[Metallica]

Gee. No half measures.

If you're up to it I'd like to pursue this, but there is no real need for you to do this.
It is a lot of work and a registry cleaner could do it in milliseconds.
It will help me understand this infection better, that's all.

Click Start > Run > copy&paste regedit /e c:\itsalitter1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78bcbb75-3be7-4818-8f0a-27688e347dfd}" >OK

That will create the file c:\itsalitter1.txt
Post the content of that file please

Repeat the same procedure for:

regedit /e c:\itsalitter2.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85248fb3-f340-49d9-8714-04134119b9b4}"

Regards,

[Advertisements]

Hey, if it helps you, after helping me get my machine back (no popups plus
it's running much faster) -- I'm up for it.

Here is itsalitter1.txt:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78bcbb75-3be7-4818-8f0a-27688e347dfd}]
@="rrjirixo.class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78bcbb75-3be7-4818-8f0a-27688e347dfd}\InProcServer32]
@="C:\\WINDOWS\\system32\\ccqdc.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78bcbb75-3be7-4818-8f0a-27688e347dfd}\ProgId]
@="rrjirixo.class"

Here is Itsalitter2.txt:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85248fb3-f340-49d9-8714-04134119b9b4}]
@="rrjirixo.class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85248fb3-f340-49d9-8714-04134119b9b4}\InProcServer32]
@="C:\\WINDOWS\\system32\\ccqdc.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85248fb3-f340-49d9-8714-04134119b9b4}\ProgId]
@="rrjirixo.class"


I hope these tell you something!

[youreditor]

Hey, if it helps you, after helping me get my machine back (no popups plus
it's running much faster) -- I'm up for it.

Here is itsalitter1.txt:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78bcbb75-3be7-4818-8f0a-27688e347dfd}]
@="rrjirixo.class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78bcbb75-3be7-4818-8f0a-27688e347dfd}\InProcServer32]
@="C:\\WINDOWS\\system32\\ccqdc.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78bcbb75-3be7-4818-8f0a-27688e347dfd}\ProgId]
@="rrjirixo.class"

Here is Itsalitter2.txt:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85248fb3-f340-49d9-8714-04134119b9b4}]
@="rrjirixo.class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85248fb3-f340-49d9-8714-04134119b9b4}\InProcServer32]
@="C:\\WINDOWS\\system32\\ccqdc.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85248fb3-f340-49d9-8714-04134119b9b4}\ProgId]
@="rrjirixo.class"


I hope these tell you something!

[Metallica]

Appreciated.

Copy the part in bold below into notepad and save it as twodown.reg

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78bcbb75-3be7-4818-8f0a-27688e347dfd}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85248fb3-f340-49d9-8714-04134119b9b4}]

Doubleclick the file and confirm you want to merge it with the registry.

Then use regsrch.vbs to look for rrjirixo.class

Reagrds,

[youreditor]

As requested:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "rrjirixo.class" 6/15/2005 12:31:53 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\S-1-5-21-652881117-1028471153-1521841884-1007\Software\Microsoft\Search Assistant\ACMru\5603]
"001"="rrjirixo.class"

[Metallica]

Ah. The end of the trail.

Thanks for assistance youreditor

Regards,

[youreditor]

Thanks, Pieter!

My computer is working well and all scans are clean.

[Metallica]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.