1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

uninstallable AV program and multiple virii

Discussion in 'Virus & Other Malware Removal' started by dwaynea515, Jan 30, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. dwaynea515

    dwaynea515 Thread Starter

    Joined:
    Sep 9, 2001
    Messages:
    601
    I am working on a Dell with XP on it this computer is being overrun with popups and virus. I have run updated AdawareSE as well as Spybot S&D and Spyware Blaster. They Had Norton as well as Defender Working at the same time and neither was preventing this takeover. I uninstalled Norton and installed AVG Free Edition and got 70 Virus off of it. Adaware found 1130 bad files and registry entries. I ran it 3 times before I could get it all off. Spybot found 900 Infected files and removed them all after the second run. I went into the registry and deleted all I could find and still I found a lot of popups coming in. The AVG is constantly popping up and for virus found and asking for " heal or Delete" option. I always choose Delete. here is the problem I could not uninstall the Defender AV program it said " Access Denied" I am sure that I have missed something and Now I am at my wits end. here is the HJT log that was run yesterday, I will be going back over there this afternoon to try to finish it if I can get someone more knowledgeable to help me with this. Also in the Recycle bin there are 2 files that you cant see but when you empty it they come back. also it tries to install the Defender program when you first clic " Empty recycle bin. I know this is a lot of information but this is a messed up machine. thanks for your help:

    Logfile of HijackThis v1.99.0
    Scan saved at 2:53:03 PM, on 1/29/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\qiyf\gtllm.exe
    C:\WINDOWS\System32\tpwccu\grtaosh.exe
    C:\WINDOWS\System32\gjhcnb\xrbmvjlf.exe
    C:\WINDOWS\System32\kvyyrow\itwq.exe
    C:\WINDOWS\System32\chylpb\bfhvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Documents and Settings\Roni\Application Data\eetu.exe
    C:\WINDOWS\System32\w?nspool.exe
    C:\WINDOWS\System32\g0400ahmed4a0.exe
    C:\Documents and Settings\Roni\My Documents\HijackThis.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: US Class - {1FFED2CB-FC98-49f8-B3D0-678D03350F1E} - C:\WINDOWS\mscore.dll
    O1 - Hosts: 69.20.16.183 ieautosearch
    O1 - Hosts: 69.20.16.183 ieautosearch
    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O4 - HKLM\..\Run: [gtllm] C:\WINDOWS\System32\qiyf\gtllm.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [grtaosh] C:\WINDOWS\System32\tpwccu\grtaosh.exe
    O4 - HKLM\..\Run: [xrbmvjlf] C:\WINDOWS\System32\gjhcnb\xrbmvjlf.exe
    O4 - HKLM\..\Run: [itwq] C:\WINDOWS\System32\kvyyrow\itwq.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [bfhvc] C:\WINDOWS\System32\chylpb\bfhvc.exe
    O4 - HKLM\..\Run: [Makarzy] C:\WINDOWS\nyei.exe
    O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvgdy32.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Roni\Application Data\eetu.exe
    O4 - HKCU\..\Run: [Wqbkg] C:\WINDOWS\System32\w?nspool.exe
    O4 - HKCU\..\Run: [g0400ahmed4a0] C:\WINDOWS\System32\g0400ahmed4a0.exe
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O15 - Trusted IP range: (HKLM)
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\xnycoioe.exe
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C3BF1184-29F2-442C-B3FF-9929E544E1B2}: NameServer = 206.10.30.100,206.10.30.101
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,048
    Click here: http://www.atribune.org/downloads/l2mfix.exe to download L2mfix.

    Save the file to your desktop and double click l2mfix.exe. Read and Accept the agreement. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

    IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
     
  3. dwaynea515

    dwaynea515 Thread Starter

    Joined:
    Sep 9, 2001
    Messages:
    601
    Thanks cookiegal: As I said I will go back over there this afternoon and do this then.
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,048
    OK, I'll be around most of the day.
     
  5. dwaynea515

    dwaynea515 Thread Starter

    Joined:
    Sep 9, 2001
    Messages:
    601
    OK cookiegal here it is

    L2MFIX find log 1.02a
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
    "Asynchronous"=dword:00000000
    "DllName"=""
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Controls Folder]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\f2l02c3mgf.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{92FE3EDD-9C26-4A47-B167-23DB1A84AEE9}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
    "{1E2CDF40-419B-11D2-A5A1-002018648BA7}"="AVG Shell Extension"
    "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
    "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
    "{F89C10E5-FF92-4892-992A-2250D660AC96}"=""
    "{647F4399-D654-4D48-AAA6-C319CCFC73C2}"=""
    "{EAF49493-9CCC-45D5-89D6-07B589BC20F1}"=""
    "{0B67FA29-E142-49EF-8DD4-12039B81B6EC}"=""
    "{A2F7D2B0-922D-4DD8-84AF-7C1631C80D70}"=""
    "{125CCFFD-AB0C-4A60-B947-13C727D08BB8}"=""
    "{C9FDAEEE-59EA-4098-9656-B69214FA04A0}"=""
    "{B40DD968-6B53-4435-BD2D-4845EF13E86C}"=""
    "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
    "{27B3932E-E6C0-4D14-A7C4-071AB3E734A7}"=""
    "{F19F0501-0CA8-449D-9B2A-8DD49C01846A}"=""
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
    "{1B1AFC76-01D9-42E7-889C-5EEDA1A9B61D}"=""
    "{98650D0C-8D1B-4652-88F5-9A2D13E05742}"=""
    "{E9625100-059D-475F-89E2-F0977E033589}"=""
    "{E8719229-5C3D-4ACF-AA07-A54EECC418B5}"=""
    "{515CC994-CC6C-475A-A204-6E530A9AE18E}"=""
    "{2865863E-225E-482D-B84B-4BE7B4BAE5F8}"=""
    "{F2FD38E1-A871-49B1-ADAF-EC386816C6F0}"=""
    "{8A356794-26AD-4471-9519-BEA07BF747DA}"=""
    "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
    "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
    "{AA495047-4F72-4DD2-A205-D6F03F288B0E}"=""

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{F89C10E5-FF92-4892-992A-2250D660AC96}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F89C10E5-FF92-4892-992A-2250D660AC96}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F89C10E5-FF92-4892-992A-2250D660AC96}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F89C10E5-FF92-4892-992A-2250D660AC96}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{647F4399-D654-4D48-AAA6-C319CCFC73C2}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{647F4399-D654-4D48-AAA6-C319CCFC73C2}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{647F4399-D654-4D48-AAA6-C319CCFC73C2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{647F4399-D654-4D48-AAA6-C319CCFC73C2}\InprocServer32]
    @="C:\\WINDOWS\\system32\\oxtext32.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{EAF49493-9CCC-45D5-89D6-07B589BC20F1}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EAF49493-9CCC-45D5-89D6-07B589BC20F1}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EAF49493-9CCC-45D5-89D6-07B589BC20F1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EAF49493-9CCC-45D5-89D6-07B589BC20F1}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ib32_32.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{0B67FA29-E142-49EF-8DD4-12039B81B6EC}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{0B67FA29-E142-49EF-8DD4-12039B81B6EC}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{0B67FA29-E142-49EF-8DD4-12039B81B6EC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{0B67FA29-E142-49EF-8DD4-12039B81B6EC}\InprocServer32]
    @="C:\\WINDOWS\\system32\\gy06l3ds1.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{A2F7D2B0-922D-4DD8-84AF-7C1631C80D70}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A2F7D2B0-922D-4DD8-84AF-7C1631C80D70}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A2F7D2B0-922D-4DD8-84AF-7C1631C80D70}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A2F7D2B0-922D-4DD8-84AF-7C1631C80D70}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{125CCFFD-AB0C-4A60-B947-13C727D08BB8}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{125CCFFD-AB0C-4A60-B947-13C727D08BB8}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{125CCFFD-AB0C-4A60-B947-13C727D08BB8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{125CCFFD-AB0C-4A60-B947-13C727D08BB8}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{C9FDAEEE-59EA-4098-9656-B69214FA04A0}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C9FDAEEE-59EA-4098-9656-B69214FA04A0}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C9FDAEEE-59EA-4098-9656-B69214FA04A0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C9FDAEEE-59EA-4098-9656-B69214FA04A0}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dmsetup.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{B40DD968-6B53-4435-BD2D-4845EF13E86C}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B40DD968-6B53-4435-BD2D-4845EF13E86C}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B40DD968-6B53-4435-BD2D-4845EF13E86C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B40DD968-6B53-4435-BD2D-4845EF13E86C}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{27B3932E-E6C0-4D14-A7C4-071AB3E734A7}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{27B3932E-E6C0-4D14-A7C4-071AB3E734A7}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{27B3932E-E6C0-4D14-A7C4-071AB3E734A7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{27B3932E-E6C0-4D14-A7C4-071AB3E734A7}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{F19F0501-0CA8-449D-9B2A-8DD49C01846A}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F19F0501-0CA8-449D-9B2A-8DD49C01846A}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F19F0501-0CA8-449D-9B2A-8DD49C01846A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F19F0501-0CA8-449D-9B2A-8DD49C01846A}\InprocServer32]
    @="C:\\WINDOWS\\system32\\kedru1.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{1B1AFC76-01D9-42E7-889C-5EEDA1A9B61D}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1B1AFC76-01D9-42E7-889C-5EEDA1A9B61D}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1B1AFC76-01D9-42E7-889C-5EEDA1A9B61D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1B1AFC76-01D9-42E7-889C-5EEDA1A9B61D}\InprocServer32]
    @="C:\\WINDOWS\\system32\\khdpl1.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{98650D0C-8D1B-4652-88F5-9A2D13E05742}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{98650D0C-8D1B-4652-88F5-9A2D13E05742}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{98650D0C-8D1B-4652-88F5-9A2D13E05742}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{98650D0C-8D1B-4652-88F5-9A2D13E05742}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mlidntld.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{E9625100-059D-475F-89E2-F0977E033589}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E9625100-059D-475F-89E2-F0977E033589}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E9625100-059D-475F-89E2-F0977E033589}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E9625100-059D-475F-89E2-F0977E033589}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mcoeacct.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{E8719229-5C3D-4ACF-AA07-A54EECC418B5}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E8719229-5C3D-4ACF-AA07-A54EECC418B5}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E8719229-5C3D-4ACF-AA07-A54EECC418B5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E8719229-5C3D-4ACF-AA07-A54EECC418B5}\InprocServer32]
    @="C:\\WINDOWS\\system32\\FZ20.DLL"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{515CC994-CC6C-475A-A204-6E530A9AE18E}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{515CC994-CC6C-475A-A204-6E530A9AE18E}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{515CC994-CC6C-475A-A204-6E530A9AE18E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{515CC994-CC6C-475A-A204-6E530A9AE18E}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ebts.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{2865863E-225E-482D-B84B-4BE7B4BAE5F8}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2865863E-225E-482D-B84B-4BE7B4BAE5F8}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2865863E-225E-482D-B84B-4BE7B4BAE5F8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2865863E-225E-482D-B84B-4BE7B4BAE5F8}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ttpmon.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{F2FD38E1-A871-49B1-ADAF-EC386816C6F0}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F2FD38E1-A871-49B1-ADAF-EC386816C6F0}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F2FD38E1-A871-49B1-ADAF-EC386816C6F0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F2FD38E1-A871-49B1-ADAF-EC386816C6F0}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wzs5.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{8A356794-26AD-4471-9519-BEA07BF747DA}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{8A356794-26AD-4471-9519-BEA07BF747DA}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{8A356794-26AD-4471-9519-BEA07BF747DA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{8A356794-26AD-4471-9519-BEA07BF747DA}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{AA495047-4F72-4DD2-A205-D6F03F288B0E}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AA495047-4F72-4DD2-A205-D6F03F288B0E}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AA495047-4F72-4DD2-A205-D6F03F288B0E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AA495047-4F72-4DD2-A205-D6F03F288B0E}\InprocServer32]
    @="C:\\WINDOWS\\system32\\nktlogon.dll"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:
    Locate .tmp files:
    **********************************************************************************
    Directory Listing of system files:
    Volume in drive C has no label.
    Volume Serial Number is D4B9-C7E7

    Directory of C:\WINDOWS\System32

    01/30/2005 11:50 AM <DIR> dllcache
    01/30/2005 08:55 AM 223,224 guard.tmp
    01/29/2005 08:30 PM 224,611 dn4001hme.dll
    01/29/2005 08:29 PM 223,224 f2l02c3mgf.dll
    01/29/2005 06:57 PM 223,147 mlidntld.dll
    01/29/2005 09:36 AM 475 bxtgy.dll
    01/29/2005 09:00 AM 223,062 dzwave.dll
    01/28/2005 09:13 PM 225,723 fp6003jme.dll
    01/27/2005 11:02 PM 225,723 dn4s01h7e.dll
    01/27/2005 08:53 PM 223,023 l0l6la3s1d.dll
    01/27/2005 12:23 PM 223,107 mvrsl9971.dll
    01/26/2005 09:17 PM 176,362 BXtgY.exe
    01/26/2005 08:37 PM 225,723 mvpql9751.dll
    01/26/2005 04:08 PM 225,723 kt8ul7l91.dll
    01/25/2005 05:09 PM 225,723 hrl4053qe.dll
    01/24/2005 08:48 PM 225,723 irj4l51q1.dll
    01/23/2005 04:42 PM 225,723 jt2407fqe.dll
    01/22/2005 03:33 PM 225,723 j0j60a1sed.dll
    01/21/2005 02:46 PM 225,723 d6j00g1me6.dll
    01/20/2005 09:37 PM 224,959 kt42l7ho1.dll
    01/20/2005 04:54 PM 224,959 m4640ejqehoe0.dll
    01/19/2005 08:01 AM 223,264 ir6ql5j51.dll
    01/18/2005 10:27 PM 226,240 mv2ol9f31.dll
    01/16/2005 11:16 PM 226,240 n2p40c7qef.dll
    01/15/2005 10:06 PM 223,214 hpj0231mg.dll
    01/14/2005 07:02 PM 225,861 gpnml3511.dll
    01/11/2005 08:15 AM 401,408 t?skmgr.exe
    01/11/2005 08:13 AM 401,408 n?tdde.exe
    01/11/2005 08:11 AM 401,408 ?ti2evxx.exe
    01/11/2005 08:10 AM 401,408 w?nspool.exe
    01/07/2005 04:47 PM 222,966 g0400ahmed4a0.dll
    01/06/2005 10:12 PM <DIR> Microsoft
    01/05/2005 10:32 PM 224,752 mvl4l93q1.dll
    01/05/2005 12:56 AM 222,778 r8p80i7ue8.dll
    01/04/2005 11:51 PM 222,778 wuvdmoe.dll
    01/04/2005 06:40 PM 222,778 hrjo0513e.dll
    01/04/2005 05:42 PM 224,157 mvpol9731.dll
    01/03/2005 11:22 PM 225,353 n2r20c9oef.dll
    01/03/2005 10:18 PM 225,353 owdbse32.dll
    01/03/2005 08:43 PM 224,854 kt26l7fs1.dll
    12/31/2004 03:58 PM 225,987 f8j2li1o18.dll
    12/31/2004 03:52 PM 226,216 lv2209foe.dll
    12/31/2004 12:27 PM 223,171 m228lcfu1f28.dll
    12/30/2004 10:56 PM 225,987 dn8001lme.dll
    12/30/2004 10:44 PM 225,987 f0j2la1o1d.dll
    12/30/2004 10:42 PM 222,944 n2p4lc7q1f.dll
    12/30/2004 06:19 PM 225,987 en4ul1h91.dll
    12/30/2004 06:18 PM 222,581 jt4s07h7e.dll
    12/30/2004 05:00 PM 225,000 f4j2le1o1h.dll
    12/30/2004 03:59 PM 224,685 fp8203loe.dll
    12/30/2004 02:31 PM 223,578 k4pm0e71eh.dll
    12/30/2004 01:54 PM 224,454 r6p80g7ue6.dll
    12/30/2004 01:36 PM 223,206 n22ulcf91f2.dll
    12/29/2004 11:10 PM 225,150 r08slal71dq.dll
    12/28/2004 10:07 PM 224,264 irnml5511.dll
    12/26/2004 05:15 PM 224,950 k8jsli1718.dll
    12/26/2004 04:21 PM 224,382 sqlwapi.dll
    12/26/2004 01:39 PM 224,201 l06olaj31do.dll
    12/25/2004 11:28 AM 225,124 t2r8lc9u1f.dll
    12/20/2004 05:44 PM 223,592 l06o0aj3edo.dll
    12/19/2004 09:46 PM 223,542 g0jo0a13ed.dll
    12/10/2004 09:27 PM 224,058 m6280gfue6280.dll
    12/10/2004 08:02 PM 224,032 k0080adued080.dll
    12/10/2004 07:55 PM 224,835 gp06l3ds1.dll
    12/10/2004 06:48 PM 224,745 gpjql3151.dll
    63 File(s) 14,580,538 bytes
    2 Dir(s) 31,232,057,344 bytes free
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,048
    Close any programs you have open since this step requires a reboot.

    From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

    IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - uninstallable program multiple
  1. bergstein
    Replies:
    3
    Views:
    906
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/324888

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice