A497-DDD90520435E}\InprocServer32]
@="C:\\WINDOWS\\system32\\ovesvr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5B10B255-F9EE-4C73-A3BC-4E6D18BFA81D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5B10B255-F9EE-4C73-A3BC-4E6D18BFA81D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5B10B255-F9EE-4C73-A3BC-4E6D18BFA81D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5B10B255-F9EE-4C73-A3BC-4E6D18BFA81D}\InprocServer32]
@="C:\\WINDOWS\\system32\\gji32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D91242AE-946A-4A67-96B6-7A301CF675C5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D91242AE-946A-4A67-96B6-7A301CF675C5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D91242AE-946A-4A67-96B6-7A301CF675C5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D91242AE-946A-4A67-96B6-7A301CF675C5}\InprocServer32]
@="C:\\WINDOWS\\system32\\mgxml2r.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B9C2003E-C9DE-4282-99C3-57D3420B5BDB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B9C2003E-C9DE-4282-99C3-57D3420B5BDB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B9C2003E-C9DE-4282-99C3-57D3420B5BDB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B9C2003E-C9DE-4282-99C3-57D3420B5BDB}\InprocServer32]
@="C:\\WINDOWS\\system32\\cdlib-1-6.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C1693661-4FF3-43F8-9EB0-143EDF7BE1FA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1693661-4FF3-43F8-9EB0-143EDF7BE1FA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1693661-4FF3-43F8-9EB0-143EDF7BE1FA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1693661-4FF3-43F8-9EB0-143EDF7BE1FA}\InprocServer32]
@="C:\\WINDOWS\\system32\\ukrlbva.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A49D6FFB-2221-4F7D-BD87-028A74A8854A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A49D6FFB-2221-4F7D-BD87-028A74A8854A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A49D6FFB-2221-4F7D-BD87-028A74A8854A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A49D6FFB-2221-4F7D-BD87-028A74A8854A}\InprocServer32]
@="C:\\WINDOWS\\system32\\ahsmsext.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4E0DB7F2-D831-42BB-8E56-5408EE390646}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4E0DB7F2-D831-42BB-8E56-5408EE390646}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4E0DB7F2-D831-42BB-8E56-5408EE390646}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4E0DB7F2-D831-42BB-8E56-5408EE390646}\InprocServer32]
@="C:\\WINDOWS\\system32\\oqesvr32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7830E099-E65C-4EFD-9B37-1753F8965F39}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{7830E099-E65C-4EFD-9B37-1753F8965F39}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7830E099-E65C-4EFD-9B37-1753F8965F39}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7830E099-E65C-4EFD-9B37-1753F8965F39}\InprocServer32]
@="C:\\WINDOWS\\system32\\mxwmdmsp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D71E8B00-53A1-4321-B578-D7EEFDEEBC61}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D71E8B00-53A1-4321-B578-D7EEFDEEBC61}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D71E8B00-53A1-4321-B578-D7EEFDEEBC61}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D71E8B00-53A1-4321-B578-D7EEFDEEBC61}\InprocServer32]
@="C:\\WINDOWS\\system32\\kxdpo.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5B8350F6-BEE9-4044-9332-E90296D070C0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5B8350F6-BEE9-4044-9332-E90296D070C0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5B8350F6-BEE9-4044-9332-E90296D070C0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5B8350F6-BEE9-4044-9332-E90296D070C0}\InprocServer32]
@="C:\\WINDOWS\\system32\\ohfox32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{760D4764-2A07-4F33-8ECA-DC9F627DF2EE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{760D4764-2A07-4F33-8ECA-DC9F627DF2EE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{760D4764-2A07-4F33-8ECA-DC9F627DF2EE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{760D4764-2A07-4F33-8ECA-DC9F627DF2EE}\InprocServer32]
@="C:\\WINDOWS\\system32\\domstor.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DA5BEE64-6FFB-480D-B504-7E2CFAAD3106}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DA5BEE64-6FFB-480D-B504-7E2CFAAD3106}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DA5BEE64-6FFB-480D-B504-7E2CFAAD3106}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DA5BEE64-6FFB-480D-B504-7E2CFAAD3106}\InprocServer32]
@="C:\\WINDOWS\\system32\\ofexl32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DE09E084-2CFC-401C-825D-B257BBCD540B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DE09E084-2CFC-401C-825D-B257BBCD540B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DE09E084-2CFC-401C-825D-B257BBCD540B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DE09E084-2CFC-401C-825D-B257BBCD540B}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
ahsmsext.dll Mon 14 Mar 2005 9:15:04 ..S.R 234.697 229,20 K
ohfox32.dll Sun 3 Apr 2005 10:57:06 ..S.R 234.785 229,28 K
nzvdmd.dll Fri 1 Apr 2005 20:09:20 ..S.R 233.160 227,70 K
hr4805~1.dll Sun 3 Apr 2005 0:09:38 ..S.R 234.785 229,28 K
wsnscard.dll Sat 2 Apr 2005 12:20:52 ..S.R 233.160 227,70 K
irfosoft.dll Sat 2 Apr 2005 18:04:26 ..S.R 232.924 227,46 K
sslunirl.dll Sat 2 Apr 2005 14:23:06 ..S.R 236.144 230,61 K
domstor.dll Sat 2 Apr 2005 14:32:30 ..S.R 233.167 227,70 K
kwdinmal.dll Wed 9 Mar 2005 11:18:08 ..S.R 233.229 227,76 K
kydit.dll Sat 2 Apr 2005 19:28:08 ..S.R 232.924 227,46 K
ombcint.dll Wed 9 Mar 2005 11:13:46 ..S.R 233.229 227,76 K
mhconf.dll Fri 1 Apr 2005 21:37:50 ..S.R 233.160 227,70 K
gji32.dll Wed 9 Mar 2005 12:46:00 ..S.R 234.445 228,95 K
kxdpo.dll Sat 2 Apr 2005 12:54:50 ..S.R 234.733 229,23 K
rpcss.dll Fri 14 Jan 2005 9:55:52 A.... 395.776 386,50 K
wy2help.dll Sat 2 Apr 2005 14:38:56 ..S.R 233.991 228,50 K
browseui.dll Thu 27 Jan 2005 18:14:20 A.... 1.017.344 993,50 K
kldno.dll Sat 2 Apr 2005 14:55:56 ..S.R 233.167 227,70 K
ofexl32.dll Sat 2 Apr 2005 15:11:30 ..S.R 233.947 228,46 K
cdfview.dll Thu 27 Jan 2005 18:14:20 A.... 151.552 148,00 K
iepeers.dll Thu 27 Jan 2005 18:14:20 A.... 249.856 244,00 K
  • 0

#6
g2i2r4
Posted 04 April 2005 - 05:54 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
  • 0

#7
TonyGM
Posted 05 April 2005 - 03:59 AM

TonyGM

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here it is

L2Mfix 1.03

Running From:
C:\Documents and Settings\P\Escritorio\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Usuarios
(ID-IO) ALLOW Read BUILTIN\Usuarios
(ID-NI) ALLOW Read BUILTIN\Usuarios avanzados
(ID-IO) ALLOW Read BUILTIN\Usuarios avanzados
(ID-NI) ALLOW Full access BUILTIN\Administradores
(ID-IO) ALLOW Full access BUILTIN\Administradores
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administradores
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Usuarios
(ID-IO) ALLOW Read BUILTIN\Usuarios
(ID-NI) ALLOW Read BUILTIN\Usuarios avanzados
(ID-IO) ALLOW Read BUILTIN\Usuarios avanzados
(ID-NI) ALLOW Full access BUILTIN\Administradores
(ID-IO) ALLOW Full access BUILTIN\Administradores
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting up for Reboot


Starting Reboot!

C:\Documents and Settings\P\Escritorio\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\P\Escritorio\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1144 'explorer.exe'
Killing PID 1144 'explorer.exe'
Killing PID 1144 'explorer.exe'
Killing PID 1144 'explorer.exe'
Killing PID 1144 'explorer.exe'
Killing PID 1144 'explorer.exe'
Killing PID 1144 'explorer.exe'
Killing PID 1144 'explorer.exe'
Killing PID 1144 'explorer.exe'
Killing PID 1144 'explorer.exe'
Killing PID 1144 'explorer.exe'
Killing PID 1144 'explorer.exe'
Killing PID 1144 'explorer.exe'
Killing PID 1144 'explorer.exe'
Killing PID 1144 'explorer.exe'
Killing PID 1144 'explorer.exe'
Killing PID 1144 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1828 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\ahsmsext.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\nzvdmd.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\lv0o09d3e.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\wsnscard.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\irfosoft.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\sslunirl.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\domstor.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\kwdinmal.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\kydit.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\ombcint.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\mhconf.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\gji32.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\kxdpo.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\wy2help.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\kldno.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\ofexl32.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\mgxml2r.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\cdetcfg.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\ugrar.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\wvigest.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\latif11n.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\mwr2c.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\MDPI.DLL
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\en6ol1j31.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\hr4805hue.DLL
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\OLCodec2.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\wA2time.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\ukrlbva.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\cdlib-1-6.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\lt2027fmg.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\m0nq0a55ed.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\f40o0ed3eh0.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\i4jq0e15eh.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\q4psle771h.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\l04qlah51d4.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\oqesvr32.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\n8p40i7qe8.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\sdcbase.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\fkusd.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\k6lqlg3516.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\dVdrm.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\cl3uut9.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\ojbccr32.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\azi2cqag.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\whadefui.dll
1 archivos copiados.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 archivos copiados.
deleting: C:\WINDOWS\system32\ahsmsext.dll
Successfully Deleted: C:\WINDOWS\system32\ahsmsext.dll
deleting: C:\WINDOWS\system32\nzvdmd.dll
Successfully Deleted: C:\WINDOWS\system32\nzvdmd.dll
deleting: C:\WINDOWS\system32\lv0o09d3e.dll
Successfully Deleted: C:\WINDOWS\system32\lv0o09d3e.dll
deleting: C:\WINDOWS\system32\wsnscard.dll
Successfully Deleted: C:\WINDOWS\system32\wsnscard.dll
deleting: C:\WINDOWS\system32\irfosoft.dll
Successfully Deleted: C:\WINDOWS\system32\irfosoft.dll
deleting: C:\WINDOWS\system32\sslunirl.dll
Successfully Deleted: C:\WINDOWS\system32\sslunirl.dll
deleting: C:\WINDOWS\system32\domstor.dll
Successfully Deleted: C:\WINDOWS\system32\domstor.dll
deleting: C:\WINDOWS\system32\kwdinmal.dll
Successfully Deleted: C:\WINDOWS\system32\kwdinmal.dll
deleting: C:\WINDOWS\system32\kydit.dll
Successfully Deleted: C:\WINDOWS\system32\kydit.dll
deleting: C:\WINDOWS\system32\ombcint.dll
Successfully Deleted: C:\WINDOWS\system32\ombcint.dll
deleting: C:\WINDOWS\system32\mhconf.dll
Successfully Deleted: C:\WINDOWS\system32\mhconf.dll
deleting: C:\WINDOWS\system32\gji32.dll
Successfully Deleted: C:\WINDOWS\system32\gji32.dll
deleting: C:\WINDOWS\system32\kxdpo.dll
Successfully Deleted: C:\WINDOWS\system32\kxdpo.dll
deleting: C:\WINDOWS\system32\wy2help.dll
Successfully Deleted: C:\WINDOWS\system32\wy2help.dll
deleting: C:\WINDOWS\system32\kldno.dll
Successfully Deleted: C:\WINDOWS\system32\kldno.dll
deleting: C:\WINDOWS\system32\ofexl32.dll
Successfully Deleted: C:\WINDOWS\system32\ofexl32.dll
deleting: C:\WINDOWS\system32\mgxml2r.dll
Successfully Deleted: C:\WINDOWS\system32\mgxml2r.dll
deleting: C:\WINDOWS\system32\cdetcfg.dll
Successfully Deleted: C:\WINDOWS\system32\cdetcfg.dll
deleting: C:\WINDOWS\system32\ugrar.dll
Successfully Deleted: C:\WINDOWS\system32\ugrar.dll
deleting: C:\WINDOWS\system32\wvigest.dll
Successfully Deleted: C:\WINDOWS\system32\wvigest.dll
deleting: C:\WINDOWS\system32\latif11n.dll
Successfully Deleted: C:\WINDOWS\system32\latif11n.dll
deleting: C:\WINDOWS\system32\mwr2c.dll
Successfully Deleted: C:\WINDOWS\system32\mwr2c.dll
deleting: C:\WINDOWS\system32\MDPI.DLL
Successfully Deleted: C:\WINDOWS\system32\MDPI.DLL
deleting: C:\WINDOWS\system32\en6ol1j31.dll
Successfully Deleted: C:\WINDOWS\system32\en6ol1j31.dll
deleting: C:\WINDOWS\system32\hr4805hue.DLL
Successfully Deleted: C:\WINDOWS\system32\hr4805hue.DLL
deleting: C:\WINDOWS\system32\OLCodec2.dll
Successfully Deleted: C:\WINDOWS\system32\OLCodec2.dll
deleting: C:\WINDOWS\system32\wA2time.dll
Successfully Deleted: C:\WINDOWS\system32\wA2time.dll
deleting: C:\WINDOWS\system32\ukrlbva.dll
Successfully Deleted: C:\WINDOWS\system32\ukrlbva.dll
deleting: C:\WINDOWS\system32\cdlib-1-6.dll
Successfully Deleted: C:\WINDOWS\system32\cdlib-1-6.dll
deleting: C:\WINDOWS\system32\lt2027fmg.dll
Successfully Deleted: C:\WINDOWS\system32\lt2027fmg.dll
deleting: C:\WINDOWS\system32\m0nq0a55ed.dll
Successfully Deleted: C:\WINDOWS\system32\m0nq0a55ed.dll
deleting: C:\WINDOWS\system32\f40o0ed3eh0.dll
Successfully Deleted: C:\WINDOWS\system32\f40o0ed3eh0.dll
deleting: C:\WINDOWS\system32\i4jq0e15eh.dll
Successfully Deleted: C:\WINDOWS\system32\i4jq0e15eh.dll
deleting: C:\WINDOWS\system32\q4psle771h.dll
Successfully Deleted: C:\WINDOWS\system32\q4psle771h.dll
deleting: C:\WINDOWS\system32\l04qlah51d4.dll
Successfully Deleted: C:\WINDOWS\system32\l04qlah51d4.dll
deleting: C:\WINDOWS\system32\oqesvr32.dll
Successfully Deleted: C:\WINDOWS\system32\oqesvr32.dll
deleting: C:\WINDOWS\system32\n8p40i7qe8.dll
Successfully Deleted: C:\WINDOWS\system32\n8p40i7qe8.dll
deleting: C:\WINDOWS\system32\sdcbase.dll
Successfully Deleted: C:\WINDOWS\system32\sdcbase.dll
deleting: C:\WINDOWS\system32\fkusd.dll
Successfully Deleted: C:\WINDOWS\system32\fkusd.dll
deleting: C:\WINDOWS\system32\k6lqlg3516.dll
Successfully Deleted: C:\WINDOWS\system32\k6lqlg3516.dll
deleting: C:\WINDOWS\system32\dVdrm.dll
Successfully Deleted: C:\WINDOWS\system32\dVdrm.dll
deleting: C:\WINDOWS\system32\cl3uut9.dll
Successfully Deleted: C:\WINDOWS\system32\cl3uut9.dll
deleting: C:\WINDOWS\system32\ojbccr32.dll
Successfully Deleted: C:\WINDOWS\system32\ojbccr32.dll
deleting: C:\WINDOWS\system32\azi2cqag.dll
Successfully Deleted: C:\WINDOWS\system32\azi2cqag.dll
deleting: C:\WINDOWS\system32\whadefui.dll
Successfully Deleted: C:\WINDOWS\system32\whadefui.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp

Desktop.ini sucessfully removed


Zipping up files for submission:
adding: ahsmsext.dll (deflated 5%)
adding: nzvdmd.dll (deflated 4%)
adding: lv0o09d3e.dll (deflated 4%)
adding: wsnscard.dll (deflated 4%)
adding: irfosoft.dll (deflated 4%)
adding: sslunirl.dll (deflated 6%)
adding: domstor.dll (deflated 4%)
adding: kwdinmal.dll (deflated 4%)
adding: kydit.dll (deflated 4%)
adding: ombcint.dll (deflated 4%)
adding: mhconf.dll (deflated 4%)
adding: gji32.dll (deflated 5%)
adding: kxdpo.dll (deflated 5%)
adding: wy2help.dll (deflated 5%)
adding: kldno.dll (deflated 4%)
adding: ofexl32.dll (deflated 5%)
adding: mgxml2r.dll (deflated 4%)
adding: cdetcfg.dll (deflated 4%)
adding: ugrar.dll (deflated 5%)
adding: wvigest.dll (deflated 5%)
adding: latif11n.dll (deflated 5%)
adding: mwr2c.dll (deflated 6%)
adding: MDPI.DLL (deflated 6%)
adding: en6ol1j31.dll (deflated 5%)
adding: hr4805hue.DLL (deflated 5%)
adding: OLCodec2.dll (deflated 6%)
adding: wA2time.dll (deflated 5%)
adding: ukrlbva.dll (deflated 4%)
adding: cdlib-1-6.dll (deflated 5%)
adding: lt2027fmg.dll (deflated 5%)
adding: m0nq0a55ed.dll (deflated 4%)
adding: f40o0ed3eh0.dll (deflated 4%)
adding: i4jq0e15eh.dll (deflated 5%)
adding: q4psle771h.dll (deflated 4%)
adding: l04qlah51d4.dll (deflated 5%)
adding: oqesvr32.dll (deflated 4%)
adding: n8p40i7qe8.dll (deflated 4%)
adding: sdcbase.dll (deflated 4%)
adding: fkusd.dll (deflated 5%)
adding: k6lqlg3516.dll (deflated 4%)
adding: dVdrm.dll (deflated 4%)
adding: cl3uut9.dll (deflated 5%)
adding: ojbccr32.dll (deflated 5%)
adding: azi2cqag.dll (deflated 4%)
adding: whadefui.dll (deflated 5%)
adding: guard.tmp (deflated 6%)
adding: echo.reg (deflated 9%)
adding: clear.reg (deflated 73%)
adding: desktop.ini (stored 0%)
adding: readme.txt (deflated 49%)
adding: direct.txt (stored 0%)
adding: lo2.txt (deflated 85%)
adding: test2.txt (deflated 50%)
adding: test3.txt (deflated 50%)
adding: test5.txt (deflated 50%)
adding: test.txt (deflated 82%)
adding: xfind.txt (deflated 76%)
adding: report.txt (deflated 79%)
adding: backregs/shell.reg (deflated 72%)
adding: backregs/B9F43F2C-CC2C-461D-8B9B-F10FED3739A4.reg (deflated 70%)
adding: backregs/E11634F0-8394-47FA-A270-BB4A0FE6182A.reg (deflated 70%)
adding: backregs/7BBA0E7C-83CD-4791-B55F-A23B87AD90D6.reg (deflated 70%)
adding: backregs/3ADA6243-E436-4048-84B1-01D1F835E6B6.reg (deflated 70%)
adding: backregs/83CD629D-4EB9-4E2B-8464-4AF97D69CC64.reg (deflated 70%)
adding: backregs/868CFA96-4CEE-401E-98FF-2366333F65B5.reg (deflated 70%)
adding: backregs/0068C007-3636-4D54-80A8-F189E285BE3B.reg (deflated 70%)
adding: backregs/46171491-B9DC-4BB5-AB28-D437818776E8.reg (deflated 70%)
adding: backregs/60BEC017-8F58-4B7A-A50B-5B6D44DE8636.reg (deflated 70%)
adding: backregs/286FED4F-CD95-4DD8-905A-7E368F1AA0FE.reg (deflated 70%)
adding: backregs/B8E3AA2A-3599-4961-8CD4-2B736131C0CE.reg (deflated 70%)
adding: backregs/1F67AB38-BD1B-43DA-96DE-3107ADF78164.reg (deflated 70%)
adding: backregs/E7A27D1B-A9BA-443A-91A4-4FDEF2994169.reg (deflated 70%)
adding: backregs/B41D92F8-4A90-404D-B1A2-AA70B2A42818.reg (deflated 70%)
adding: backregs/5BD707B0-84B8-446B-82BD-68E185B6E935.reg (deflated 70%)
adding: backregs/4D19F175-A439-4E1C-BBFE-D7FB01E8B7CA.reg (deflated 70%)
adding: backregs/E1CBAE73-9176-4771-9657-1556ED33BB88.reg (deflated 70%)
adding: backregs/265E56BA-CF13-4B59-9481-8F4A1CFE322D.reg (deflated 70%)
adding: backregs/E49F1E5A-2411-4191-918B-DF262740ED02.reg (deflated 70%)
adding: backregs/F046E409-D25B-4B57-839D-6B9FB6D0D933.reg (deflated 70%)
adding: backregs/CC6E82DC-DB63-4FC0-843C-EF1788F9D187.reg (deflated 70%)
adding: backregs/E59A9F33-5266-4E28-BFC0-B0B5811989E3.reg (deflated 70%)
adding: backregs/A58CAB2E-9F95-4917-AF62-C4B8D465471A.reg (deflated 70%)
adding: backregs/C9676BC3-3D29-4EDB-82CE-EC418066A0D5.reg (deflated 70%)
adding: backregs/51EB7761-A26C-454D-89A1-C91398DDC3C6.reg (deflated 70%)
adding: backregs/B68B738D-7301-4739-8EC5-72604E811D01.reg (deflated 70%)
adding: backregs/036ADB14-BAC1-446C-94F6-E0B61965019E.reg (deflated 70%)
adding: backregs/51FCF010-E386-4A2C-A577-EA0A355F8FFC.reg (deflated 70%)
adding: backregs/3520A7A3-6940-4EAA-A82D-DD059451A3AA.reg (deflated 70%)
adding: backregs/2ADC937C-456E-436F-8E2E-96907D76E9CE.reg (deflated 70%)
adding: backregs/283ECD9B-7F4D-41F1-8491-CE31F7DFBF47.reg (deflated 70%)
adding: backregs/6B63DC7B-D5EC-41C6-81C3-A6D7238B2407.reg (deflated 70%)
adding: backregs/24998752-A2CD-4AD0-B046-B85DF4757AEC.reg (deflated 70%)
adding: backregs/241D66F0-B1A8-49D3-A537-AC5BFDFDF59B.reg (deflated 70%)
adding: backregs/C0BE84B8-D13A-4BAE-8C7A-F7726C122EA1.reg (deflated 70%)
adding: backregs/1FEAB994-393B-4887-B5C9-EB5FD2A3DA3D.reg (deflated 70%)
adding: backregs/D84FDE4C-B768-4BF2-9D6C-85C3BAC96BCD.reg (deflated 70%)
adding: backregs/11D5B99D-0E2C-49A3-AF8A-189F63DC268B.reg (deflated 70%)
adding: backregs/7B0EEBE2-8A2E-44C3-A546-6E889755E4B1.reg (deflated 70%)
adding: backregs/B7DF7F2D-A374-4361-8A04-4DA41D666A4E.reg (deflated 70%)
adding: backregs/B17242A4-1CE9-42F5-8B50-AFC643E46AC2.reg (deflated 70%)
adding: backregs/76C3A3BA-7768-45F2-B8AF-8CECFDE3D759.reg (deflated 70%)
adding: backregs/51327B52-710D-416C-BB30-0F4B64EC1B6F.reg (deflated 70%)
adding: backregs/73916D1C-3BC3-481D-9E7F-164C0B55FA37.reg (deflated 70%)
adding: backregs/D68520D5-78C2-4058-A497-DDD90520435E.reg (deflated 70%)
adding: backregs/5B10B255-F9EE-4C73-A3BC-4E6D18BFA81D.reg (deflated 70%)
adding: backregs/D91242AE-946A-4A67-96B6-7A301CF675C5.reg (deflated 70%)
adding: backregs/B9C2003E-C9DE-4282-99C3-57D3420B5BDB.reg (deflated 70%)
adding: backregs/C1693661-4FF3-43F8-9EB0-143EDF7BE1FA.reg (deflated 70%)
adding: backregs/A49D6FFB-2221-4F7D-BD87-028A74A8854A.reg (deflated 70%)
adding: backregs/4E0DB7F2-D831-42BB-8E56-5408EE390646.reg (deflated 70%)
adding: backregs/7830E099-E65C-4EFD-9B37-1753F8965F39.reg (deflated 69%)
adding: backregs/D71E8B00-53A1-4321-B578-D7EEFDEEBC61.reg (deflated 70%)
adding: backregs/5B8350F6-BEE9-4044-9332-E90296D070C0.reg (deflated 70%)
adding: backregs/760D4764-2A07-4F33-8ECA-DC9F627DF2EE.reg (deflated 70%)
adding: backregs/DA5BEE64-6FFB-480D-B504-7E2CFAAD3106.reg (deflated 70%)
adding: backregs/DE09E084-2CFC-401C-825D-B257BBCD540B.reg (deflated 70%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Usuarios
(ID-IO) ALLOW Read BUILTIN\Usuarios
(ID-NI) ALLOW Read BUILTIN\Usuarios avanzados
(ID-IO) ALLOW Read BUILTIN\Usuarios avanzados
(ID-NI) ALLOW Full access BUILTIN\Administradores
(ID-IO) ALLOW Full access BUILTIN\Administradores
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332

deleting local copy: ahsmsext.dll
deleting local copy: nzvdmd.dll
deleting local copy: lv0o09d3e.dll
deleting local copy: wsnscard.dll
deleting local copy: irfosoft.dll
deleting local copy: sslunirl.dll
deleting local copy: domstor.dll
deleting local copy: kwdinmal.dll
deleting local copy: kydit.dll
deleting local copy: ombcint.dll
deleting local copy: mhconf.dll
deleting local copy: gji32.dll
deleting local copy: kxdpo.dll
deleting local copy: wy2help.dll
deleting local copy: kldno.dll
deleting local copy: ofexl32.dll
deleting local copy: mgxml2r.dll
deleting local copy: cdetcfg.dll
deleting local copy: ugrar.dll
deleting local copy: wvigest.dll
deleting local copy: latif11n.dll
deleting local copy: mwr2c.dll
deleting local copy: MDPI.DLL
deleting local copy: en6ol1j31.dll
deleting local copy: hr4805hue.DLL
deleting local copy: OLCodec2.dll
deleting local copy: wA2time.dll
deleting local copy: ukrlbva.dll
deleting local copy: cdlib-1-6.dll
deleting local copy: lt2027fmg.dll
deleting local copy: m0nq0a55ed.dll
deleting local copy: f40o0ed3eh0.dll
deleting local copy: i4jq0e15eh.dll
deleting local copy: q4psle771h.dll
deleting local copy: l04qlah51d4.dll
deleting local copy: oqesvr32.dll
deleting local copy: n8p40i7qe8.dll
deleting local copy: sdcbase.dll
deleting local copy: fkusd.dll
deleting local copy: k6lqlg3516.dll
deleting local copy: dVdrm.dll
deleting local copy: cl3uut9.dll
deleting local copy: ojbccr32.dll
deleting local copy: azi2cqag.dll
deleting local copy: whadefui.dll
deleting local copy: guard.tmp

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\ahsmsext.dll
C:\WINDOWS\system32\nzvdmd.dll
C:\WINDOWS\system32\lv0o09d3e.dll
C:\WINDOWS\system32\wsnscard.dll
C:\WINDOWS\system32\irfosoft.dll
C:\WINDOWS\system32\sslunirl.dll
C:\WINDOWS\system32\domstor.dll
C:\WINDOWS\system32\kwdinmal.dll
C:\WINDOWS\system32\kydit.dll
C:\WINDOWS\system32\ombcint.dll
C:\WINDOWS\system32\mhconf.dll
C:\WINDOWS\system32\gji32.dll
C:\WINDOWS\system32\kxdpo.dll
C:\WINDOWS\system32\wy2help.dll
C:\WINDOWS\system32\kldno.dll
C:\WINDOWS\system32\ofexl32.dll
C:\WINDOWS\system32\mgxml2r.dll
C:\WINDOWS\system32\cdetcfg.dll
C:\WINDOWS\system32\ugrar.dll
C:\WINDOWS\system32\wvigest.dll
C:\WINDOWS\system32\latif11n.dll
C:\WINDOWS\system32\mwr2c.dll
C:\WINDOWS\system32\MDPI.DLL
C:\WINDOWS\system32\en6ol1j31.dll
C:\WINDOWS\system32\hr4805hue.DLL
C:\WINDOWS\system32\OLCodec2.dll
C:\WINDOWS\system32\wA2time.dll
C:\WINDOWS\system32\ukrlbva.dll
C:\WINDOWS\system32\cdlib-1-6.dll
C:\WINDOWS\system32\lt2027fmg.dll
C:\WINDOWS\system32\m0nq0a55ed.dll
C:\WINDOWS\system32\f40o0ed3eh0.dll
C:\WINDOWS\system32\i4jq0e15eh.dll
C:\WINDOWS\system32\q4psle771h.dll
C:\WINDOWS\system32\l04qlah51d4.dll
C:\WINDOWS\system32\oqesvr32.dll
C:\WINDOWS\system32\n8p40i7qe8.dll
C:\WINDOWS\system32\sdcbase.dll
C:\WINDOWS\system32\fkusd.dll
C:\WINDOWS\system32\k6lqlg3516.dll
C:\WINDOWS\system32\dVdrm.dll
C:\WINDOWS\system32\cl3uut9.dll
C:\WINDOWS\system32\ojbccr32.dll
C:\WINDOWS\system32\azi2cqag.dll
C:\WINDOWS\system32\whadefui.dll
C:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{63B76D76-E96E-4B1F-9520-BF5472595CE0}"=-
"{B9F43F2C-CC2C-461D-8B9B-F10FED3739A4}"=-
"{E11634F0-8394-47FA-A270-BB4A0FE6182A}"=-
"{E17CCF17-2C04-41A6-976C-5A349B1DD539}"=-
"{FA6C1FD0-0339-405E-B2F9-067C9F2F145C}"=-
"{7BBA0E7C-83CD-4791-B55F-A23B87AD90D6}"=-
"{3ADA6243-E436-4048-84B1-01D1F835E6B6}"=-
"{83CD629D-4EB9-4E2B-8464-4AF97D69CC64}"=-
"{868CFA96-4CEE-401E-98FF-2366333F65B5}"=-
"{0068C007-3636-4D54-80A8-F189E285BE3B}"=-
"{46171491-B9DC-4BB5-AB28-D437818776E8}"=-
"{60BEC017-8F58-4B7A-A50B-5B6D44DE8636}"=-
"{286FED4F-CD95-4DD8-905A-7E368F1AA0FE}"=-
"{B8E3AA2A-3599-4961-8CD4-2B736131C0CE}"=-
"{1F67AB38-BD1B-43DA-96DE-3107ADF78164}"=-
"{E7A27D1B-A9BA-443A-91A4-4FDEF2994169}"=-
"{B41D92F8-4A90-404D-B1A2-AA70B2A42818}"=-
"{5BD707B0-84B8-446B-82BD-68E185B6E935}"=-
"{4D19F175-A439-4E1C-BBFE-D7FB01E8B7CA}"=-
"{E1CBAE73-9176-4771-9657-1556ED33BB88}"=-
"{265E56BA-CF13-4B59-9481-8F4A1CFE322D}"=-
"{E49F1E5A-2411-4191-918B-DF262740ED02}"=-
"{F046E409-D25B-4B57-839D-6B9FB6D0D933}"=-
"{CC6E82DC-DB63-4FC0-843C-EF1788F9D187}"=-
"{E59A9F33-5266-4E28-BFC0-B0B5811989E3}"=-
"{A58CAB2E-9F95-4917-AF62-C4B8D465471A}"=-
"{C9676BC3-3D29-4EDB-82CE-EC418066A0D5}"=-
"{51EB7761-A26C-454D-89A1-C91398DDC3C6}"=-
"{B68B738D-7301-4739-8EC5-72604E811D01}"=-
"{036ADB14-BAC1-446C-94F6-E0B61965019E}"=-
"{51FCF010-E386-4A2C-A577-EA0A355F8FFC}"=-
"{D9F9301D-0E36-44CF-B601-2B698B6A4A12}"=-
"{3520A7A3-6940-4EAA-A82D-DD059451A3AA}"=-
"{34C3F086-F471-4B79-9EFF-ADC76DAC93F1}"=-
"{2ADC937C-456E-436F-8E2E-96907D76E9CE}"=-
"{283ECD9B-7F4D-41F1-8491-CE31F7DFBF47}"=-
"{6B63DC7B-D5EC-41C6-81C3-A6D7238B2407}"=-
"{24998752-A2CD-4AD0-B046-B85DF4757AEC}"=-
"{241D66F0-B1A8-49D3-A537-AC5BFDFDF59B}"=-
"{C0BE84B8-D13A-4BAE-8C7A-F7726C122EA1}"=-
"{1FEAB994-393B-4887-B5C9-EB5FD2A3DA3D}"=-
"{D84FDE4C-B768-4BF2-9D6C-85C3BAC96BCD}"=-
"{11D5B99D-0E2C-49A3-AF8A-189F63DC268B}"=-
"{7B0EEBE2-8A2E-44C3-A546-6E889755E4B1}"=-
"{B7DF7F2D-A374-4361-8A04-4DA41D666A4E}"=-
"{B17242A4-1CE9-42F5-8B50-AFC643E46AC2}"=-
"{76C3A3BA-7768-45F2-B8AF-8CECFDE3D759}"=-
"{51327B52-710D-416C-BB30-0F4B64EC1B6F}"=-
"{73916D1C-3BC3-481D-9E7F-164C0B55FA37}"=-
"{D68520D5-78C2-4058-A497-DDD90520435E}"=-
"{5B10B255-F9EE-4C73-A3BC-4E6D18BFA81D}"=-
"{D91242AE-946A-4A67-96B6-7A301CF675C5}"=-
"{B9C2003E-C9DE-4282-99C3-57D3420B5BDB}"=-
"{C1693661-4FF3-43F8-9EB0-143EDF7BE1FA}"=-
"{A49D6FFB-2221-4F7D-BD87-028A74A8854A}"=-
"{4E0DB7F2-D831-42BB-8E56-5408EE390646}"=-
"{7830E099-E65C-4EFD-9B37-1753F8965F39}"=-
"{D71E8B00-53A1-4321-B578-D7EEFDEEBC61}"=-
"{5B8350F6-BEE9-4044-9332-E90296D070C0}"=-
"{760D4764-2A07-4F33-8ECA-DC9F627DF2EE}"=-
"{DA5BEE64-6FFB-480D-B504-7E2CFAAD3106}"=-
"{DE09E084-2CFC-401C-825D-B257BBCD540B}"=-
[-HKEY_CLASSES_ROOT\CLSID\{63B76D76-E96E-4B1F-9520-BF5472595CE0}]
[-HKEY_CLASSES_ROOT\CLSID\{B9F43F2C-CC2C-461D-8B9B-F10FED3739A4}]
[-HKEY_CLASSES_ROOT\CLSID\{E11634F0-8394-47FA-A270-BB4A0FE6182A}]
[-HKEY_CLASSES_ROOT\CLSID\{E17CCF17-2C04-41A6-976C-5A349B1DD539}]
[-HKEY_CLASSES_ROOT\CLSID\{FA6C1FD0-0339-405E-B2F9-067C9F2F145C}]
[-HKEY_CLASSES_ROOT\CLSID\{7BBA0E7C-83CD-4791-B55F-A23B87AD90D6}]
[-HKEY_CLASSES_ROOT\CLSID\{3ADA6243-E436-4048-84B1-01D1F835E6B6}]
[-HKEY_CLASSES_ROOT\CLSID\{83CD629D-4EB9-4E2B-8464-4AF97D69CC64}]
[-HKEY_CLASSES_ROOT\CLSID\{868CFA96-4CEE-401E-98FF-2366333F65B5}]
[-HKEY_CLASSES_ROOT\CLSID\{0068C007-3636-4D54-80A8-F189E285BE3B}]
[-HKEY_CLASSES_ROOT\CLSID\{46171491-B9DC-4BB5-AB28-D437818776E8}]
[-HKEY_CLASSES_ROOT\CLSID\{60BEC017-8F58-4B7A-A50B-5B6D44DE8636}]
[-HKEY_CLASSES_ROOT\CLSID\{286FED4F-CD95-4DD8-905A-7E368F1AA0FE}]
[-HKEY_CLASSES_ROOT\CLSID\{B8E3AA2A-3599-4961-8CD4-2B736131C0CE}]
[-HKEY_CLASSES_ROOT\CLSID\{1F67AB38-BD1B-43DA-96DE-3107ADF78164}]
[-HKEY_CLASSES_ROOT\CLSID\{E7A27D1B-A9BA-443A-91A4-4FDEF2994169}]
[-HKEY_CLASSES_ROOT\CLSID\{B41D92F8-4A90-404D-B1A2-AA70B2A42818}]
[-HKEY_CLASSES_ROOT\CLSID\{5BD707B0-84B8-446B-82BD-68E185B6E935}]
[-HKEY_CLASSES_ROOT\CLSID\{4D19F175-A439-4E1C-BBFE-D7FB01E8B7CA}]
[-HKEY_CLASSES_ROOT\CLSID\{E1CBAE73-9176-4771-9657-1556ED33BB88}]
[-HKEY_CLASSES_ROOT\CLSID\{265E56BA-CF13-4B59-9481-8F4A1CFE322D}]
[-HKEY_CLASSES_ROOT\CLSID\{E49F1E5A-2411-4191-918B-DF262740ED02}]
[-HKEY_CLASSES_ROOT\CLSID\{F046E409-D25B-4B57-839D-6B9FB6D0D933}]
[-HKEY_CLASSES_ROOT\CLSID\{CC6E82DC-DB63-4FC0-843C-EF1788F9D187}]
[-HKEY_CLASSES_ROOT\CLSID\{E59A9F33-5266-4E28-BFC0-B0B5811989E3}]
[-HKEY_CLASSES_ROOT\CLSID\{A58CAB2E-9F95-4917-AF62-C4B8D465471A}]
[-HKEY_CLASSES_ROOT\CLSID\{C9676BC3-3D29-4EDB-82CE-EC418066A0D5}]
[-HKEY_CLASSES_ROOT\CLSID\{51EB7761-A26C-454D-89A1-C91398DDC3C6}]
[-HKEY_CLASSES_ROOT\CLSID\{B68B738D-7301-4739-8EC5-72604E811D01}]
[-HKEY_CLASSES_ROOT\CLSID\{036ADB14-BAC1-446C-94F6-E0B61965019E}]
[-HKEY_CLASSES_ROOT\CLSID\{51FCF010-E386-4A2C-A577-EA0A355F8FFC}]
[-HKEY_CLASSES_ROOT\CLSID\{D9F9301D-0E36-44CF-B601-2B698B6A4A12}]
[-HKEY_CLASSES_ROOT\CLSID\{3520A7A3-6940-4EAA-A82D-DD059451A3AA}]
[-HKEY_CLASSES_ROOT\CLSID\{34C3F086-F471-4B79-9EFF-ADC76DAC93F1}]
[-HKEY_CLASSES_ROOT\CLSID\{2ADC937C-456E-436F-8E2E-96907D76E9CE}]
[-HKEY_CLASSES_ROOT\CLSID\{283ECD9B-7F4D-41F1-8491-CE31F7DFBF47}]
[-HKEY_CLASSES_ROOT\CLSID\{6B63DC7B-D5EC-41C6-81C3-A6D7238B2407}]
[-HKEY_CLASSES_ROOT\CLSID\{24998752-A2CD-4AD0-B046-B85DF4757AEC}]
[-HKEY_CLASSES_ROOT\CLSID\{241D66F0-B1A8-49D3-A537-AC5BFDFDF59B}]
[-HKEY_CLASSES_ROOT\CLSID\{C0BE84B8-D13A-4BAE-8C7A-F7726C122EA1}]
[-HKEY_CLASSES_ROOT\CLSID\{1FEAB994-393B-4887-B5C9-EB5FD2A3DA3D}]
[-HKEY_CLASSES_ROOT\CLSID\{D84FDE4C-B768-4BF2-9D6C-85C3BAC96BCD}]
[-HKEY_CLASSES_ROOT\CLSID\{11D5B99D-0E2C-49A3-AF8A-189F63DC268B}]
[-HKEY_CLASSES_ROOT\CLSID\{7B0EEBE2-8A2E-44C3-A546-6E889755E4B1}]
[-HKEY_CLASSES_ROOT\CLSID\{B7DF7F2D-A374-4361-8A04-4DA41D666A4E}]
[-HKEY_CLASSES_ROOT\CLSID\{B17242A4-1CE9-42F5-8B50-AFC643E46AC2}]
[-HKEY_CLASSES_ROOT\CLSID\{76C3A3BA-7768-45F2-B8AF-8CECFDE3D759}]
[-HKEY_CLASSES_ROOT\CLSID\{51327B52-710D-416C-BB30-0F4B64EC1B6F}]
[-HKEY_CLASSES_ROOT\CLSID\{73916D1C-3BC3-481D-9E7F-164C0B55FA37}]
[-HKEY_CLASSES_ROOT\CLSID\{D68520D5-78C2-4058-A497-DDD90520435E}]
[-HKEY_CLASSES_ROOT\CLSID\{5B10B255-F9EE-4C73-A3BC-4E6D18BFA81D}]
[-HKEY_CLASSES_ROOT\CLSID\{D91242AE-946A-4A67-96B6-7A301CF675C5}]
[-HKEY_CLASSES_ROOT\CLSID\{B9C2003E-C9DE-4282-99C3-57D3420B5BDB}]
[-HKEY_CLASSES_ROOT\CLSID\{C1693661-4FF3-43F8-9EB0-143EDF7BE1FA}]
[-HKEY_CLASSES_ROOT\CLSID\{A49D6FFB-2221-4F7D-BD87-028A74A8854A}]
[-HKEY_CLASSES_ROOT\CLSID\{4E0DB7F2-D831-42BB-8E56-5408EE390646}]
[-HKEY_CLASSES_ROOT\CLSID\{7830E099-E65C-4EFD-9B37-1753F8965F39}]
[-HKEY_CLASSES_ROOT\CLSID\{D71E8B00-53A1-4321-B578-D7EEFDEEBC61}]
[-HKEY_CLASSES_ROOT\CLSID\{5B8350F6-BEE9-4044-9332-E90296D070C0}]
[-HKEY_CLASSES_ROOT\CLSID\{760D4764-2A07-4F33-8ECA-DC9F627DF2EE}]
[-HKEY_CLASSES_ROOT\CLSID\{DA5BEE64-6FFB-480D-B504-7E2CFAAD3106}]
[-HKEY_CLASSES_ROOT\CLSID\{DE09E084-2CFC-401C-825D-B257BBCD540B}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
****************************************************************************



Now things seem to work fine :tazz:
Do you think we've got it?
  • 0

#8
g2i2r4
Posted 05 April 2005 - 07:09 AM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Please post me a fresh log using HijackThis.
  • 0

#9
TonyGM
Posted 06 April 2005 - 07:35 AM

TonyGM

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here it is:

Logfile of HijackThis v1.98.2
Scan saved at 12:12:11, on 6/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Logitech\QCDriver2\LVCOMS.EXE
C:\Archivos de programa\Logitech\ImageStudio\LogiTray.exe
C:\Archivos de programa\Browser MOUSE\mouse32a.exe
C:\ARCHIV~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\CDROM\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
O4 - HKLM\..\Run: [LVCOMS] C:\Archivos de programa\Archivos comunes\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Archivos de programa\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Archivos de programa\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Archivos de programa\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AWMON] "C:\ARCHIV~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

Everything seems to work :tazz:
  • 0

#10
g2i2r4
Posted 06 April 2005 - 01:03 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Looks fine to me too!

You can reinstall AdAware now.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP