Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Severe Pop Ups [CLOSED]


  • This topic is locked This topic is locked

#1
Welderman123

Welderman123

    Member

  • Member
  • PipPip
  • 12 posts
I have been having severe pop ups whenever i connect to the Internet. I have Mcafee Virus protection, Spyware Doctor, and No Adware but nothing seems to solve the problem. Anyway here is my Highjackthis log...


Logfile of HijackThis v1.99.1
Scan saved at 4:18:56 PM, on 6/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\rnvlnz.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Documents and Settings\Arron\Application Data\eetu.exe
C:\PROGRA~1\COMMON~1\AOL\111111~1\EE\AOLHOS~1.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\PROGRA~1\COMMON~1\AOL\111111~1\EE\AOLServiceHost.exe
C:\DOCUME~1\Arron\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1111112124\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\rnvlnz.exe reg_run
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NoAdware3] "C:\Program Files\NoAdware3\NoAdware3.exe"
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Arron\Application Data\eetu.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptoda...pdatePortal.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...443/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF051DDB-2ACC-41C2-8B9E-4CF02691448C}: NameServer = 205.188.146.145
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\rem.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

If u could help me out with these annoying pop ups i would gladly appreciate it.
  • 0

Advertisements


#2
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Heya and welcome to Geeks to Go, Welderman123. My name is Guse and I'll be helping you.

Lets start out with some general scans and see if we cant clean things up a little.

+++++ Step 1 +++++

Please download: Ad-Aware SE Personal
(*Note) After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.

Then Update Ad-Aware
Manually run Ad-Aware SE Personal and from the main screen Click on Check for Updates Now.

Run Ad-Aware with the latest update.
[*]Reconfigure Ad-Aware for Full Scan as per the following instructions:
  • Launch the program, and click on the Gear at the top of the start screen.
  • Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)[list]
  • "Automatically save logfile"
  • Automatically quarantine objects prior to removal"
  • Safe Mode (always request confirmation)
  • Prompt to update outdated confirmation) - Change to 7 days.
  • Click the "Scanning" button (On the left side).
  • Under Drives & Folders, select "Scan within Archives"
  • Click "Click here to select Drives + folders" and select your installed hard drives.
  • Under Memory & Registry, select all options.
  • Click the "Advanced" button (On the left hand side).
  • Under "Shell Integration", select "Move deleted files to Recycle Bin".
  • Under "Log-file detail", select all options.
  • Click on the "Defaults" button on the left.
  • Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.
  • Click the "Tweak" button (Again, on the left hand side).
  • Expand "Scanning Engine" by clicking on the "+" (Plus) symbol and select the following:[list]
  • "Unload recognized processes during scanning."
  • "Obtain command line of scanned processes"
  • "Scan registry for all users instead of current user only"
[*]Under "Cleaning Engine", select the following:
  • "Automatically try to unregister objects prior to deletion."
  • "During removal, unload explorer and IE if necessary"
  • "Let Windows remove files in use at next reboot."
  • "Delete quarrantined objects after restoring"
[*]Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"
[*]Click on "Proceed" to save these Preferences.
[*]Click on the "Scan Now" button on the left.
[*]Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".

Close all programs except ad-aware.

Click on "Next" in the bottom right corner to start the scan.

Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.

After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.


+++++ Step 2 +++++

Please run an on-line virus scan at Kaspersky Online Scan or if that doesn’t work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

+++++ Step 3 +++++

Update HiJackThis
  • Open HiJackThis
  • Click Open the Misc Tools Section
  • Click Check for update online
+++++ Step 4 +++++

After that, I will need to see two different logs from HiJackThis. The first is the normal log like you posted here. To get the other one, follow these directions.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Post back with those logs and we can continue from there.

If you have received help elsewhere or no longer need our assistance, please let us know.
  • 0

#3
Welderman123

Welderman123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I have run ad-aware and i deleted 48 applications. I used Techmicros Housecall and found 1 virus and 3 spywares so i deleted them as well. I have been having some computer instability lately mainly computer crashes also. Here is the highjackthis log.....

Logfile of HijackThis v1.99.1
Scan saved at 4:17:52 PM, on 7/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\PROGRA~1\COMMON~1\AOL\111111~1\EE\AOLHOS~1.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\COMMON~1\AOL\111111~1\EE\AOLServiceHost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\DOCUME~1\Arron\LOCALS~1\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1111112124\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NoAdware3] "C:\Program Files\NoAdware3\NoAdware3.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptoda...pdatePortal.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...443/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF051DDB-2ACC-41C2-8B9E-4CF02691448C}: NameServer = 205.188.146.145
O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\enpsl1771.dll
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\d8j0li1m18.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe


and now for the 2nd one

3D Groove Playback Engine
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 1.2 (Remove Only)
Adobe LiveMotion 2.0 Tryout
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0.1
America Online (Choose which version to remove)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Computer Check-Up
AOL Connectivity Services
AOL Deskbar
AOL Spyware Protection
AOL Toolbar
AOL You've Got Pictures Screensaver
BCM V.92 56K Modem
Broadcom 440x Driver Installer
Dell ResourceCD
Detective Barbie® 2 The Vacation Mystery™
Easy CD Creator 5 Basic
e-bridge client
ewido security suite
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Intel Application Accelerator
Intel® Extreme Graphics Driver
iTunes
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.4.2_05
Java Web Start
JumpStart 1st Grade v1.5
JumpStart Advanced Kindergarten
JumpStart Advanced Language Club
JumpStart Advanced Preschool
JumpStart Advanced School Time
JumpStart Art for Fun
JumpStart Art Time
JumpStart Parent Resource Center v1.0
JumpStart Sing-Along Time
Learn2 Player (Uninstall Only)
Macromedia Shockwave Player
McAfee Personal Firewall Express
McAfee SecurityCenter
McAfee VirusScan
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Office XP Standard for Students and Teachers
Microsoft Windows Journal Viewer
Minnesota Cuke
MOTA Demonstration
MyDVD
Network Play System (Patching)
Pure Networks Port Magic
RealPlayer Basic
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
ShowBiz
SoundMAX
Spybot - Search & Destroy 1.4
Spyware Doctor 3.2
Starcraft
The ClueFinders 6th Grade Adventures
The Sims 2
Update for Windows XP (KB898461)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar (Remove Only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinPatrol 9.5
Worms 2
Yahoo! Toolbar
  • 0

#4
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Please Download the following tools to assist us in removing this infection!
  • Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!
  • Download Track qoo
    • Save it somewhere you will remember like the Desktop
Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Place those results in the next post!
Reboot back to Normal Mode!

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind!

Edited by Guse, 20 July 2005 - 05:22 PM.

  • 0

#5
Welderman123

Welderman123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I have done the scan for winpfind so here it is....

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "not responding" you can ignore it. Windows is throwing this message up even though the program is still running. As long as the hard disk is working then the program is running.

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
qoologic 3/20/2005 6:44:22 PM 3851 C:\WINDOWS\aghkgc.dll
urllogic 3/20/2005 6:44:22 PM 3851 C:\WINDOWS\aghkgc.dll
urllogic 3/20/2005 6:44:22 PM 3851 C:\WINDOWS\aghkgc.dll
abetterinternet.com 3/20/2005 6:44:22 PM 3851 C:\WINDOWS\aghkgc.dll
abetterinternet.com 6/30/2005 2:11:54 PM 11291 C:\WINDOWS\akjrk.dll
web-nex 6/30/2005 2:11:54 PM 11291 C:\WINDOWS\akjrk.dll
ad-w-a-r-e.com 6/30/2005 2:11:54 PM 11291 C:\WINDOWS\akjrk.dll
PECompact2 7/19/2005 3:14:08 PM 15388195 C:\WINDOWS\lpt$vpn.737
qoologic 7/19/2005 3:14:08 PM 15388195 C:\WINDOWS\lpt$vpn.737
SAHAgent 7/19/2005 3:14:08 PM 15388195 C:\WINDOWS\lpt$vpn.737
UPX! 5/3/2005 11:44:44 AM 25157 C:\WINDOWS\RMAgentOutput.dll
UPX! 6/28/2005 9:13:54 PM 170053 C:\WINDOWS\tsc.exe
PECompact2 7/19/2005 3:14:08 PM 15388195 C:\WINDOWS\VPTNFILE.737
qoologic 7/19/2005 3:14:08 PM 15388195 C:\WINDOWS\VPTNFILE.737
SAHAgent 7/19/2005 3:14:08 PM 15388195 C:\WINDOWS\VPTNFILE.737
UPX! 6/28/2005 9:24:32 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 6/28/2005 9:24:32 PM 1044560 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
WinShutDown 6/16/2005 10:32:32 PM 234784 C:\WINDOWS\SYSTEM32\cobcatex.dll
ad-w-a-r-e.com 6/16/2005 10:32:32 PM 234784 C:\WINDOWS\SYSTEM32\cobcatex.dll
PEC2 9/3/2002 12:30:40 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
WinShutDown 6/17/2005 10:03:56 AM 234784 C:\WINDOWS\SYSTEM32\hRl20e3oeh.dll
ad-w-a-r-e.com 6/17/2005 10:03:56 AM 234784 C:\WINDOWS\SYSTEM32\hRl20e3oeh.dll
WinShutDown 6/22/2005 4:39:22 PM 236486 C:\WINDOWS\SYSTEM32\ir82l5lo1.dll
ad-w-a-r-e.com 6/22/2005 4:39:22 PM 236486 C:\WINDOWS\SYSTEM32\ir82l5lo1.dll
WinShutDown 6/23/2005 9:12:20 PM 236596 C:\WINDOWS\SYSTEM32\irrol5931.dll
ad-w-a-r-e.com 6/23/2005 9:12:20 PM 236596 C:\WINDOWS\SYSTEM32\irrol5931.dll
WinShutDown 6/24/2005 8:36:38 AM 236596 C:\WINDOWS\SYSTEM32\izfosoft.dll
ad-w-a-r-e.com 6/24/2005 8:36:38 AM 236596 C:\WINDOWS\SYSTEM32\izfosoft.dll
WinShutDown 6/23/2005 1:52:00 PM 233584 C:\WINDOWS\SYSTEM32\j0j60a1sed.dll
WinShutDown 6/20/2005 12:10:56 PM 234784 C:\WINDOWS\SYSTEM32\mrrclr40.dll
ad-w-a-r-e.com 6/20/2005 12:10:56 PM 234784 C:\WINDOWS\SYSTEM32\mrrclr40.dll
PECompact2 7/6/2005 10:21:30 PM 1366872 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 7/6/2005 10:21:30 PM 1366872 C:\WINDOWS\SYSTEM32\MRT.exe
WinShutDown 6/18/2005 5:14:04 PM 236113 C:\WINDOWS\SYSTEM32\mv2ol9f31.dll
ad-w-a-r-e.com 6/18/2005 5:14:04 PM 236113 C:\WINDOWS\SYSTEM32\mv2ol9f31.dll
WinShutDown 7/20/2005 1:07:52 PM 235571 C:\WINDOWS\SYSTEM32\mvnml9511.dll
ad-w-a-r-e.com 7/20/2005 1:07:52 PM 235571 C:\WINDOWS\SYSTEM32\mvnml9511.dll
WinShutDown 6/17/2005 12:25:10 PM 234784 C:\WINDOWS\SYSTEM32\mwports.dll
ad-w-a-r-e.com 6/17/2005 12:25:10 PM 234784 C:\WINDOWS\SYSTEM32\mwports.dll
aspack 8/4/2004 3:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
WinShutDown 6/23/2005 11:08:12 PM 235201 C:\WINDOWS\SYSTEM32\p2p60c7sef.dll
ad-w-a-r-e.com 6/23/2005 11:08:12 PM 235201 C:\WINDOWS\SYSTEM32\p2p60c7sef.dll
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
aspack 6/2/2005 9:53:58 PM 25088 C:\WINDOWS\SYSTEM32\redit.cpl
WinShutDown 7/20/2005 3:14:20 PM 233621 C:\WINDOWS\SYSTEM32\sjhedsvc.dll
ad-w-a-r-e.com 7/20/2005 3:14:20 PM 233621 C:\WINDOWS\SYSTEM32\sjhedsvc.dll
UPX! 6/2/2005 9:53:58 PM 18432 C:\WINDOWS\SYSTEM32\supdate.dll
KavSvc 6/2/2005 9:53:58 PM 18432 C:\WINDOWS\SYSTEM32\supdate.dll
yourkey 6/2/2005 9:53:58 PM 18432 C:\WINDOWS\SYSTEM32\supdate.dll
WinShutDown 6/16/2005 9:22:30 PM 234784 C:\WINDOWS\SYSTEM32\tdext.dll
ad-w-a-r-e.com 6/16/2005 9:22:30 PM 234784 C:\WINDOWS\SYSTEM32\tdext.dll
winsync 9/3/2002 1:10:48 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
WinShutDown 6/16/2005 9:23:10 PM 234784 C:\WINDOWS\SYSTEM32\wqnsock.dll
ad-w-a-r-e.com 6/16/2005 9:23:10 PM 234784 C:\WINDOWS\SYSTEM32\wqnsock.dll

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
qoologic 7/21/2005 5:36:12 PM 2729 C:\WINDOWS\SYSTEM32\drivers\etc\hosts
urllogic 7/21/2005 5:36:12 PM 2729 C:\WINDOWS\SYSTEM32\drivers\etc\hosts
urllogic 7/21/2005 5:36:12 PM 2729 C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder for system and hidden files within the last 60 days...
6/22/2005 10:42:08 PM 10820 C:\WINDOWS\Help\update.GID
6/28/2005 5:35:32 PM 0 C:\WINDOWS\inf\oem29.inf
5/25/2005 9:23:08 PM 65536 C:\WINDOWS\Minidump\Mini052505-01.dmp
7/21/2005 5:36:08 PM 12288 C:\WINDOWS\system32\config\default.LOG
7/21/2005 5:36:06 PM 1024 C:\WINDOWS\system32\config\SAM.LOG
7/21/2005 5:35:56 PM 20480 C:\WINDOWS\system32\config\SECURITY.LOG
7/21/2005 5:36:06 PM 180224 C:\WINDOWS\system32\config\software.LOG
7/21/2005 5:35:58 PM 892928 C:\WINDOWS\system32\config\system.LOG
7/12/2005 11:17:42 PM 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
7/21/2005 5:35:00 PM 6 C:\WINDOWS\Tasks\SA.DAT

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
5/5/2004 7:49:44 PM 1736 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...
6/22/2004 8:27:44 AM 0 C:\Documents and Settings\Shirley\Application Data\dm.ini
7/14/2004 1:35:18 AM 25936 C:\Documents and Settings\Shirley\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\{324868C1-89F6-860F-08DE-E9ADB822D66F}
=

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\gqfsqy
{ad4cce6a-ecd0-43fc-9264-24ece6b2a4d8} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\gqfsqyxx
{d7a2bc13-0b5e-459c-8d54-8ebc4581e41d} = C:\WINDOWS\system32\cdpsd.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IgfxTray C:\WINDOWS\system32\igfxtray.exe
BCMSMMSG BCMSMMSG.exe
HostManager C:\Program Files\Common Files\AOL\1111112124\EE\AOLHostManager.exe
AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
AOL Spyware Protection "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
WinPatrol C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
VSOCheckTask "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
VirusScan Online "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
MCAgentExe c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
MPFExe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
IMAIL
MAPI
MSFS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
AOL Fast Start "C:\Program Files\America Online 9.0a\AOL.EXE" -b
Spyware Doctor "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
AOLCC "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F}
= C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
UserInit C:\WINDOWS\system32\userinit.exe,
Shell Explorer.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SideBySide
= C:\WINDOWS\system32\dn8m01l1e.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr
= C:\WINDOWS\system32\d8j0li1m18.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\PostBootReminder
{7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\CDBurn
{fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WebCheck
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysTray
{35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.2.2 - Log file written to "WinPFind.Txt" in the WinPFind folder.
  • 0

#6
Welderman123

Welderman123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I couldnot download track qoo because it said i did not have permission to use this feature so i just gave you the WinPfind log.
  • 0

#7
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
That qoo link works fine for me, but we can skip that for now.

You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Edited by Guse, 22 July 2005 - 08:41 AM.

  • 0

#8
Welderman123

Welderman123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ModuleUsage]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\ssnike.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\d8j0li1m18.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{A0929A33-09FB-9AE4-56FD-814721C82D9A}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{F576E125-40A7-4E94-93EC-62EA59607488}"=""
"{ED17A258-671C-4C46-A9C8-555D5C14FBF8}"=""
"{4429D0AA-AB55-4A32-BF17-392912BB9096}"=""
"{78B8D475-DD49-4081-A59E-25F44EB1E3E3}"=""
"{5FF69DA5-7E97-4AA1-BFAD-11D204B138A9}"=""
"{1B12D77D-7F69-4093-86E8-750AB5B35884}"=""
"{9B610728-28EA-4413-94AB-0E0D216F0D83}"=""
"{13187271-377C-4863-82B5-10A8E8007299}"=""
"{375CE924-C369-4E14-ABF0-9DA2C4C0BA4A}"=""
"{082C1EE8-8398-453D-8115-DEF67ABFEAD8}"=""
"{D90FE6F9-8CFB-4AD7-8F2F-457739D99D71}"=""
"{59BE952F-8E59-47E0-98F6-664B08C54D7B}"=""
"{4D38D6EC-1886-40B7-8886-48135CF4E184}"=""
"{872FE559-F504-4DCF-806E-4903912CE8AE}"=""
"{EE50D636-A6FC-411A-9436-AFBE01622196}"=""
"{55C4C8A2-78C3-4180-9E57-D6797F6D142E}"=""
"{5555F18A-46F5-4D8B-BBB4-D14D6EEBCE66}"=""
"{2497D125-7D45-40AF-937C-083B646C0396}"=""
"{EAE825A8-414E-441A-B4DE-697451FFF358}"=""
"{23BD3425-3F54-4210-8A42-201C7334A910}"=""
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{2E1543E1-8195-493F-A260-4F651C4D51E2}"=""
"{42193FA2-3FE5-4417-AF45-FD2E8E93794F}"=""
"{435283D4-58C5-4432-8819-A374BB79C58B}"=""
"{D7ADBCF5-4429-4568-8CCA-8F014277E37F}"=""
"{AA5D00C5-D35B-49B9-B4AE-64A078831FDD}"=""
"{EDF0623F-3423-45F4-9261-7878A74B3005}"=""
"{66F00D60-7DDF-4F57-8A8B-8F6DE02B21DF}"=""
"{51B5EA82-5D66-407E-9F4A-11C10D1FB51C}"=""
"{56AC7473-A5DB-42B4-BFAE-F54EF1E8457A}"=""
"{1DB1BA25-144E-4A62-8F41-2D6D7BE36990}"=""
"{6ADB5EFA-7162-43B9-92FA-DFD6219882EE}"=""
"{AFD75378-BE73-4646-9943-2D48F7FCFF7B}"=""
"{F8875EF1-03FA-4F3A-B377-0D26455A2FC7}"=""
"{CB8520FC-1FD8-48D9-A1CB-B5B2753620B8}"=""
"{04FCE69E-D1BA-4549-987F-A617747E6AEF}"=""
"{F5263ECF-92DB-4089-8011-8C1C9FDE04C5}"=""
"{4E6FDBE3-429E-423E-8CAB-A95A4DEE9019}"=""
"{1713DA8A-1002-443F-B209-02FF3A77EDF3}"=""
"{8B239CAD-A8D5-431B-8169-36BE192741C0}"=""
"{77789143-612E-43DE-A4BF-083696EBCC76}"=""
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{9325FCC8-CAAD-47DF-88C0-A0166D1D10B9}"=""
"{F172918A-4D98-4D3C-84CF-662764D6D155}"=""
"{35D01E8F-D109-401E-858A-CEAF936F024B}"=""
"{F2778539-6810-41E8-99E2-C70F8A3691E1}"=""
"{07273733-305F-4148-9E80-38C5FAC5FC4C}"=""
"{3E9CB9A0-4161-44A5-8C78-BD94685A7D2D}"=""
"{C65722E0-2D6F-4D95-9C5D-7567303CF18A}"=""
"{E2DB3AD2-E90D-4988-8F33-B8DC55140024}"=""
"{69434D16-320B-4F8C-861A-DFF0E5E8047B}"=""
"{F5B96F4A-21DE-4525-8C91-45240B3C701B}"=""
"{2A8928EC-1227-438D-A450-B8575291B29A}"=""
"{225F211E-4D2D-44BD-93E2-470E023BFC51}"=""
"{8F454318-ED48-41B5-95C9-4F2F2B615B12}"=""
"{4B66E5CC-7FC7-4C87-8AD6-989233A9117A}"=""
"{47B7EFE8-F9EE-4709-A849-EC454039CB78}"=""
"{2E837ED8-C91E-4D94-B5DB-FB919668047F}"=""
"{17E2F06C-2411-44E7-BF92-9B9B85A99962}"=""
"{73862067-5256-4F60-BD44-DBE52E26DE72}"=""
"{5B54533D-82FD-4138-8742-C4C74AA5928A}"=""
"{936EDD26-65E4-4FBA-976A-23AA31280C5E}"=""
"{08BE37CF-D47D-4BD4-BD39-F70AB29CD87C}"=""
"{B9A20B8C-2872-4071-9686-4074F8F16FCB}"=""
"{120037C8-100B-4A29-B777-64131905CAB8}"=""
"{35B7F53D-73CD-48B2-914C-EEF16C5A4D18}"=""
"{4D3BB102-DF31-464D-9F12-F644F4C2ABC1}"=""
"{29AD25E7-6E2A-45E7-9B96-D792E526702D}"=""
"{3AF67211-C3C2-47B5-9BAA-2452DE148640}"=""
"{4E79092E-4F96-42A3-B27B-5423A83BCDAE}"=""
"{77575F12-00F2-4D66-9835-734E0F184412}"=""
"{72F78C5C-7CE2-441D-B43F-EBF1B2E904BD}"=""
"{06EBBD52-74E9-45E0-BAEC-A6CA0793B507}"=""
"{7F3F9D40-EB40-41C0-8805-28EAE1384DA4}"=""
"{DC71B706-B7BE-4F07-B7D2-907F311F27AC}"=""
"{CC2CAE87-3AFA-4972-8571-8C209DFE470C}"=""
"{2607E572-1BE4-4F91-AF6E-B616EC9F693E}"=""
"{B77CFFCC-99DF-4896-83FB-47ECF4B5E100}"=""
"{B2101D14-DD52-43B3-B462-269667F74527}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F576E125-40A7-4E94-93EC-62EA59607488}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F576E125-40A7-4E94-93EC-62EA59607488}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F576E125-40A7-4E94-93EC-62EA59607488}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F576E125-40A7-4E94-93EC-62EA59607488}\InprocServer32]
@="C:\\WINDOWS\\system32\\irakeng.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{ED17A258-671C-4C46-A9C8-555D5C14FBF8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED17A258-671C-4C46-A9C8-555D5C14FBF8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED17A258-671C-4C46-A9C8-555D5C14FBF8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED17A258-671C-4C46-A9C8-555D5C14FBF8}\InprocServer32]
@="C:\\WINDOWS\\system32\\milvm6.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4429D0AA-AB55-4A32-BF17-392912BB9096}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4429D0AA-AB55-4A32-BF17-392912BB9096}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4429D0AA-AB55-4A32-BF17-392912BB9096}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4429D0AA-AB55-4A32-BF17-392912BB9096}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{78B8D475-DD49-4081-A59E-25F44EB1E3E3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{78B8D475-DD49-4081-A59E-25F44EB1E3E3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{78B8D475-DD49-4081-A59E-25F44EB1E3E3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{78B8D475-DD49-4081-A59E-25F44EB1E3E3}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5FF69DA5-7E97-4AA1-BFAD-11D204B138A9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5FF69DA5-7E97-4AA1-BFAD-11D204B138A9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5FF69DA5-7E97-4AA1-BFAD-11D204B138A9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5FF69DA5-7E97-4AA1-BFAD-11D204B138A9}\InprocServer32]
@="C:\\WINDOWS\\system32\\nwwdev.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1B12D77D-7F69-4093-86E8-750AB5B35884}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B12D77D-7F69-4093-86E8-750AB5B35884}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B12D77D-7F69-4093-86E8-750AB5B35884}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B12D77D-7F69-4093-86E8-750AB5B35884}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9B610728-28EA-4413-94AB-0E0D216F0D83}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9B610728-28EA-4413-94AB-0E0D216F0D83}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9B610728-28EA-4413-94AB-0E0D216F0D83}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9B610728-28EA-4413-94AB-0E0D216F0D83}\InprocServer32]
@="C:\\WINDOWS\\system32\\iL06lids1806.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{13187271-377C-4863-82B5-10A8E8007299}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{13187271-377C-4863-82B5-10A8E8007299}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{13187271-377C-4863-82B5-10A8E8007299}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{13187271-377C-4863-82B5-10A8E8007299}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{375CE924-C369-4E14-ABF0-9DA2C4C0BA4A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{375CE924-C369-4E14-ABF0-9DA2C4C0BA4A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{375CE924-C369-4E14-ABF0-9DA2C4C0BA4A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{375CE924-C369-4E14-ABF0-9DA2C4C0BA4A}\InprocServer32]
@="C:\\WINDOWS\\system32\\dziman32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{082C1EE8-8398-453D-8115-DEF67ABFEAD8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{082C1EE8-8398-453D-8115-DEF67ABFEAD8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{082C1EE8-8398-453D-8115-DEF67ABFEAD8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{082C1EE8-8398-453D-8115-DEF67ABFEAD8}\InprocServer32]
@="C:\\WINDOWS\\system32\\carpol.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D90FE6F9-8CFB-4AD7-8F2F-457739D99D71}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D90FE6F9-8CFB-4AD7-8F2F-457739D99D71}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D90FE6F9-8CFB-4AD7-8F2F-457739D99D71}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D90FE6F9-8CFB-4AD7-8F2F-457739D99D71}\InprocServer32]
@="C:\\WINDOWS\\system32\\psrfts.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{59BE952F-8E59-47E0-98F6-664B08C54D7B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{59BE952F-8E59-47E0-98F6-664B08C54D7B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{59BE952F-8E59-47E0-98F6-664B08C54D7B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{59BE952F-8E59-47E0-98F6-664B08C54D7B}\InprocServer32]
@="C:\\WINDOWS\\system32\\mgafeepf.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4D38D6EC-1886-40B7-8886-48135CF4E184}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4D38D6EC-1886-40B7-8886-48135CF4E184}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4D38D6EC-1886-40B7-8886-48135CF4E184}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4D38D6EC-1886-40B7-8886-48135CF4E184}\InprocServer32]
@="C:\\WINDOWS\\system32\\sdlwid.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{872FE559-F504-4DCF-806E-4903912CE8AE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{872FE559-F504-4DCF-806E-4903912CE8AE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{872FE559-F504-4DCF-806E-4903912CE8AE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{872FE559-F504-4DCF-806E-4903912CE8AE}\InprocServer32]
@="C:\\WINDOWS\\system32\\ojeaccrc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EE50D636-A6FC-411A-9436-AFBE01622196}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE50D636-A6FC-411A-9436-AFBE01622196}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE50D636-A6FC-411A-9436-AFBE01622196}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE50D636-A6FC-411A-9436-AFBE01622196}\InprocServer32]
@="C:\\WINDOWS\\system32\\docdll.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{55C4C8A2-78C3-4180-9E57-D6797F6D142E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{55C4C8A2-78C3-4180-9E57-D6797F6D142E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{55C4C8A2-78C3-4180-9E57-D6797F6D142E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{55C4C8A2-78C3-4180-9E57-D6797F6D142E}\InprocServer32]
@="C:\\WINDOWS\\system32\\gmiplus.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5555F18A-46F5-4D8B-BBB4-D14D6EEBCE66}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5555F18A-46F5-4D8B-BBB4-D14D6EEBCE66}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5555F18A-46F5-4D8B-BBB4-D14D6EEBCE66}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5555F18A-46F5-4D8B-BBB4-D14D6EEBCE66}\InprocServer32]
@="C:\\WINDOWS\\system32\\mbrle32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2497D125-7D45-40AF-937C-083B646C0396}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{2497D125-7D45-40AF-937C-083B646C0396}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2497D125-7D45-40AF-937C-083B646C0396}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2497D125-7D45-40AF-937C-083B646C0396}\InprocServer32]
@="C:\\WINDOWS\\system32\\rKsauto.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EAE825A8-414E-441A-B4DE-697451FFF358}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EAE825A8-414E-441A-B4DE-697451FFF358}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EAE825A8-414E-441A-B4DE-697451FFF358}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EAE825A8-414E-441A-B4DE-697451FFF358}\InprocServer32]
@="C:\\WINDOWS\\system32\\sngtab.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{23BD3425-3F54-4210-8A42-201C7334A910}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{23BD3425-3F54-4210-8A42-201C7334A910}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{23BD3425-3F54-4210-8A42-201C7334A910}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{23BD3425-3F54-4210-8A42-201C7334A910}\InprocServer32]
@="C:\\WINDOWS\\system32\\skgen.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2E1543E1-8195-493F-A260-4F651C4D51E2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E1543E1-8195-493F-A260-4F651C4D51E2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E1543E1-8195-493F-A260-4F651C4D51E2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E1543E1-8195-493F-A260-4F651C4D51E2}\InprocServer32]
@="C:\\WINDOWS\\system32\\ryched20.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{42193FA2-3FE5-4417-AF45-FD2E8E93794F}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{42193FA2-3FE5-4417-AF45-FD2E8E93794F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{42193FA2-3FE5-4417-AF45-FD2E8E93794F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{42193FA2-3FE5-4417-AF45-FD2E8E93794F}\InprocServer32]
@="C:\\WINDOWS\\system32\\swgina.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{435283D4-58C5-4432-8819-A374BB79C58B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{435283D4-58C5-4432-8819-A374BB79C58B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{435283D4-58C5-4432-8819-A374BB79C58B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{435283D4-58C5-4432-8819-A374BB79C58B}\InprocServer32]
@="C:\\WINDOWS\\system32\\mzcbase.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D7ADBCF5-4429-4568-8CCA-8F014277E37F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D7ADBCF5-4429-4568-8CCA-8F014277E37F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D7ADBCF5-4429-4568-8CCA-8F014277E37F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D7ADBCF5-4429-4568-8CCA-8F014277E37F}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{AA5D00C5-D35B-49B9-B4AE-64A078831FDD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AA5D00C5-D35B-49B9-B4AE-64A078831FDD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AA5D00C5-D35B-49B9-B4AE-64A078831FDD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AA5D00C5-D35B-49B9-B4AE-64A078831FDD}\InprocServer32]
@="C:\\WINDOWS\\system32\\myvidc32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EDF0623F-3423-45F4-9261-7878A74B3005}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EDF0623F-3423-45F4-9261-7878A74B3005}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EDF0623F-3423-45F4-9261-7878A74B3005}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EDF0623F-3423-45F4-9261-7878A74B3005}\InprocServer32]
@="C:\\WINDOWS\\system32\\rKcpldlg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{66F00D60-7DDF-4F57-8A8B-8F6DE02B21DF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{66F00D60-7DDF-4F57-8A8B-8F6DE02B21DF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{66F00D60-7DDF-4F57-8A8B-8F6DE02B21DF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{66F00D60-7DDF-4F57-8A8B-8F6DE02B21DF}\InprocServer32]
@="C:\\WINDOWS\\system32\\mqvcp50.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{51B5EA82-5D66-407E-9F4A-11C10D1FB51C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{51B5EA82-5D66-407E-9F4A-11C10D1FB51C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{51B5EA82-5D66-407E-9F4A-11C10D1FB51C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{51B5EA82-5D66-407E-9F4A-11C10D1FB51C}\InprocServer32]
@="C:\\WINDOWS\\system32\\oebcp32r.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{56AC7473-A5DB-42B4-BFAE-F54EF1E8457A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{56AC7473-A5DB-42B4-BFAE-F54EF1E8457A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{56AC7473-A5DB-42B4-BFAE-F54EF1E8457A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{56AC7473-A5DB-42B4-BFAE-F54EF1E8457A}\InprocServer32]
@="C:\\WINDOWS\\system32\\ejr6l19s1.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1DB1BA25-144E-4A62-8F41-2D6D7BE36990}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1DB1BA25-144E-4A62-8F41-2D6D7BE36990}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1DB1BA25-144E-4A62-8F41-2D6D7BE36990}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1DB1BA25-144E-4A62-8F41-2D6D7BE36990}\InprocServer32]
@="C:\\WINDOWS\\system32\\mqjter40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6ADB5EFA-7162-43B9-92FA-DFD6219882EE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6ADB5EFA-7162-43B9-92FA-DFD6219882EE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6ADB5EFA-7162-43B9-92FA-DFD6219882EE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6ADB5EFA-7162-43B9-92FA-DFD6219882EE}\InprocServer32]
@="C:\\WINDOWS\\system32\\mwiqtz32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{AFD75378-BE73-4646-9943-2D48F7FCFF7B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AFD75378-BE73-4646-9943-2D48F7FCFF7B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AFD75378-BE73-4646-9943-2D48F7FCFF7B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AFD75378-BE73-4646-9943-2D48F7FCFF7B}\InprocServer32]
@="C:\\WINDOWS\\system32\\kwdpl1.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F8875EF1-03FA-4F3A-B377-0D26455A2FC7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F8875EF1-03FA-4F3A-B377-0D26455A2FC7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F8875EF1-03FA-4F3A-B377-0D26455A2FC7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F8875EF1-03FA-4F3A-B377-0D26455A2FC7}\InprocServer32]
@="C:\\WINDOWS\\system32\\wgcsvc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CB8520FC-1FD8-48D9-A1CB-B5B2753620B8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CB8520FC-1FD8-48D9-A1CB-B5B2753620B8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CB8520FC-1FD8-48D9-A1CB-B5B2753620B8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CB8520FC-1FD8-48D9-A1CB-B5B2753620B8}\InprocServer32]
@="C:\\WINDOWS\\system32\\sdrio600.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{04FCE69E-D1BA-4549-987F-A617747E6AEF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{04FCE69E-D1BA-4549-987F-A617747E6AEF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{04FCE69E-D1BA-4549-987F-A617747E6AEF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{04FCE69E-D1BA-4549-987F-A617747E6AEF}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F5263ECF-92DB-4089-8011-8C1C9FDE04C5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F5263ECF-92DB-4089-8011-8C1C9FDE04C5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F5263ECF-92DB-4089-8011-8C1C9FDE04C5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F5263ECF-92DB-4089-8011-8C1C9FDE04C5}\InprocServer32]
@="C:\\WINDOWS\\system32\\hietwiz.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4E6FDBE3-429E-423E-8CAB-A95A4DEE9019}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4E6FDBE3-429E-423E-8CAB-A95A4DEE9019}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4E6FDBE3-429E-423E-8CAB-A95A4DEE9019}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4E6FDBE3-429E-423E-8CAB-A95A4DEE9019}\InprocServer32]
@="C:\\WINDOWS\\system32\\nztlogon.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1713DA8A-1002-443F-B209-02FF3A77EDF3}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{1713DA8A-1002-443F-B209-02FF3A77EDF3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1713DA8A-1002-443F-B209-02FF3A77EDF3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1713DA8A-1002-443F-B209-02FF3A77EDF3}\InprocServer32]
@="C:\\WINDOWS\\system32\\stnike.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8B239CAD-A8D5-431B-8169-36BE192741C0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8B239CAD-A8D5-431B-8169-36BE192741C0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8B239CAD-A8D5-431B-8169-36BE192741C0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8B239CAD-A8D5-431B-8169-36BE192741C0}\InprocServer32]
@="C:\\WINDOWS\\system32\\lH6o0cj3efo.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{77789143-612E-43DE-A4BF-083696EBCC76}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{77789143-612E-43DE-A4BF-083696EBCC76}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{77789143-612E-43DE-A4BF-083696EBCC76}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{77789143-612E-43DE-A4BF-083696EBCC76}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9325FCC8-CAAD-47DF-88C0-A0166D1D10B9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9325FCC8-CAAD-47DF-88C0-A0166D1D10B9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9325FCC8-CAAD-47DF-88C0-A0166D1D10B9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9325FCC8-CAAD-47DF-88C0-A0166D1D10B9}\InprocServer32]
@="C:\\WINDOWS\\system32\\mxvbvm60.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F172918A-4D98-4D3C-84CF-662764D6D155}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F172918A-4D98-4D3C-84CF-662764D6D155}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F172918A-4D98-4D3C-84CF-662764D6D155}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F172918A-4D98-4D3C-84CF-662764D6D155}\InprocServer32]
@="C:\\WINDOWS\\system32\\mtafeepf.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{35D01E8F-D109-401E-858A-CEAF936F024B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{35D01E8F-D109-401E-858A-CEAF936F024B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{35D01E8F-D109-401E-858A-CEAF936F024B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{35D01E8F-D109-401E-858A-CEAF936F024B}\InprocServer32]
@="C:\\WINDOWS\\system32\\rXssapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F2778539-6810-41E8-99E2-C70F8A3691E1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F2778539-6810-41E8-99E2-C70F8A3691E1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F2778539-6810-41E8-99E2-C70F8A3691E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F2778539-6810-41E8-99E2-C70F8A3691E1}\InprocServer32]
@="C:\\WINDOWS\\system32\\mxpbde40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{07273733-305F-4148-9E80-38C5FAC5FC4C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{07273733-305F-4148-9E80-38C5FAC5FC4C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{07273733-305F-4148-9E80-38C5FAC5FC4C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{07273733-305F-4148-9E80-38C5FAC5FC4C}\InprocServer32]
@="C:\\WINDOWS\\system32\\RFOCURS.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3E9CB9A0-4161-44A5-8C78-BD94685A7D2D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3E9CB9A0-4161-44A5-8C78-BD94685A7D2D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3E9CB9A0-4161-44A5-8C78-BD94685A7D2D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3E9CB9A0-4161-44A5-8C78-BD94685A7D2D}\InprocServer32]
@="C:\\WINDOWS\\system32\\uqtheme.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C65722E0-2D6F-4D95-9C5D-7567303CF18A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C65722E0-2D6F-4D95-9C5D-7567303CF18A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C65722E0-2D6F-4D95-9C5D-7567303CF18A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C65722E0-2D6F-4D95-9C5D-7567303CF18A}\InprocServer32]
@="C:\\WINDOWS\\system32\\nitui0.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E2DB3AD2-E90D-4988-8F33-B8DC55140024}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E2DB3AD2-E90D-4988-8F33-B8DC55140024}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E2DB3AD2-E90D-4988-8F33-B8DC55140024}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E2DB3AD2-E90D-4988-8F33-B8DC55140024}\InprocServer32]
@="C:\\WINDOWS\\system32\\hvetwiz.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{69434D16-320B-4F8C-861A-DFF0E5E8047B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{69434D16-320B-4F8C-861A-DFF0E5E8047B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{69434D16-320B-4F8C-861A-DFF0E5E8047B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{69434D16-320B-4F8C-861A-DFF0E5E8047B}\InprocServer32]
@="C:\\WINDOWS\\system32\\cjbjmon.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F5B96F4A-21DE-4525-8C91-45240B3C701B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F5B96F4A-21DE-4525-8C91-45240B3C701B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F5B96F4A-21DE-4525-8C91-45240B3C701B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F5B96F4A-21DE-4525-8C91-45240B3C701B}\InprocServer32]
@="C:\\WINDOWS\\system32\\mrrclr40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2A8928EC-1227-438D-A450-B8575291B29A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2A8928EC-1227-438D-A450-B8575291B29A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2A8928EC-1227-438D-A450-B8575291B29A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2A8928EC-1227-438D-A450-B8575291B29A}\InprocServer32]
@="C:\\WINDOWS\\system32\\dtvvox.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{225F211E-4D2D-44BD-93E2-470E023BFC51}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{225F211E-4D2D-44BD-93E2-470E023BFC51}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{225F211E-4D2D-44BD-93E2-470E023BFC51}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{225F211E-4D2D-44BD-93E2-470E023BFC51}\InprocServer32]
@="C:\\WINDOWS\\system32\\dxmstor.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8F454318-ED48-41B5-95C9-4F2F2B615B12}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8F454318-ED48-41B5-95C9-4F2F2B615B12}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8F454318-ED48-41B5-95C9-4F2F2B615B12}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8F454318-ED48-41B5-95C9-4F2F2B615B12}\InprocServer32]
@="C:\\WINDOWS\\system32\\qlartz.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4B66E5CC-7FC7-4C87-8AD6-989233A9117A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4B66E5CC-7FC7-4C87-8AD6-989233A9117A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4B66E5CC-7FC7-4C87-8AD6-989233A9117A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4B66E5CC-7FC7-4C87-8AD6-989233A9117A}\InprocServer32]
@="C:\\WINDOWS\\system32\\nztshell.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{47B7EFE8-F9EE-4709-A849-EC454039CB78}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{47B7EFE8-F9EE-4709-A849-EC454039CB78}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{47B7EFE8-F9EE-4709-A849-EC454039CB78}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{47B7EFE8-F9EE-4709-A849-EC454039CB78}\InprocServer32]
@="C:\\WINDOWS\\system32\\nnptools.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2E837ED8-C91E-4D94-B5DB-FB919668047F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E837ED8-C91E-4D94-B5DB-FB919668047F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E837ED8-C91E-4D94-B5DB-FB919668047F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E837ED8-C91E-4D94-B5DB-FB919668047F}\InprocServer32]
@="C:\\WINDOWS\\system32\\mnndex.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{17E2F06C-2411-44E7-BF92-9B9B85A99962}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{17E2F06C-2411-44E7-BF92-9B9B85A99962}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{17E2F06C-2411-44E7-BF92-9B9B85A99962}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{17E2F06C-2411-44E7-BF92-9B9B85A99962}\InprocServer32]
@="C:\\WINDOWS\\system32\\dsnlobby.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{73862067-5256-4F60-BD44-DBE52E26DE72}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{73862067-5256-4F60-BD44-DBE52E26DE72}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{73862067-5256-4F60-BD44-DBE52E26DE72}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{73862067-5256-4F60-BD44-DBE52E26DE72}\InprocServer32]
@="C:\\WINDOWS\\system32\\kddla.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5B54533D-82FD-4138-8742-C4C74AA5928A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5B54533D-82FD-4138-8742-C4C74AA5928A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5B54533D-82FD-4138-8742-C4C74AA5928A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT&#
  • 0

#9
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log, and we'll clean up what's left. :tazz:

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
  • 0

#10
Welderman123

Welderman123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
L2Mfix 1.03a

Running From:
C:\Aaron\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting up for Reboot


Starting Reboot!

C:\Aaron\l2mfix
System Rebooted!

Running From:
C:\Aaron\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 524 'explorer.exe'
Killing PID 524 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\cobcatex.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dicdll.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\h0l20a3oed.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\h8j4li1q18.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hRl20e3oeh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iasecsvc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir0ql5d51.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir82l5lo1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irrol5931.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\izfosoft.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j0j60a1sed.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l8n40i5qe8.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mrrclr40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mv2ol9f31.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mwports.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\p2p60c7sef.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sfnsapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\szclient.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\tdext.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\VV6STKIT.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wqnsock.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINDOWS\system32\cobcatex.dll
Successfully Deleted: C:\WINDOWS\system32\cobcatex.dll
deleting: C:\WINDOWS\system32\dicdll.dll
Successfully Deleted: C:\WINDOWS\system32\dicdll.dll
deleting: C:\WINDOWS\system32\h0l20a3oed.dll
Successfully Deleted: C:\WINDOWS\system32\h0l20a3oed.dll
deleting: C:\WINDOWS\system32\h8j4li1q18.dll
Successfully Deleted: C:\WINDOWS\system32\h8j4li1q18.dll
deleting: C:\WINDOWS\system32\hRl20e3oeh.dll
Successfully Deleted: C:\WINDOWS\system32\hRl20e3oeh.dll
deleting: C:\WINDOWS\system32\iasecsvc.dll
Successfully Deleted: C:\WINDOWS\system32\iasecsvc.dll
deleting: C:\WINDOWS\system32\ir0ql5d51.dll
Successfully Deleted: C:\WINDOWS\system32\ir0ql5d51.dll
deleting: C:\WINDOWS\system32\ir82l5lo1.dll
Successfully Deleted: C:\WINDOWS\system32\ir82l5lo1.dll
deleting: C:\WINDOWS\system32\irrol5931.dll
Successfully Deleted: C:\WINDOWS\system32\irrol5931.dll
deleting: C:\WINDOWS\system32\izfosoft.dll
Successfully Deleted: C:\WINDOWS\system32\izfosoft.dll
deleting: C:\WINDOWS\system32\j0j60a1sed.dll
Successfully Deleted: C:\WINDOWS\system32\j0j60a1sed.dll
deleting: C:\WINDOWS\system32\l8n40i5qe8.dll
Successfully Deleted: C:\WINDOWS\system32\l8n40i5qe8.dll
deleting: C:\WINDOWS\system32\mrrclr40.dll
Successfully Deleted: C:\WINDOWS\system32\mrrclr40.dll
deleting: C:\WINDOWS\system32\mv2ol9f31.dll
Successfully Deleted: C:\WINDOWS\system32\mv2ol9f31.dll
deleting: C:\WINDOWS\system32\mwports.dll
Successfully Deleted: C:\WINDOWS\system32\mwports.dll
deleting: C:\WINDOWS\system32\p2p60c7sef.dll
Successfully Deleted: C:\WINDOWS\system32\p2p60c7sef.dll
deleting: C:\WINDOWS\system32\sfnsapi.dll
Successfully Deleted: C:\WINDOWS\system32\sfnsapi.dll
deleting: C:\WINDOWS\system32\szclient.dll
Successfully Deleted: C:\WINDOWS\system32\szclient.dll
deleting: C:\WINDOWS\system32\tdext.dll
Successfully Deleted: C:\WINDOWS\system32\tdext.dll
deleting: C:\WINDOWS\system32\VV6STKIT.DLL
Successfully Deleted: C:\WINDOWS\system32\VV6STKIT.DLL
deleting: C:\WINDOWS\system32\wqnsock.dll
Successfully Deleted: C:\WINDOWS\system32\wqnsock.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp

Desktop.ini sucessfully removed

Zipping up files for submission:
adding: cobcatex.dll (188 bytes security) (deflated 4%)
adding: dicdll.dll (188 bytes security) (deflated 4%)
adding: h0l20a3oed.dll (188 bytes security) (deflated 4%)
adding: h8j4li1q18.dll (188 bytes security) (deflated 5%)
adding: hRl20e3oeh.dll (188 bytes security) (deflated 4%)
adding: iasecsvc.dll (188 bytes security) (deflated 5%)
adding: ir0ql5d51.dll (188 bytes security) (deflated 4%)
adding: ir82l5lo1.dll (188 bytes security) (deflated 5%)
adding: irrol5931.dll (188 bytes security) (deflated 5%)
adding: izfosoft.dll (188 bytes security) (deflated 5%)
adding: j0j60a1sed.dll (188 bytes security) (deflated 4%)
adding: l8n40i5qe8.dll (188 bytes security) (deflated 5%)
adding: mrrclr40.dll (188 bytes security) (deflated 4%)
adding: mv2ol9f31.dll (188 bytes security) (deflated 5%)
adding: mwports.dll (188 bytes security) (deflated 4%)
adding: p2p60c7sef.dll (188 bytes security) (deflated 5%)
adding: sfnsapi.dll (188 bytes security) (deflated 4%)
adding: szclient.dll (188 bytes security) (deflated 4%)
adding: tdext.dll (188 bytes security) (deflated 4%)
adding: VV6STKIT.DLL (188 bytes security) (deflated 4%)
adding: wqnsock.dll (188 bytes security) (deflated 4%)
adding: guard.tmp (188 bytes security) (deflated 4%)
adding: clear.reg (188 bytes security) (deflated 73%)
adding: echo.reg (188 bytes security) (deflated 6%)
adding: desktop.ini (188 bytes security) (deflated 14%)
adding: direct.txt (188 bytes security) (stored 0%)
adding: lo2.txt (188 bytes security) (deflated 82%)
adding: readme.txt (188 bytes security) (deflated 49%)
adding: report.txt (188 bytes security) (deflated 82%)
adding: test.txt (188 bytes security) (deflated 78%)
adding: test2.txt (188 bytes security) (deflated 50%)
adding: test3.txt (188 bytes security) (deflated 50%)
adding: test5.txt (188 bytes security) (deflated 50%)
adding: xfind.txt (188 bytes security) (deflated 72%)
adding: backregs/04FCE69E-D1BA-4549-987F-A617747E6AEF.reg (188 bytes security) (deflated 70%)
adding: backregs/06EBBD52-74E9-45E0-BAEC-A6CA0793B507.reg (188 bytes security) (deflated 70%)
adding: backregs/07273733-305F-4148-9E80-38C5FAC5FC4C.reg (188 bytes security) (deflated 70%)
adding: backregs/082C1EE8-8398-453D-8115-DEF67ABFEAD8.reg (188 bytes security) (deflated 70%)
adding: backregs/08BE37CF-D47D-4BD4-BD39-F70AB29CD87C.reg (188 bytes security) (deflated 70%)
adding: backregs/120037C8-100B-4A29-B777-64131905CAB8.reg (188 bytes security) (deflated 70%)
adding: backregs/13187271-377C-4863-82B5-10A8E8007299.reg (188 bytes security) (deflated 70%)
adding: backregs/1713DA8A-1002-443F-B209-02FF3A77EDF3.reg (188 bytes security) (deflated 69%)
adding: backregs/17E2F06C-2411-44E7-BF92-9B9B85A99962.reg (188 bytes security) (deflated 70%)
adding: backregs/1B12D77D-7F69-4093-86E8-750AB5B35884.reg (188 bytes security) (deflated 70%)
adding: backregs/1DB1BA25-144E-4A62-8F41-2D6D7BE36990.reg (188 bytes security) (deflated 70%)
adding: backregs/225F211E-4D2D-44BD-93E2-470E023BFC51.reg (188 bytes security) (deflated 70%)
adding: backregs/23BD3425-3F54-4210-8A42-201C7334A910.reg (188 bytes security) (deflated 70%)
adding: backregs/2497D125-7D45-40AF-937C-083B646C0396.reg (188 bytes security) (deflated 69%)
adding: backregs/2607E572-1BE4-4F91-AF6E-B616EC9F693E.reg (188 bytes security) (deflated 70%)
adding: backregs/29AD25E7-6E2A-45E7-9B96-D792E526702D.reg (188 bytes security) (deflated 70%)
adding: backregs/2A8928EC-1227-438D-A450-B8575291B29A.reg (188 bytes security) (deflated 70%)
adding: backregs/2E1543E1-8195-493F-A260-4F651C4D51E2.reg (188 bytes security) (deflated 70%)
adding: backregs/2E837ED8-C91E-4D94-B5DB-FB919668047F.reg (188 bytes security) (deflated 70%)
adding: backregs/35B7F53D-73CD-48B2-914C-EEF16C5A4D18.reg (188 bytes security) (deflated 70%)
adding: backregs/35D01E8F-D109-401E-858A-CEAF936F024B.reg (188 bytes security) (deflated 70%)
adding: backregs/375CE924-C369-4E14-ABF0-9DA2C4C0BA4A.reg (188 bytes security) (deflated 70%)
adding: backregs/3AF67211-C3C2-47B5-9BAA-2452DE148640.reg (188 bytes security) (deflated 70%)
adding: backregs/3E9CB9A0-4161-44A5-8C78-BD94685A7D2D.reg (188 bytes security) (deflated 70%)
adding: backregs/42193FA2-3FE5-4417-AF45-FD2E8E93794F.reg (188 bytes security) (deflated 69%)
adding: backregs/435283D4-58C5-4432-8819-A374BB79C58B.reg (188 bytes security) (deflated 70%)
adding: backregs/4429D0AA-AB55-4A32-BF17-392912BB9096.reg (188 bytes security) (deflated 70%)
adding: backregs/47B7EFE8-F9EE-4709-A849-EC454039CB78.reg (188 bytes security) (deflated 70%)
adding: backregs/4B66E5CC-7FC7-4C87-8AD6-989233A9117A.reg (188 bytes security) (deflated 70%)
adding: backregs/4D38D6EC-1886-40B7-8886-48135CF4E184.reg (188 bytes security) (deflated 70%)
adding: backregs/4D3BB102-DF31-464D-9F12-F644F4C2ABC1.reg (188 bytes security) (deflated 70%)
adding: backregs/4E6FDBE3-429E-423E-8CAB-A95A4DEE9019.reg (188 bytes security) (deflated 70%)
adding: backregs/4E79092E-4F96-42A3-B27B-5423A83BCDAE.reg (188 bytes security) (deflated 70%)
adding: backregs/51B5EA82-5D66-407E-9F4A-11C10D1FB51C.reg (188 bytes security) (deflated 70%)
adding: backregs/5555F18A-46F5-4D8B-BBB4-D14D6EEBCE66.reg (188 bytes security) (deflated 70%)
adding: backregs/55C4C8A2-78C3-4180-9E57-D6797F6D142E.reg (188 bytes security) (deflated 70%)
adding: backregs/56AC7473-A5DB-42B4-BFAE-F54EF1E8457A.reg (188 bytes security) (deflated 69%)
adding: backregs/59BE952F-8E59-47E0-98F6-664B08C54D7B.reg (188 bytes security) (deflated 70%)
adding: backregs/5B54533D-82FD-4138-8742-C4C74AA5928A.reg (188 bytes security) (deflated 70%)
adding: backregs/5FF69DA5-7E97-4AA1-BFAD-11D204B138A9.reg (188 bytes security) (deflated 70%)
adding: backregs/66F00D60-7DDF-4F57-8A8B-8F6DE02B21DF.reg (188 bytes security) (deflated 70%)
adding: backregs/69434D16-320B-4F8C-861A-DFF0E5E8047B.reg (188 bytes security) (deflated 70%)
adding: backregs/6ADB5EFA-7162-43B9-92FA-DFD6219882EE.reg (188 bytes security) (deflated 70%)
adding: backregs/72F78C5C-7CE2-441D-B43F-EBF1B2E904BD.reg (188 bytes security) (deflated 69%)
adding: backregs/73862067-5256-4F60-BD44-DBE52E26DE72.reg (188 bytes security) (deflated 70%)
adding: backregs/77575F12-00F2-4D66-9835-734E0F184412.reg (188 bytes security) (deflated 70%)
adding: backregs/77789143-612E-43DE-A4BF-083696EBCC76.reg (188 bytes security) (deflated 70%)
adding: backregs/78B8D475-DD49-4081-A59E-25F44EB1E3E3.reg (188 bytes security) (deflated 70%)
adding: backregs/7F3F9D40-EB40-41C0-8805-28EAE1384DA4.reg (188 bytes security) (deflated 70%)
adding: backregs/872FE559-F504-4DCF-806E-4903912CE8AE.reg (188 bytes security) (deflated 70%)
adding: backregs/8B239CAD-A8D5-431B-8169-36BE192741C0.reg (188 bytes security) (deflated 70%)
adding: backregs/8F454318-ED48-41B5-95C9-4F2F2B615B12.reg (188 bytes security) (deflated 70%)
adding: backregs/9325FCC8-CAAD-47DF-88C0-A0166D1D10B9.reg (188 bytes security) (deflated 70%)
adding: backregs/936EDD26-65E4-4FBA-976A-23AA31280C5E.reg (188 bytes security) (deflated 70%)
adding: backregs/9B610728-28EA-4413-94AB-0E0D216F0D83.reg (188 bytes security) (deflated 70%)
adding: backregs/AA5D00C5-D35B-49B9-B4AE-64A078831FDD.reg (188 bytes security) (deflated 70%)
adding: backregs/AFD75378-BE73-4646-9943-2D48F7FCFF7B.reg (188 bytes security) (deflated 70%)
adding: backregs/B2101D14-DD52-43B3-B462-269667F74527.reg (188 bytes security) (deflated 70%)
adding: backregs/B77CFFCC-99DF-4896-83FB-47ECF4B5E100.reg (188 bytes security) (deflated 69%)
adding: backregs/B9A20B8C-2872-4071-9686-4074F8F16FCB.reg (188 bytes security) (deflated 70%)
adding: backregs/C65722E0-2D6F-4D95-9C5D-7567303CF18A.reg (188 bytes security) (deflated 70%)
adding: backregs/CB8520FC-1FD8-48D9-A1CB-B5B2753620B8.reg (188 bytes security) (deflated 70%)
adding: backregs/CC2CAE87-3AFA-4972-8571-8C209DFE470C.reg (188 bytes security) (deflated 70%)
adding: backregs/D7ADBCF5-4429-4568-8CCA-8F014277E37F.reg (188 bytes security) (deflated 70%)
adding: backregs/D90FE6F9-8CFB-4AD7-8F2F-457739D99D71.reg (188 bytes security) (deflated 70%)
adding: backregs/DC71B706-B7BE-4F07-B7D2-907F311F27AC.reg (188 bytes security) (deflated 70%)
adding: backregs/E2DB3AD2-E90D-4988-8F33-B8DC55140024.reg (188 bytes security) (deflated 70%)
adding: backregs/EAE825A8-414E-441A-B4DE-697451FFF358.reg (188 bytes security) (deflated 70%)
adding: backregs/ED17A258-671C-4C46-A9C8-555D5C14FBF8.reg (188 bytes security) (deflated 70%)
adding: backregs/EDF0623F-3423-45F4-9261-7878A74B3005.reg (188 bytes security) (deflated 70%)
adding: backregs/EE50D636-A6FC-411A-9436-AFBE01622196.reg (188 bytes security) (deflated 70%)
adding: backregs/F172918A-4D98-4D3C-84CF-662764D6D155.reg (188 bytes security) (deflated 70%)
adding: backregs/F2778539-6810-41E8-99E2-C70F8A3691E1.reg (188 bytes security) (deflated 70%)
adding: backregs/F5263ECF-92DB-4089-8011-8C1C9FDE04C5.reg (188 bytes security) (deflated 70%)
adding: backregs/F576E125-40A7-4E94-93EC-62EA59607488.reg (188 bytes security) (deflated 70%)
adding: backregs/F5B96F4A-21DE-4525-8C91-45240B3C701B.reg (188 bytes security) (deflated 70%)
adding: backregs/F8875EF1-03FA-4F3A-B377-0D26455A2FC7.reg (188 bytes security) (deflated 70%)
adding: backregs/shell.reg (188 bytes security) (deflated 72%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful

deleting local copy: cobcatex.dll
deleting local copy: dicdll.dll
deleting local copy: h0l20a3oed.dll
deleting local copy: h8j4li1q18.dll
deleting local copy: hRl20e3oeh.dll
deleting local copy: iasecsvc.dll
deleting local copy: ir0ql5d51.dll
deleting local copy: ir82l5lo1.dll
deleting local copy: irrol5931.dll
deleting local copy: izfosoft.dll
deleting local copy: j0j60a1sed.dll
deleting local copy: l8n40i5qe8.dll
deleting local copy: mrrclr40.dll
deleting local copy: mv2ol9f31.dll
deleting local copy: mwports.dll
deleting local copy: p2p60c7sef.dll
deleting local copy: sfnsapi.dll
deleting local copy: szclient.dll
deleting local copy: tdext.dll
deleting local copy: VV6STKIT.DLL
deleting local copy: wqnsock.dll
deleting local copy: guard.tmp

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\d8j0li1m18.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\cobcatex.dll
C:\WINDOWS\system32\dicdll.dll
C:\WINDOWS\system32\h0l20a3oed.dll
C:\WINDOWS\system32\h8j4li1q18.dll
C:\WINDOWS\system32\hRl20e3oeh.dll
C:\WINDOWS\system32\iasecsvc.dll
C:\WINDOWS\system32\ir0ql5d51.dll
C:\WINDOWS\system32\ir82l5lo1.dll
C:\WINDOWS\system32\irrol5931.dll
C:\WINDOWS\system32\izfosoft.dll
C:\WINDOWS\system32\j0j60a1sed.dll
C:\WINDOWS\system32\l8n40i5qe8.dll
C:\WINDOWS\system32\mrrclr40.dll
C:\WINDOWS\system32\mv2ol9f31.dll
C:\WINDOWS\system32\mwports.dll
C:\WINDOWS\system32\p2p60c7sef.dll
C:\WINDOWS\system32\sfnsapi.dll
C:\WINDOWS\system32\szclient.dll
C:\WINDOWS\system32\tdext.dll
C:\WINDOWS\system32\VV6STKIT.DLL
C:\WINDOWS\system32\wqnsock.dll
C:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{F576E125-40A7-4E94-93EC-62EA59607488}"=-
"{ED17A258-671C-4C46-A9C8-555D5C14FBF8}"=-
"{4429D0AA-AB55-4A32-BF17-392912BB9096}"=-
"{78B8D475-DD49-4081-A59E-25F44EB1E3E3}"=-
"{5FF69DA5-7E97-4AA1-BFAD-11D204B138A9}"=-
"{1B12D77D-7F69-4093-86E8-750AB5B35884}"=-
"{9B610728-28EA-4413-94AB-0E0D216F0D83}"=-
"{13187271-377C-4863-82B5-10A8E8007299}"=-
"{375CE924-C369-4E14-ABF0-9DA2C4C0BA4A}"=-
"{082C1EE8-8398-453D-8115-DEF67ABFEAD8}"=-
"{D90FE6F9-8CFB-4AD7-8F2F-457739D99D71}"=-
"{59BE952F-8E59-47E0-98F6-664B08C54D7B}"=-
"{4D38D6EC-1886-40B7-8886-48135CF4E184}"=-
"{872FE559-F504-4DCF-806E-4903912CE8AE}"=-
"{EE50D636-A6FC-411A-9436-AFBE01622196}"=-
"{55C4C8A2-78C3-4180-9E57-D6797F6D142E}"=-
"{5555F18A-46F5-4D8B-BBB4-D14D6EEBCE66}"=-
"{2497D125-7D45-40AF-937C-083B646C0396}"=-
"{EAE825A8-414E-441A-B4DE-697451FFF358}"=-
"{23BD3425-3F54-4210-8A42-201C7334A910}"=-
"{2E1543E1-8195-493F-A260-4F651C4D51E2}"=-
"{42193FA2-3FE5-4417-AF45-FD2E8E93794F}"=-
"{435283D4-58C5-4432-8819-A374BB79C58B}"=-
"{D7ADBCF5-4429-4568-8CCA-8F014277E37F}"=-
"{AA5D00C5-D35B-49B9-B4AE-64A078831FDD}"=-
"{EDF0623F-3423-45F4-9261-7878A74B3005}"=-
"{66F00D60-7DDF-4F57-8A8B-8F6DE02B21DF}"=-
"{51B5EA82-5D66-407E-9F4A-11C10D1FB51C}"=-
"{56AC7473-A5DB-42B4-BFAE-F54EF1E8457A}"=-
"{1DB1BA25-144E-4A62-8F41-2D6D7BE36990}"=-
"{6ADB5EFA-7162-43B9-92FA-DFD6219882EE}"=-
"{AFD75378-BE73-4646-9943-2D48F7FCFF7B}"=-
"{F8875EF1-03FA-4F3A-B377-0D26455A2FC7}"=-
"{CB8520FC-1FD8-48D9-A1CB-B5B2753620B8}"=-
"{04FCE69E-D1BA-4549-987F-A617747E6AEF}"=-
"{F5263ECF-92DB-4089-8011-8C1C9FDE04C5}"=-
"{4E6FDBE3-429E-423E-8CAB-A95A4DEE9019}"=-
"{1713DA8A-1002-443F-B209-02FF3A77EDF3}"=-
"{8B239CAD-A8D5-431B-8169-36BE192741C0}"=-
"{77789143-612E-43DE-A4BF-083696EBCC76}"=-
"{9325FCC8-CAAD-47DF-88C0-A0166D1D10B9}"=-
"{F172918A-4D98-4D3C-84CF-662764D6D155}"=-
"{35D01E8F-D109-401E-858A-CEAF936F024B}"=-
"{F2778539-6810-41E8-99E2-C70F8A3691E1}"=-
"{07273733-305F-4148-9E80-38C5FAC5FC4C}"=-
"{3E9CB9A0-4161-44A5-8C78-BD94685A7D2D}"=-
"{C65722E0-2D6F-4D95-9C5D-7567303CF18A}"=-
"{E2DB3AD2-E90D-4988-8F33-B8DC55140024}"=-
"{69434D16-320B-4F8C-861A-DFF0E5E8047B}"=-
"{F5B96F4A-21DE-4525-8C91-45240B3C701B}"=-
"{2A8928EC-1227-438D-A450-B8575291B29A}"=-
"{225F211E-4D2D-44BD-93E2-470E023BFC51}"=-
"{8F454318-ED48-41B5-95C9-4F2F2B615B12}"=-
"{4B66E5CC-7FC7-4C87-8AD6-989233A9117A}"=-
"{47B7EFE8-F9EE-4709-A849-EC454039CB78}"=-
"{2E837ED8-C91E-4D94-B5DB-FB919668047F}"=-
"{17E2F06C-2411-44E7-BF92-9B9B85A99962}"=-
"{73862067-5256-4F60-BD44-DBE52E26DE72}"=-
"{5B54533D-82FD-4138-8742-C4C74AA5928A}"=-
"{936EDD26-65E4-4FBA-976A-23AA31280C5E}"=-
"{08BE37CF-D47D-4BD4-BD39-F70AB29CD87C}"=-
"{B9A20B8C-2872-4071-9686-4074F8F16FCB}"=-
"{120037C8-100B-4A29-B777-64131905CAB8}"=-
"{35B7F53D-73CD-48B2-914C-EEF16C5A4D18}"=-
"{4D3BB102-DF31-464D-9F12-F644F4C2ABC1}"=-
"{29AD25E7-6E2A-45E7-9B96-D792E526702D}"=-
"{3AF67211-C3C2-47B5-9BAA-2452DE148640}"=-
"{4E79092E-4F96-42A3-B27B-5423A83BCDAE}"=-
"{77575F12-00F2-4D66-9835-734E0F184412}"=-
"{72F78C5C-7CE2-441D-B43F-EBF1B2E904BD}"=-
"{06EBBD52-74E9-45E0-BAEC-A6CA0793B507}"=-
"{7F3F9D40-EB40-41C0-8805-28EAE1384DA4}"=-
"{DC71B706-B7BE-4F07-B7D2-907F311F27AC}"=-
"{CC2CAE87-3AFA-4972-8571-8C209DFE470C}"=-
"{2607E572-1BE4-4F91-AF6E-B616EC9F693E}"=-
"{B77CFFCC-99DF-4896-83FB-47ECF4B5E100}"=-
"{B2101D14-DD52-43B3-B462-269667F74527}"=-
[-HKEY_CLASSES_ROOT\CLSID\{F576E125-40A7-4E94-93EC-62EA59607488}]
[-HKEY_CLASSES_ROOT\CLSID\{ED17A258-671C-4C46-A9C8-555D5C14FBF8}]
[-HKEY_CLASSES_ROOT\CLSID\{4429D0AA-AB55-4A32-BF17-392912BB9096}]
[-HKEY_CLASSES_ROOT\CLSID\{78B8D475-DD49-4081-A59E-25F44EB1E3E3}]
[-HKEY_CLASSES_ROOT\CLSID\{5FF69DA5-7E97-4AA1-BFAD-11D204B138A9}]
[-HKEY_CLASSES_ROOT\CLSID\{1B12D77D-7F69-4093-86E8-750AB5B35884}]
[-HKEY_CLASSES_ROOT\CLSID\{9B610728-28EA-4413-94AB-0E0D216F0D83}]
[-HKEY_CLASSES_ROOT\CLSID\{13187271-377C-4863-82B5-10A8E8007299}]
[-HKEY_CLASSES_ROOT\CLSID\{375CE924-C369-4E14-ABF0-9DA2C4C0BA4A}]
[-HKEY_CLASSES_ROOT\CLSID\{082C1EE8-8398-453D-8115-DEF67ABFEAD8}]
[-HKEY_CLASSES_ROOT\CLSID\{D90FE6F9-8CFB-4AD7-8F2F-457739D99D71}]
[-HKEY_CLASSES_ROOT\CLSID\{59BE952F-8E59-47E0-98F6-664B08C54D7B}]
[-HKEY_CLASSES_ROOT\CLSID\{4D38D6EC-1886-40B7-8886-48135CF4E184}]
[-HKEY_CLASSES_ROOT\CLSID\{872FE559-F504-4DCF-806E-4903912CE8AE}]
[-HKEY_CLASSES_ROOT\CLSID\{EE50D636-A6FC-411A-9436-AFBE01622196}]
[-HKEY_CLASSES_ROOT\CLSID\{55C4C8A2-78C3-4180-9E57-D6797F6D142E}]
[-HKEY_CLASSES_ROOT\CLSID\{5555F18A-46F5-4D8B-BBB4-D14D6EEBCE66}]
[-HKEY_CLASSES_ROOT\CLSID\{2497D125-7D45-40AF-937C-083B646C0396}]
[-HKEY_CLASSES_ROOT\CLSID\{EAE825A8-414E-441A-B4DE-697451FFF358}]
[-HKEY_CLASSES_ROOT\CLSID\{23BD3425-3F54-4210-8A42-201C7334A910}]
[-HKEY_CLASSES_ROOT\CLSID\{2E1543E1-8195-493F-A260-4F651C4D51E2}]
[-HKEY_CLASSES_ROOT\CLSID\{42193FA2-3FE5-4417-AF45-FD2E8E93794F}]
[-HKEY_CLASSES_ROOT\CLSID\{435283D4-58C5-4432-8819-A374BB79C58B}]
[-HKEY_CLASSES_ROOT\CLSID\{D7ADBCF5-4429-4568-8CCA-8F014277E37F}]
[-HKEY_CLASSES_ROOT\CLSID\{AA5D00C5-D35B-49B9-B4AE-64A078831FDD}]
[-HKEY_CLASSES_ROOT\CLSID\{EDF0623F-3423-45F4-9261-7878A74B3005}]
[-HKEY_CLASSES_ROOT\CLSID\{66F00D60-7DDF-4F57-8A8B-8F6DE02B21DF}]
[-HKEY_CLASSES_ROOT\CLSID\{51B5EA82-5D66-407E-9F4A-11C10D1FB51C}]
[-HKEY_CLASSES_ROOT\CLSID\{56AC7473-A5DB-42B4-BFAE-F54EF1E8457A}]
[-HKEY_CLASSES_ROOT\CLSID\{1DB1BA25-144E-4A62-8F41-2D6D7BE36990}]
[-HKEY_CLASSES_ROOT\CLSID\{6ADB5EFA-7162-43B9-92FA-DFD6219882EE}]
[-HKEY_CLASSES_ROOT\CLSID\{AFD75378-BE73-4646-9943-2D48F7FCFF7B}]
[-HKEY_CLASSES_ROOT\CLSID\{F8875EF1-03FA-4F3A-B377-0D26455A2FC7}]
[-HKEY_CLASSES_ROOT\CLSID\{CB8520FC-1FD8-48D9-A1CB-B5B2753620B8}]
[-HKEY_CLASSES_ROOT\CLSID\{04FCE69E-D1BA-4549-987F-A617747E6AEF}]
[-HKEY_CLASSES_ROOT\CLSID\{F5263ECF-92DB-4089-8011-8C1C9FDE04C5}]
[-HKEY_CLASSES_ROOT\CLSID\{4E6FDBE3-429E-423E-8CAB-A95A4DEE9019}]
[-HKEY_CLASSES_ROOT\CLSID\{1713DA8A-1002-443F-B209-02FF3A77EDF3}]
[-HKEY_CLASSES_ROOT\CLSID\{8B239CAD-A8D5-431B-8169-36BE192741C0}]
[-HKEY_CLASSES_ROOT\CLSID\{77789143-612E-43DE-A4BF-083696EBCC76}]
[-HKEY_CLASSES_ROOT\CLSID\{9325FCC8-CAAD-47DF-88C0-A0166D1D10B9}]
[-HKEY_CLASSES_ROOT\CLSID\{F172918A-4D98-4D3C-84CF-662764D6D155}]
[-HKEY_CLASSES_ROOT\CLSID\{35D01E8F-D109-401E-858A-CEAF936F024B}]
[-HKEY_CLASSES_ROOT\CLSID\{F2778539-6810-41E8-99E2-C70F8A3691E1}]
[-HKEY_CLASSES_ROOT\CLSID\{07273733-305F-4148-9E80-38C5FAC5FC4C}]
[-HKEY_CLASSES_ROOT\CLSID\{3E9CB9A0-4161-44A5-8C78-BD94685A7D2D}]
[-HKEY_CLASSES_ROOT\CLSID\{C65722E0-2D6F-4D95-9C5D-7567303CF18A}]
[-HKEY_CLASSES_ROOT\CLSID\{E2DB3AD2-E90D-4988-8F33-B8DC55140024}]
[-HKEY_CLASSES_ROOT\CLSID\{69434D16-320B-4F8C-861A-DFF0E5E8047B}]
[-HKEY_CLASSES_ROOT\CLSID\{F5B96F4A-21DE-4525-8C91-45240B3C701B}]
[-HKEY_CLASSES_ROOT\CLSID\{2A8928EC-1227-438D-A450-B8575291B29A}]
[-HKEY_CLASSES_ROOT\CLSID\{225F211E-4D2D-44BD-93E2-470E023BFC51}]
[-HKEY_CLASSES_ROOT\CLSID\{8F454318-ED48-41B5-95C9-4F2F2B615B12}]
[-HKEY_CLASSES_ROOT\CLSID\{4B66E5CC-7FC7-4C87-8AD6-989233A9117A}]
[-HKEY_CLASSES_ROOT\CLSID\{47B7EFE8-F9EE-4709-A849-EC454039CB78}]
[-HKEY_CLASSES_ROOT\CLSID\{2E837ED8-C91E-4D94-B5DB-FB919668047F}]
[-HKEY_CLASSES_ROOT\CLSID\{17E2F06C-2411-44E7-BF92-9B9B85A99962}]
[-HKEY_CLASSES_ROOT\CLSID\{73862067-5256-4F60-BD44-DBE52E26DE72}]
[-HKEY_CLASSES_ROOT\CLSID\{5B54533D-82FD-4138-8742-C4C74AA5928A}]
[-HKEY_CLASSES_ROOT\CLSID\{936EDD26-65E4-4FBA-976A-23AA31280C5E}]
[-HKEY_CLASSES_ROOT\CLSID\{08BE37CF-D47D-4BD4-BD39-F70AB29CD87C}]
[-HKEY_CLASSES_ROOT\CLSID\{B9A20B8C-2872-4071-9686-4074F8F16FCB}]
[-HKEY_CLASSES_ROOT\CLSID\{120037C8-100B-4A29-B777-64131905CAB8}]
[-HKEY_CLASSES_ROOT\CLSID\{35B7F53D-73CD-48B2-914C-EEF16C5A4D18}]
[-HKEY_CLASSES_ROOT\CLSID\{4D3BB102-DF31-464D-9F12-F644F4C2ABC1}]
[-HKEY_CLASSES_ROOT\CLSID\{29AD25E7-6E2A-45E7-9B96-D792E526702D}]
[-HKEY_CLASSES_ROOT\CLSID\{3AF67211-C3C2-47B5-9BAA-2452DE148640}]
[-HKEY_CLASSES_ROOT\CLSID\{4E79092E-4F96-42A3-B27B-5423A83BCDAE}]
[-HKEY_CLASSES_ROOT\CLSID\{77575F12-00F2-4D66-9835-734E0F184412}]
[-HKEY_CLASSES_ROOT\CLSID\{72F78C5C-7CE2-441D-B43F-EBF1B2E904BD}]
[-HKEY_CLASSES_ROOT\CLSID\{06EBBD52-74E9-45E0-BAEC-A6CA0793B507}]
[-HKEY_CLASSES_ROOT\CLSID\{7F3F9D40-EB40-41C0-8805-28EAE1384DA4}]
[-HKEY_CLASSES_ROOT\CLSID\{DC71B706-B7BE-4F07-B7D2-907F311F27AC}]
[-HKEY_CLASSES_ROOT\CLSID\{CC2CAE87-3AFA-4972-8571-8C209DFE470C}]
[-HKEY_CLASSES_ROOT\CLSID\{2607E572-1BE4-4F91-AF6E-B616EC9F693E}]
[-HKEY_CLASSES_ROOT\CLSID\{B77CFFCC-99DF-4896-83FB-47ECF4B5E100}]
[-HKEY_CLASSES_ROOT\CLSID\{B2101D14-DD52-43B3-B462-269667F74527}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
<IDone>{C46593E4-64F1-4B68-A179-904102E97F80}</IDone>
<IDtwo>VT09</IDtwo>
<VERSION>200</VERSION>
****************************************************************************

  • 0

Advertisements


#11
Welderman123

Welderman123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:38:52 PM, on 7/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\COMMON~1\AOL\111111~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\111111~1\EE\AOLServiceHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\Arron\LOCALS~1\Temp\Temporary Directory 7 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1111112124\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NoAdware3] "C:\Program Files\NoAdware3\NoAdware3.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptoda...pdatePortal.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...443/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF051DDB-2ACC-41C2-8B9E-4CF02691448C}: NameServer = 205.188.146.145
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\d8j0li1m18.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
  • 0

#12
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Now that we've cleared the first one off, we'll get to part 2. You also have a CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download and install CleanUp! Here

Save all of these files somewhere you will remember like to the Desktop.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run CleanUp!Reboot your computer into normal windows.

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.
  • 0

#13
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
I should have noticed this before, but I see that you're either running HijackThis from a temporary directory or from the archive it came in. When we use HijackThis to remove entries, it creates backups in case something dire goes wrong. If the program is run in a temporary directory, those backups can be accidently removed.

I'd suggest that you create a folder on your C: drive named "HJT" or something like it and move the HIjackThis program file into that folder. We haven't removed anything with HijackThis yet, but it really should be moved there.
  • 0

#14
Welderman123

Welderman123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here is the about:buster log...

Scanned at: 3:43:46 PM on: 7/26/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 31

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 31

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

Here is the CWS Log....

**** Run Keys ****

RUN: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
RUN: [BCMSMMSG] BCMSMMSG.exe
RUN: [HostManager] C:\Program Files\Common Files\AOL\1111112124\EE\AOLHostManager.exe
RUN: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
RUN: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
RUN: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
RUN: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
RUN: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
RUN: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
RUN: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
RUN: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
RUN: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
RUN: [NoAdware3] "C:\Program Files\NoAdware3\NoAdware3.exe"
RUN: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
RUN: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
RUN: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b


**** Browser Helper Objects ****

BHO: [PCTools Site Guard] C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
BHO: [PCTools Browser Monitor] C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll


**** IE Toolbars ****

TOOLBAR: [AOL Toolbar] C:\Program Files\AOL Toolbar\toolbar.dll
TOOLBAR: [McAfee VirusScan] c:\progra~1\mcafee.com\vso\mcvsshl.dll


**** IE Extensions ****

IEExt: []
IEExt: [Web Browser Applet Control] C:\WINDOWS\System32\msjava.dll
IEExt: [Spyware Doctor] C:\WINDOWS\System32\msjava.dll
IEExt: [AOL Toolbar] C:\WINDOWS\System32\msjava.dll


**** Hosts File Entries ****

HOSTS: 127.0.0.1 www.igetnet.com
HOSTS: 127.0.0.1 code.ignphrases.com
HOSTS: 127.0.0.1 clear-search.com
HOSTS: 127.0.0.1 r1.clrsch.com
HOSTS: 127.0.0.1 sds.clrsch.com
HOSTS: 127.0.0.1 status.clrsch.com
HOSTS: 127.0.0.1 www.clrsch.com
HOSTS: 127.0.0.1 clr-sch.com
HOSTS: 127.0.0.1 sds-qckads.com
HOSTS: 127.0.0.1 status.qckads.com
HOSTS: 127.0.0.1 status.qckads.com
HOSTS: 127.0.0.1 status.qckads.com
HOSTS: 127.0.0.1 status.qckads.com
HOSTS: 127.0.0.1 status.qckads.com
HOSTS: 127.0.0.1 status.qckads.com
HOSTS: 127.0.0.1 status.qckads.com
HOSTS: 127.0.0.1 status.qckads.com
HOSTS: 127.0.0.1 status.qckads.com
HOSTS: 127.0.0.1 www.qoolaid.com
HOSTS: 127.0.0.1 www.qoologic.com
HOSTS: 127.0.0.1 www.CLKPrecision.com
HOSTS: 127.0.0.1 www.urllogic.com
HOSTS: 127.0.0.1 www.clkoptimizer.com
HOSTS: 127.0.0.1 www.clkoptimizer.com
HOSTS: 127.0.0.1 www.clkoptimizer.com
HOSTS: 127.0.0.1 www.clkoptimizer.com
HOSTS: 127.0.0.1 www.clkoptimizer.com
HOSTS: 127.0.0.1 www.clkoptimizer.com
HOSTS: 127.0.0.1 www.clkoptimizer.com
HOSTS: 127.0.0.1 www.clkoptimizer.com
HOSTS: 127.0.0.1 www.isearch.com
HOSTS: 127.0.0.1 isearch.com
HOSTS: 127.0.0.1 www.idownload.com
HOSTS: 127.0.0.1 idownload.com
HOSTS: 127.0.0.1 idownload.com
HOSTS: 127.0.0.1 idownload.com
HOSTS: 127.0.0.1 www.mytotalsearch.com
HOSTS: 127.0.0.1 mytotalsearch.com
HOSTS: 127.0.0.1 www.lop.com
HOSTS: 127.0.0.1 lop.com
HOSTS: 127.0.0.1 www.websearch.com
HOSTS: 127.0.0.1 websearch.com
HOSTS: 127.0.0.1 www.page-not-found.net
HOSTS: 127.0.0.1 page-not-found.net
HOSTS: 127.0.0.1 www.isearchhere.com
HOSTS: 127.0.0.1 isearchhere.com
HOSTS: 127.0.0.1 xads.offeroptimizer.comm
HOSTS: 127.0.0.1 search.offeroptimizer.com
HOSTS: 127.0.0.1 ximages.offeroptimizer.com
HOSTS: 127.0.0.1 xlime.offeroptimizer.com
HOSTS: 127.0.0.1 xadsj-o.offeroptimizer.com
HOSTS: 127.0.0.1 xadsj.offeroptimizer.com
HOSTS: 127.0.0.1 www.offeroptimizer.com
HOSTS: 127.0.0.1 as.adwave.com
HOSTS: 127.0.0.1 sr.adwave.com
HOSTS: 127.0.0.1 www.adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com
HOSTS: 127.0.0.1 adwave.com


**** IE Settings ****

Default Page: http://www.google.com
Default Search: http://www.google.com
Local Page: \blank.htm
Search Bar:
Search Page: http://www.google.com


**** IE Context Menu (Right click) ****

IEContext: [&AOL Toolbar search] res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IEContext: [E&xport to Microsoft Excel] res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000


**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD nwlnkipx [IPX]
LSP: MSAFD nwlnkspx [SPX]
LSP: MSAFD nwlnkspx [SPX] [Pseudo Stream]
LSP: MSAFD nwlnkspx [SPX II]
LSP: MSAFD nwlnkspx [SPX II] [Pseudo Stream]
LSP: MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1781EC55-2104-4B7E-BFFD-8E3A0B38E67C}] SEQPACKET 8
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1781EC55-2104-4B7E-BFFD-8E3A0B38E67C}] DATAGRAM 8
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{89FB3214-DAF3-464F-8907-2F87B48E5CFA}] SEQPACKET 7
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{89FB3214-DAF3-464F-8907-2F87B48E5CFA}] DATAGRAM 7
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D4DF34AC-E298-4E4C-A317-9AD37F114A0E}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D4DF34AC-E298-4E4C-A317-9AD37F114A0E}] DATAGRAM 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{87FB2644-81C8-4B14-8B55-1F983B9EBA61}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{87FB2644-81C8-4B14-8B55-1F983B9EBA61}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1E317F55-399A-49DA-8B75-7C85BE3F67F0}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1E317F55-399A-49DA-8B75-7C85BE3F67F0}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DC19005D-3017-43FE-A4EE-EB5514E97E6E}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DC19005D-3017-43FE-A4EE-EB5514E97E6E}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A71F10F-4B54-4D7D-9EA3-4D89FA126066}] SEQPACKET 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A71F10F-4B54-4D7D-9EA3-4D89FA126066}] DATAGRAM 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BF051DDB-2ACC-41C2-8B9E-4CF02691448C}] SEQPACKET 6
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BF051DDB-2ACC-41C2-8B9E-4CF02691448C}] DATAGRAM 6


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****

DirectAnimation Java Classes [file://C:\WINDOWS\Java\classes\dajava.cab]
Microsoft XML Parser for Java [file://C:\WINDOWS\Java\classes\xmldso.cab]
{01A88BB1-1174-41EC-ACCB-963509EAE56B} [http://support.dell....ler/SysPro.CAB]
{04E214E5-63AF-4236-83C6-A7ADCBF9BD02} [http://housecall60.t...ll/xscan60.cab] C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\mfc42.dll C:\WINDOWS\runtsckl.exe C:\WINDOWS\tmupdate.ini C:\WINDOWS\aucfg.ini C:\WINDOWS\loadhttp.dll C:\WINDOWS\system32\msvcp60.dll C:\WINDOWS\TSC.ini C:\WINDOWS\RMAgentOutput.dll C:\WINDOWS\dllTSCLIBMT.dll C:\Program Files\America Online 9.0a\patchw32.dll C:\WINDOWS\Downloaded Program Files\xscan60.ocx
{166B1BCA-3F9C-11CF-8075-444553540000} [http://download.macr...irector/sw.cab]
{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} [http://protect.micro...?1111628313671]
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} [http://www.fileplane...C_1_0_0_44.cab]
{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} [http://aolcc.aol.com...up/qdiagcc.cab]
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [http://download.av.a...3/mcinsctl.cab]
{5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} [http://www.amiuptoda...datePortal.cab]
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} [http://a840.g.akamai...ll/xscan53.cab]
{77E32299-629F-43C6-AB77-6A1E6D7663F6} [http://www.nick.com/...GrooveAX27.cab]
{8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/...ndows-i586.cab]
{94B82441-A413-4E43-8422-D49930E69764} [https://echat.us.del.../TLIEFlash.CAB]
{9B03C5F1-F5AB-47EE-937D-A8EDA626F876} [http://download.zone...tor/WebAAS.cab]
{9F1C11AA-197B-4942-BA54-47A8489BB47F} [http://v4.windowsupd...112.4026736111]
{A93D84FD-641F-43AE-B963-E6FA84BE7FE7} [http://www.linksysfi...l/gtdownls.cab]
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [http://download.av.a...20/mcgdmgr.cab]
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} [http://java.sun.com/...ndows-i586.cab]
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} [http://java.sun.com/...ndows-i586.cab]
{DBA230D1-8467-4e69-987E-5FAE815A3B45}
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} [http://download.mcaf...43/mcfscan.cab]


**** Windows Services ****



**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://ie.search.msn...st/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn...st/srchcust.htm


**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] \blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://www.google.com
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] http://www.google.com
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [FullScreen] no
IEOPT: [Use FormSuggest] no
IEOPT: [Window_Placement] ,
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] no
IEOPT: [ShowedCheckBrowser] Yes
IEOPT: [Check_Associations] No
IEOPT: [AutoSearch]
IEOPT: [Friendly http errors] yes
IEOPT: [AddToFavoritesExpanded]
IEOPT: [Use Search Asst] yes
IEOPT: [Search Bar]
IEOPT: [Expand Alt Text] no
IEOPT: [Move System Caret] yes
IEOPT: [NscSingleExpand]
IEOPT: [DisableScriptDebuggerIE] yes
IEOPT: [NoWebJITSetup]
IEOPT: [Page_Transitions]
IEOPT: [FavIntelliMenus] no
IEOPT: [Enable Browser Extensions] no
IEOPT: [UseThemes]
IEOPT: [Force Offscreen Composition]
IEOPT: [AllowWindowReuse]
IEOPT: [ShowGoButton] yes
IEOPT: [SmoothScroll]
IEOPT: [Enable AutoImageResize] yes
IEOPT: [Enable_MyPics_Hoverbar] yes
IEOPT: [Play_Animations] yes
IEOPT: [Play_Background_Sounds] yes
IEOPT: [Display Inline Videos] yes
IEOPT: [Show image placeholders]
IEOPT: [Print_Background] no
IEOPT: [LastCheckedHi] O{Å
IEOPT: [Default_Page_URL] http://www.google.com
IEOPT: [Default_Search_URL] http://www.google.com
IEOPT: [Search Page] http://www.google.com
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] \blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://www.google.com
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no

And here is the HJT.....

Logfile of HijackThis v1.99.1
Scan saved at 4:10:16 PM, on 7/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\111111~1\EE\AOLHOS~1.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\COMMON~1\AOL\111111~1\EE\AOLServiceHost.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1111112124\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NoAdware3] "C:\Program Files\NoAdware3\NoAdware3.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptoda...pdatePortal.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...443/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF051DDB-2ACC-41C2-8B9E-4CF02691448C}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
  • 0

#15
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Welcome,
Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

First:
Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display "Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates


Once the updates are installed do the following:
  • Reboot into Safe Mode
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.**
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP