uninstallable AV program and multiple virii

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

dwaynea515

Thread Starter
Joined
Sep 9, 2001
Messages
601
I am working on a Dell with XP on it this computer is being overrun with popups and virus. I have run updated AdawareSE as well as Spybot S&D and Spyware Blaster. They Had Norton as well as Defender Working at the same time and neither was preventing this takeover. I uninstalled Norton and installed AVG Free Edition and got 70 Virus off of it. Adaware found 1130 bad files and registry entries. I ran it 3 times before I could get it all off. Spybot found 900 Infected files and removed them all after the second run. I went into the registry and deleted all I could find and still I found a lot of popups coming in. The AVG is constantly popping up and for virus found and asking for " heal or Delete" option. I always choose Delete. here is the problem I could not uninstall the Defender AV program it said " Access Denied" I am sure that I have missed something and Now I am at my wits end. here is the HJT log that was run yesterday, I will be going back over there this afternoon to try to finish it if I can get someone more knowledgeable to help me with this. Also in the Recycle bin there are 2 files that you cant see but when you empty it they come back. also it tries to install the Defender program when you first clic " Empty recycle bin. I know this is a lot of information but this is a messed up machine. thanks for your help:

Logfile of HijackThis v1.99.0
Scan saved at 2:53:03 PM, on 1/29/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\qiyf\gtllm.exe
C:\WINDOWS\System32\tpwccu\grtaosh.exe
C:\WINDOWS\System32\gjhcnb\xrbmvjlf.exe
C:\WINDOWS\System32\kvyyrow\itwq.exe
C:\WINDOWS\System32\chylpb\bfhvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Documents and Settings\Roni\Application Data\eetu.exe
C:\WINDOWS\System32\w?nspool.exe
C:\WINDOWS\System32\g0400ahmed4a0.exe
C:\Documents and Settings\Roni\My Documents\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: US Class - {1FFED2CB-FC98-49f8-B3D0-678D03350F1E} - C:\WINDOWS\mscore.dll
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O4 - HKLM\..\Run: [gtllm] C:\WINDOWS\System32\qiyf\gtllm.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [grtaosh] C:\WINDOWS\System32\tpwccu\grtaosh.exe
O4 - HKLM\..\Run: [xrbmvjlf] C:\WINDOWS\System32\gjhcnb\xrbmvjlf.exe
O4 - HKLM\..\Run: [itwq] C:\WINDOWS\System32\kvyyrow\itwq.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [bfhvc] C:\WINDOWS\System32\chylpb\bfhvc.exe
O4 - HKLM\..\Run: [Makarzy] C:\WINDOWS\nyei.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvgdy32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Roni\Application Data\eetu.exe
O4 - HKCU\..\Run: [Wqbkg] C:\WINDOWS\System32\w?nspool.exe
O4 - HKCU\..\Run: [g0400ahmed4a0] C:\WINDOWS\System32\g0400ahmed4a0.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted IP range: (HKLM)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\xnycoioe.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3BF1184-29F2-442C-B3FF-9929E544E1B2}: NameServer = 206.10.30.100,206.10.30.101
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,096
Click here: http://www.atribune.org/downloads/l2mfix.exe to download L2mfix.

Save the file to your desktop and double click l2mfix.exe. Read and Accept the agreement. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
 

dwaynea515

Thread Starter
Joined
Sep 9, 2001
Messages
601
Thanks cookiegal: As I said I will go back over there this afternoon and do this then.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,096
OK, I'll be around most of the day.
 

dwaynea515

Thread Starter
Joined
Sep 9, 2001
Messages
601
OK cookiegal here it is

L2MFIX find log 1.02a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Controls Folder]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\f2l02c3mgf.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{92FE3EDD-9C26-4A47-B167-23DB1A84AEE9}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{1E2CDF40-419B-11D2-A5A1-002018648BA7}"="AVG Shell Extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{F89C10E5-FF92-4892-992A-2250D660AC96}"=""
"{647F4399-D654-4D48-AAA6-C319CCFC73C2}"=""
"{EAF49493-9CCC-45D5-89D6-07B589BC20F1}"=""
"{0B67FA29-E142-49EF-8DD4-12039B81B6EC}"=""
"{A2F7D2B0-922D-4DD8-84AF-7C1631C80D70}"=""
"{125CCFFD-AB0C-4A60-B947-13C727D08BB8}"=""
"{C9FDAEEE-59EA-4098-9656-B69214FA04A0}"=""
"{B40DD968-6B53-4435-BD2D-4845EF13E86C}"=""
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{27B3932E-E6C0-4D14-A7C4-071AB3E734A7}"=""
"{F19F0501-0CA8-449D-9B2A-8DD49C01846A}"=""
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1B1AFC76-01D9-42E7-889C-5EEDA1A9B61D}"=""
"{98650D0C-8D1B-4652-88F5-9A2D13E05742}"=""
"{E9625100-059D-475F-89E2-F0977E033589}"=""
"{E8719229-5C3D-4ACF-AA07-A54EECC418B5}"=""
"{515CC994-CC6C-475A-A204-6E530A9AE18E}"=""
"{2865863E-225E-482D-B84B-4BE7B4BAE5F8}"=""
"{F2FD38E1-A871-49B1-ADAF-EC386816C6F0}"=""
"{8A356794-26AD-4471-9519-BEA07BF747DA}"=""
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{AA495047-4F72-4DD2-A205-D6F03F288B0E}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F89C10E5-FF92-4892-992A-2250D660AC96}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F89C10E5-FF92-4892-992A-2250D660AC96}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F89C10E5-FF92-4892-992A-2250D660AC96}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F89C10E5-FF92-4892-992A-2250D660AC96}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{647F4399-D654-4D48-AAA6-C319CCFC73C2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{647F4399-D654-4D48-AAA6-C319CCFC73C2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{647F4399-D654-4D48-AAA6-C319CCFC73C2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{647F4399-D654-4D48-AAA6-C319CCFC73C2}\InprocServer32]
@="C:\\WINDOWS\\system32\\oxtext32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EAF49493-9CCC-45D5-89D6-07B589BC20F1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EAF49493-9CCC-45D5-89D6-07B589BC20F1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EAF49493-9CCC-45D5-89D6-07B589BC20F1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EAF49493-9CCC-45D5-89D6-07B589BC20F1}\InprocServer32]
@="C:\\WINDOWS\\system32\\ib32_32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0B67FA29-E142-49EF-8DD4-12039B81B6EC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0B67FA29-E142-49EF-8DD4-12039B81B6EC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0B67FA29-E142-49EF-8DD4-12039B81B6EC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0B67FA29-E142-49EF-8DD4-12039B81B6EC}\InprocServer32]
@="C:\\WINDOWS\\system32\\gy06l3ds1.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A2F7D2B0-922D-4DD8-84AF-7C1631C80D70}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A2F7D2B0-922D-4DD8-84AF-7C1631C80D70}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A2F7D2B0-922D-4DD8-84AF-7C1631C80D70}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A2F7D2B0-922D-4DD8-84AF-7C1631C80D70}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{125CCFFD-AB0C-4A60-B947-13C727D08BB8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{125CCFFD-AB0C-4A60-B947-13C727D08BB8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{125CCFFD-AB0C-4A60-B947-13C727D08BB8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{125CCFFD-AB0C-4A60-B947-13C727D08BB8}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C9FDAEEE-59EA-4098-9656-B69214FA04A0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C9FDAEEE-59EA-4098-9656-B69214FA04A0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C9FDAEEE-59EA-4098-9656-B69214FA04A0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C9FDAEEE-59EA-4098-9656-B69214FA04A0}\InprocServer32]
@="C:\\WINDOWS\\system32\\dmsetup.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B40DD968-6B53-4435-BD2D-4845EF13E86C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B40DD968-6B53-4435-BD2D-4845EF13E86C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B40DD968-6B53-4435-BD2D-4845EF13E86C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B40DD968-6B53-4435-BD2D-4845EF13E86C}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{27B3932E-E6C0-4D14-A7C4-071AB3E734A7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{27B3932E-E6C0-4D14-A7C4-071AB3E734A7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{27B3932E-E6C0-4D14-A7C4-071AB3E734A7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{27B3932E-E6C0-4D14-A7C4-071AB3E734A7}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F19F0501-0CA8-449D-9B2A-8DD49C01846A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F19F0501-0CA8-449D-9B2A-8DD49C01846A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F19F0501-0CA8-449D-9B2A-8DD49C01846A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F19F0501-0CA8-449D-9B2A-8DD49C01846A}\InprocServer32]
@="C:\\WINDOWS\\system32\\kedru1.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1B1AFC76-01D9-42E7-889C-5EEDA1A9B61D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B1AFC76-01D9-42E7-889C-5EEDA1A9B61D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B1AFC76-01D9-42E7-889C-5EEDA1A9B61D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B1AFC76-01D9-42E7-889C-5EEDA1A9B61D}\InprocServer32]
@="C:\\WINDOWS\\system32\\khdpl1.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{98650D0C-8D1B-4652-88F5-9A2D13E05742}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{98650D0C-8D1B-4652-88F5-9A2D13E05742}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{98650D0C-8D1B-4652-88F5-9A2D13E05742}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{98650D0C-8D1B-4652-88F5-9A2D13E05742}\InprocServer32]
@="C:\\WINDOWS\\system32\\mlidntld.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E9625100-059D-475F-89E2-F0977E033589}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E9625100-059D-475F-89E2-F0977E033589}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E9625100-059D-475F-89E2-F0977E033589}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E9625100-059D-475F-89E2-F0977E033589}\InprocServer32]
@="C:\\WINDOWS\\system32\\mcoeacct.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E8719229-5C3D-4ACF-AA07-A54EECC418B5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E8719229-5C3D-4ACF-AA07-A54EECC418B5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E8719229-5C3D-4ACF-AA07-A54EECC418B5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E8719229-5C3D-4ACF-AA07-A54EECC418B5}\InprocServer32]
@="C:\\WINDOWS\\system32\\FZ20.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{515CC994-CC6C-475A-A204-6E530A9AE18E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{515CC994-CC6C-475A-A204-6E530A9AE18E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{515CC994-CC6C-475A-A204-6E530A9AE18E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{515CC994-CC6C-475A-A204-6E530A9AE18E}\InprocServer32]
@="C:\\WINDOWS\\system32\\ebts.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2865863E-225E-482D-B84B-4BE7B4BAE5F8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2865863E-225E-482D-B84B-4BE7B4BAE5F8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2865863E-225E-482D-B84B-4BE7B4BAE5F8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2865863E-225E-482D-B84B-4BE7B4BAE5F8}\InprocServer32]
@="C:\\WINDOWS\\system32\\ttpmon.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F2FD38E1-A871-49B1-ADAF-EC386816C6F0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F2FD38E1-A871-49B1-ADAF-EC386816C6F0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F2FD38E1-A871-49B1-ADAF-EC386816C6F0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F2FD38E1-A871-49B1-ADAF-EC386816C6F0}\InprocServer32]
@="C:\\WINDOWS\\system32\\wzs5.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8A356794-26AD-4471-9519-BEA07BF747DA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8A356794-26AD-4471-9519-BEA07BF747DA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8A356794-26AD-4471-9519-BEA07BF747DA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8A356794-26AD-4471-9519-BEA07BF747DA}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{AA495047-4F72-4DD2-A205-D6F03F288B0E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AA495047-4F72-4DD2-A205-D6F03F288B0E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AA495047-4F72-4DD2-A205-D6F03F288B0E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AA495047-4F72-4DD2-A205-D6F03F288B0E}\InprocServer32]
@="C:\\WINDOWS\\system32\\nktlogon.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
Locate .tmp files:
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is D4B9-C7E7

Directory of C:\WINDOWS\System32

01/30/2005 11:50 AM <DIR> dllcache
01/30/2005 08:55 AM 223,224 guard.tmp
01/29/2005 08:30 PM 224,611 dn4001hme.dll
01/29/2005 08:29 PM 223,224 f2l02c3mgf.dll
01/29/2005 06:57 PM 223,147 mlidntld.dll
01/29/2005 09:36 AM 475 bxtgy.dll
01/29/2005 09:00 AM 223,062 dzwave.dll
01/28/2005 09:13 PM 225,723 fp6003jme.dll
01/27/2005 11:02 PM 225,723 dn4s01h7e.dll
01/27/2005 08:53 PM 223,023 l0l6la3s1d.dll
01/27/2005 12:23 PM 223,107 mvrsl9971.dll
01/26/2005 09:17 PM 176,362 BXtgY.exe
01/26/2005 08:37 PM 225,723 mvpql9751.dll
01/26/2005 04:08 PM 225,723 kt8ul7l91.dll
01/25/2005 05:09 PM 225,723 hrl4053qe.dll
01/24/2005 08:48 PM 225,723 irj4l51q1.dll
01/23/2005 04:42 PM 225,723 jt2407fqe.dll
01/22/2005 03:33 PM 225,723 j0j60a1sed.dll
01/21/2005 02:46 PM 225,723 d6j00g1me6.dll
01/20/2005 09:37 PM 224,959 kt42l7ho1.dll
01/20/2005 04:54 PM 224,959 m4640ejqehoe0.dll
01/19/2005 08:01 AM 223,264 ir6ql5j51.dll
01/18/2005 10:27 PM 226,240 mv2ol9f31.dll
01/16/2005 11:16 PM 226,240 n2p40c7qef.dll
01/15/2005 10:06 PM 223,214 hpj0231mg.dll
01/14/2005 07:02 PM 225,861 gpnml3511.dll
01/11/2005 08:15 AM 401,408 t?skmgr.exe
01/11/2005 08:13 AM 401,408 n?tdde.exe
01/11/2005 08:11 AM 401,408 ?ti2evxx.exe
01/11/2005 08:10 AM 401,408 w?nspool.exe
01/07/2005 04:47 PM 222,966 g0400ahmed4a0.dll
01/06/2005 10:12 PM <DIR> Microsoft
01/05/2005 10:32 PM 224,752 mvl4l93q1.dll
01/05/2005 12:56 AM 222,778 r8p80i7ue8.dll
01/04/2005 11:51 PM 222,778 wuvdmoe.dll
01/04/2005 06:40 PM 222,778 hrjo0513e.dll
01/04/2005 05:42 PM 224,157 mvpol9731.dll
01/03/2005 11:22 PM 225,353 n2r20c9oef.dll
01/03/2005 10:18 PM 225,353 owdbse32.dll
01/03/2005 08:43 PM 224,854 kt26l7fs1.dll
12/31/2004 03:58 PM 225,987 f8j2li1o18.dll
12/31/2004 03:52 PM 226,216 lv2209foe.dll
12/31/2004 12:27 PM 223,171 m228lcfu1f28.dll
12/30/2004 10:56 PM 225,987 dn8001lme.dll
12/30/2004 10:44 PM 225,987 f0j2la1o1d.dll
12/30/2004 10:42 PM 222,944 n2p4lc7q1f.dll
12/30/2004 06:19 PM 225,987 en4ul1h91.dll
12/30/2004 06:18 PM 222,581 jt4s07h7e.dll
12/30/2004 05:00 PM 225,000 f4j2le1o1h.dll
12/30/2004 03:59 PM 224,685 fp8203loe.dll
12/30/2004 02:31 PM 223,578 k4pm0e71eh.dll
12/30/2004 01:54 PM 224,454 r6p80g7ue6.dll
12/30/2004 01:36 PM 223,206 n22ulcf91f2.dll
12/29/2004 11:10 PM 225,150 r08slal71dq.dll
12/28/2004 10:07 PM 224,264 irnml5511.dll
12/26/2004 05:15 PM 224,950 k8jsli1718.dll
12/26/2004 04:21 PM 224,382 sqlwapi.dll
12/26/2004 01:39 PM 224,201 l06olaj31do.dll
12/25/2004 11:28 AM 225,124 t2r8lc9u1f.dll
12/20/2004 05:44 PM 223,592 l06o0aj3edo.dll
12/19/2004 09:46 PM 223,542 g0jo0a13ed.dll
12/10/2004 09:27 PM 224,058 m6280gfue6280.dll
12/10/2004 08:02 PM 224,032 k0080adued080.dll
12/10/2004 07:55 PM 224,835 gp06l3ds1.dll
12/10/2004 06:48 PM 224,745 gpjql3151.dll
63 File(s) 14,580,538 bytes
2 Dir(s) 31,232,057,344 bytes free
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,096
Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top