Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Voracious Browser Hijacker [RESOLVED]


  • This topic is locked This topic is locked

#1
JBiddy

JBiddy

    Member

  • Member
  • PipPip
  • 11 posts
Logfile of HijackThis v1.99.1
Scan saved at 2:26:48 PM, on 8/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\system32\n20050308.a.Stub.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Janabai2\Desktop\hijackthis-1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://clixis.com/de...p?display=login
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Janabai2"
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23....es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,21/mcgdmgr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\irl4l53q1.dll
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\SznTPFcs.dll (file missing)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
  • 0

Advertisements


#2
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
  • 0

#3
JBiddy

JBiddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I started to follow tampabelle directions ....
"Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread."


but am looking in folder and can't find anything entitled l2mfix.bat and don't want to open the wrong folder, is that the exact title or is it called l2mfix and is a batch file and I just didn't know that is what the abbreviation bat means?

thank you for your help, this junk on my computer is so annoying...
  • 0

#4
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi,

If you have the file extensions hidden, then the file would appear as l2mfix only. Yes it is a batch file.

Run the batch file and post the conents of the log file generated here.
  • 0

#5
JBiddy

JBiddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
thanks, ran option 1.
here is logfile....
L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnceEx]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\irn2l55o1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\StillImage]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\SznTPFcs.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{7A5D92A9-9235-0586-84B7-BDBC25258F05}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"="TrojanHunter Menu Shell Extension"
"{0782824C-1639-4EFA-A10B-EC283974C5B1}"=""
"{0035A41A-50A7-47B5-90CB-7CD1419F7FDA}"=""
"{1DD274D8-90B8-4640-9B30-AFEDAA85FD99}"=""
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
"{6EE51AA0-77A0-11D7-B4E1-000347126E46}"="Window Washer Shredding Utility"
"{8DFCC837-198B-4E47-BB6C-7DB989B17788}"=""
"{C95367F3-DBDA-4F4F-9798-938A8BB8787F}"=""
"{67BFEEB3-A797-421F-B40C-32A5D2F238F1}"=""
"{A7F4C8D2-39B7-4820-BC75-42733287A2F7}"=""
"{49F23447-29D6-4225-A438-ABF9CC4A8547}"=""
"{02980D7F-B8FD-4BDE-9989-33D057464E27}"=""
"{8D8A990B-8A02-48BD-88D8-22CBC725CC0E}"=""
"{5E1BBD20-555F-4E4E-9694-9A9DD745A18D}"=""
"{CDC40F77-672D-44F5-B6A5-F6F11DCBCC24}"=""
"{2B453BB1-C240-4635-8F52-AE4DEAABE4A2}"=""
"{CC759374-5727-4190-87A0-826E405E1AEB}"=""
"{A90E8223-87E0-4C0B-97EC-1B03B68BDB71}"=""
"{E1F3FCA2-DFD9-4E87-96B4-7654F2069D12}"=""
"{25D57FF6-8723-418C-948F-81C10B4696A2}"=""
"{D9872D13-7651-4471-9EEE-F0A00218BEBB}"="Multiscan"
"{8827CE28-538B-415F-9119-3D997CA999CB}"=""
"{001C1915-70F3-4C52-8CA5-0F37EC0CC576}"=""
"{CF0EF7B8-013A-4434-B7BD-7EDBE2FA669F}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0782824C-1639-4EFA-A10B-EC283974C5B1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0782824C-1639-4EFA-A10B-EC283974C5B1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0782824C-1639-4EFA-A10B-EC283974C5B1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0782824C-1639-4EFA-A10B-EC283974C5B1}\InprocServer32]
@="C:\\WINDOWS\\system32\\solunirl.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0035A41A-50A7-47B5-90CB-7CD1419F7FDA}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{0035A41A-50A7-47B5-90CB-7CD1419F7FDA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0035A41A-50A7-47B5-90CB-7CD1419F7FDA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0035A41A-50A7-47B5-90CB-7CD1419F7FDA}\InprocServer32]
@="C:\\WINDOWS\\system32\\sbndcmsg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1DD274D8-90B8-4640-9B30-AFEDAA85FD99}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1DD274D8-90B8-4640-9B30-AFEDAA85FD99}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1DD274D8-90B8-4640-9B30-AFEDAA85FD99}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1DD274D8-90B8-4640-9B30-AFEDAA85FD99}\InprocServer32]
@="C:\\WINDOWS\\system32\\KCDLV1.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8DFCC837-198B-4E47-BB6C-7DB989B17788}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8DFCC837-198B-4E47-BB6C-7DB989B17788}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8DFCC837-198B-4E47-BB6C-7DB989B17788}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8DFCC837-198B-4E47-BB6C-7DB989B17788}\InprocServer32]
@="C:\\WINDOWS\\system32\\cyodm.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C95367F3-DBDA-4F4F-9798-938A8BB8787F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C95367F3-DBDA-4F4F-9798-938A8BB8787F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C95367F3-DBDA-4F4F-9798-938A8BB8787F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C95367F3-DBDA-4F4F-9798-938A8BB8787F}\InprocServer32]
@="C:\\WINDOWS\\system32\\IKFOSOFT.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{67BFEEB3-A797-421F-B40C-32A5D2F238F1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{67BFEEB3-A797-421F-B40C-32A5D2F238F1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{67BFEEB3-A797-421F-B40C-32A5D2F238F1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{67BFEEB3-A797-421F-B40C-32A5D2F238F1}\InprocServer32]
@="C:\\WINDOWS\\system32\\pxd.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A7F4C8D2-39B7-4820-BC75-42733287A2F7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A7F4C8D2-39B7-4820-BC75-42733287A2F7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A7F4C8D2-39B7-4820-BC75-42733287A2F7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A7F4C8D2-39B7-4820-BC75-42733287A2F7}\InprocServer32]
@="C:\\WINDOWS\\system32\\rssutils.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{49F23447-29D6-4225-A438-ABF9CC4A8547}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{49F23447-29D6-4225-A438-ABF9CC4A8547}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{49F23447-29D6-4225-A438-ABF9CC4A8547}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{49F23447-29D6-4225-A438-ABF9CC4A8547}\InprocServer32]
@="C:\\WINDOWS\\system32\\szsvc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{02980D7F-B8FD-4BDE-9989-33D057464E27}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{02980D7F-B8FD-4BDE-9989-33D057464E27}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{02980D7F-B8FD-4BDE-9989-33D057464E27}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{02980D7F-B8FD-4BDE-9989-33D057464E27}\InprocServer32]
@="C:\\WINDOWS\\system32\\MKCANS32.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8D8A990B-8A02-48BD-88D8-22CBC725CC0E}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{8D8A990B-8A02-48BD-88D8-22CBC725CC0E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D8A990B-8A02-48BD-88D8-22CBC725CC0E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D8A990B-8A02-48BD-88D8-22CBC725CC0E}\InprocServer32]
@="C:\\WINDOWS\\system32\\SznTPFcs.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5E1BBD20-555F-4E4E-9694-9A9DD745A18D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5E1BBD20-555F-4E4E-9694-9A9DD745A18D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5E1BBD20-555F-4E4E-9694-9A9DD745A18D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5E1BBD20-555F-4E4E-9694-9A9DD745A18D}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CDC40F77-672D-44F5-B6A5-F6F11DCBCC24}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CDC40F77-672D-44F5-B6A5-F6F11DCBCC24}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CDC40F77-672D-44F5-B6A5-F6F11DCBCC24}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CDC40F77-672D-44F5-B6A5-F6F11DCBCC24}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2B453BB1-C240-4635-8F52-AE4DEAABE4A2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B453BB1-C240-4635-8F52-AE4DEAABE4A2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B453BB1-C240-4635-8F52-AE4DEAABE4A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B453BB1-C240-4635-8F52-AE4DEAABE4A2}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CC759374-5727-4190-87A0-826E405E1AEB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CC759374-5727-4190-87A0-826E405E1AEB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CC759374-5727-4190-87A0-826E405E1AEB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CC759374-5727-4190-87A0-826E405E1AEB}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A90E8223-87E0-4C0B-97EC-1B03B68BDB71}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A90E8223-87E0-4C0B-97EC-1B03B68BDB71}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A90E8223-87E0-4C0B-97EC-1B03B68BDB71}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A90E8223-87E0-4C0B-97EC-1B03B68BDB71}\InprocServer32]
@="C:\\WINDOWS\\system32\\syimgvw.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E1F3FCA2-DFD9-4E87-96B4-7654F2069D12}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{E1F3FCA2-DFD9-4E87-96B4-7654F2069D12}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E1F3FCA2-DFD9-4E87-96B4-7654F2069D12}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E1F3FCA2-DFD9-4E87-96B4-7654F2069D12}\InprocServer32]
@="C:\\WINDOWS\\system32\\MPSIP32.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{25D57FF6-8723-418C-948F-81C10B4696A2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{25D57FF6-8723-418C-948F-81C10B4696A2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{25D57FF6-8723-418C-948F-81C10B4696A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{25D57FF6-8723-418C-948F-81C10B4696A2}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8827CE28-538B-415F-9119-3D997CA999CB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8827CE28-538B-415F-9119-3D997CA999CB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8827CE28-538B-415F-9119-3D997CA999CB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8827CE28-538B-415F-9119-3D997CA999CB}\InprocServer32]
@="C:\\WINDOWS\\system32\\KYCOM.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{001C1915-70F3-4C52-8CA5-0F37EC0CC576}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{001C1915-70F3-4C52-8CA5-0F37EC0CC576}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{001C1915-70F3-4C52-8CA5-0F37EC0CC576}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{001C1915-70F3-4C52-8CA5-0F37EC0CC576}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CF0EF7B8-013A-4434-B7BD-7EDBE2FA669F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CF0EF7B8-013A-4434-B7BD-7EDBE2FA669F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CF0EF7B8-013A-4434-B7BD-7EDBE2FA669F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CF0EF7B8-013A-4434-B7BD-7EDBE2FA669F}\InprocServer32]
@="C:\\WINDOWS\\system32\\MYSTKPRP.DLL"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
Locate .tmp files:
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 1C08-56D6

Directory of C:\WINDOWS\System32

09/01/2005 07:22 AM 233,248 MYSTKPRP.DLL
09/01/2005 07:16 AM 233,787 jt8407lqe.dll
08/22/2005 05:05 PM 233,248 irn2l55o1.dll
08/18/2005 10:45 AM <DIR> DLLCACHE
08/09/2005 10:08 PM 235,651 jtn8075ue.dll
08/06/2005 09:54 AM 235,651 lhbmp13n.dll
07/30/2005 05:36 PM 235,651 MMRCLR40.DLL
07/30/2005 05:17 PM 235,651 padrv.dll
07/30/2005 05:14 PM 235,651 hr8605lse.dll
07/28/2005 02:54 PM 235,651 m664lgjq16oe.dll
07/22/2005 12:42 PM 235,651 maminst.dll
07/22/2005 02:07 AM 233,644 i0jqla151d.dll
07/22/2005 01:18 AM 233,644 kmdno1.dll
07/21/2005 03:53 PM 234,982 t08u0al9edq.dll
07/20/2005 03:04 PM 233,644 kldmlt47.dll
07/20/2005 02:45 PM 234,982 mensspc.dll
07/20/2005 02:35 PM 234,982 ajstream.dll
07/20/2005 11:47 AM 233,644 UOAT.DLL
07/20/2005 10:47 AM 236,681 szsvc.dll
07/20/2005 10:20 AM 233,489 solunirl.dll
07/20/2005 09:31 AM 236,681 mgvcp60.dll
06/17/2005 04:29 PM 236,681 mx3216.dll
06/17/2005 04:19 PM 232,945 hr0q05d5e.dll
06/17/2005 04:11 PM 232,945 rssutils.dll
06/17/2005 04:04 PM 236,681 rWsman.dll
06/17/2005 03:23 PM 233,521 pxd.dll
06/17/2005 03:00 PM 236,681 IKFOSOFT.DLL
06/17/2005 02:48 PM 235,786 meminst.dll
06/17/2005 02:39 PM 233,428 cyodm.dll
06/17/2005 02:15 PM 235,786 mbrd3x40.dll
06/17/2005 12:33 PM 235,786 HUICONS.DLL
06/17/2005 12:29 PM 235,457 n0n6la5s1d.dll
06/17/2005 12:25 PM 235,457 CKPESNPN.DLL
06/17/2005 12:22 PM 235,457 nalanman.dll
06/17/2005 12:15 PM 234,953 kt08l7du1.dll
06/17/2005 12:11 PM 234,953 cmyptext.dll
06/17/2005 12:11 PM 235,457 h40q0ed5eh0.dll
06/17/2005 12:08 PM 234,953 osdbse32.dll
06/17/2005 12:08 PM 235,818 hr6805jue.dll
06/17/2005 12:04 PM 234,953 wxcsapi.dll
06/17/2005 12:04 PM 236,579 k626lgfs1626.dll
06/17/2005 11:40 AM 234,784 KCDLV1.DLL
06/17/2005 11:40 AM 234,953 lv6m09j1e.dll
06/17/2005 11:37 AM 234,784 wpavideo.dll
06/17/2005 11:33 AM 234,784 en8sl1l71.dll
06/17/2005 11:08 AM 234,784 vfregexp.dll
06/17/2005 11:08 AM 235,278 p4r40e9qeh.dll
06/17/2005 11:03 AM 234,784 FJIFS.DLL
06/17/2005 11:03 AM 235,013 lv2209foe.dll
06/17/2005 10:57 AM 234,784 KRDGR1.DLL
06/16/2005 07:23 PM 234,784 lvrs0997e.dll
06/16/2005 07:20 PM 234,784 woaservc.dll
06/16/2005 07:20 PM 236,655 enp8l17u1.dll
06/16/2005 04:56 PM 0 n64slgh7164.dll
06/16/2005 04:46 PM 0 q0nu0a59ed.dll
06/16/2005 04:20 PM 234,784 hrns0557e.dll
06/16/2005 01:38 PM 234,784 VNA.DLL
12/21/2003 06:49 AM <DIR> Microsoft
56 File(s) 12,690,229 bytes
2 Dir(s) 17,496,715,264 bytes free
  • 0

#6
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log, and we'll clean up what's left. :tazz:

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
  • 0

#7
JBiddy

JBiddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ran option two, cpu rebooted, desktop went blank .
scan window opened, then windows opened on top of it with the error message:
cannot export backregs/0782824C1639......reg. error opening file. there may be a disk or file system error.
there wer no working options other than to close both windows, then desktop stayed blank. I restarted computer thru task manager.
should t try it again?
  • 0

#8
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Run Hijack This and do a scan.

You will find an entry -

O4 HKLM...RUN and the file name would be second.bat

Check that entry and click on fix checked.

Your PC should be normal again.

If not then reboot and it should be ok.

Post back a fresh HJT log here
  • 0

#9
JBiddy

JBiddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
cant find any 4hklm that has a file name second.bat,
here is logfile
Logfile of HijackThis v1.99.1
Scan saved at 11:25:32 AM, on 9/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\palmOne\Hotsync.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\mcafee.com\shared\mcappins.exe
C:\PROGRA~1\mcafee.com\shared\mghtml.exe
C:\Documents and Settings\Janabai2\Desktop\hijackthis-1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://clixis.com/de...p?display=login
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Janabai2"
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23....es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,21/mcgdmgr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\SznTPFcs.dll (file missing)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
  • 0

#10
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi\,

Can you run l2mfix #option 1 and post the log here ??

Instead of relying on the tool, I will manually fix the bad files.
  • 0

Advertisements


#11
JBiddy

JBiddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
l2mfix option #1 ran. Got a couple erroe message about 16bit system and ms, dos, but I clicked ignore 2x and it then scanned.
here is the file...
L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\StillImage]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\SznTPFcs.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{7A5D92A9-9235-0586-84B7-BDBC25258F05}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"="TrojanHunter Menu Shell Extension"
"{0782824C-1639-4EFA-A10B-EC283974C5B1}"=""
"{0035A41A-50A7-47B5-90CB-7CD1419F7FDA}"=""
"{1DD274D8-90B8-4640-9B30-AFEDAA85FD99}"=""
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
"{6EE51AA0-77A0-11D7-B4E1-000347126E46}"="Window Washer Shredding Utility"
"{8DFCC837-198B-4E47-BB6C-7DB989B17788}"=""
"{C95367F3-DBDA-4F4F-9798-938A8BB8787F}"=""
"{67BFEEB3-A797-421F-B40C-32A5D2F238F1}"=""
"{A7F4C8D2-39B7-4820-BC75-42733287A2F7}"=""
"{49F23447-29D6-4225-A438-ABF9CC4A8547}"=""
"{02980D7F-B8FD-4BDE-9989-33D057464E27}"=""
"{8D8A990B-8A02-48BD-88D8-22CBC725CC0E}"=""
"{5E1BBD20-555F-4E4E-9694-9A9DD745A18D}"=""
"{CDC40F77-672D-44F5-B6A5-F6F11DCBCC24}"=""
"{2B453BB1-C240-4635-8F52-AE4DEAABE4A2}"=""
"{CC759374-5727-4190-87A0-826E405E1AEB}"=""
"{A90E8223-87E0-4C0B-97EC-1B03B68BDB71}"=""
"{E1F3FCA2-DFD9-4E87-96B4-7654F2069D12}"=""
"{25D57FF6-8723-418C-948F-81C10B4696A2}"=""
"{D9872D13-7651-4471-9EEE-F0A00218BEBB}"="Multiscan"
"{8827CE28-538B-415F-9119-3D997CA999CB}"=""
"{001C1915-70F3-4C52-8CA5-0F37EC0CC576}"=""
"{CF0EF7B8-013A-4434-B7BD-7EDBE2FA669F}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0782824C-1639-4EFA-A10B-EC283974C5B1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0782824C-1639-4EFA-A10B-EC283974C5B1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0782824C-1639-4EFA-A10B-EC283974C5B1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0782824C-1639-4EFA-A10B-EC283974C5B1}\InprocServer32]
@="C:\\WINDOWS\\system32\\solunirl.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0035A41A-50A7-47B5-90CB-7CD1419F7FDA}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{0035A41A-50A7-47B5-90CB-7CD1419F7FDA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0035A41A-50A7-47B5-90CB-7CD1419F7FDA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0035A41A-50A7-47B5-90CB-7CD1419F7FDA}\InprocServer32]
@="C:\\WINDOWS\\system32\\sbndcmsg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1DD274D8-90B8-4640-9B30-AFEDAA85FD99}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1DD274D8-90B8-4640-9B30-AFEDAA85FD99}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1DD274D8-90B8-4640-9B30-AFEDAA85FD99}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1DD274D8-90B8-4640-9B30-AFEDAA85FD99}\InprocServer32]
@="C:\\WINDOWS\\system32\\KCDLV1.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8DFCC837-198B-4E47-BB6C-7DB989B17788}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8DFCC837-198B-4E47-BB6C-7DB989B17788}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8DFCC837-198B-4E47-BB6C-7DB989B17788}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8DFCC837-198B-4E47-BB6C-7DB989B17788}\InprocServer32]
@="C:\\WINDOWS\\system32\\cyodm.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C95367F3-DBDA-4F4F-9798-938A8BB8787F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C95367F3-DBDA-4F4F-9798-938A8BB8787F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C95367F3-DBDA-4F4F-9798-938A8BB8787F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C95367F3-DBDA-4F4F-9798-938A8BB8787F}\InprocServer32]
@="C:\\WINDOWS\\system32\\IKFOSOFT.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{67BFEEB3-A797-421F-B40C-32A5D2F238F1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{67BFEEB3-A797-421F-B40C-32A5D2F238F1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{67BFEEB3-A797-421F-B40C-32A5D2F238F1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{67BFEEB3-A797-421F-B40C-32A5D2F238F1}\InprocServer32]
@="C:\\WINDOWS\\system32\\pxd.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A7F4C8D2-39B7-4820-BC75-42733287A2F7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A7F4C8D2-39B7-4820-BC75-42733287A2F7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A7F4C8D2-39B7-4820-BC75-42733287A2F7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A7F4C8D2-39B7-4820-BC75-42733287A2F7}\InprocServer32]
@="C:\\WINDOWS\\system32\\rssutils.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{49F23447-29D6-4225-A438-ABF9CC4A8547}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{49F23447-29D6-4225-A438-ABF9CC4A8547}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{49F23447-29D6-4225-A438-ABF9CC4A8547}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{49F23447-29D6-4225-A438-ABF9CC4A8547}\InprocServer32]
@="C:\\WINDOWS\\system32\\szsvc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{02980D7F-B8FD-4BDE-9989-33D057464E27}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{02980D7F-B8FD-4BDE-9989-33D057464E27}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{02980D7F-B8FD-4BDE-9989-33D057464E27}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{02980D7F-B8FD-4BDE-9989-33D057464E27}\InprocServer32]
@="C:\\WINDOWS\\system32\\MKCANS32.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8D8A990B-8A02-48BD-88D8-22CBC725CC0E}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{8D8A990B-8A02-48BD-88D8-22CBC725CC0E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D8A990B-8A02-48BD-88D8-22CBC725CC0E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D8A990B-8A02-48BD-88D8-22CBC725CC0E}\InprocServer32]
@="C:\\WINDOWS\\system32\\SznTPFcs.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5E1BBD20-555F-4E4E-9694-9A9DD745A18D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5E1BBD20-555F-4E4E-9694-9A9DD745A18D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5E1BBD20-555F-4E4E-9694-9A9DD745A18D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5E1BBD20-555F-4E4E-9694-9A9DD745A18D}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CDC40F77-672D-44F5-B6A5-F6F11DCBCC24}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CDC40F77-672D-44F5-B6A5-F6F11DCBCC24}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CDC40F77-672D-44F5-B6A5-F6F11DCBCC24}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CDC40F77-672D-44F5-B6A5-F6F11DCBCC24}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2B453BB1-C240-4635-8F52-AE4DEAABE4A2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B453BB1-C240-4635-8F52-AE4DEAABE4A2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B453BB1-C240-4635-8F52-AE4DEAABE4A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2B453BB1-C240-4635-8F52-AE4DEAABE4A2}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CC759374-5727-4190-87A0-826E405E1AEB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CC759374-5727-4190-87A0-826E405E1AEB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CC759374-5727-4190-87A0-826E405E1AEB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CC759374-5727-4190-87A0-826E405E1AEB}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A90E8223-87E0-4C0B-97EC-1B03B68BDB71}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A90E8223-87E0-4C0B-97EC-1B03B68BDB71}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A90E8223-87E0-4C0B-97EC-1B03B68BDB71}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A90E8223-87E0-4C0B-97EC-1B03B68BDB71}\InprocServer32]
@="C:\\WINDOWS\\system32\\syimgvw.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E1F3FCA2-DFD9-4E87-96B4-7654F2069D12}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{E1F3FCA2-DFD9-4E87-96B4-7654F2069D12}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E1F3FCA2-DFD9-4E87-96B4-7654F2069D12}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E1F3FCA2-DFD9-4E87-96B4-7654F2069D12}\InprocServer32]
@="C:\\WINDOWS\\system32\\MPSIP32.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{25D57FF6-8723-418C-948F-81C10B4696A2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{25D57FF6-8723-418C-948F-81C10B4696A2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{25D57FF6-8723-418C-948F-81C10B4696A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{25D57FF6-8723-418C-948F-81C10B4696A2}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8827CE28-538B-415F-9119-3D997CA999CB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8827CE28-538B-415F-9119-3D997CA999CB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8827CE28-538B-415F-9119-3D997CA999CB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8827CE28-538B-415F-9119-3D997CA999CB}\InprocServer32]
@="C:\\WINDOWS\\system32\\KYCOM.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{001C1915-70F3-4C52-8CA5-0F37EC0CC576}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{001C1915-70F3-4C52-8CA5-0F37EC0CC576}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{001C1915-70F3-4C52-8CA5-0F37EC0CC576}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{001C1915-70F3-4C52-8CA5-0F37EC0CC576}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CF0EF7B8-013A-4434-B7BD-7EDBE2FA669F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CF0EF7B8-013A-4434-B7BD-7EDBE2FA669F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CF0EF7B8-013A-4434-B7BD-7EDBE2FA669F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CF0EF7B8-013A-4434-B7BD-7EDBE2FA669F}\InprocServer32]
@="C:\\WINDOWS\\system32\\MYSTKPRP.DLL"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 1C08-56D6

Directory of C:\WINDOWS\System32

09/02/2005 11:48 AM 233,248 MOT2FW95.DLL
09/02/2005 10:05 AM 233,248 guard.tmp
09/01/2005 07:22 AM 233,248 MYSTKPRP.DLL
09/01/2005 07:16 AM 233,787 jt8407lqe.dll
08/18/2005 10:45 AM <DIR> DLLCACHE
08/09/2005 10:08 PM 235,651 jtn8075ue.dll
08/06/2005 09:54 AM 235,651 lhbmp13n.dll
07/30/2005 05:36 PM 235,651 MMRCLR40.DLL
07/30/2005 05:17 PM 235,651 padrv.dll
07/30/2005 05:14 PM 235,651 hr8605lse.dll
07/28/2005 02:54 PM 235,651 m664lgjq16oe.dll
07/22/2005 12:42 PM 235,651 maminst.dll
07/22/2005 02:07 AM 233,644 i0jqla151d.dll
07/22/2005 01:18 AM 233,644 kmdno1.dll
07/21/2005 03:53 PM 234,982 t08u0al9edq.dll
07/20/2005 03:04 PM 233,644 kldmlt47.dll
07/20/2005 02:45 PM 234,982 mensspc.dll
07/20/2005 02:35 PM 234,982 ajstream.dll
07/20/2005 11:47 AM 233,644 UOAT.DLL
07/20/2005 10:47 AM 236,681 szsvc.dll
07/20/2005 10:20 AM 233,489 solunirl.dll
07/20/2005 09:31 AM 236,681 mgvcp60.dll
06/17/2005 04:29 PM 236,681 mx3216.dll
06/17/2005 04:19 PM 232,945 hr0q05d5e.dll
06/17/2005 04:11 PM 232,945 rssutils.dll
06/17/2005 04:04 PM 236,681 rWsman.dll
06/17/2005 03:23 PM 233,521 pxd.dll
06/17/2005 03:00 PM 236,681 IKFOSOFT.DLL
06/17/2005 02:48 PM 235,786 meminst.dll
06/17/2005 02:39 PM 233,428 cyodm.dll
06/17/2005 02:15 PM 235,786 mbrd3x40.dll
06/17/2005 12:33 PM 235,786 HUICONS.DLL
06/17/2005 12:29 PM 235,457 n0n6la5s1d.dll
06/17/2005 12:25 PM 235,457 CKPESNPN.DLL
06/17/2005 12:22 PM 235,457 nalanman.dll
06/17/2005 12:15 PM 234,953 kt08l7du1.dll
06/17/2005 12:11 PM 234,953 cmyptext.dll
06/17/2005 12:11 PM 235,457 h40q0ed5eh0.dll
06/17/2005 12:08 PM 234,953 osdbse32.dll
06/17/2005 12:08 PM 235,818 hr6805jue.dll
06/17/2005 12:04 PM 234,953 wxcsapi.dll
06/17/2005 12:04 PM 236,579 k626lgfs1626.dll
06/17/2005 11:40 AM 234,784 KCDLV1.DLL
06/17/2005 11:40 AM 234,953 lv6m09j1e.dll
06/17/2005 11:37 AM 234,784 wpavideo.dll
06/17/2005 11:33 AM 234,784 en8sl1l71.dll
06/17/2005 11:08 AM 234,784 vfregexp.dll
06/17/2005 11:08 AM 235,278 p4r40e9qeh.dll
06/17/2005 11:03 AM 234,784 FJIFS.DLL
06/17/2005 11:03 AM 235,013 lv2209foe.dll
06/17/2005 10:57 AM 234,784 KRDGR1.DLL
06/16/2005 07:23 PM 234,784 lvrs0997e.dll
06/16/2005 07:20 PM 234,784 woaservc.dll
06/16/2005 07:20 PM 236,655 enp8l17u1.dll
06/16/2005 04:56 PM 0 n64slgh7164.dll
06/16/2005 04:46 PM 0 q0nu0a59ed.dll
06/16/2005 04:20 PM 234,784 hrns0557e.dll
06/16/2005 01:38 PM 234,784 VNA.DLL
12/21/2003 06:49 AM <DIR> Microsoft
57 File(s) 12,923,477 bytes
2 Dir(s) 17,575,727,104 bytes free
  • 0

#12
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
first

can you go to this page http://www.tech-foru...opic/29806.html

Download the appropriate file for your Windows XP - Home or Pro.

Run the exe file. This is correct the 16 bit error that you are getting.

Now run l2mfix # option 1. Let me know if you get the error again!!

Dont post the l2mfix log !!!
  • 0

#13
JBiddy

JBiddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
didnt get the error message this time, and a logfile came up.
should I do option 2 again now?
  • 0

#14
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Thats great news.

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log, and we'll clean up what's left. :tazz:

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
  • 0

#15
JBiddy

JBiddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
wow.
I ran option 2 and then after the reboot I got 3 error messages and one in the lmfix window.
in the lmfix window it said :

killing explorer and rundll32.exe the system can not find the path specified. o files copied

then 3 explorer windows opened saying:

registry editor
cannot export backregs./0782824C... error.

active shield
resource Dll is missing please reinstall application.

mcafee virusscan
resource Dll is missing please reinstall application.

so I had to restart cpu to get desktop to recover.

please what next?
:tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP