Here you go, next log
L
L2mfix 032106
Creating Account.
The command completed successfully.
Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\system32
Killing Processes!
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003
Craig.Peacock@beyondlogic.org
Killing PID 148 'smss.exe'
Killing PID 148 'smss.exe'
Error 0x5 : Access is denied.
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003
Craig.Peacock@beyondlogic.org
Killing PID 196 'winlogon.exe'
Killing PID 196 'winlogon.exe'
Error 0x5 : Access is denied.
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003
Craig.Peacock@beyondlogic.org
Killing PID 880 'explorer.exe'
Killing PID 880 'explorer.exe'
Error 0x5 : Access is denied.
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003
Craig.Peacock@beyondlogic.org
Killing PID 780 'rundll32.exe'
Killing PID 780 'rundll32.exe'
Error 0x5 : Access is denied.
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
Deleting: C:\WINDOWS\system32\cmrtc.dll
Successfully Deleted: C:\WINDOWS\system32\cmrtc.dll
Deleting: C:\WINDOWS\system32\csmdlg32.dll
Successfully Deleted: C:\WINDOWS\system32\csmdlg32.dll
Deleting: C:\WINDOWS\system32\dCnim.dll
Successfully Deleted: C:\WINDOWS\system32\dCnim.dll
Deleting: C:\WINDOWS\system32\dicpcsvc.dll
Successfully Deleted: C:\WINDOWS\system32\dicpcsvc.dll
Deleting: C:\WINDOWS\system32\dn4q01h5e.dll
Successfully Deleted: C:\WINDOWS\system32\dn4q01h5e.dll
Deleting: C:\WINDOWS\system32\dnauth.dll
Successfully Deleted: C:\WINDOWS\system32\dnauth.dll
Deleting: C:\WINDOWS\system32\enj2l11o1.dll
Successfully Deleted: C:\WINDOWS\system32\enj2l11o1.dll
Deleting: C:\WINDOWS\system32\fp0o03d3e.dll
Successfully Deleted: C:\WINDOWS\system32\fp0o03d3e.dll
Deleting: C:\WINDOWS\system32\fp2403fqe.dll
Successfully Deleted: C:\WINDOWS\system32\fp2403fqe.dll
Deleting: C:\WINDOWS\system32\fp6403jqe.dll
Successfully Deleted: C:\WINDOWS\system32\fp6403jqe.dll
Deleting: C:\WINDOWS\system32\fp8s03l7e.dll
Successfully Deleted: C:\WINDOWS\system32\fp8s03l7e.dll
Deleting: C:\WINDOWS\system32\fpnq0355e.dll
Successfully Deleted: C:\WINDOWS\system32\fpnq0355e.dll
Deleting: C:\WINDOWS\system32\fpr8039ue.dll
Successfully Deleted: C:\WINDOWS\system32\fpr8039ue.dll
Deleting: C:\WINDOWS\system32\fprq0395e.dll
Successfully Deleted: C:\WINDOWS\system32\fprq0395e.dll
Deleting: C:\WINDOWS\system32\h22o0cf3ef2.dll
Successfully Deleted: C:\WINDOWS\system32\h22o0cf3ef2.dll
Deleting: C:\WINDOWS\system32\h24m0ch1ef4.dll
Successfully Deleted: C:\WINDOWS\system32\h24m0ch1ef4.dll
Deleting: C:\WINDOWS\system32\idmp.dll
Successfully Deleted: C:\WINDOWS\system32\idmp.dll
Deleting: C:\WINDOWS\system32\igmontr.dll
Successfully Deleted: C:\WINDOWS\system32\igmontr.dll
Deleting: C:\WINDOWS\system32\iNssvcs.dll
Successfully Deleted: C:\WINDOWS\system32\iNssvcs.dll
Deleting: C:\WINDOWS\system32\ir8ul5l91.dll
Successfully Deleted: C:\WINDOWS\system32\ir8ul5l91.dll
Deleting: C:\WINDOWS\system32\irnql5551.dll
Successfully Deleted: C:\WINDOWS\system32\irnql5551.dll
Deleting: C:\WINDOWS\system32\irpql5751.dll
Successfully Deleted: C:\WINDOWS\system32\irpql5751.dll
Deleting: C:\WINDOWS\system32\j6p0lg7m16.dll
Successfully Deleted: C:\WINDOWS\system32\j6p0lg7m16.dll
Deleting: C:\WINDOWS\system32\jr4025hmg.dll
Successfully Deleted: C:\WINDOWS\system32\jr4025hmg.dll
Deleting: C:\WINDOWS\system32\jt6807jue.dll
Successfully Deleted: C:\WINDOWS\system32\jt6807jue.dll
Deleting: C:\WINDOWS\system32\jz4025hmg.dll
Successfully Deleted: C:\WINDOWS\system32\jz4025hmg.dll
Deleting: C:\WINDOWS\system32\k8js0i17e8.dll
Successfully Deleted: C:\WINDOWS\system32\k8js0i17e8.dll
Deleting: C:\WINDOWS\system32\ksdal.dll
Successfully Deleted: C:\WINDOWS\system32\ksdal.dll
Deleting: C:\WINDOWS\system32\lvp2097oe.dll
Successfully Deleted: C:\WINDOWS\system32\lvp2097oe.dll
Deleting: C:\WINDOWS\system32\m482lelo1hqc.dll
Successfully Deleted: C:\WINDOWS\system32\m482lelo1hqc.dll
Deleting: C:\WINDOWS\system32\m4rm0e91eh.dll
Successfully Deleted: C:\WINDOWS\system32\m4rm0e91eh.dll
Deleting: C:\WINDOWS\system32\m8460ihse8460.dll
Successfully Deleted: C:\WINDOWS\system32\m8460ihse8460.dll
Deleting: C:\WINDOWS\system32\mBpi32.dll
Successfully Deleted: C:\WINDOWS\system32\mBpi32.dll
Deleting: C:\WINDOWS\system32\modtcui.dll
Successfully Deleted: C:\WINDOWS\system32\modtcui.dll
Deleting: C:\WINDOWS\system32\mrexcl40.dll
Successfully Deleted: C:\WINDOWS\system32\mrexcl40.dll
Deleting: C:\WINDOWS\system32\mtrd2x40.dll
Successfully Deleted: C:\WINDOWS\system32\mtrd2x40.dll
Deleting: C:\WINDOWS\system32\MUT2FW95.DLL
Successfully Deleted: C:\WINDOWS\system32\MUT2FW95.DLL
Deleting: C:\WINDOWS\system32\muxoci.dll
Successfully Deleted: C:\WINDOWS\system32\muxoci.dll
Deleting: C:\WINDOWS\system32\mv0ml9d11.dll
Successfully Deleted: C:\WINDOWS\system32\mv0ml9d11.dll
Deleting: C:\WINDOWS\system32\mvl8l93u1.dll
Successfully Deleted: C:\WINDOWS\system32\mvl8l93u1.dll
Deleting: C:\WINDOWS\system32\MVMBG.DLL
Successfully Deleted: C:\WINDOWS\system32\MVMBG.DLL
Deleting: C:\WINDOWS\system32\mvnsl9571.dll
Successfully Deleted: C:\WINDOWS\system32\mvnsl9571.dll
Deleting: C:\WINDOWS\system32\mvrol9931.dll
Successfully Deleted: C:\WINDOWS\system32\mvrol9931.dll
Deleting: C:\WINDOWS\system32\n04slah71d4.dll
Successfully Deleted: C:\WINDOWS\system32\n04slah71d4.dll
Deleting: C:\WINDOWS\system32\o4pqle751h.dll
Successfully Deleted: C:\WINDOWS\system32\o4pqle751h.dll
Deleting: C:\WINDOWS\system32\ogesvr.dll
Successfully Deleted: C:\WINDOWS\system32\ogesvr.dll
Deleting: C:\WINDOWS\system32\opbc16gt.dll
Successfully Deleted: C:\WINDOWS\system32\opbc16gt.dll
Deleting: C:\WINDOWS\system32\p0n8la5u1d.dll
Successfully Deleted: C:\WINDOWS\system32\p0n8la5u1d.dll
Deleting: C:\WINDOWS\system32\p2r4lc9q1f.dll
Successfully Deleted: C:\WINDOWS\system32\p2r4lc9q1f.dll
Deleting: C:\WINDOWS\system32\qkvd.dll
Successfully Deleted: C:\WINDOWS\system32\qkvd.dll
Deleting: C:\WINDOWS\system32\s8puli7918.dll
Successfully Deleted: C:\WINDOWS\system32\s8puli7918.dll
Deleting: C:\WINDOWS\system32\u8ruli9918.dll
Successfully Deleted: C:\WINDOWS\system32\u8ruli9918.dll
Deleting: C:\WINDOWS\system32\YLRWin32.dll
Successfully Deleted: C:\WINDOWS\system32\YLRWin32.dll
msg11?.dll
0 file(s) copied.
Restoring Windows Update Certificates.:
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CSCSettings]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\dn4q01h5e.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\i2420choef4c0.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Screen Savers]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\iqfgnt5.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellServiceObjectDelayLoad]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\ir68l5ju1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\cmrtc.dll
C:\WINDOWS\system32\csmdlg32.dll
C:\WINDOWS\system32\dCnim.dll
C:\WINDOWS\system32\dicpcsvc.dll
C:\WINDOWS\system32\dn4q01h5e.dll
C:\WINDOWS\system32\dnauth.dll
C:\WINDOWS\system32\enj2l11o1.dll
C:\WINDOWS\system32\fp0o03d3e.dll
C:\WINDOWS\system32\fp2403fqe.dll
C:\WINDOWS\system32\fp6403jqe.dll
C:\WINDOWS\system32\fp8s03l7e.dll
C:\WINDOWS\system32\fpnq0355e.dll
C:\WINDOWS\system32\fpr8039ue.dll
C:\WINDOWS\system32\fprq0395e.dll
C:\WINDOWS\system32\h22o0cf3ef2.dll
C:\WINDOWS\system32\h24m0ch1ef4.dll
C:\WINDOWS\system32\idmp.dll
C:\WINDOWS\system32\igmontr.dll
C:\WINDOWS\system32\iNssvcs.dll
C:\WINDOWS\system32\ir8ul5l91.dll
C:\WINDOWS\system32\irnql5551.dll
C:\WINDOWS\system32\irpql5751.dll
C:\WINDOWS\system32\j6p0lg7m16.dll
C:\WINDOWS\system32\jr4025hmg.dll
C:\WINDOWS\system32\jt6807jue.dll
C:\WINDOWS\system32\jz4025hmg.dll
C:\WINDOWS\system32\k8js0i17e8.dll
C:\WINDOWS\system32\ksdal.dll
C:\WINDOWS\system32\lvp2097oe.dll
C:\WINDOWS\system32\m482lelo1hqc.dll
C:\WINDOWS\system32\m4rm0e91eh.dll
C:\WINDOWS\system32\m8460ihse8460.dll
C:\WINDOWS\system32\mBpi32.dll
C:\WINDOWS\system32\modtcui.dll
C:\WINDOWS\system32\mrexcl40.dll
C:\WINDOWS\system32\mtrd2x40.dll
C:\WINDOWS\system32\MUT2FW95.DLL
C:\WINDOWS\system32\muxoci.dll
C:\WINDOWS\system32\mv0ml9d11.dll
C:\WINDOWS\system32\mvl8l93u1.dll
C:\WINDOWS\system32\MVMBG.DLL
C:\WINDOWS\system32\mvnsl9571.dll
C:\WINDOWS\system32\mvrol9931.dll
C:\WINDOWS\system32\n04slah71d4.dll
C:\WINDOWS\system32\o4pqle751h.dll
C:\WINDOWS\system32\ogesvr.dll
C:\WINDOWS\system32\opbc16gt.dll
C:\WINDOWS\system32\p0n8la5u1d.dll
C:\WINDOWS\system32\p2r4lc9q1f.dll
C:\WINDOWS\system32\qkvd.dll
C:\WINDOWS\system32\s8puli7918.dll
C:\WINDOWS\system32\u8ruli9918.dll
C:\WINDOWS\system32\YLRWin32.dll
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{23985298-DC57-4F0F-ACDD-06A8ED462D83}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{23985298-DC57-4F0F-ACDD-06A8ED462D83}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{23985298-DC57-4F0F-ACDD-06A8ED462D83}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{23985298-DC57-4F0F-ACDD-06A8ED462D83}\InprocServer32]
@="C:\\WINDOWS\\system32\\iqfgnt5.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{12414AF9-F71A-4DF3-91F6-BFB600A1DD3D}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{12414AF9-F71A-4DF3-91F6-BFB600A1DD3D}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{12414AF9-F71A-4DF3-91F6-BFB600A1DD3D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{12414AF9-F71A-4DF3-91F6-BFB600A1DD3D}\InprocServer32]
@="C:\\WINDOWS\\system32\\ixfgnt5.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{2E2B9E67-AE1F-40E9-8CAB-F2A7CFB7E573}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2E2B9E67-AE1F-40E9-8CAB-F2A7CFB7E573}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2E2B9E67-AE1F-40E9-8CAB-F2A7CFB7E573}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2E2B9E67-AE1F-40E9-8CAB-F2A7CFB7E573}\InprocServer32]
@="C:\\WINDOWS\\system32\\DODRGCTL.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{F627453C-EF38-4E9F-9665-D606FA6C1F7E}]
@=""
"IDEx"="AD"
[HKEY_CLASSES_ROOT\CLSID\{F627453C-EF38-4E9F-9665-D606FA6C1F7E}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F627453C-EF38-4E9F-9665-D606FA6C1F7E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F627453C-EF38-4E9F-9665-D606FA6C1F7E}\InprocServer32]
@="C:\\WINDOWS\\system32\\mPcrovsn.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{EDA0B4B8-EDD2-4DE7-8301-1C5876E2E219}]
@=""
"IDEx"="AD"
[HKEY_CLASSES_ROOT\CLSID\{EDA0B4B8-EDD2-4DE7-8301-1C5876E2E219}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{EDA0B4B8-EDD2-4DE7-8301-1C5876E2E219}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{EDA0B4B8-EDD2-4DE7-8301-1C5876E2E219}\InprocServer32]
@="C:\\WINDOWS\\system32\\iXsuserr.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{16F9BE12-A3DA-475D-9110-2D44E3030BAE}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{16F9BE12-A3DA-475D-9110-2D44E3030BAE}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{16F9BE12-A3DA-475D-9110-2D44E3030BAE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{16F9BE12-A3DA-475D-9110-2D44E3030BAE}\InprocServer32]
@="C:\\WINDOWS\\system32\\idmp.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{87D67269-6E4F-4F4D-A213-34D1552A93D6}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{87D67269-6E4F-4F4D-A213-34D1552A93D6}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{87D67269-6E4F-4F4D-A213-34D1552A93D6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{87D67269-6E4F-4F4D-A213-34D1552A93D6}\InprocServer32]
@="C:\\WINDOWS\\system32\\dicpcsvc.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{5A904DAD-2AA5-42C3-A379-769C04D2E3DE}]
@=""
"IDEx"="AD"
[HKEY_CLASSES_ROOT\CLSID\{5A904DAD-2AA5-42C3-A379-769C04D2E3DE}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5A904DAD-2AA5-42C3-A379-769C04D2E3DE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5A904DAD-2AA5-42C3-A379-769C04D2E3DE}\InprocServer32]
@="C:\\WINDOWS\\system32\\swrmdll.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{99D84535-B016-41B2-9F04-9BA66C525789}]
@=""
"IDEx"="AD"
[HKEY_CLASSES_ROOT\CLSID\{99D84535-B016-41B2-9F04-9BA66C525789}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{99D84535-B016-41B2-9F04-9BA66C525789}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{99D84535-B016-41B2-9F04-9BA66C525789}\InprocServer32]
@="C:\\WINDOWS\\system32\\tyolhelp.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{26DF2529-BF13-4B0E-B108-43F8FEEC1097}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{26DF2529-BF13-4B0E-B108-43F8FEEC1097}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{26DF2529-BF13-4B0E-B108-43F8FEEC1097}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{26DF2529-BF13-4B0E-B108-43F8FEEC1097}\InprocServer32]
@="C:\\WINDOWS\\system32\\cncui.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{9D73BE8D-C6E8-4553-83DF-FC65C48B726E}]
@=""
"IDEx"="AD"
[HKEY_CLASSES_ROOT\CLSID\{9D73BE8D-C6E8-4553-83DF-FC65C48B726E}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9D73BE8D-C6E8-4553-83DF-FC65C48B726E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9D73BE8D-C6E8-4553-83DF-FC65C48B726E}\InprocServer32]
@="C:\\WINDOWS\\system32\\dFd8thk.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{DDEE6BA4-2194-461D-AE0A-41F1A21C187A}]
@=""
"IDEx"="AD"
[HKEY_CLASSES_ROOT\CLSID\{DDEE6BA4-2194-461D-AE0A-41F1A21C187A}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DDEE6BA4-2194-461D-AE0A-41F1A21C187A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DDEE6BA4-2194-461D-AE0A-41F1A21C187A}\InprocServer32]
@="C:\\WINDOWS\\system32\\dheml.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{7F3A1C96-4A40-4268-B4C2-B2E5B5A71F1E}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7F3A1C96-4A40-4268-B4C2-B2E5B5A71F1E}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7F3A1C96-4A40-4268-B4C2-B2E5B5A71F1E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7F3A1C96-4A40-4268-B4C2-B2E5B5A71F1E}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{592F920D-2C2A-44F0-934E-953306B0C1A3}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{592F920D-2C2A-44F0-934E-953306B0C1A3}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{592F920D-2C2A-44F0-934E-953306B0C1A3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{592F920D-2C2A-44F0-934E-953306B0C1A3}\InprocServer32]
@="C:\\WINDOWS\\system32\\mrexcl40.dll"
"ThreadingModel"="Apartment"
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{23985298-DC57-4F0F-ACDD-06A8ED462D83}"=-
"{12414AF9-F71A-4DF3-91F6-BFB600A1DD3D}"=-
"{2E2B9E67-AE1F-40E9-8CAB-F2A7CFB7E573}"=-
"{F627453C-EF38-4E9F-9665-D606FA6C1F7E}"=-
"{EDA0B4B8-EDD2-4DE7-8301-1C5876E2E219}"=-
"{16F9BE12-A3DA-475D-9110-2D44E3030BAE}"=-
"{87D67269-6E4F-4F4D-A213-34D1552A93D6}"=-
"{5A904DAD-2AA5-42C3-A379-769C04D2E3DE}"=-
"{99D84535-B016-41B2-9F04-9BA66C525789}"=-
"{26DF2529-BF13-4B0E-B108-43F8FEEC1097}"=-
"{9D73BE8D-C6E8-4553-83DF-FC65C48B726E}"=-
"{DDEE6BA4-2194-461D-AE0A-41F1A21C187A}"=-
"{7F3A1C96-4A40-4268-B4C2-B2E5B5A71F1E}"=-
"{592F920D-2C2A-44F0-934E-953306B0C1A3}"=-
[-HKEY_CLASSES_ROOT\CLSID\{23985298-DC57-4F0F-ACDD-06A8ED462D83}]
[-HKEY_CLASSES_ROOT\CLSID\{12414AF9-F71A-4DF3-91F6-BFB600A1DD3D}]
[-HKEY_CLASSES_ROOT\CLSID\{2E2B9E67-AE1F-40E9-8CAB-F2A7CFB7E573}]
[-HKEY_CLASSES_ROOT\CLSID\{F627453C-EF38-4E9F-9665-D606FA6C1F7E}]
[-HKEY_CLASSES_ROOT\CLSID\{EDA0B4B8-EDD2-4DE7-8301-1C5876E2E219}]
[-HKEY_CLASSES_ROOT\CLSID\{16F9BE12-A3DA-475D-9110-2D44E3030BAE}]
[-HKEY_CLASSES_ROOT\CLSID\{87D67269-6E4F-4F4D-A213-34D1552A93D6}]
[-HKEY_CLASSES_ROOT\CLSID\{5A904DAD-2AA5-42C3-A379-769C04D2E3DE}]
[-HKEY_CLASSES_ROOT\CLSID\{99D84535-B016-41B2-9F04-9BA66C525789}]
[-HKEY_CLASSES_ROOT\CLSID\{26DF2529-BF13-4B0E-B108-43F8FEEC1097}]
[-HKEY_CLASSES_ROOT\CLSID\{9D73BE8D-C6E8-4553-83DF-FC65C48B726E}]
[-HKEY_CLASSES_ROOT\CLSID\{DDEE6BA4-2194-461D-AE0A-41F1A21C187A}]
[-HKEY_CLASSES_ROOT\CLSID\{7F3A1C96-4A40-4268-B4C2-B2E5B5A71F1E}]
[-HKEY_CLASSES_ROOT\CLSID\{592F920D-2C2A-44F0-934E-953306B0C1A3}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/cmrtc.dll (152 bytes security) (deflated 4%)
adding: dlls/csmdlg32.dll (152 bytes security) (deflated 4%)
adding: dlls/dCnim.dll (152 bytes security) (deflated 6%)
adding: dlls/dicpcsvc.dll (152 bytes security) (deflated 5%)
adding: dlls/dn4q01h5e.dll (152 bytes security) (deflated 5%)
adding: dlls/dnauth.dll (152 bytes security) (deflated 5%)
adding: dlls/enj2l11o1.dll (152 bytes security) (deflated 4%)
adding: dlls/fp0o03d3e.dll (152 bytes security) (deflated 5%)
adding: dlls/fp2403fqe.dll (152 bytes security) (deflated 4%)
adding: dlls/fp6403jqe.dll (152 bytes security) (deflated 4%)
adding: dlls/fp8s03l7e.dll (152 bytes security) (deflated 5%)
adding: dlls/fpnq0355e.dll (152 bytes security) (deflated 5%)
adding: dlls/fpr8039ue.dll (152 bytes security) (deflated 5%)
adding: dlls/fprq0395e.dll (152 bytes security) (deflated 4%)
adding: dlls/h22o0cf3ef2.dll (152 bytes security) (deflated 6%)
adding: dlls/h24m0ch1ef4.dll (152 bytes security) (deflated 4%)
adding: dlls/idmp.dll (152 bytes security) (deflated 5%)
adding: dlls/igmontr.dll (152 bytes security) (deflated 5%)
adding: dlls/iNssvcs.dll (152 bytes security) (deflated 4%)
adding: dlls/ir8ul5l91.dll (152 bytes security) (deflated 4%)
adding: dlls/irnql5551.dll (152 bytes security) (deflated 5%)
adding: dlls/irpql5751.dll (152 bytes security) (deflated 5%)
adding: dlls/j6p0lg7m16.dll (152 bytes security) (deflated 4%)
adding: dlls/jr4025hmg.dll (152 bytes security) (deflated 5%)
adding: dlls/jt6807jue.dll (152 bytes security) (deflated 5%)
adding: dlls/jz4025hmg.dll (152 bytes security) (deflated 5%)
adding: dlls/k8js0i17e8.dll (152 bytes security) (deflated 5%)
adding: dlls/ksdal.dll (152 bytes security) (deflated 4%)
adding: dlls/lvp2097oe.dll (152 bytes security) (deflated 5%)
adding: dlls/m482lelo1hqc.dll (152 bytes security) (deflated 5%)
adding: dlls/m4rm0e91eh.dll (152 bytes security) (deflated 5%)
adding: dlls/m8460ihse8460.dll (152 bytes security) (deflated 4%)
adding: dlls/mBpi32.dll (152 bytes security) (deflated 4%)
adding: dlls/modtcui.dll (152 bytes security) (deflated 4%)
adding: dlls/mrexcl40.dll (152 bytes security) (deflated 5%)
adding: dlls/mtrd2x40.dll (152 bytes security) (deflated 6%)
adding: dlls/MUT2FW95.DLL (152 bytes security) (deflated 5%)
adding: dlls/muxoci.dll (152 bytes security) (deflated 4%)
adding: dlls/mv0ml9d11.dll (152 bytes security) (deflated 4%)
adding: dlls/mvl8l93u1.dll (152 bytes security) (deflated 5%)
adding: dlls/MVMBG.DLL (152 bytes security) (deflated 4%)
adding: dlls/mvnsl9571.dll (152 bytes security) (deflated 4%)
adding: dlls/mvrol9931.dll (152 bytes security) (deflated 5%)
adding: dlls/n04slah71d4.dll (152 bytes security) (deflated 5%)
adding: dlls/o4pqle751h.dll (152 bytes security) (deflated 4%)
adding: dlls/ogesvr.dll (152 bytes security) (deflated 4%)
adding: dlls/opbc16gt.dll (152 bytes security) (deflated 4%)
adding: dlls/p0n8la5u1d.dll (152 bytes security) (deflated 4%)
adding: dlls/p2r4lc9q1f.dll (152 bytes security) (deflated 5%)
adding: dlls/qkvd.dll (152 bytes security) (deflated 4%)
adding: dlls/s8puli7918.dll (152 bytes security) (deflated 5%)
adding: dlls/u8ruli9918.dll (152 bytes security) (deflated 4%)
adding: dlls/YLRWin32.dll (152 bytes security) (deflated 4%)
adding: backregs/12414AF9-F71A-4DF3-91F6-BFB600A1DD3D.reg (164 bytes security) (deflated 69%)
adding: backregs/16F9BE12-A3DA-475D-9110-2D44E3030BAE.reg (164 bytes security) (deflated 70%)
adding: backregs/23985298-DC57-4F0F-ACDD-06A8ED462D83.reg (164 bytes security) (deflated 69%)
adding: backregs/26DF2529-BF13-4B0E-B108-43F8FEEC1097.reg (164 bytes security) (deflated 70%)
adding: backregs/2E2B9E67-AE1F-40E9-8CAB-F2A7CFB7E573.reg (164 bytes security) (deflated 69%)
adding: backregs/592F920D-2C2A-44F0-934E-953306B0C1A3.reg (164 bytes security) (deflated 70%)
adding: backregs/5A904DAD-2AA5-42C3-A379-769C04D2E3DE.reg (164 bytes security) (deflated 69%)
adding: backregs/7F3A1C96-4A40-4268-B4C2-B2E5B5A71F1E.reg (164 bytes security) (deflated 70%)
adding: backregs/87D67269-6E4F-4F4D-A213-34D1552A93D6.reg (164 bytes security) (deflated 70%)
adding: backregs/99D84535-B016-41B2-9F04-9BA66C525789.reg (164 bytes security) (deflated 69%)
adding: backregs/9D73BE8D-C6E8-4553-83DF-FC65C48B726E.reg (164 bytes security) (deflated 69%)
adding: backregs/DDEE6BA4-2194-461D-AE0A-41F1A21C187A.reg (164 bytes security) (deflated 69%)
adding: backregs/EDA0B4B8-EDD2-4DE7-8301-1C5876E2E219.reg (164 bytes security) (deflated 69%)
adding: backregs/F627453C-EF38-4E9F-9665-D606FA6C1F7E.reg (164 bytes security) (deflated 69%)
adding: backregs/notibac.reg (152 bytes security) (deflated 87%)
adding: backregs/shell.reg (152 bytes security) (deflated 74%)