OK, here goes:
Logfile of HijackThis v1.99.1
Scan saved at 10:07:07 AM, on 4/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,bjeiixw.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [w291a03b.dll] RUNDLL32.EXE w291a03b.dll,I2 00064ff20291a03b
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [vsrsy] C:\WINDOWS\system32\aegaxr.exe reg_run
O4 - HKCU\..\Run: [Tncu] "C:\PROGRA~1\COMMON~1\DOBE~1\taskmgr.exe" -vt yazr
O4 - HKCU\..\Run: [zmfw] C:\PROGRA~1\COMMON~1\zmfw\zmfwm.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 0844264190
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\l4r00e9meh.dll (file missing)
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\guard.tmp (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
L2mfix 032106
Creating Account.
The command completed successfully.
Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\system32
Killing Processes!
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003
Craig.Peacock@beyondlogic.org
Killing PID 432 'smss.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003
Craig.Peacock@beyondlogic.org
Killing PID 524 'winlogon.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003
Craig.Peacock@beyondlogic.org
Killing PID 1280 'explorer.exe'
Killing PID 1280 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003
Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
Deleting: C:\WINDOWS\system32\__delete_on_reboot__aipmgmts.dll
Successfully Deleted: C:\WINDOWS\system32\__delete_on_reboot__aipmgmts.dll
Deleting: C:\WINDOWS\system32\__delete_on_reboot__kydcz2.dll
Successfully Deleted: C:\WINDOWS\system32\__delete_on_reboot__kydcz2.dll
Deleting: C:\WINDOWS\system32\__delete_on_reboot__nvlanui.dll
Successfully Deleted: C:\WINDOWS\system32\__delete_on_reboot__nvlanui.dll
Deleting: C:\WINDOWS\system32\j04o0ah3ed4.dll
Successfully Deleted: C:\WINDOWS\system32\j04o0ah3ed4.dll
Deleting: C:\WINDOWS\system32\k0no0a53ed.dll
Successfully Deleted: C:\WINDOWS\system32\k0no0a53ed.dll
msg11?.dll
0 file(s) copied.
Restoring Windows Update Certificates.:
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\l4r00e9meh.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\guard.tmp"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\__delete_on_reboot__aipmgmts.dll
C:\WINDOWS\system32\__delete_on_reboot__kydcz2.dll
C:\WINDOWS\system32\__delete_on_reboot__nvlanui.dll
C:\WINDOWS\system32\j04o0ah3ed4.dll
C:\WINDOWS\system32\k0no0a53ed.dll
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{A1F26CE4-68AC-4F45-BC06-C68F76A1D9C8}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A1F26CE4-68AC-4F45-BC06-C68F76A1D9C8}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A1F26CE4-68AC-4F45-BC06-C68F76A1D9C8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A1F26CE4-68AC-4F45-BC06-C68F76A1D9C8}\InprocServer32]
@="C:\\WINDOWS\\system32\\ctnsole.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{E89F0035-F7F5-4801-A104-0B7C334EB781}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E89F0035-F7F5-4801-A104-0B7C334EB781}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E89F0035-F7F5-4801-A104-0B7C334EB781}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E89F0035-F7F5-4801-A104-0B7C334EB781}\InprocServer32]
@="C:\\WINDOWS\\system32\\sQfrdm.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{39F9A38F-24C3-4EE1-80B8-53F7035229C0}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{39F9A38F-24C3-4EE1-80B8-53F7035229C0}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{39F9A38F-24C3-4EE1-80B8-53F7035229C0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{39F9A38F-24C3-4EE1-80B8-53F7035229C0}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{1AB41F03-492C-42C4-872A-947B340B7FEB}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1AB41F03-492C-42C4-872A-947B340B7FEB}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1AB41F03-492C-42C4-872A-947B340B7FEB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1AB41F03-492C-42C4-872A-947B340B7FEB}\InprocServer32]
@="C:\\WINDOWS\\system32\\sjorage.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{3DCEC74B-8B7E-4D5B-9AE0-249BC0014CA0}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3DCEC74B-8B7E-4D5B-9AE0-249BC0014CA0}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3DCEC74B-8B7E-4D5B-9AE0-249BC0014CA0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3DCEC74B-8B7E-4D5B-9AE0-249BC0014CA0}\InprocServer32]
@="C:\\WINDOWS\\system32\\pLpgraph.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{69ACD0D5-1E66-4A21-8108-A4648D508820}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{69ACD0D5-1E66-4A21-8108-A4648D508820}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{69ACD0D5-1E66-4A21-8108-A4648D508820}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{69ACD0D5-1E66-4A21-8108-A4648D508820}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{74EF24C5-88A8-4A12-B5CD-0C003912A860}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{74EF24C5-88A8-4A12-B5CD-0C003912A860}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{74EF24C5-88A8-4A12-B5CD-0C003912A860}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{74EF24C5-88A8-4A12-B5CD-0C003912A860}\InprocServer32]
@="C:\\WINDOWS\\system32\\svorder.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{C316D543-2930-4EDF-9ACB-11F189BFE73B}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C316D543-2930-4EDF-9ACB-11F189BFE73B}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C316D543-2930-4EDF-9ACB-11F189BFE73B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C316D543-2930-4EDF-9ACB-11F189BFE73B}\InprocServer32]
@="C:\\WINDOWS\\system32\\nblanman.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{094B9130-7B63-44A9-ABE7-39854B14AA19}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{094B9130-7B63-44A9-ABE7-39854B14AA19}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{094B9130-7B63-44A9-ABE7-39854B14AA19}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{094B9130-7B63-44A9-ABE7-39854B14AA19}\InprocServer32]
@="C:\\WINDOWS\\system32\\wbnntbbu.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{0917EFCC-884B-4B1E-8B9B-FBA18A31C11E}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0917EFCC-884B-4B1E-8B9B-FBA18A31C11E}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0917EFCC-884B-4B1E-8B9B-FBA18A31C11E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0917EFCC-884B-4B1E-8B9B-FBA18A31C11E}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{264E4598-8084-471E-96D4-7B702071A3CF}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{264E4598-8084-471E-96D4-7B702071A3CF}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{264E4598-8084-471E-96D4-7B702071A3CF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{264E4598-8084-471E-96D4-7B702071A3CF}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{218C2E08-89C4-47E5-8E6F-42B0FD0E028C}"=-
"{A1F26CE4-68AC-4F45-BC06-C68F76A1D9C8}"=-
"{E89F0035-F7F5-4801-A104-0B7C334EB781}"=-
"{39F9A38F-24C3-4EE1-80B8-53F7035229C0}"=-
"{1AB41F03-492C-42C4-872A-947B340B7FEB}"=-
"{3DCEC74B-8B7E-4D5B-9AE0-249BC0014CA0}"=-
"{69ACD0D5-1E66-4A21-8108-A4648D508820}"=-
"{74EF24C5-88A8-4A12-B5CD-0C003912A860}"=-
"{C316D543-2930-4EDF-9ACB-11F189BFE73B}"=-
"{094B9130-7B63-44A9-ABE7-39854B14AA19}"=-
"{0917EFCC-884B-4B1E-8B9B-FBA18A31C11E}"=-
"{264E4598-8084-471E-96D4-7B702071A3CF}"=-
[-HKEY_CLASSES_ROOT\CLSID\{218C2E08-89C4-47E5-8E6F-42B0FD0E028C}]
[-HKEY_CLASSES_ROOT\CLSID\{A1F26CE4-68AC-4F45-BC06-C68F76A1D9C8}]
[-HKEY_CLASSES_ROOT\CLSID\{E89F0035-F7F5-4801-A104-0B7C334EB781}]
[-HKEY_CLASSES_ROOT\CLSID\{39F9A38F-24C3-4EE1-80B8-53F7035229C0}]
[-HKEY_CLASSES_ROOT\CLSID\{1AB41F03-492C-42C4-872A-947B340B7FEB}]
[-HKEY_CLASSES_ROOT\CLSID\{3DCEC74B-8B7E-4D5B-9AE0-249BC0014CA0}]
[-HKEY_CLASSES_ROOT\CLSID\{69ACD0D5-1E66-4A21-8108-A4648D508820}]
[-HKEY_CLASSES_ROOT\CLSID\{74EF24C5-88A8-4A12-B5CD-0C003912A860}]
[-HKEY_CLASSES_ROOT\CLSID\{C316D543-2930-4EDF-9ACB-11F189BFE73B}]
[-HKEY_CLASSES_ROOT\CLSID\{094B9130-7B63-44A9-ABE7-39854B14AA19}]
[-HKEY_CLASSES_ROOT\CLSID\{0917EFCC-884B-4B1E-8B9B-FBA18A31C11E}]
[-HKEY_CLASSES_ROOT\CLSID\{264E4598-8084-471E-96D4-7B702071A3CF}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/j04o0ah3ed4.dll (164 bytes security) (deflated 6%)
adding: dlls/k0no0a53ed.dll (164 bytes security) (deflated 5%)
adding: dlls/__delete_on_reboot__aipmgmts.dll (164 bytes security) (deflated 5%)
adding: dlls/__delete_on_reboot__kydcz2.dll (164 bytes security) (deflated 5%)
adding: dlls/__delete_on_reboot__nvlanui.dll (164 bytes security) (deflated 5%)
adding: backregs/0917EFCC-884B-4B1E-8B9B-FBA18A31C11E.reg (212 bytes security) (deflated 70%)
adding: backregs/094B9130-7B63-44A9-ABE7-39854B14AA19.reg (212 bytes security) (deflated 70%)
adding: backregs/1AB41F03-492C-42C4-872A-947B340B7FEB.reg (212 bytes security) (deflated 70%)
adding: backregs/264E4598-8084-471E-96D4-7B702071A3CF.reg (212 bytes security) (deflated 70%)
adding: backregs/39F9A38F-24C3-4EE1-80B8-53F7035229C0.reg (212 bytes security) (deflated 70%)
adding: backregs/3DCEC74B-8B7E-4D5B-9AE0-249BC0014CA0.reg (212 bytes security) (deflated 70%)
adding: backregs/69ACD0D5-1E66-4A21-8108-A4648D508820.reg (212 bytes security) (deflated 70%)
adding: backregs/74EF24C5-88A8-4A12-B5CD-0C003912A860.reg (212 bytes security) (deflated 70%)
adding: backregs/A1F26CE4-68AC-4F45-BC06-C68F76A1D9C8.reg (212 bytes security) (deflated 70%)
adding: backregs/C316D543-2930-4EDF-9ACB-11F189BFE73B.reg (212 bytes security) (deflated 70%)
adding: backregs/E89F0035-F7F5-4801-A104-0B7C334EB781.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 88%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
Thanks again.