Virus/spybot Trouble[RESOLVED]


Recommended Posts

My sister was too lazy to protect her new computer, so approximately 3 months later, it was unsurprisingly heavily infected. Ad-aware was run 4 times until it was clean, as was AVG anti-virus. I was unable to install Spybot SD, but this may be because of the plethora of viri on her computer. Currently that problem is that approximately every 2 minutes an ad opens up in a new tab in Opera. The ad generally has this format: (www.site.com/normal/yyy65.html) for example: (http://www.browserbuy-out.com/normal/yyy65.html) This screams to me ActiveX problems. Of course, I've never learned how to fix them. So I come to you guys for help. Thanks in advance.

Here is my HJT log:

Logfile of HijackThis v1.99.1

Scan saved at 2:59:10 PM, on 14/01/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\SafeNet\SoftRemoteLT\IreIKE.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\AVGFRE~1\avgupsvc.exe

C:\Program Files\SafeNet\SoftRemoteLT\IPSecMon.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\Tablet.exe

C:\WINDOWS\System32\RUNDLL32.EXE

E:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\PROGRA~1\AVGFRE~1\avgcc.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\SafeNet\SoftRemoteLT\SafeCfg.exe

C:\WINDOWS\system32\Wtablet\TabUserW.exe

C:\PROGRAM FILES\OPERA\OPERA.EXE

C:\Documents and Settings\Forsythe\My Documents\soref_regclean.exe

C:\PROGRA~1\REGIST~1\RegClean.exe

F:\Hijack this\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca/

F2 - REG:system.ini: UserInit=userinit.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20010\services.exe

O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msoff.exe

O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe

O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe

O4 - HKLM\..\Run: [ncnrlcdA] C:\WINDOWS\ncnrlcdA.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NI.UWA6P_0001_N56M1001] "C:\Documents and Settings\Khuyen-nie\My Documents\WinAntiVirusPro2006Installer.exe" -nag

O4 - HKLM\..\Run: [NI.UWAS6_0001_N57M1312] "C:\Documents and Settings\Khuyen-nie\My Documents\WinAntiSpyware2006FreeInstall.exe" -nag

O4 - HKLM\..\Run: [spyware Nuker Installer] \\Khiem3000\Notboot\programs\programs\SpywareNukerInstaller.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\RegClean.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: SoftRemoteLT.lnk = C:\Program Files\SafeNet\SoftRemoteLT\SafeCfg.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab

O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab

O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab

O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab

O20 - Winlogon Notify: axxt32 - C:\WINDOWS\SYSTEM32\axxt32.dll

O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\ktnml7511.dll

O21 - SSODL: fldrsys - {23F7C330-9607-4757-BEB1-5AC5C44E7C0F} - fldrsys.dll (file missing)

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGFRE~1\avgupsvc.exe

O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\SafeNet\SoftRemoteLT\IPSecMon.exe

O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\SafeNet\SoftRemoteLT\IreIKE.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ncnrlcd.exe (file missing)

Edited by KForsythe
Link to post
Share on other sites

hi welcome to Besttechie.net

well you're correct in that being a mess. so lets get things started on the right foot.

Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

Please download ewido anti-malware it is a free version of the program.

  1. Install ewido anti-malware
  2. When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu

[*]Launch ewido, there should be an icon on your desktop, double-click it.

[*]The program will now open to the main screen.

[*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

[*]You will need to update ewido to the latest definition files.

  • On the left hand side of the main screen click update.
  • Then click on Start Update.

[*]The update will start and a progress bar will show the updates being installed.

(the status bar at the bottom will display ("Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.

ewido manual updates

Once the updates are installed do the following:

  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido anti-malware.

reboot your computer and then post a fresh hIjack this log along with the log from ewido

Link to post
Share on other sites

Thanks very much. However, I am still getting popups. Here's the hijack log:

Logfile of HijackThis v1.99.1

Scan saved at 3:12:41 PM, on 15/01/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\AVGFRE~1\avgupsvc.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\SafeNet\SoftRemoteLT\IPSecMon.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\Tablet.exe

C:\WINDOWS\System32\RUNDLL32.EXE

E:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\PROGRA~1\AVGFRE~1\avgcc.exe

C:\Program Files\Adobe Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\SafeNet\SoftRemoteLT\SafeCfg.exe

C:\WINDOWS\system32\Wtablet\TabUserW.exe

C:\WINDOWS\System32\wuauclt.exe

F:\Hijack this\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ebaumsworld.com/fatasiankid.html

R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20010\services.exe

O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msoff.exe

O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe

O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NI.UWA6P_0001_N56M1001] "C:\Documents and Settings\Khuyen-nie\My Documents\WinAntiVirusPro2006Installer.exe" -nag

O4 - HKLM\..\Run: [NI.UWAS6_0001_N57M1312] "C:\Documents and Settings\Khuyen-nie\My Documents\WinAntiSpyware2006FreeInstall.exe" -nag

O4 - HKLM\..\Run: [spyware Nuker Installer] \\Khiem3000\Notboot\programs\programs\SpywareNukerInstaller.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe

O4 - HKCU\..\Run: [miwi] c:\stub_113_4_0_4_0.exe

O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe

O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: SoftRemoteLT.lnk = C:\Program Files\SafeNet\SoftRemoteLT\SafeCfg.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab

O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab

O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab

O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab

O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\t2r80c9uef.dll

O20 - Winlogon Notify: axxt32 - C:\WINDOWS\SYSTEM32\axxt32.dll

O21 - SSODL: fldrsys - {23F7C330-9607-4757-BEB1-5AC5C44E7C0F} - fldrsys.dll (file missing)

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGFRE~1\avgupsvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\SafeNet\SoftRemoteLT\IPSecMon.exe

O23 - Service: SafeNet IKE Service (IREIKE) - Unknown owner - C:\Program Files\SafeNet\SoftRemoteLT\IreIKE.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ncnrlcd.exe (file missing)

Here's the ewido log:

---------------------------------------------------------

ewido anti-malware - Scan report

---------------------------------------------------------

+ Created on: 3:05:25 PM, 15/01/2006

+ Report-Checksum: 393A2AEE

+ Scan result:

HKLM\SOFTWARE\Classes\WUSN.1 -> Spyware.SaveNow : Cleaned with backup

HKU\S-1-5-21-1343024091-492894223-1060284298-1003\Software\Microsoft\Internet Explorer\Keywords -> Spyware.CoolWebSearch : Cleaned with backup

[1596] C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Error during cleaning

[2108] C:\winstall.exe -> Not-A-Virus.Hoax.Win32.Renos.al : Cleaned with backup

C:\Documents and Settings\Khuyen-nie\Local Settings\Temp\iD7.tmp -> Adware.SurfSide : Cleaned with backup

C:\Documents and Settings\Khuyen-nie\Local Settings\Temp\iF6.tmp -> Adware.SurfSide : Cleaned with backup

C:\Documents and Settings\Khuyen-nie\Local Settings\Temp\tBmp207.exe -> Downloader.CWS.r : Cleaned with backup

C:\Program Files\SafeNet\SoftRemoteLT\IreIKE.exe -> Heuristic.Win32.Dialer : Cleaned with backup

C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YX5QRKEB\AppWrap[1].exe -> Spyware.AdURL : Cleaned with backup

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YX5QRKEB\AppWrap[2].exe -> Spyware.AdURL : Cleaned with backup

C:\WINDOWS\system32\dn0001dme.dll -> Spyware.Look2Me : Cleaned with backup

C:\WINDOWS\system32\hgetcfg.dll -> Spyware.Look2Me : Cleaned with backup

C:\WINDOWS\system32\k644lghq164e.dll -> Spyware.Look2Me : Cleaned with backup

C:\WINDOWS\system32\pndrv.dll -> Spyware.Look2Me : Cleaned with backup

C:\WINDOWS\system32\rlpdd.dll -> Spyware.Look2Me : Cleaned with backup

C:\winstall.exe -> Not-A-Virus.Hoax.Win32.Renos.al : Cleaned with backup

E:\Program Files\SafeNet\SoftRemoteLT\IreIKE.exe -> Heuristic.Win32.Dialer : Cleaned with backup

G:\System Volume Information\_restore{7D0463F6-32D5-401D-AD16-5EAC4C914C9A}\RP101\A0006362.exe -> Heuristic.Win32.Dialer : Cleaned with backup

::Report End

Edited by KForsythe
Link to post
Share on other sites

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT

  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)

    • Scan Options:

    • Scan Archives
      Scan Mail Bases

    [*]Click OK

    [*]Now under select a target to scan:

    • Select My Computer

    [*]This will program will start and scan your system.

    [*]The scan will take a while so be patient and let it run.

    [*]Once the scan is complete it will display if your system has been infected.

    • Now click on the Save as Text button:

    [*]Save the file to your desktop.

    [*]Copy and paste that information in your next post.

This won't be a quick fix process, so please bare with me while we get your system cleaned up.

Link to post
Share on other sites

Won't be quick indeed. I attempted to run the scan as you stated, however, internet explorer is fried and will not run, and since the scan is not set up with any other browser, I could not run the scan. Having that failed, I downloaded the trial versions of kaspersky anti-hacker and kaspersky anti-virus. Both installed, but anti-hacker would not run. Anti-virus made a clean search. This system is quite fried. I was wondering if you had any other suggestions, because I'm all ready to reformat (next week).

Link to post
Share on other sites

let's try to stop the need for reformatting ;) It's a bigger headache then it's worth.

You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.downloads.subratam.org/l2mfix.exe

http://www.atribune.org/downloads/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe,

C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.

Link to post
Share on other sites

We'll see how it goes then. Thanks for spending so much time on this. I'll just add, that the slowdown due to being hijacked with spyware is ridiculous on this computer. It takes a minute and a half to load this page.

log:

L2MFIX find log 010406

These are the registry keys present

********************************************************************************

**

Winlogon/notify:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\axxt32]

"secureUID"="[18562223121373254711]"

"secureTIME"="13:1"

"DllName"=hex(2):61,00,78,00,78,00,74,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,\

00,00

"Startup"="SeAllocate"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

"MaxWait"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP]

"Asynchronous"=dword:00000000

"DllName"="C:\\WINDOWS\\system32\\q286lcls1fq6.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msctl32.dll]

"DllName"="msctl32.dll"

"Startup"="Startup"

"Asynchronous"=dword:00000001

"Impersonate"=dword:00000000

"ExtParam"=hex:c8,71,73,c0,0f,76,7f,fd,e1,3c,af,ee,1a,ec,d6,b9

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

********************************************************************************

**

useragent:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

"{D43DB99A-4938-E4C3-A499-7F2C696C3265}"=""

********************************************************************************

**

Shell Extension key:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"

"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"

"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"

"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"

"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"

"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"

"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"

"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"

"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"

"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"

"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"

"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"

"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"

"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"

"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"

"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"

"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"

"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"

"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"

"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"

"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"

"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"

"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"

"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"

"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"

"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"

"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"

"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"

"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"

"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"

"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"

"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"

"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"

"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"

"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"

"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"

"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"

"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"

"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"

"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"

"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"

"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"

"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"

"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"

"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"

"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"

"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"

"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."

"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"

"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"

"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"

"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"

"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"

"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"

"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"

"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"

"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"

"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"

"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"

"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"

"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"

"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"

"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"

"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"

"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"

"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"

"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"

"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"

"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"

"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"

"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"

"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"

"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"

"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"

"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"

"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"

"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"

"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"

"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"

"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"

"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"

"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"

"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"

"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"

"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"

"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"

"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"

"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"

"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"

"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"

"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"

"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"

"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"

"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"

"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"

"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"

"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"

"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"

"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"

"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"

"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"

"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"

"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"

"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"

"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"

"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"

"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"

"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"

"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"

"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"

"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"

"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"

"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"

"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"

"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"

"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"

"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"

"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"

"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"

"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"

"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"

"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"

"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"

"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"

"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"

"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"

"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"

"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"

"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"

"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"

"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"

"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"

"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"

"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"

"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"

"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"

"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"

"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"

"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"

"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"

"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"

"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"

"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"

"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"

"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"

"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"

"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"

"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"

"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"

"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"

"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"

"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"

"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"

"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"

"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"

"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"

"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."

"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"

"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"

"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"

"{59850401-6664-101B-B21C-00AA004BA90B}"="Microsoft Office Binder Unbind"

"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"

"{acb4a560-3606-11d3-aef4-00104bd0f92d}"="KodakShellExtension"

"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"

"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"

"{B856B548-86DF-4A8B-B2B7-0E3AD87B92E6}"=""

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"

"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"

"{732C1171-1831-4978-AF70-A2CD459AF9CD}"=""

"{BFAAA06C-DFCA-4025-B4D0-30112F711618}"=""

"{55DD2A61-1CEB-4E7B-A430-96C486121886}"=""

"{A696F2B1-D1A6-47AD-9485-B906F2B20414}"=""

"{0E380521-D27D-4B5E-A2C2-835E76B4A813}"=""

"{8AA38C69-5224-4311-9EB1-B6645D3EB7CC}"=""

"{57C4114D-A703-4B98-93D5-47BE1B1B2304}"=""

"{0EFE61B6-88A6-4809-AE67-FE97656D0A59}"=""

"{0EFB3EE6-DAFC-4B86-9D3B-4661A3D64A84}"=""

********************************************************************************

**

HKEY ROOT CLASSIDS:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B856B548-86DF-4A8B-B2B7-0E3AD87B92E6}]

@=""

"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{B856B548-86DF-4A8B-B2B7-0E3AD87B92E6}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{B856B548-86DF-4A8B-B2B7-0E3AD87B92E6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{B856B548-86DF-4A8B-B2B7-0E3AD87B92E6}\InprocServer32]

@="C:\\WINDOWS\\system32\\BIOWSEUI.DLL"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{732C1171-1831-4978-AF70-A2CD459AF9CD}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{732C1171-1831-4978-AF70-A2CD459AF9CD}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{732C1171-1831-4978-AF70-A2CD459AF9CD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{732C1171-1831-4978-AF70-A2CD459AF9CD}\InprocServer32]

@="C:\\WINDOWS\\system32\\dzkquota.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BFAAA06C-DFCA-4025-B4D0-30112F711618}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{BFAAA06C-DFCA-4025-B4D0-30112F711618}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{BFAAA06C-DFCA-4025-B4D0-30112F711618}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{BFAAA06C-DFCA-4025-B4D0-30112F711618}\InprocServer32]

@="C:\\WINDOWS\\system32\\hgetcfg.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{55DD2A61-1CEB-4E7B-A430-96C486121886}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{55DD2A61-1CEB-4E7B-A430-96C486121886}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{55DD2A61-1CEB-4E7B-A430-96C486121886}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{55DD2A61-1CEB-4E7B-A430-96C486121886}\InprocServer32]

@="C:\\WINDOWS\\system32\\guard.tmp"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A696F2B1-D1A6-47AD-9485-B906F2B20414}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{A696F2B1-D1A6-47AD-9485-B906F2B20414}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{A696F2B1-D1A6-47AD-9485-B906F2B20414}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{A696F2B1-D1A6-47AD-9485-B906F2B20414}\InprocServer32]

@="C:\\WINDOWS\\system32\\srrobj.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0E380521-D27D-4B5E-A2C2-835E76B4A813}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{0E380521-D27D-4B5E-A2C2-835E76B4A813}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{0E380521-D27D-4B5E-A2C2-835E76B4A813}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{0E380521-D27D-4B5E-A2C2-835E76B4A813}\InprocServer32]

@="C:\\WINDOWS\\system32\\MUIDENT.DLL"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8AA38C69-5224-4311-9EB1-B6645D3EB7CC}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{8AA38C69-5224-4311-9EB1-B6645D3EB7CC}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{8AA38C69-5224-4311-9EB1-B6645D3EB7CC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{8AA38C69-5224-4311-9EB1-B6645D3EB7CC}\InprocServer32]

@="C:\\WINDOWS\\system32\\guard.tmp"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{57C4114D-A703-4B98-93D5-47BE1B1B2304}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{57C4114D-A703-4B98-93D5-47BE1B1B2304}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{57C4114D-A703-4B98-93D5-47BE1B1B2304}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{57C4114D-A703-4B98-93D5-47BE1B1B2304}\InprocServer32]

@="C:\\WINDOWS\\system32\\alsmsext.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0EFE61B6-88A6-4809-AE67-FE97656D0A59}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{0EFE61B6-88A6-4809-AE67-FE97656D0A59}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{0EFE61B6-88A6-4809-AE67-FE97656D0A59}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{0EFE61B6-88A6-4809-AE67-FE97656D0A59}\InprocServer32]

@="C:\\WINDOWS\\system32\\agmeter.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0EFB3EE6-DAFC-4B86-9D3B-4661A3D64A84}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{0EFB3EE6-DAFC-4B86-9D3B-4661A3D64A84}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{0EFB3EE6-DAFC-4B86-9D3B-4661A3D64A84}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{0EFB3EE6-DAFC-4B86-9D3B-4661A3D64A84}\InprocServer32]

@="C:\\WINDOWS\\system32\\kldhept.dll"

"ThreadingModel"="Apartment"

********************************************************************************

**

Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\

agmeter.dll Tue 2006-01-17 15:44:36 A.S.R 237 319 231,75 K

alsmsext.dll Tue 2006-01-17 1:09:18 A.S.R 237 319 231,75 K

bsowsewm.dll Mon 2006-01-16 15:04:30 ..S.R 234 568 229,07 K

esent.dll Thu 2005-10-20 17:33:08 A.... 991 232 968,00 K

gdi32.dll Mon 2006-01-02 17:38:04 A.... 260 608 254,50 K

h64m0g~1.dll Mon 2006-01-16 15:04:30 ..S.R 234 714 229,21 K

i6jq0g~1.dll Tue 2006-01-17 1:09:28 ..S.R 234 053 228,57 K

k4jsle~1.dll Mon 2006-01-16 14:39:38 ..S.R 236 282 230,74 K

kldhept.dll Wed 2006-01-18 20:37:34 ..S.R 233 340 227,87 K

l26olc~1.dll Tue 2006-01-17 0:21:52 ..S.R 235 505 229,98 K

m628lg~1.dll Tue 2006-01-17 19:51:38 ..S.R 237 319 231,75 K

m8280i~1.dll Mon 2006-01-16 20:05:32 ..S.R 236 321 230,78 K

msctl32.dll Fri 2006-01-13 19:22:28 A.... 68 096 66,50 K

mstask.dll Sun 2005-11-13 11:20:28 A.... 260 096 254,00 K

muident.dll Mon 2006-01-16 21:14:50 ..S.R 235 505 229,98 K

mvj6l9~1.dll Mon 2006-01-16 14:48:50 ..S.R 236 187 230,65 K

netapi32.dll Sun 2005-11-13 11:20:28 A.... 306 688 299,50 K

nqobjapi.dll Mon 2006-01-16 14:48:50 ..S.R 234 568 229,07 K

q286lc~1.dll Tue 2006-01-17 12:23:36 ..S.R 233 340 227,87 K

schedsvc.dll Sun 2005-11-13 11:20:28 A.... 172 544 168,50 K

sporder.dll Fri 2006-01-13 18:09:12 A.... 8 464 8,27 K

srrobj.dll Mon 2006-01-16 20:05:24 ..S.R 234 568 229,07 K

srrstr.dll Thu 2005-10-27 14:06:38 A.... 226 816 221,50 K

zlbw.dll Fri 2006-01-13 19:23:44 A.... 46 592 45,50 K

24 items found: 24 files (15 H/S), 0 directories.

Total of file sizes: 5 872 044 bytes 5,60 M

Locate .tmp files:

C:\WINDOWS\SYSTEM32\

guard.tmp Wed 2006-01-18 20:37:50 A.... 235 340 229,82 K

1 item found: 1 file, 0 directories.

Total of file sizes: 235 340 bytes 229,82 K

********************************************************************************

**

Directory Listing of system files:

Volume in drive C has no label.

Volume Serial Number is A085-E3ED

Directory of C:\WINDOWS\System32

18/01/2006 08:37 PM 233,340 kldhept.dll

17/01/2006 07:51 PM 237,319 m628lgfu1628.dll

17/01/2006 03:44 PM 237,319 agmeter.dll

17/01/2006 12:23 PM 233,340 q286lcls1fq6.dll

17/01/2006 01:09 AM 234,053 i6jq0g15e6.dll

17/01/2006 01:09 AM 237,319 alsmsext.dll

17/01/2006 12:21 AM 235,505 l26olcj31fo.dll

16/01/2006 09:14 PM 235,505 MUIDENT.DLL

16/01/2006 08:05 PM 236,321 m8280ifue8280.dll

16/01/2006 08:05 PM 234,568 srrobj.dll

16/01/2006 03:04 PM 234,568 bsowsewm.dll

16/01/2006 03:04 PM 234,714 h64m0gh1e64.dll

16/01/2006 02:48 PM 234,568 nqobjapi.dll

16/01/2006 02:48 PM 236,187 mvj6l91s1.dll

16/01/2006 02:39 PM 236,282 k4jsle171h.dll

11/01/2006 04:25 PM <DIR> dllcache

13/03/2005 05:00 PM <DIR> Microsoft

15 File(s) 3,530,908 bytes

2 Dir(s) 23,305,555,968 bytes free

Link to post
Share on other sites

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. It will process then start. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

If after the reboot the log does not open double click on it in the l2mfix folder.

Link to post
Share on other sites

L2MFIX find log 010406

These are the registry keys present

********************************************************************************

**

Winlogon/notify:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\axxt32]

"secureUID"="[18562223121373254711]"

"secureTIME"="13:1"

"DllName"=hex(2):61,00,78,00,78,00,74,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,\

00,00

"Startup"="SeAllocate"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

"MaxWait"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP]

"Asynchronous"=dword:00000000

"DllName"="C:\\WINDOWS\\system32\\q286lcls1fq6.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msctl32.dll]

"DllName"="msctl32.dll"

"Startup"="Startup"

"Asynchronous"=dword:00000001

"Impersonate"=dword:00000000

"ExtParam"=hex:c8,71,73,c0,0f,76,7f,fd,e1,3c,af,ee,1a,ec,d6,b9

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

********************************************************************************

**

useragent:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

"{D43DB99A-4938-E4C3-A499-7F2C696C3265}"=""

********************************************************************************

**

Shell Extension key:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"

"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"

"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"

"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"

"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"

"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"

"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"

"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"

"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"

"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"

"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"

"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"

"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"

"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"

"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"

"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"

"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"

"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"

"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"

"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"

"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"

"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"

"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"

"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"

"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"

"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"

"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"

"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"

"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"

"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"

"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"

"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"

"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"

"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"

"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"

"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"

"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"

"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"

"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"

"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"

"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"

"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"

"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"

"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"

"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"

"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"

"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"

"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."

"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"

"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"

"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"

"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"

"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"

"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"

"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"

"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"

"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"

"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"

"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"

"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"

"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"

"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"

"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"

"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"

"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"

"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"

"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"

"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"

"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"

"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"

"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"

"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"

"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"

"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"

"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"

"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"

"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"

"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"

"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"

"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"

"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"

"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"

"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"

"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"

"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"

"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"

"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"

"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"

"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"

"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"

"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"

"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"

"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"

"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"

"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"

"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"

"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"

"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"

"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"

"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"

"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"

"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"

"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"

"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"

"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"

"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"

"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"

"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"

"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"

"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"

"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"

"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"

"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"

"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"

"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"

"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"

"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"

"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"

"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"

"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"

"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"

"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"

"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"

"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"

"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"

"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"

"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"

"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"

"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"

"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"

"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"

"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"

"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"

"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"

"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"

"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"

"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"

"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"

"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"

"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"

"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"

"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"

"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"

"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"

"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"

"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"

"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"

"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"

"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"

"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"

"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"

"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"

"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"

"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"

"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"

"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"

"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."

"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"

"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"

"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"

"{59850401-6664-101B-B21C-00AA004BA90B}"="Microsoft Office Binder Unbind"

"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"

"{acb4a560-3606-11d3-aef4-00104bd0f92d}"="KodakShellExtension"

"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"

"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"

"{B856B548-86DF-4A8B-B2B7-0E3AD87B92E6}"=""

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"

"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"

"{732C1171-1831-4978-AF70-A2CD459AF9CD}"=""

"{BFAAA06C-DFCA-4025-B4D0-30112F711618}"=""

"{55DD2A61-1CEB-4E7B-A430-96C486121886}"=""

"{A696F2B1-D1A6-47AD-9485-B906F2B20414}"=""

"{0E380521-D27D-4B5E-A2C2-835E76B4A813}"=""

"{8AA38C69-5224-4311-9EB1-B6645D3EB7CC}"=""

"{57C4114D-A703-4B98-93D5-47BE1B1B2304}"=""

"{0EFE61B6-88A6-4809-AE67-FE97656D0A59}"=""

"{0EFB3EE6-DAFC-4B86-9D3B-4661A3D64A84}"=""

********************************************************************************

**

HKEY ROOT CLASSIDS:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B856B548-86DF-4A8B-B2B7-0E3AD87B92E6}]

@=""

"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{B856B548-86DF-4A8B-B2B7-0E3AD87B92E6}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{B856B548-86DF-4A8B-B2B7-0E3AD87B92E6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{B856B548-86DF-4A8B-B2B7-0E3AD87B92E6}\InprocServer32]

@="C:\\WINDOWS\\system32\\BIOWSEUI.DLL"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{732C1171-1831-4978-AF70-A2CD459AF9CD}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{732C1171-1831-4978-AF70-A2CD459AF9CD}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{732C1171-1831-4978-AF70-A2CD459AF9CD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{732C1171-1831-4978-AF70-A2CD459AF9CD}\InprocServer32]

@="C:\\WINDOWS\\system32\\dzkquota.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BFAAA06C-DFCA-4025-B4D0-30112F711618}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{BFAAA06C-DFCA-4025-B4D0-30112F711618}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{BFAAA06C-DFCA-4025-B4D0-30112F711618}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{BFAAA06C-DFCA-4025-B4D0-30112F711618}\InprocServer32]

@="C:\\WINDOWS\\system32\\hgetcfg.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{55DD2A61-1CEB-4E7B-A430-96C486121886}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{55DD2A61-1CEB-4E7B-A430-96C486121886}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{55DD2A61-1CEB-4E7B-A430-96C486121886}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{55DD2A61-1CEB-4E7B-A430-96C486121886}\InprocServer32]

@="C:\\WINDOWS\\system32\\guard.tmp"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A696F2B1-D1A6-47AD-9485-B906F2B20414}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{A696F2B1-D1A6-47AD-9485-B906F2B20414}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{A696F2B1-D1A6-47AD-9485-B906F2B20414}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{A696F2B1-D1A6-47AD-9485-B906F2B20414}\InprocServer32]

@="C:\\WINDOWS\\system32\\srrobj.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0E380521-D27D-4B5E-A2C2-835E76B4A813}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{0E380521-D27D-4B5E-A2C2-835E76B4A813}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{0E380521-D27D-4B5E-A2C2-835E76B4A813}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{0E380521-D27D-4B5E-A2C2-835E76B4A813}\InprocServer32]

@="C:\\WINDOWS\\system32\\MUIDENT.DLL"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8AA38C69-5224-4311-9EB1-B6645D3EB7CC}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{8AA38C69-5224-4311-9EB1-B6645D3EB7CC}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{8AA38C69-5224-4311-9EB1-B6645D3EB7CC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{8AA38C69-5224-4311-9EB1-B6645D3EB7CC}\InprocServer32]

@="C:\\WINDOWS\\system32\\guard.tmp"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{57C4114D-A703-4B98-93D5-47BE1B1B2304}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{57C4114D-A703-4B98-93D5-47BE1B1B2304}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{57C4114D-A703-4B98-93D5-47BE1B1B2304}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{57C4114D-A703-4B98-93D5-47BE1B1B2304}\InprocServer32]

@="C:\\WINDOWS\\system32\\alsmsext.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0EFE61B6-88A6-4809-AE67-FE97656D0A59}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{0EFE61B6-88A6-4809-AE67-FE97656D0A59}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{0EFE61B6-88A6-4809-AE67-FE97656D0A59}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{0EFE61B6-88A6-4809-AE67-FE97656D0A59}\InprocServer32]

@="C:\\WINDOWS\\system32\\agmeter.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0EFB3EE6-DAFC-4B86-9D3B-4661A3D64A84}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{0EFB3EE6-DAFC-4B86-9D3B-4661A3D64A84}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{0EFB3EE6-DAFC-4B86-9D3B-4661A3D64A84}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{0EFB3EE6-DAFC-4B86-9D3B-4661A3D64A84}\InprocServer32]

@="C:\\WINDOWS\\system32\\kldhept.dll"

"ThreadingModel"="Apartment"

********************************************************************************

**

Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\

agmeter.dll Tue 2006-01-17 15:44:36 A.S.R 237 319 231,75 K

alsmsext.dll Tue 2006-01-17 1:09:18 A.S.R 237 319 231,75 K

bsowsewm.dll Mon 2006-01-16 15:04:30 ..S.R 234 568 229,07 K

esent.dll Thu 2005-10-20 17:33:08 A.... 991 232 968,00 K

gdi32.dll Mon 2006-01-02 17:38:04 A.... 260 608 254,50 K

h64m0g~1.dll Mon 2006-01-16 15:04:30 ..S.R 234 714 229,21 K

i6jq0g~1.dll Tue 2006-01-17 1:09:28 ..S.R 234 053 228,57 K

k4jsle~1.dll Mon 2006-01-16 14:39:38 ..S.R 236 282 230,74 K

kldhept.dll Wed 2006-01-18 20:37:34 ..S.R 233 340 227,87 K

l26olc~1.dll Tue 2006-01-17 0:21:52 ..S.R 235 505 229,98 K

m628lg~1.dll Tue 2006-01-17 19:51:38 ..S.R 237 319 231,75 K

m8280i~1.dll Mon 2006-01-16 20:05:32 ..S.R 236 321 230,78 K

msctl32.dll Fri 2006-01-13 19:22:28 A.... 68 096 66,50 K

mstask.dll Sun 2005-11-13 11:20:28 A.... 260 096 254,00 K

muident.dll Mon 2006-01-16 21:14:50 ..S.R 235 505 229,98 K

mvj6l9~1.dll Mon 2006-01-16 14:48:50 ..S.R 236 187 230,65 K

netapi32.dll Sun 2005-11-13 11:20:28 A.... 306 688 299,50 K

nqobjapi.dll Mon 2006-01-16 14:48:50 ..S.R 234 568 229,07 K

q286lc~1.dll Tue 2006-01-17 12:23:36 ..S.R 233 340 227,87 K

schedsvc.dll Sun 2005-11-13 11:20:28 A.... 172 544 168,50 K

sporder.dll Fri 2006-01-13 18:09:12 A.... 8 464 8,27 K

srrobj.dll Mon 2006-01-16 20:05:24 ..S.R 234 568 229,07 K

srrstr.dll Thu 2005-10-27 14:06:38 A.... 226 816 221,50 K

zlbw.dll Fri 2006-01-13 19:23:44 A.... 46 592 45,50 K

24 items found: 24 files (15 H/S), 0 directories.

Total of file sizes: 5 872 044 bytes 5,60 M

Locate .tmp files:

C:\WINDOWS\SYSTEM32\

guard.tmp Wed 2006-01-18 20:37:50 A.... 235 340 229,82 K

1 item found: 1 file, 0 directories.

Total of file sizes: 235 340 bytes 229,82 K

********************************************************************************

**

Directory Listing of system files:

Volume in drive C has no label.

Volume Serial Number is A085-E3ED

Directory of C:\WINDOWS\System32

18/01/2006 08:37 PM 233,340 kldhept.dll

17/01/2006 07:51 PM 237,319 m628lgfu1628.dll

17/01/2006 03:44 PM 237,319 agmeter.dll

17/01/2006 12:23 PM 233,340 q286lcls1fq6.dll

17/01/2006 01:09 AM 234,053 i6jq0g15e6.dll

17/01/2006 01:09 AM 237,319 alsmsext.dll

17/01/2006 12:21 AM 235,505 l26olcj31fo.dll

16/01/2006 09:14 PM 235,505 MUIDENT.DLL

16/01/2006 08:05 PM 236,321 m8280ifue8280.dll

16/01/2006 08:05 PM 234,568 srrobj.dll

16/01/2006 03:04 PM 234,568 bsowsewm.dll

16/01/2006 03:04 PM 234,714 h64m0gh1e64.dll

16/01/2006 02:48 PM 234,568 nqobjapi.dll

16/01/2006 02:48 PM 236,187 mvj6l91s1.dll

16/01/2006 02:39 PM 236,282 k4jsle171h.dll

11/01/2006 04:25 PM <DIR> dllcache

13/03/2005 05:00 PM <DIR> Microsoft

15 File(s) 3,530,908 bytes

2 Dir(s) 23,305,555,968 bytes free

Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 5:13:51 PM, on 21/01/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\AVGFRE~1\avgupsvc.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\SafeNet\SoftRemoteLT\IPSecMon.exe

C:\PROGRA~1\AVGFRE~1\avgw.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\Tablet.exe

C:\WINDOWS\System32\RUNDLL32.EXE

E:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\PROGRA~1\AVGFRE~1\avgcc.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Adobe Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\SafeNet\SoftRemoteLT\SafeCfg.exe

C:\WINDOWS\system32\Wtablet\TabUserW.exe

C:\WINDOWS\System32\wuauclt.exe

F:\Hijack this\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca/

F2 - REG:system.ini: UserInit=userinit.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20010\services.exe

O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msoff.exe

O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe

O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NI.UWA6P_0001_N56M1001] "C:\Documents and Settings\Khuyen-nie\My Documents\WinAntiVirusPro2006Installer.exe" -nag

O4 - HKLM\..\Run: [NI.UWAS6_0001_N57M1312] "C:\Documents and Settings\Khuyen-nie\My Documents\WinAntiSpyware2006FreeInstall.exe" -nag

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: SoftRemoteLT.lnk = C:\Program Files\SafeNet\SoftRemoteLT\SafeCfg.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab

O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab

O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab

O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab

O20 - Winlogon Notify: axxt32 - C:\WINDOWS\SYSTEM32\axxt32.dll

O21 - SSODL: fldrsys - {23F7C330-9607-4757-BEB1-5AC5C44E7C0F} - fldrsys.dll (file missing)

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGFRE~1\avgupsvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\SafeNet\SoftRemoteLT\IPSecMon.exe

O23 - Service: SafeNet IKE Service (IREIKE) - Unknown owner - C:\Program Files\SafeNet\SoftRemoteLT\IreIKE.exe (file missing)

O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ncnrlcd.exe (file missing)

Link to post
Share on other sites

You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please go ahead and uninstall the Kaspersky Anti-Virus program, otherwise it will interefere with your AVG Anti-Virus.

You have a number of randomonly named files on your system. We like to start with an online virus and trojan scan. Even though you have antivirus software on your system, it can become corrupted by malware.

Please run a free online virus scan here (tick the "Auto Clean" checkbox):

http://housecall.antivirus.com/

And a free trojan scan here:

http://www.moosoft.com/

Reboot your PC.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, if found, then click fix checked.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20010\services.exe

O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msoff.exe

O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe

O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe

O4 - HKLM\..\Run: [NI.UWA6P_0001_N56M1001] "C:\Documents and Settings\Khuyen-nie\My Documents\WinAntiVirusPro2006Installer.exe" -nag

O4 - HKLM\..\Run: [NI.UWAS6_0001_N57M1312] "C:\Documents and Settings\Khuyen-nie\My Documents\WinAntiSpyware2006FreeInstall.exe" -nag

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O20 - Winlogon Notify: axxt32 - C:\WINDOWS\SYSTEM32\axxt32.dll

O21 - SSODL: fldrsys - {23F7C330-9607-4757-BEB1-5AC5C44E7C0F} - fldrsys.dll (file missing)

O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ncnrlcd.exe (file missing)

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. :)

Edited by Dragon
Link to post
Share on other sites

Thank you very much, it seems the problem is solved. Pop ups are gone, system runs smoother. I still wonder if there's slowdown though, but it's hard to gauge.

Here is my log. I'm curious as to why I have 3 copies of svchost.exe running though.

Logfile of HijackThis v1.99.1

Scan saved at 11:54:39 PM, on 22/01/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\AVGFRE~1\avgupsvc.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\SafeNet\SoftRemoteLT\IPSecMon.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\Tablet.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\RUNDLL32.EXE

E:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\PROGRA~1\AVGFRE~1\avgcc.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\SafeNet\SoftRemoteLT\SafeCfg.exe

C:\WINDOWS\system32\Wtablet\TabUserW.exe

F:\Hijack this\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca/

F2 - REG:system.ini: UserInit=userinit.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: SoftRemoteLT.lnk = C:\Program Files\SafeNet\SoftRemoteLT\SafeCfg.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab

O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab

O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab

O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab

O20 - Winlogon Notify: axxt32 - C:\WINDOWS\SYSTEM32\axxt32.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGFRE~1\avgupsvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\SafeNet\SoftRemoteLT\IPSecMon.exe

O23 - Service: SafeNet IKE Service (IREIKE) - Unknown owner - C:\Program Files\SafeNet\SoftRemoteLT\IreIKE.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

Link to post
Share on other sites

info on the svchost.exe entries you were wondering about.

At startup, Svchost.exe checks the services part of the registry to construct a list of services that it must load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services. Therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services permits better control and easier debugging.

so it is normal to have more then one svchost entry running. so no concerns there.

Congratulations! Your system is CLEAN :thumbsup:

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use) Click Here.

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.

Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.

Restrict the actions of potentially dangerous sites in Internet Explorer.

Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.

1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox firefox.gif.

2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the Hijack This folder if everything is working okay.

After doing all these, your system will be thoroughly protected from future threats. :spoton:

Link to post
Share on other sites
  • 2 months later...

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.