Print Page - Need help with spyware (desktop.exe among others)

I have been having problems over the past few weeks with pop-ups showing up while my DSL is connected, regardless of whether I am browsing the Internet. My computer is overall very slow, which I've been remedying by just clearing the Task Manager of any unfamiliar programs. Finally, the desktop.exe bar started showing up on my desktop every time I started up my computer. I assume that it's due to spyware, but Ad-Aware and Spybot S&D never seem to fix this. Any help you could offer would be greatly appreciated!

Here's my HighjackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:38:19 PM, on 3/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\oifvl\jgsgewy.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\arqsmuyn\aajyfc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\program files\support.com\bin\tgcmd.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\WINDOWS\System32\soundcontrl.exe
C:\WINDOWS\aqadcup.exe
C:\WINDOWS\System32\Microsoft.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\DOCUME~1\FURIOU~1\LOCALS~1\Temp\32cx423.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\wintask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\isrvs\desktop.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\secure.exe
C:\WINDOWS\System32\ykjrgve\jhmcml.exe
C:\windows\system32\vdxregvs.exe
C:\WINDOWS\System32\ffisysi6.exe
C:\WINDOWS\System32\pxabgq\armnrp.exe
C:\WINDOWS\System32\mfwjhuwc\pefkv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\kkui\nwgctre.exe
C:\WINDOWS\System32\??chost.exe
C:\WINDOWS\System32\sysmonnt.exe
C:\WINDOWS\System32\hyfamjb\vghvqpgu.exe
C:\WINDOWS\System32\piokg\jpmryixe.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\WINDOWS\System32\autodrop.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com (http://\"http://www.dellnet.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/ (http://\"http://www.dellnet.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com\")
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [scvhost] scvhost.exe
O4 - HKLM\..\Run: [soundcontrl] soundcontrl.exe
O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
O4 - HKLM\..\Run: [Microsoft Update] Microsoft.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [hcbyfsx] C:\WINDOWS\hcbyfsx.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Services] C:\DOCUME~1\FURIOU~1\LOCALS~1\Temp\32cx423.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [vidbbz] c:\windows\system32\vidbbz.exe
O4 - HKLM\..\Run: [8tyx6veo] C:\Program Files\8tyx6veo\8tyx6veo.exe
O4 - HKLM\..\Run: [mzwfgh] C:\WINDOWS\mzwfgh.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [AutoLoader3suo1PKfLZXK] "C:\WINDOWS\System32\eqngnt.exe" /HideDir /HideUninstall /PC="CP.BIG" /ShowLegalNote="nonbranded"
O4 - HKLM\..\Run: [3F5U35X] eqngnt.exe
O4 - HKLM\..\Run: [wwyem] C:\WINDOWS\System32\eygpy\wwyem.exe
O4 - HKLM\..\Run: [mlpxb] C:\WINDOWS\System32\edvg\mlpxb.exe
O4 - HKLM\..\Run: [jlhlatk] C:\WINDOWS\System32\gdgvmc\jlhlatk.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [uousam] C:\WINDOWS\System32\amion\uousam.exe
O4 - HKLM\..\Run: [krfbp] C:\WINDOWS\System32\uqvqrys\krfbp.exe
O4 - HKLM\..\Run: [nvif] C:\WINDOWS\System32\nxbhexbu\nvif.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\JD_ONL~1\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\secure.exe
O4 - HKLM\..\Run: [nsvcin] C:\WINDOWS\system32\n20050308.exe
O4 - HKLM\..\Run: [hgvqv] C:\WINDOWS\System32\foaw\hgvqv.exe
O4 - HKLM\..\Run: [ZStart] C:\windows\system32\vdxregvs.exe lee0105
O4 - HKLM\..\Run: [SysStart] C:\WINDOWS\System32\ffisysi6.exe lee0105
O4 - HKLM\..\Run: [txyisl] C:\WINDOWS\System32\nbls\txyisl.exe
O4 - HKLM\..\Run: [mvcmxhv] C:\WINDOWS\System32\yrmf\mvcmxhv.exe
O4 - HKLM\..\Run: [hsndkgd] C:\WINDOWS\System32\emam\hsndkgd.exe
O4 - HKLM\..\Run: [qxqal] C:\WINDOWS\System32\vefvkdts\qxqal.exe
O4 - HKLM\..\Run: [kpquywbg] C:\WINDOWS\System32\pkrwmxa\kpquywbg.exe
O4 - HKLM\..\Run: [ygld] C:\WINDOWS\System32\ajlbx\ygld.exe
O4 - HKLM\..\Run: [sgwds] C:\WINDOWS\System32\ihiifnuy\sgwds.exe
O4 - HKLM\..\Run: [bvmil] C:\WINDOWS\System32\istr\bvmil.exe
O4 - HKLM\..\Run: [gkfdv] C:\WINDOWS\System32\auchrdfi\gkfdv.exe
O4 - HKLM\..\Run: [onthbc] C:\WINDOWS\System32\hfrkqfcd\onthbc.exe
O4 - HKLM\..\Run: [hmdh] C:\WINDOWS\System32\oyqtqnwh\hmdh.exe
O4 - HKLM\..\Run: [krmoa] C:\WINDOWS\System32\srusxbp\krmoa.exe
O4 - HKLM\..\Run: [ogacxs] C:\WINDOWS\System32\edfsp\ogacxs.exe
O4 - HKLM\..\Run: [mvahkx] C:\WINDOWS\System32\bcem\mvahkx.exe
O4 - HKLM\..\Run: [fawufouy] C:\WINDOWS\System32\gdorcrug\fawufouy.exe
O4 - HKLM\..\Run: [bvklcmq] C:\WINDOWS\System32\wdmseywf\bvklcmq.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitexdh32.exe
O4 - HKLM\..\Run: [pxedminw] C:\WINDOWS\System32\nqsedq\pxedminw.exe
O4 - HKLM\..\Run: [rwbet] C:\WINDOWS\System32\xrtnt\rwbet.exe
O4 - HKLM\..\Run: [oatfrtt] C:\WINDOWS\System32\quwb\oatfrtt.exe
O4 - HKLM\..\Run: [tgsf] C:\WINDOWS\System32\igylk\tgsf.exe
O4 - HKLM\..\Run: [fhix] C:\WINDOWS\System32\axmacsig\fhix.exe
O4 - HKLM\..\Run: [fxlgifl] C:\WINDOWS\System32\sjhkp\fxlgifl.exe
O4 - HKLM\..\Run: [rxcqcvf] C:\WINDOWS\System32\yoihssy\rxcqcvf.exe
O4 - HKLM\..\Run: [qllxy] C:\WINDOWS\System32\oyiqjkg\qllxy.exe
O4 - HKLM\..\Run: [armnrp] C:\WINDOWS\System32\pxabgq\armnrp.exe
O4 - HKLM\..\Run: [cdsu] C:\WINDOWS\System32\peqnna\cdsu.exe
O4 - HKLM\..\Run: [mmkoru] C:\WINDOWS\System32\okyqnid\mmkoru.exe
O4 - HKLM\..\Run: [mwua] C:\WINDOWS\System32\mcaifdr\mwua.exe
O4 - HKLM\..\Run: [TrayComm] TrayComm.exe
O4 - HKLM\..\Run: [aajyfc] C:\WINDOWS\System32\arqsmuyn\aajyfc.exe
O4 - HKLM\..\Run: [jgsgewy] C:\WINDOWS\System32\oifvl\jgsgewy.exe
O4 - HKLM\..\Run: [pefkv] C:\WINDOWS\System32\mfwjhuwc\pefkv.exe
O4 - HKLM\..\Run: [hdky] C:\WINDOWS\System32\ydskoo\hdky.exe
O4 - HKLM\..\Run: [fcabn] C:\WINDOWS\System32\gwbfjup\fcabn.exe
O4 - HKLM\..\Run: [jhmcml] C:\WINDOWS\System32\ykjrgve\jhmcml.exe
O4 - HKLM\..\Run: [vghvqpgu] C:\WINDOWS\System32\hyfamjb\vghvqpgu.exe
O4 - HKLM\..\Run: [jpmryixe] C:\WINDOWS\System32\piokg\jpmryixe.exe
O4 - HKLM\..\Run: [nwgctre] C:\WINDOWS\System32\kkui\nwgctre.exe
O4 - HKLM\..\RunServices: [scvhost] scvhost.exe
O4 - HKLM\..\RunServices: [soundtasks] soundtasks.exe
O4 - HKLM\..\RunServices: [soundcontrl] soundcontrl.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Microsoft.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\furious_d\Application Data\ttuh.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Dycku] C:\WINDOWS\System32\mzsuo.exe
O4 - HKCU\..\Run: [Vodojv] C:\WINDOWS\System32\??chost.exe
O4 - HKCU\..\Run: [ESPN BottomLine] C:\Program Files\ESPN\BottomLine\bline.exe
O4 - HKCU\..\Run: [Iou8RRbtQ] rasfldr.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - Startup: DSL Connection.lnk = C:\WINDOWS\SYSTEM32\rasphone.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab\")
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab\")
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0693bf3230200b469302/...ip/RdxIE601.cab (http://\"http://207.188.7.150/0693bf3230200b469302/netzip/RdxIE601.cab\")
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab\")
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} -
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (http://\"http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab\")
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupdatednews.com/install/aun_0010.exe (http://\"http://www.alwaysupdatednews.com/install/aun_0010.exe\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE96FB46-15EF-4AAD-823A-EF3053CBEC06}: NameServer = 65.43.19.26 206.141.192.60
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\mvp2l97o1.dll
O23 - Service: bvklcmqwdmseywf - Unknown owner - C:\WINDOWS\System32\wdmseywf\bvklcmq.exe
O23 - Service: bvmilistr - Unknown owner - C:\WINDOWS\System32\istr\bvmil.exe
O23 - Service: fhixaxmacsig - Unknown owner - C:\WINDOWS\System32\axmacsig\fhix.exe
O23 - Service: gkfdvauchrdfi - Unknown owner - C:\WINDOWS\System32\auchrdfi\gkfdv.exe
O23 - Service: jgsgewyoifvl - Unknown owner - C:\WINDOWS\System32\oifvl\jgsgewy.exe
O23 - Service: jhmcmlykjrgve - Unknown owner - C:\WINDOWS\System32\ykjrgve\jhmcml.exe
O23 - Service: krfbpuqvqrys - Unknown owner - C:\WINDOWS\System32\uqvqrys\krfbp.exe
O23 - Service: krmoasrusxbp - Unknown owner - C:\WINDOWS\System32\srusxbp\krmoa.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: mvahkxbcem - Unknown owner - C:\WINDOWS\System32\bcem\mvahkx.exe
O23 - Service: mvcmxhvyrmf - Unknown owner - C:\WINDOWS\System32\yrmf\mvcmxhv.exe
O23 - Service: nvifnxbhexbu - Unknown owner - C:\WINDOWS\System32\nxbhexbu\nvif.exe
O23 - Service: nwgctrekkui - Unknown owner - C:\WINDOWS\System32\kkui\nwgctre.exe
O23 - Service: oatfrttquwb - Unknown owner - C:\WINDOWS\System32\quwb\oatfrtt.exe
O23 - Service: pxedminwnqsedq - Unknown owner - C:\WINDOWS\System32\nqsedq\pxedminw.exe
O23 - Service: qllxyoyiqjkg - Unknown owner - C:\WINDOWS\System32\oyiqjkg\qllxy.exe
O23 - Service: rxcqcvfyoihssy - Unknown owner - C:\WINDOWS\System32\yoihssy\rxcqcvf.exe
O23 - Service: txyislnbls - Unknown owner - C:\WINDOWS\System32\nbls\txyisl.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Download iSearch.zip and UNZIP it to desktop
[attachment=85:attachment]
So you will now have iSearch.reg on your desktop
We'll need this later

Download and Unzip to desktop LSPFIX.zip from this link
http://www.cexx.org/lspfix.htm (http://\"http://www.cexx.org/lspfix.htm\")
We'll need this later

===Download and Install this small program
to help clean your temp folders,cookies,prefetch folder, recylebin
Windows Cleanup (http://\"http://www.antispyware.nextdesigns.net/installs/cleanup.php?type=exe\")
Install for now, don't run a scan yet

Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.

I need you to disable Spybot's Tea Timer so it won't interfere with any fixes we try
Start Spybot>>Click Mode>>advanced Mode>>Ok it
Tools>>Resident>>Uncheck Resident Tea Timer>>Accept the change

Please copy and paste the rest of this too a Notepad file and save it to your desktop
or Print it out
Also know how to start in safe mode in advanced, if unsure I supplied a link below

Disconnect completely from the Internet
Close down all Browser windows, including this one

Ensure that you unzipped LSP fix earlier and your not running it from within the Zipped file
With ONLY LSP fix open
Check "I know what I'm doing".
Then select all instances of aklsp.dll and dolsp.dll (and nothing else) in the left pane,
click the arrow button to have them moved into the right hand panel.(The Removal Pane) Click Finish <--you may have to scroll down a bit to see it, Finish is NOT the X button at the top

Restart your computer into SAFE MODE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039\")

In Safe mode: Do the rest of these instructions
Go to START>>>RUN>>>type in services.msc and hit Enter
In the next window, look on the right hand side for this service
name if found---- bvklcmqwdmseywf

Double click on it--- STOP the service--
In the drop down menu, change the startup type to Disabled

Do the same for these ones too
bvmilistr
fhixaxmacsig
jgsgewyoifvl
krfbpuqvqrys
mvahkxbcem
nvifnxbhexbu
oatfrttquwb
qllxyoyiqjkg
txyislnbls

Stay in safe mode, find and delete these files or folders if found
FILES
C:\WINDOWS\aqadcup.exe <-fille
C:\WINDOWS\hcbyfsx.exe
C:\WINDOWS\SysCheckBop32
C:\WINDOWS\mzwfgh.exe
C:\WINDOWS\System32\winupdt.exe
c:\windows\system32\vidbbz.exe
C:\WINDOWS\System32\wintask.exe
C:\WINDOWS\System32\eqngnt.exe
C:\WINDOWS\System32\secure.exe
C:\WINDOWS\system32\n20050308.exe
C:\WINDOWS\System32\ffisysi6.exe
C:\windows\system32\elitexdh32.exe
C:\WINDOWS\System32\mzsuo.exe
C:\WINDOWS\System32\sysmonnt
C:\Documents and Settings\furious_d\Application Data\ttuh.exe

Search for these files and delete if found
E6F1873B.DLL
D9EBC318C
D0CE0C16B1

Delete these FOLDERS if found
C:\Program Files\8tyx6veo <-this folder
C:\Program Files\Bpt
C:\WINDOWS\System32\eygpy
C:\WINDOWS\System32\edvg
C:\WINDOWS\System32\gdgvmc
C:\WINDOWS\System32\amion
C:\WINDOWS\System32\uqvqrys
C:\WINDOWS\System32\nxbhexbu
C:\WINDOWS\System32\foaw
C:\WINDOWS\System32\nbls
C:\WINDOWS\System32\yrmf
C:\WINDOWS\System32\emam
C:\WINDOWS\System32\vefvkdts
C:\WINDOWS\System32\pkrwmxa
C:\WINDOWS\System32\ajlbx
C:\WINDOWS\System32\ihiifnuy
C:\WINDOWS\System32\istr
C:\WINDOWS\System32\auchrdfi
C:\WINDOWS\System32\hfrkqfcd
C:\WINDOWS\System32\oyqtqnwh
C:\WINDOWS\System32\srusxbp
C:\WINDOWS\System32\edfsp
C:\WINDOWS\System32\bcem
C:\WINDOWS\System32\gdorcrug
C:\WINDOWS\System32\wdmseywf
C:\WINDOWS\System32\nqsedq
C:\WINDOWS\System32\xrtnt
C:\WINDOWS\System32\quwb
C:\WINDOWS\System32\igylk
C:\WINDOWS\System32\axmacsig
C:\WINDOWS\System32\sjhkp
C:\WINDOWS\System32\yoihssy
C:\WINDOWS\System32\oyiqjkg
C:\WINDOWS\System32\pxabgq
C:\WINDOWS\System32\peqnna
C:\WINDOWS\System32\okyqnid
C:\WINDOWS\System32\mcaifdr
C:\WINDOWS\System32\arqsmuyn
C:\WINDOWS\System32\oifvl
C:\WINDOWS\System32\mfwjhuwc
C:\WINDOWS\System32\ydskoo
C:\WINDOWS\System32\gwbfjup
C:\WINDOWS\System32\ykjrgve
C:\WINDOWS\System32\hyfamjb
C:\WINDOWS\System32\piokg
C:\WINDOWS\System32\kkui
C:\WINDOWS\isrvs

Stay in safe mode
Open Hijackthis>>Open Misc tools sections>>Open "Delete an NT Service"
Copy an paste or type into the blank box the entry below in bold
and then hit OK

bvklcmqwdmseywf

Do the same for these ones too
bvmilistr
fhixaxmacsig
jgsgewyoifvl
krfbpuqvqrys
mvahkxbcem
nvifnxbhexbu
oatfrttquwb
qllxyoyiqjkg
txyislnbls

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/...//www.yahoo.com\")
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch

O4 - HKLM\..\Run: [scvhost] scvhost.exe
O4 - HKLM\..\Run: [soundcontrl] soundcontrl.exe
O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
O4 - HKLM\..\Run: [Microsoft Update] Microsoft.exe

O4 - HKLM\..\Run: [hcbyfsx] C:\WINDOWS\hcbyfsx.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Services] C:\DOCUME~1\FURIOU~1\LOCALS~1\Temp\32cx423.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [vidbbz] c:\windows\system32\vidbbz.exe
O4 - HKLM\..\Run: [8tyx6veo] C:\Program Files\8tyx6veo\8tyx6veo.exe
O4 - HKLM\..\Run: [mzwfgh] C:\WINDOWS\mzwfgh.exe

O4 - HKLM\..\Run: [AutoLoader3suo1PKfLZXK] "C:\WINDOWS\System32\eqngnt.exe" /HideDir /HideUninstall /PC="CP.BIG" /ShowLegalNote="nonbranded"
O4 - HKLM\..\Run: [3F5U35X] eqngnt.exe
O4 - HKLM\..\Run: [wwyem] C:\WINDOWS\System32\eygpy\wwyem.exe
O4 - HKLM\..\Run: [mlpxb] C:\WINDOWS\System32\edvg\mlpxb.exe
O4 - HKLM\..\Run: [jlhlatk] C:\WINDOWS\System32\gdgvmc\jlhlatk.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [uousam] C:\WINDOWS\System32\amion\uousam.exe
O4 - HKLM\..\Run: [krfbp] C:\WINDOWS\System32\uqvqrys\krfbp.exe
O4 - HKLM\..\Run: [nvif] C:\WINDOWS\System32\nxbhexbu\nvif.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\JD_ONL~1\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\secure.exe
O4 - HKLM\..\Run: [nsvcin] C:\WINDOWS\system32\n20050308.exe
O4 - HKLM\..\Run: [hgvqv] C:\WINDOWS\System32\foaw\hgvqv.exe
O4 - HKLM\..\Run: [ZStart] C:\windows\system32\vdxregvs.exe lee0105
O4 - HKLM\..\Run: [SysStart] C:\WINDOWS\System32\ffisysi6.exe lee0105
O4 - HKLM\..\Run: [txyisl] C:\WINDOWS\System32\nbls\txyisl.exe
O4 - HKLM\..\Run: [mvcmxhv] C:\WINDOWS\System32\yrmf\mvcmxhv.exe
O4 - HKLM\..\Run: [hsndkgd] C:\WINDOWS\System32\emam\hsndkgd.exe
O4 - HKLM\..\Run: [qxqal] C:\WINDOWS\System32\vefvkdts\qxqal.exe
O4 - HKLM\..\Run: [kpquywbg] C:\WINDOWS\System32\pkrwmxa\kpquywbg.exe
O4 - HKLM\..\Run: [ygld] C:\WINDOWS\System32\ajlbx\ygld.exe
O4 - HKLM\..\Run: [sgwds] C:\WINDOWS\System32\ihiifnuy\sgwds.exe
O4 - HKLM\..\Run: [bvmil] C:\WINDOWS\System32\istr\bvmil.exe
O4 - HKLM\..\Run: [gkfdv] C:\WINDOWS\System32\auchrdfi\gkfdv.exe
O4 - HKLM\..\Run: [onthbc] C:\WINDOWS\System32\hfrkqfcd\onthbc.exe
O4 - HKLM\..\Run: [hmdh] C:\WINDOWS\System32\oyqtqnwh\hmdh.exe
O4 - HKLM\..\Run: [krmoa] C:\WINDOWS\System32\srusxbp\krmoa.exe
O4 - HKLM\..\Run: [ogacxs] C:\WINDOWS\System32\edfsp\ogacxs.exe
O4 - HKLM\..\Run: [mvahkx] C:\WINDOWS\System32\bcem\mvahkx.exe
O4 - HKLM\..\Run: [fawufouy] C:\WINDOWS\System32\gdorcrug\fawufouy.exe
O4 - HKLM\..\Run: [bvklcmq] C:\WINDOWS\System32\wdmseywf\bvklcmq.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitexdh32.exe
O4 - HKLM\..\Run: [pxedminw] C:\WINDOWS\System32\nqsedq\pxedminw.exe
O4 - HKLM\..\Run: [rwbet] C:\WINDOWS\System32\xrtnt\rwbet.exe
O4 - HKLM\..\Run: [oatfrtt] C:\WINDOWS\System32\quwb\oatfrtt.exe
O4 - HKLM\..\Run: [tgsf] C:\WINDOWS\System32\igylk\tgsf.exe
O4 - HKLM\..\Run: [fhix] C:\WINDOWS\System32\axmacsig\fhix.exe
O4 - HKLM\..\Run: [fxlgifl] C:\WINDOWS\System32\sjhkp\fxlgifl.exe
O4 - HKLM\..\Run: [rxcqcvf] C:\WINDOWS\System32\yoihssy\rxcqcvf.exe
O4 - HKLM\..\Run: [qllxy] C:\WINDOWS\System32\oyiqjkg\qllxy.exe
O4 - HKLM\..\Run: [armnrp] C:\WINDOWS\System32\pxabgq\armnrp.exe
O4 - HKLM\..\Run: [cdsu] C:\WINDOWS\System32\peqnna\cdsu.exe
O4 - HKLM\..\Run: [mmkoru] C:\WINDOWS\System32\okyqnid\mmkoru.exe
O4 - HKLM\..\Run: [mwua] C:\WINDOWS\System32\mcaifdr\mwua.exe

O4 - HKLM\..\Run: [aajyfc] C:\WINDOWS\System32\arqsmuyn\aajyfc.exe
O4 - HKLM\..\Run: [jgsgewy] C:\WINDOWS\System32\oifvl\jgsgewy.exe
O4 - HKLM\..\Run: [pefkv] C:\WINDOWS\System32\mfwjhuwc\pefkv.exe
O4 - HKLM\..\Run: [hdky] C:\WINDOWS\System32\ydskoo\hdky.exe
O4 - HKLM\..\Run: [fcabn] C:\WINDOWS\System32\gwbfjup\fcabn.exe
O4 - HKLM\..\Run: [jhmcml] C:\WINDOWS\System32\ykjrgve\jhmcml.exe
O4 - HKLM\..\Run: [vghvqpgu] C:\WINDOWS\System32\hyfamjb\vghvqpgu.exe
O4 - HKLM\..\Run: [jpmryixe] C:\WINDOWS\System32\piokg\jpmryixe.exe
O4 - HKLM\..\Run: [nwgctre] C:\WINDOWS\System32\kkui\nwgctre.exe
O4 - HKLM\..\RunServices: [scvhost] scvhost.exe
O4 - HKLM\..\RunServices: [soundtasks] soundtasks.exe
O4 - HKLM\..\RunServices: [soundcontrl] soundcontrl.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Microsoft.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\furious_d\Application Data\ttuh.exe

O4 - HKCU\..\Run: [Dycku] C:\WINDOWS\System32\mzsuo.exe
O4 - HKCU\..\Run: [Vodojv] C:\WINDOWS\System32\??chost.exe

O4 - HKCU\..\Run: [Iou8RRbtQ] rasfldr.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0693bf3230200b469302/...ip/RdxIE601.cab (http://\"http://207.188.7.150/0693bf3230200b469302/...ip/RdxIE601.cab\")

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} -

O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupdatednews.com/install/aun_0010.exe (http://\"http://www.alwaysupdatednews.com/install/aun_0010.exe\")

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Double click on iSearch.reg and allow to merge to the registry

Open Windows CleanUp!>>START>>All programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done

Restart back to Normal mode

Back In Windows, we still have some more cleaning to do
Download L2mfix from here

http://www.atribune.org/downloads/l2mfix.exe (http://\"http://www.atribune.org/downloads/l2mfix.exe\")

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

[color=\"red\"]IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so![/color]

=======================================
I edited the above instructions to include disabling Spybot's Tea Timer
Sorry I missed you had it running earlier

Thank you, guestolo -- you are a life saver!

Here are the contents of the log you requested:

L2MFIX find log 1.03
These are the registry keys present
********************************************************************************
**
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\dn8m01l1e.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

********************************************************************************
**
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{827D5F66-3E6A-B55D-AE66-8402C24F3315}"=""

********************************************************************************
**
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{3865D3E5-DB85-4A0A-8AF2-2D3F093D569E}"=""
"{C2F52995-C213-408C-B9EF-7F25EE8C112E}"=""
"{150EDC43-CEC2-495D-BAD3-F1DDB275B52C}"=""
"{716C9D84-28DC-4CDF-A5BE-02B9E5F3C150}"=""
"{2F58B2C9-CC51-4E58-8E2A-169D7DA6B497}"=""
"{5522FD2F-14B7-4E21-BEAB-08400BF4AD41}"=""
"{7AC7B45C-EADF-4FCB-ACF7-8E3C82C771BF}"=""
"{8997A68B-F9AB-44E6-8A52-3EC25A216B8A}"=""
"{FDD18C40-4468-4164-B1D0-40BFA655D25A}"=""
"{C8BA357E-7D18-4363-942E-33D16298307E}"=""
"{1FA2EAFA-460D-4B15-8D5F-3FFF6FE7F4B5}"=""
"{0FB12D48-3AAA-4C18-AFA8-5C74F7FEFB08}"=""
"{04559604-8DD0-42F2-B2C0-647C368B1E5D}"=""
"{71F72C47-A7D2-4AB2-A123-C23B2546B2FD}"=""
"{287E013E-8124-4DA1-BC56-8AD68570EDC2}"=""
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{3D13B78E-B62C-489D-A20C-0175DCB6F12E}"=""
"{11170CCC-1677-4074-9D05-4BD3AAF3883E}"=""
"{087767ED-0ADD-4BFB-9881-E0AB8C4F16EA}"=""
"{6863A670-BFE0-4956-B5D0-1538000F6ED2}"=""
"{482210FE-D107-4DB3-A2F9-B956818456A2}"=""
"{068357E5-3008-49D0-81E3-7550D7B588AB}"=""
"{8C7356CB-E9E0-4A42-8869-5D6314400B48}"=""
"{DA031F65-48E8-46F4-A4F1-9139D359366C}"=""
"{FA509C6C-5CF6-4F38-8F12-A22FC3A1EAD2}"=""
"{84CCF67F-2717-4672-A3B8-F7C1CAC1E9EA}"=""
"{68D0CE0D-5ACB-4992-BAE0-AC3EDD840401}"=""
"{A2060E0B-AF18-48C0-B691-596E23BFFCFB}"=""
"{F0957821-C9A2-4E11-AD32-7024B88025D3}"=""
"{EF83E70B-DCEA-495F-9305-8FF5284C8F5A}"=""
"{2F754E2A-C52C-4312-96CA-1729CE4AFA46}"=""
"{DCFFF8CE-9604-45D8-B807-76AC04694A48}"=""
"{069B10A8-1A6C-421D-AC31-534BA6731602}"=""
"{3020E72D-E593-487A-B7F8-28F2215A6A85}"=""
"{44114228-FFF7-4568-A895-75486245A9D9}"=""

********************************************************************************
**
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3865D3E5-DB85-4A0A-8AF2-2D3F093D569E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3865D3E5-DB85-4A0A-8AF2-2D3F093D569E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3865D3E5-DB85-4A0A-8AF2-2D3F093D569E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3865D3E5-DB85-4A0A-8AF2-2D3F093D569E}\InprocServer32]
@="C:\\WINDOWS\\system32\\IPCVID.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C2F52995-C213-408C-B9EF-7F25EE8C112E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C2F52995-C213-408C-B9EF-7F25EE8C112E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C2F52995-C213-408C-B9EF-7F25EE8C112E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C2F52995-C213-408C-B9EF-7F25EE8C112E}\InprocServer32]
@="C:\\WINDOWS\\system32\\jNvacypt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{150EDC43-CEC2-495D-BAD3-F1DDB275B52C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{150EDC43-CEC2-495D-BAD3-F1DDB275B52C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{150EDC43-CEC2-495D-BAD3-F1DDB275B52C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{150EDC43-CEC2-495D-BAD3-F1DDB275B52C}\InprocServer32]
@="C:\\WINDOWS\\system32\\UGRCOINA.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{716C9D84-28DC-4CDF-A5BE-02B9E5F3C150}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{716C9D84-28DC-4CDF-A5BE-02B9E5F3C150}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{716C9D84-28DC-4CDF-A5BE-02B9E5F3C150}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{716C9D84-28DC-4CDF-A5BE-02B9E5F3C150}\InprocServer32]
@="C:\\WINDOWS\\system32\\MJCBASE.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5522FD2F-14B7-4E21-BEAB-08400BF4AD41}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5522FD2F-14B7-4E21-BEAB-08400BF4AD41}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5522FD2F-14B7-4E21-BEAB-08400BF4AD41}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5522FD2F-14B7-4E21-BEAB-08400BF4AD41}\InprocServer32]
@="C:\\WINDOWS\\system32\\JTDW400.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7AC7B45C-EADF-4FCB-ACF7-8E3C82C771BF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7AC7B45C-EADF-4FCB-ACF7-8E3C82C771BF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7AC7B45C-EADF-4FCB-ACF7-8E3C82C771BF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7AC7B45C-EADF-4FCB-ACF7-8E3C82C771BF}\InprocServer32]
@="C:\\WINDOWS\\system32\\MRPATCHA.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8997A68B-F9AB-44E6-8A52-3EC25A216B8A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8997A68B-F9AB-44E6-8A52-3EC25A216B8A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8997A68B-F9AB-44E6-8A52-3EC25A216B8A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8997A68B-F9AB-44E6-8A52-3EC25A216B8A}\InprocServer32]
@="C:\\WINDOWS\\system32\\ih6fwapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FDD18C40-4468-4164-B1D0-40BFA655D25A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FDD18C40-4468-4164-B1D0-40BFA655D25A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FDD18C40-4468-4164-B1D0-40BFA655D25A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FDD18C40-4468-4164-B1D0-40BFA655D25A}\InprocServer32]
@="C:\\WINDOWS\\system32\\igengine.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C8BA357E-7D18-4363-942E-33D16298307E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C8BA357E-7D18-4363-942E-33D16298307E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C8BA357E-7D18-4363-942E-33D16298307E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C8BA357E-7D18-4363-942E-33D16298307E}\InprocServer32]
@="C:\\WINDOWS\\system32\\jdproxy.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1FA2EAFA-460D-4B15-8D5F-3FFF6FE7F4B5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1FA2EAFA-460D-4B15-8D5F-3FFF6FE7F4B5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1FA2EAFA-460D-4B15-8D5F-3FFF6FE7F4B5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1FA2EAFA-460D-4B15-8D5F-3FFF6FE7F4B5}\InprocServer32]
@="C:\\WINDOWS\\system32\\czlbact.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0FB12D48-3AAA-4C18-AFA8-5C74F7FEFB08}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0FB12D48-3AAA-4C18-AFA8-5C74F7FEFB08}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0FB12D48-3AAA-4C18-AFA8-5C74F7FEFB08}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0FB12D48-3AAA-4C18-AFA8-5C74F7FEFB08}\InprocServer32]
@="C:\\WINDOWS\\system32\\wkhip6.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{04559604-8DD0-42F2-B2C0-647C368B1E5D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{04559604-8DD0-42F2-B2C0-647C368B1E5D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{04559604-8DD0-42F2-B2C0-647C368B1E5D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{04559604-8DD0-42F2-B2C0-647C368B1E5D}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{71F72C47-A7D2-4AB2-A123-C23B2546B2FD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71F72C47-A7D2-4AB2-A123-C23B2546B2FD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71F72C47-A7D2-4AB2-A123-C23B2546B2FD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71F72C47-A7D2-4AB2-A123-C23B2546B2FD}\InprocServer32]
@="C:\\WINDOWS\\system32\\wladmod.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{287E013E-8124-4DA1-BC56-8AD68570EDC2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{287E013E-8124-4DA1-BC56-8AD68570EDC2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{287E013E-8124-4DA1-BC56-8AD68570EDC2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{287E013E-8124-4DA1-BC56-8AD68570EDC2}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3D13B78E-B62C-489D-A20C-0175DCB6F12E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3D13B78E-B62C-489D-A20C-0175DCB6F12E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3D13B78E-B62C-489D-A20C-0175DCB6F12E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3D13B78E-B62C-489D-A20C-0175DCB6F12E}\InprocServer32]
@="C:\\WINDOWS\\system32\\VHA64K.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{11170CCC-1677-4074-9D05-4BD3AAF3883E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11170CCC-1677-4074-9D05-4BD3AAF3883E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11170CCC-1677-4074-9D05-4BD3AAF3883E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11170CCC-1677-4074-9D05-4BD3AAF3883E}\InprocServer32]
@="C:\\WINDOWS\\system32\\KYDIT.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{087767ED-0ADD-4BFB-9881-E0AB8C4F16EA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{087767ED-0ADD-4BFB-9881-E0AB8C4F16EA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{087767ED-0ADD-4BFB-9881-E0AB8C4F16EA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{087767ED-0ADD-4BFB-9881-E0AB8C4F16EA}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6863A670-BFE0-4956-B5D0-1538000F6ED2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6863A670-BFE0-4956-B5D0-1538000F6ED2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6863A670-BFE0-4956-B5D0-1538000F6ED2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6863A670-BFE0-4956-B5D0-1538000F6ED2}\InprocServer32]
@="C:\\WINDOWS\\system32\\cigbkend.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{482210FE-D107-4DB3-A2F9-B956818456A2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{482210FE-D107-4DB3-A2F9-B956818456A2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{482210FE-D107-4DB3-A2F9-B956818456A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{482210FE-D107-4DB3-A2F9-B956818456A2}\InprocServer32]
@="C:\\WINDOWS\\system32\\MBCAT32.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{068357E5-3008-49D0-81E3-7550D7B588AB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{068357E5-3008-49D0-81E3-7550D7B588AB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{068357E5-3008-49D0-81E3-7550D7B588AB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{068357E5-3008-49D0-81E3-7550D7B588AB}\InprocServer32]
@="C:\\WINDOWS\\system32\\KYDLV.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8C7356CB-E9E0-4A42-8869-5D6314400B48}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8C7356CB-E9E0-4A42-8869-5D6314400B48}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8C7356CB-E9E0-4A42-8869-5D6314400B48}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8C7356CB-E9E0-4A42-8869-5D6314400B48}\InprocServer32]
@="C:\\WINDOWS\\system32\\dovenum.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DA031F65-48E8-46F4-A4F1-9139D359366C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DA031F65-48E8-46F4-A4F1-9139D359366C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DA031F65-48E8-46F4-A4F1-9139D359366C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DA031F65-48E8-46F4-A4F1-9139D359366C}\InprocServer32]
@="C:\\WINDOWS\\system32\\ukimdmat.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FA509C6C-5CF6-4F38-8F12-A22FC3A1EAD2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FA509C6C-5CF6-4F38-8F12-A22FC3A1EAD2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FA509C6C-5CF6-4F38-8F12-A22FC3A1EAD2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FA509C6C-5CF6-4F38-8F12-A22FC3A1EAD2}\InprocServer32]
@="C:\\WINDOWS\\system32\\SWLWID.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{84CCF67F-2717-4672-A3B8-F7C1CAC1E9EA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{84CCF67F-2717-4672-A3B8-F7C1CAC1E9EA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{84CCF67F-2717-4672-A3B8-F7C1CAC1E9EA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{84CCF67F-2717-4672-A3B8-F7C1CAC1E9EA}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{68D0CE0D-5ACB-4992-BAE0-AC3EDD840401}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68D0CE0D-5ACB-4992-BAE0-AC3EDD840401}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68D0CE0D-5ACB-4992-BAE0-AC3EDD840401}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68D0CE0D-5ACB-4992-BAE0-AC3EDD840401}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A2060E0B-AF18-48C0-B691-596E23BFFCFB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A2060E0B-AF18-48C0-B691-596E23BFFCFB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A2060E0B-AF18-48C0-B691-596E23BFFCFB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A2060E0B-AF18-48C0-B691-596E23BFFCFB}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F0957821-C9A2-4E11-AD32-7024B88025D3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F0957821-C9A2-4E11-AD32-7024B88025D3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F0957821-C9A2-4E11-AD32-7024B88025D3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F0957821-C9A2-4E11-AD32-7024B88025D3}\InprocServer32]
@="C:\\WINDOWS\\system32\\SCCPACK.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EF83E70B-DCEA-495F-9305-8FF5284C8F5A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EF83E70B-DCEA-495F-9305-8FF5284C8F5A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EF83E70B-DCEA-495F-9305-8FF5284C8F5A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EF83E70B-DCEA-495F-9305-8FF5284C8F5A}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2F754E2A-C52C-4312-96CA-1729CE4AFA46}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F754E2A-C52C-4312-96CA-1729CE4AFA46}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F754E2A-C52C-4312-96CA-1729CE4AFA46}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F754E2A-C52C-4312-96CA-1729CE4AFA46}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DCFFF8CE-9604-45D8-B807-76AC04694A48}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DCFFF8CE-9604-45D8-B807-76AC04694A48}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DCFFF8CE-9604-45D8-B807-76AC04694A48}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DCFFF8CE-9604-45D8-B807-76AC04694A48}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{069B10A8-1A6C-421D-AC31-534BA6731602}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{069B10A8-1A6C-421D-AC31-534BA6731602}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{069B10A8-1A6C-421D-AC31-534BA6731602}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{069B10A8-1A6C-421D-AC31-534BA6731602}\InprocServer32]
@="C:\\WINDOWS\\system32\\mmxml3a.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3020E72D-E593-487A-B7F8-28F2215A6A85}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3020E72D-E593-487A-B7F8-28F2215A6A85}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3020E72D-E593-487A-B7F8-28F2215A6A85}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3020E72D-E593-487A-B7F8-28F2215A6A85}\InprocServer32]
@="C:\\WINDOWS\\system32\\irctl.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{44114228-FFF7-4568-A895-75486245A9D9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{44114228-FFF7-4568-A895-75486245A9D9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{44114228-FFF7-4568-A895-75486245A9D9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{44114228-FFF7-4568-A895-75486245A9D9}\InprocServer32]
@="C:\\WINDOWS\\system32\\wehtcpip.dll"
"ThreadingModel"="Apartment"

********************************************************************************
**
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
aunbho.dll Wed Feb 23 2005 5:30:08p A.... 43,496 42.48 K
aunps.dll Wed Feb 23 2005 5:30:08p A.... 25,600 25.00 K
d6j02g~1.dll Sun Mar 6 2005 1:51:46p ..S.R 225,463 220.18 K
d8j02i~1.dll Sat Feb 19 2005 4:49:34p ..S.R 223,920 218.67 K
dbmv2clt.dll Mon Feb 21 2005 7:50:16p ..S.R 223,495 218.25 K
dgvenum.dll Fri Mar 25 2005 10:28:14p ..S.R 235,014 229.50 K
dn6u01~1.dll Mon Mar 7 2005 12:36:04a ..S.R 225,463 220.18 K
dn8m01~1.dll Fri Mar 25 2005 10:22:08p ..S.R 235,014 229.50 K
docore.dll Sat Feb 26 2005 1:24:00p A.... 151,552 148.00 K
dolsp.dll Wed Jan 12 2005 3:13:38p A.... 139,264 136.00 K
dosync.dll Thu Mar 17 2005 9:32:34p A.... 114,688 112.00 K
dsnet.dll Mon Mar 21 2005 8:20:42p ..... 235,014 229.50 K
dvprpres.dll Fri Mar 4 2005 4:36:58p ..S.R 225,463 220.18 K
e8202i~1.dll Mon Feb 28 2005 7:16:52p ..S.R 223,495 218.25 K
e8jm0i~1.dll Thu Mar 17 2005 6:31:16p ..S.R 233,248 227.78 K
en0ul1~1.dll Sat Jan 8 2005 10:28:18a ..S.R 222,899 217.67 K
fpr203~1.dll Fri Jan 21 2005 12:08:30p ..S.R 223,469 218.23 K
fqnnt.dll Fri Feb 18 2005 6:13:48p A.... 99,840 97.50 K
gp28l3~1.dll Sun Jan 2 2005 6:45:50p ..S.R 222,899 217.67 K
gppsl3~1.dll Tue Dec 28 2004 8:50:08p ..S.R 222,899 217.67 K
h8l2li~1.dll Tue Dec 28 2004 11:14:30p ..S.R 222,899 217.67 K
hr4o05~1.dll Sat Jan 1 2005 2:56:30p ..S.R 222,899 217.67 K
hr6005~1.dll Sun Mar 20 2005 2:05:48p ..S.R 235,980 230.45 K
hrns05~1.dll Tue Dec 28 2004 11:19:38p ..S.R 222,899 217.67 K
i2060c~1.dll Sun Mar 13 2005 7:15:14p ..S.R 232,794 227.34 K
ic2_wi~1.dll Thu Feb 10 2005 11:42:16p A.... 135,168 132.00 K
irctl.dll Fri Mar 25 2005 11:37:34p ..... 235,014 229.50 K
jtlu07~1.dll Mon Mar 14 2005 9:23:26p ..S.R 232,736 227.28 K
kddit.dll Fri Mar 25 2005 10:02:54p ..S.R 235,014 229.50 K
kldycc.dll Fri Mar 18 2005 8:34:40p ..S.R 232,794 227.34 K
knymgr.dll Sun Feb 20 2005 12:45:12p ..S.R 223,495 218.25 K
kqdal.dll Fri Mar 25 2005 10:16:04p ..S.R 235,014 229.50 K
kt0ol7~1.dll Fri Mar 25 2005 10:18:04p ..S.R 235,014 229.50 K
ktj0l7~1.dll Sat Dec 25 2004 7:42:54p ..S.R 223,916 218.67 K
ktjul7~1.dll Fri Mar 25 2005 11:33:02p ..S.R 235,014 229.50 K
ktn0l7~1.dll Mon Feb 21 2005 9:10:16p ..... 223,495 218.25 K
lekodak.dll Fri Feb 18 2005 5:55:40p ..S.R 223,495 218.25 K
lv6u09~1.dll Thu Mar 17 2005 7:03:12a ..S.R 232,794 227.34 K
lvn209~1.dll Fri Mar 18 2005 10:26:56p ..S.R 233,248 227.78 K
lz6u09~1.dll Fri Mar 18 2005 9:02:10p ..S.R 233,248 227.78 K
m2nq0c~1.dll Fri Jan 14 2005 5:15:14p ..S.R 222,899 217.67 K
mcratelc.dll Thu Feb 24 2005 5:46:08p ..... 223,495 218.25 K
mgrmsg.dll Mon Dec 27 2004 3:58:16p ..S.R 222,899 217.67 K
mhvideo.dll Fri Mar 25 2005 9:57:20p ..S.R 235,014 229.50 K
n66qlg~1.dll Thu Jan 6 2005 6:25:04p ..S.R 222,899 217.67 K
natcfgx.dll Sat Mar 19 2005 5:28:14p ..S.R 235,014 229.50 K
o0ns0a~1.dll Mon Mar 21 2005 6:26:54p ..S.R 235,014 229.50 K
o0pq0a~1.dll Fri Jan 14 2005 5:59:58p ..S.R 223,469 218.23 K
omexl32.dll Wed Dec 29 2004 12:09:08a ..S.R 222,899 217.67 K
pop5.dll Tue Dec 28 2004 2:25:26p A.... 53,760 52.50 K
q4rq0e~1.dll Sat Mar 5 2005 10:43:48p ..S.R 223,624 218.38 K
r6r6lg~1.dll Thu Feb 17 2005 8:59:58p ..S.R 222,899 217.67 K
rzhx32.dll Mon Mar 14 2005 8:50:26p ..S.R 232,736 227.28 K
s6880g~1.dll Sat Jan 8 2005 12:01:34a ..S.R 222,899 217.67 K
stlb2.dll Fri Mar 25 2005 9:06:36p A.... 229,376 224.00 K
syssfitb.dll Wed Feb 23 2005 5:34:36p A.... 274,432 268.00 K
szhedsvc.dll Tue Mar 8 2005 5:40:44p ..S.R 225,463 220.18 K
wehtcpip.dll Fri Mar 25 2005 10:34:02p ..S.R 235,014 229.50 K

58 items found: 58 files (44 H/S), 0 directories.
Total of file sizes: 12,222,930 bytes 11.66 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
92.tmp Fri Mar 25 2005 2:04:42p A.... 123,904 121.00 K
95.tmp Fri Mar 25 2005 2:04:50p A.... 123,904 121.00 K
98.tmp Fri Mar 25 2005 2:04:50p A.... 123,904 121.00 K
9b.tmp Fri Mar 25 2005 2:04:52p A.... 123,904 121.00 K
guard.tmp Fri Mar 25 2005 11:43:34p ..S.R 235,014 229.50 K

5 items found: 5 files (1 H/S), 0 directories.
Total of file sizes: 730,630 bytes 713.50 K
********************************************************************************
**
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is B873-61B6

Directory of C:\WINDOWS\System32

03/25/2005 11:43 PM 235,014 guard.tmp
03/25/2005 11:33 PM 235,014 ktjul7191.dll
03/25/2005 10:34 PM 235,014 wehtcpip.dll
03/25/2005 10:28 PM 235,014 dgvenum.dll
03/25/2005 10:22 PM 235,014 dn8m01l1e.dll
03/25/2005 10:18 PM 235,014 kt0ol7d31.dll
03/25/2005 10:16 PM 235,014 KQDAL.DLL
03/25/2005 10:02 PM 235,014 KDDIT.DLL
03/25/2005 09:57 PM 235,014 MHVIDEO.DLL
03/21/2005 06:26 PM 235,014 o0ns0a57ed.dll
03/20/2005 02:05 PM 235,980 hr6005jme.dll
03/19/2005 05:28 PM 235,014 natcfgx.dll
03/18/2005 10:26 PM 233,248 lvn2095oe.dll
03/18/2005 09:02 PM 233,248 lz6u09j9e.dll
03/18/2005 08:34 PM 232,794 KLDYCC.DLL
03/17/2005 06:31 PM 233,248 e8jm0i11e8.dll
03/17/2005 07:03 AM 232,794 lv6u09j9e.dll
03/14/2005 09:23 PM 232,736 jtlu0739e.dll
03/14/2005 08:50 PM 232,736 rzhx32.dll
03/13/2005 07:15 PM 232,794 i2060cdsef060.dll
03/08/2005 05:40 PM 225,463 szhedsvc.dll
03/07/2005 12:36 AM 225,463 dn6u01j9e.dll
03/06/2005 01:51 PM 225,463 d6j02g1mg6.dll
03/05/2005 10:43 PM 223,624 q4rq0e95eh.dll
03/04/2005 04:36 PM 225,463 dvprpres.dll
02/28/2005 07:16 PM 223,495 e8202ifmg82a2.dll
02/24/2005 05:51 PM <DIR> DLLCACHE
02/21/2005 07:50 PM 223,495 dbmv2clt.dll
02/20/2005 12:45 PM 223,495 knymgr.dll
02/19/2005 04:49 PM 223,920 d8j02i1mg8.dll
02/18/2005 05:55 PM 223,495 Lekodak.dll
02/17/2005 08:59 PM 222,899 r6r6lg9s16.dll
01/21/2005 12:08 PM 223,469 fpr2039oe.dll
01/14/2005 05:59 PM 223,469 o0pq0a75ed.dll
01/14/2005 05:15 PM 222,899 m2nq0c55ef.dll
01/08/2005 10:28 AM 222,899 en0ul1d91.dll
01/08/2005 12:01 AM 222,899 s6880glue6q80.dll
01/06/2005 06:25 PM 222,899 n66qlgj516o.dll
01/02/2005 06:45 PM 222,899 gp28l3fu1.dll
01/01/2005 02:56 PM 222,899 hr4o05h3e.dll
12/29/2004 12:09 AM 222,899 omexl32.dll
12/28/2004 11:19 PM 222,899 hrns0557e.dll
12/28/2004 11:14 PM 222,899 h8l2li3o18.dll
12/28/2004 08:50 PM 222,899 gppsl3771.dll
12/27/2004 03:58 PM 222,899 MGRMSG.DLL
12/25/2004 07:42 PM 223,916 ktj0l71m1.dll
12/24/2004 05:20 PM 222,899 t8r80i9ue8.dll
12/24/2004 12:09 PM 222,899 JNSH400.DLL
12/23/2004 04:28 PM 223,799 h22o0cf3ef2.dll
12/23/2004 01:33 AM 222,899 k226lcfs1f26.dll
12/23/2004 01:23 AM 222,899 dzvacm.dll
12/20/2004 11:34 PM 222,899 jt8u07l9e.dll
12/20/2004 01:15 AM 222,899 k6nolg5316.dll
12/19/2004 02:13 AM 222,899 mv2ml9f11.dll
12/15/2004 09:53 PM 222,899 dnns0157e.dll
12/15/2004 06:57 PM 222,899 j44o0eh3eh4.dll
12/14/2004 10:40 PM 222,899 h04mlah11d4.dll
12/13/2004 09:44 PM 223,626 mvj2l91o1.dll
12/10/2004 09:58 PM 222,899 okbcji32.dll
12/10/2004 04:15 PM 222,899 KHDGR.DLL
12/10/2004 04:02 PM 225,695 IWSHLPR.DLL
12/10/2004 03:37 PM 222,899 dvnet.dll
12/10/2004 12:43 AM 224,236 fpl2033oe.dll
12/10/2004 12:21 AM 225,789 gpr8l39u1.dll
12/09/2004 04:25 PM 225,789 MUCMS.DLL
12/09/2004 04:25 PM 222,629 o2480chuef480.dll
12/09/2004 04:12 PM 222,647 r8p80i7ue8.dll
12/09/2004 03:33 PM 224,979 irn8l55u1.dll
11/20/2004 01:49 AM 56 BF0F98BD67.sys
11/20/2004 01:49 AM 1,682 KGyGaAvL.sys
09/08/2004 11:36 AM 372,736 ??chost.exe
02/25/2003 09:15 AM <DIR> Microsoft
70 File(s) 15,565,100 bytes
2 Dir(s) 48,355,799,040 bytes free

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #4 by typing 4 and then pressing Enter

Then select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

[color=\"red\"]IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so![/color]

NOTE:After restart and L2MFIX finishes scanning for files>>give this time to finish
If a text doesn't open, run the "second.bat" located inside the L2mfix folder

Can you repost a new Hijackthis log
Include the WHOLE log
You seemed to omit the very bottom of the log

Also, for some reason I can't edit your post

Do not change or alter the response in any way if you have

Just simply copy and paste your log back here and hit the Add reply button

Sorry, I did not notice that. There must be some sort of limit for post length. Anyways, here is the new HighjackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:29:27 AM, on 3/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\program files\support.com\bin\tgcmd.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\??chost.exe
C:\WINDOWS\System32\sysmonnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com (http://\"http://www.dellnet.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/ (http://\"http://www.dellnet.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com\")
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\System32\stlb2.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [TrayComm] TrayComm.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\furious_d\Application Data\ttuh.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Dycku] C:\WINDOWS\System32\mzsuo.exe
O4 - HKCU\..\Run: [Vodojv] C:\WINDOWS\System32\??chost.exe
O4 - HKCU\..\Run: [ESPN BottomLine] C:\Program Files\ESPN\BottomLine\bline.exe
O4 - HKCU\..\Run: [Iou8RRbtQ] rasfldr.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - Startup: DSL Connection.lnk = C:\WINDOWS\SYSTEM32\rasphone.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab\")
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab\")
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe\")
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx (http://\"http://static.topconverting.com/activex/loader2.ocx\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab\")
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} -
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (http://\"http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE96FB46-15EF-4AAD-823A-EF3053CBEC06}: NameServer = 65.43.19.26 206.141.192.60
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O23 - Service: gkfdvauchrdfi - Unknown owner - C:\WINDOWS\System32\auchrdfi\gkfdv.exe (file missing)
O23 - Service: jhmcmlykjrgve - Unknown owner - C:\WINDOWS\System32\ykjrgve\jhmcml.exe (file missing)
O23 - Service: krmoasrusxbp - Unknown owner - C:\WINDOWS\System32\srusxbp\krmoa.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: mvcmxhvyrmf - Unknown owner - C:\WINDOWS\System32\yrmf\mvcmxhv.exe (file missing)
O23 - Service: pxedminwnqsedq - Unknown owner - C:\WINDOWS\System32\nqsedq\pxedminw.exe (file missing)
O23 - Service: rxcqcvfyoihssy - Unknown owner - C:\WINDOWS\System32\yoihssy\rxcqcvf.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

This is going to look confusing, but I deleted your last response and pasting what I need back here
Alright, here are the two logs you asked for:

L2Mfix 1.03

Running From:
C:\Documents and Settings\furious_d\Desktop\l2mfix

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access    NT AUTHORITY\SYSTEM
(IO) ALLOW Full access    NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read     BUILTIN\Users
(ID-IO) ALLOW Read     BUILTIN\Users
(ID-NI) ALLOW Full access    BUILTIN\Administrators
(ID-IO) ALLOW Full access    BUILTIN\Administrators
(ID-NI) ALLOW Full access    NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access    NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access    CREATOR OWNER

Setting registry permissions:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry

Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C-------    BUILTIN\Administrators
(NI) ALLOW Full access    NT AUTHORITY\SYSTEM
(IO) ALLOW Full access    NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read     BUILTIN\Users
(ID-IO) ALLOW Read     BUILTIN\Users
(ID-NI) ALLOW Full access    BUILTIN\Administrators
(ID-IO) ALLOW Full access    BUILTIN\Administrators
(ID-NI) ALLOW Full access    NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access    NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access    CREATOR OWNER

Setting up for Reboot

Starting Reboot!

C:\Documents and Settings\furious_d\Desktop\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\furious_d\Desktop\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 936 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Error, Cannot find a process with an image name of rundll32.exe

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\cigbkend.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\czlbact.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\d6j02g1mg6.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\d8j02i1mg8.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dbmv2clt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dgvenum.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dn6u01j9e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dnns0157e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dovenum.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dsnet.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dvnet.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dvprpres.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dzvacm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\e8202ifmg82a2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\e8jm0i11e8.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en0ul1d91.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fpl2033oe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fpr2039oe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gp28l3fu1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gppsl3771.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gpr8l39u1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\h04mlah11d4.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\h22o0cf3ef2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\h8l2li3o18.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hr4o05h3e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hr6005jme.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hrns0557e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\i2060cdsef060.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\igengine.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ih6fwapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irn8l55u1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\IWSHLPR.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j44o0eh3eh4.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\JNSH400.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jt8u07l9e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\JTDW400.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jtlu0739e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k226lcfs1f26.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k6nolg5316.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\KDDIT.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\KHDGR.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\KLDYCC.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\knymgr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\KQDAL.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kt0ol7d31.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kt4sl7h71.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ktj0l71m1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ktjul7191.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ktn0l75m1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\KYDIT.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\KYDLV.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\l0j80a1ued.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\Lekodak.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lv6u09j9e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvn2095oe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lz6u09j9e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m2nq0c55ef.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MBCAT32.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MCRATELC.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MGRMSG.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MHVIDEO.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MJCBASE.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MRPATCHA.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MUCMS.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mv2ml9f11.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mvj2l91o1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n66qlgj516o.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\natcfgx.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o0ns0a57ed.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o0pq0a75ed.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o2480chuef480.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\okbcji32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\omexl32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\q4rq0e95eh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\r6r6lg9s16.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\r8p80i7ue8.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rzhx32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\s6880glue6q80.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\szhedsvc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\t8r80i9ue8.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\UGRCOINA.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ukimdmat.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\VHA64K.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wehtcpip.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wkhip6.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wladmod.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINDOWS\system32\cigbkend.dll
Successfully Deleted: C:\WINDOWS\system32\cigbkend.dll
deleting: C:\WINDOWS\system32\czlbact.dll
Successfully Deleted: C:\WINDOWS\system32\czlbact.dll
deleting: C:\WINDOWS\system32\d6j02g1mg6.dll
Successfully Deleted: C:\WINDOWS\system32\d6j02g1mg6.dll
deleting: C:\WINDOWS\system32\d8j02i1mg8.dll
Successfully Deleted: C:\WINDOWS\system32\d8j02i1mg8.dll
deleting: C:\WINDOWS\system32\dbmv2clt.dll
Successfully Deleted: C:\WINDOWS\system32\dbmv2clt.dll
deleting: C:\WINDOWS\system32\dgvenum.dll
Successfully Deleted: C:\WINDOWS\system32\dgvenum.dll
deleting: C:\WINDOWS\system32\dn6u01j9e.dll
Successfully Deleted: C:\WINDOWS\system32\dn6u01j9e.dll
deleting: C:\WINDOWS\system32\dnns0157e.dll
Successfully Deleted: C:\WINDOWS\system32\dnns0157e.dll
deleting: C:\WINDOWS\system32\dovenum.dll
Successfully Deleted: C:\WINDOWS\system32\dovenum.dll
deleting: C:\WINDOWS\system32\dsnet.dll
Successfully Deleted: C:\WINDOWS\system32\dsnet.dll
deleting: C:\WINDOWS\system32\dvnet.dll
Successfully Deleted: C:\WINDOWS\system32\dvnet.dll
deleting: C:\WINDOWS\system32\dvprpres.dll
Successfully Deleted: C:\WINDOWS\system32\dvprpres.dll
deleting: C:\WINDOWS\system32\dzvacm.dll
Successfully Deleted: C:\WINDOWS\system32\dzvacm.dll
deleting: C:\WINDOWS\system32\e8202ifmg82a2.dll
Successfully Deleted: C:\WINDOWS\system32\e8202ifmg82a2.dll
deleting: C:\WINDOWS\system32\e8jm0i11e8.dll
Successfully Deleted: C:\WINDOWS\system32\e8jm0i11e8.dll
deleting: C:\WINDOWS\system32\en0ul1d91.dll
Successfully Deleted: C:\WINDOWS\system32\en0ul1d91.dll
deleting: C:\WINDOWS\system32\fpl2033oe.dll
Successfully Deleted: C:\WINDOWS\system32\fpl2033oe.dll
deleting: C:\WINDOWS\system32\fpr2039oe.dll
Successfully Deleted: C:\WINDOWS\system32\fpr2039oe.dll
deleting: C:\WINDOWS\system32\gp28l3fu1.dll
Successfully Deleted: C:\WINDOWS\system32\gp28l3fu1.dll
deleting: C:\WINDOWS\system32\gppsl3771.dll
Successfully Deleted: C:\WINDOWS\system32\gppsl3771.dll
deleting: C:\WINDOWS\system32\gpr8l39u1.dll
Successfully Deleted: C:\WINDOWS\system32\gpr8l39u1.dll
deleting: C:\WINDOWS\system32\h04mlah11d4.dll
Successfully Deleted: C:\WINDOWS\system32\h04mlah11d4.dll
deleting: C:\WINDOWS\system32\h22o0cf3ef2.dll
Successfully Deleted: C:\WINDOWS\system32\h22o0cf3ef2.dll
deleting: C:\WINDOWS\system32\h8l2li3o18.dll
Successfully Deleted: C:\WINDOWS\system32\h8l2li3o18.dll
deleting: C:\WINDOWS\system32\hr4o05h3e.dll
Successfully Deleted: C:\WINDOWS\system32\hr4o05h3e.dll
deleting: C:\WINDOWS\system32\hr6005jme.dll
Successfully Deleted: C:\WINDOWS\system32\hr6005jme.dll
deleting: C:\WINDOWS\system32\hrns0557e.dll
Successfully Deleted: C:\WINDOWS\system32\hrns0557e.dll
deleting: C:\WINDOWS\system32\i2060cdsef060.dll
Successfully Deleted: C:\WINDOWS\system32\i2060cdsef060.dll
deleting: C:\WINDOWS\system32\igengine.dll
Successfully Deleted: C:\WINDOWS\system32\igengine.dll
deleting: C:\WINDOWS\system32\ih6fwapi.dll
Successfully Deleted: C:\WINDOWS\system32\ih6fwapi.dll
deleting: C:\WINDOWS\system32\irn8l55u1.dll
Successfully Deleted: C:\WINDOWS\system32\irn8l55u1.dll
deleting: C:\WINDOWS\system32\IWSHLPR.DLL
Successfully Deleted: C:\WINDOWS\system32\IWSHLPR.DLL
deleting: C:\WINDOWS\system32\j44o0eh3eh4.dll
Successfully Deleted: C:\WINDOWS\system32\j44o0eh3eh4.dll
deleting: C:\WINDOWS\system32\JNSH400.DLL
Successfully Deleted: C:\WINDOWS\system32\JNSH400.DLL
deleting: C:\WINDOWS\system32\jt8u07l9e.dll
Successfully Deleted: C:\WINDOWS\system32\jt8u07l9e.dll
deleting: C:\WINDOWS\system32\JTDW400.DLL
Successfully Deleted: C:\WINDOWS\system32\JTDW400.DLL
deleting: C:\WINDOWS\system32\jtlu0739e.dll
Successfully Deleted: C:\WINDOWS\system32\jtlu0739e.dll
deleting: C:\WINDOWS\system32\k226lcfs1f26.dll
Successfully Deleted: C:\WINDOWS\system32\k226lcfs1f26.dll
deleting: C:\WINDOWS\system32\k6nolg5316.dll
Successfully Deleted: C:\WINDOWS\system32\k6nolg5316.dll
deleting: C:\WINDOWS\system32\KDDIT.DLL
Successfully Deleted: C:\WINDOWS\system32\KDDIT.DLL
deleting: C:\WINDOWS\system32\KHDGR.DLL
Successfully Deleted: C:\WINDOWS\system32\KHDGR.DLL
deleting: C:\WINDOWS\system32\KLDYCC.DLL
Successfully Deleted: C:\WINDOWS\system32\KLDYCC.DLL
deleting: C:\WINDOWS\system32\knymgr.dll
Successfully Deleted: C:\WINDOWS\system32\knymgr.dll
deleting: C:\WINDOWS\system32\KQDAL.DLL
Successfully Deleted: C:\WINDOWS\system32\KQDAL.DLL
deleting: C:\WINDOWS\system32\kt0ol7d31.dll
Successfully Deleted: C:\WINDOWS\system32\kt0ol7d31.dll
deleting: C:\WINDOWS\system32\kt4sl7h71.dll
Successfully Deleted: C:\WINDOWS\system32\kt4sl7h71.dll
deleting: C:\WINDOWS\system32\ktj0l71m1.dll
Successfully Deleted: C:\WINDOWS\system32\ktj0l71m1.dll
deleting: C:\WINDOWS\system32\ktjul7191.dll
Successfully Deleted: C:\WINDOWS\system32\ktjul7191.dll
deleting: C:\WINDOWS\system32\ktn0l75m1.dll
Successfully Deleted: C:\WINDOWS\system32\ktn0l75m1.dll
deleting: C:\WINDOWS\system32\KYDIT.DLL
Successfully Deleted: C:\WINDOWS\system32\KYDIT.DLL
deleting: C:\WINDOWS\system32\KYDLV.DLL
Successfully Deleted: C:\WINDOWS\system32\KYDLV.DLL
deleting: C:\WINDOWS\system32\l0j80a1ued.dll
Successfully Deleted: C:\WINDOWS\system32\l0j80a1ued.dll
deleting: C:\WINDOWS\system32\Lekodak.dll
Successfully Deleted: C:\WINDOWS\system32\Lekodak.dll
deleting: C:\WINDOWS\system32\lv6u09j9e.dll
Successfully Deleted: C:\WINDOWS\system32\lv6u09j9e.dll
deleting: C:\WINDOWS\system32\lvn2095oe.dll
Successfully Deleted: C:\WINDOWS\system32\lvn2095oe.dll
deleting: C:\WINDOWS\system32\lz6u09j9e.dll
Successfully Deleted: C:\WINDOWS\system32\lz6u09j9e.dll
deleting: C:\WINDOWS\system32\m2nq0c55ef.dll
Successfully Deleted: C:\WINDOWS\system32\m2nq0c55ef.dll
deleting: C:\WINDOWS\system32\MBCAT32.DLL
Successfully Deleted: C:\WINDOWS\system32\MBCAT32.DLL
deleting: C:\WINDOWS\system32\MCRATELC.DLL
Successfully Deleted: C:\WINDOWS\system32\MCRATELC.DLL
deleting: C:\WINDOWS\system32\MGRMSG.DLL
Successfully Deleted: C:\WINDOWS\system32\MGRMSG.DLL
deleting: C:\WINDOWS\system32\MHVIDEO.DLL
Successfully Deleted: C:\WINDOWS\system32\MHVIDEO.DLL
deleting: C:\WINDOWS\system32\MJCBASE.DLL
Successfully Deleted: C:\WINDOWS\system32\MJCBASE.DLL
deleting: C:\WINDOWS\system32\MRPATCHA.DLL
Successfully Deleted: C:\WINDOWS\system32\MRPATCHA.DLL
deleting: C:\WINDOWS\system32\MUCMS.DLL
Successfully Deleted: C:\WINDOWS\system32\MUCMS.DLL
deleting: C:\WINDOWS\system32\mv2ml9f11.dll
Successfully Deleted: C:\WINDOWS\system32\mv2ml9f11.dll
deleting: C:\WINDOWS\system32\mvj2l91o1.dll
Successfully Deleted: C:\WINDOWS\system32\mvj2l91o1.dll
deleting: C:\WINDOWS\system32\n66qlgj516o.dll
Successfully Deleted: C:\WINDOWS\system32\n66qlgj516o.dll
deleting: C:\WINDOWS\system32\natcfgx.dll
Successfully Deleted: C:\WINDOWS\system32\natcfgx.dll
deleting: C:\WINDOWS\system32\o0ns0a57ed.dll
Successfully Deleted: C:\WINDOWS\system32\o0ns0a57ed.dll
deleting: C:\WINDOWS\system32\o0pq0a75ed.dll
Successfully Deleted: C:\WINDOWS\system32\o0pq0a75ed.dll
deleting: C:\WINDOWS\system32\o2480chuef480.dll
Successfully Deleted: C:\WINDOWS\system32\o2480chuef480.dll
deleting: C:\WINDOWS\system32\okbcji32.dll
Successfully Deleted: C:\WINDOWS\system32\okbcji32.dll
deleting: C:\WINDOWS\system32\omexl32.dll
Successfully Deleted: C:\WINDOWS\system32\omexl32.dll
deleting: C:\WINDOWS\system32\q4rq0e95eh.dll
Successfully Deleted: C:\WINDOWS\system32\q4rq0e95eh.dll
deleting: C:\WINDOWS\system32\r6r6lg9s16.dll
Successfully Deleted: C:\WINDOWS\system32\r6r6lg9s16.dll
deleting: C:\WINDOWS\system32\r8p80i7ue8.dll
Successfully Deleted: C:\WINDOWS\system32\r8p80i7ue8.dll
deleting: C:\WINDOWS\system32\rzhx32.dll
Successfully Deleted: C:\WINDOWS\system32\rzhx32.dll
deleting: C:\WINDOWS\system32\s6880glue6q80.dll
Successfully Deleted: C:\WINDOWS\system32\s6880glue6q80.dll
deleting: C:\WINDOWS\system32\szhedsvc.dll
Successfully Deleted: C:\WINDOWS\system32\szhedsvc.dll
deleting: C:\WINDOWS\system32\t8r80i9ue8.dll
Successfully Deleted: C:\WINDOWS\system32\t8r80i9ue8.dll
deleting: C:\WINDOWS\system32\UGRCOINA.DLL
Successfully Deleted: C:\WINDOWS\system32\UGRCOINA.DLL
deleting: C:\WINDOWS\system32\ukimdmat.dll
Successfully Deleted: C:\WINDOWS\system32\ukimdmat.dll
deleting: C:\WINDOWS\system32\VHA64K.DLL
Successfully Deleted: C:\WINDOWS\system32\VHA64K.DLL
deleting: C:\WINDOWS\system32\wehtcpip.dll
Successfully Deleted: C:\WINDOWS\system32\wehtcpip.dll
deleting: C:\WINDOWS\system32\wkhip6.dll
Successfully Deleted: C:\WINDOWS\system32\wkhip6.dll
deleting: C:\WINDOWS\system32\wladmod.dll
Successfully Deleted: C:\WINDOWS\system32\wladmod.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp

Desktop.ini sucessfully removed

Zipping up files for submission:
adding: cigbkend.dll (140 bytes security) (deflated 4%)
adding: czlbact.dll (140 bytes security) (deflated 5%)
adding: d6j02g1mg6.dll (140 bytes security) (deflated 5%)
adding: d8j02i1mg8.dll (140 bytes security) (deflated 4%)
adding: dbmv2clt.dll (140 bytes security) (deflated 4%)
adding: dgvenum.dll (140 bytes security) (deflated 5%)
adding: dn6u01j9e.dll (140 bytes security) (deflated 5%)
adding: dnns0157e.dll (140 bytes security) (deflated 3%)
adding: dovenum.dll (140 bytes security) (deflated 4%)
adding: dsnet.dll (140 bytes security) (deflated 5%)
adding: dvnet.dll (140 bytes security) (deflated 3%)
adding: dvprpres.dll (140 bytes security) (deflated 5%)
adding: dzvacm.dll (140 bytes security) (deflated 3%)
adding: e8202ifmg82a2.dll (140 bytes security) (deflated 4%)
adding: e8jm0i11e8.dll (140 bytes security) (deflated 4%)
adding: en0ul1d91.dll (140 bytes security) (deflated 3%)
adding: fpl2033oe.dll (140 bytes security) (deflated 4%)
adding: fpr2039oe.dll (140 bytes security) (deflated 4%)
adding: gp28l3fu1.dll (140 bytes security) (deflated 3%)
adding: gppsl3771.dll (140 bytes security) (deflated 3%)
adding: gpr8l39u1.dll (140 bytes security) (deflated 5%)
adding: h04mlah11d4.dll (140 bytes security) (deflated 3%)
adding: h22o0cf3ef2.dll (140 bytes security) (deflated 4%)
adding: h8l2li3o18.dll (140 bytes security) (deflated 3%)
adding: hr4o05h3e.dll (140 bytes security) (deflated 3%)
adding: hr6005jme.dll (140 bytes security) (deflated 5%)
adding: hrns0557e.dll (140 bytes security) (deflated 3%)
adding: i2060cdsef060.dll (140 bytes security) (deflated 4%)
adding: igengine.dll (140 bytes security) (deflated 5%)
adding: ih6fwapi.dll (140 bytes security) (deflated 5%)
adding: irn8l55u1.dll (140 bytes security) (deflated 4%)
adding: IWSHLPR.DLL (140 bytes security) (deflated 5%)
adding: j44o0eh3eh4.dll (140 bytes security) (deflated 3%)
adding: JNSH400.DLL (140 bytes security) (deflated 3%)
adding: jt8u07l9e.dll (140 bytes security) (deflated 3%)
adding: JTDW400.DLL (140 bytes security) (deflated 4%)
adding: jtlu0739e.dll (140 bytes security) (deflated 4%)
adding: k226lcfs1f26.dll (140 bytes security) (deflated 3%)
adding: k6nolg5316.dll (140 bytes security) (deflated 3%)
adding: KDDIT.DLL (140 bytes security) (deflated 5%)
adding: KHDGR.DLL (140 bytes security) (deflated 3%)
adding: KLDYCC.DLL (140 bytes security) (deflated 4%)
adding: knymgr.dll (140 bytes security) (deflated 4%)
adding: KQDAL.DLL (140 bytes security) (deflated 5%)
adding: kt0ol7d31.dll (140 bytes security) (deflated 5%)
adding: kt4sl7h71.dll (140 bytes security) (deflated 4%)
adding: ktj0l71m1.dll (140 bytes security) (deflated 4%)
adding: ktjul7191.dll (140 bytes security) (deflated 5%)
adding: ktn0l75m1.dll (140 bytes security) (deflated 4%)
adding: KYDIT.DLL (140 bytes security) (deflated 3%)
adding: KYDLV.DLL (140 bytes security) (deflated 3%)
adding: l0j80a1ued.dll (140 bytes security) (deflated 5%)
adding: Lekodak.dll (140 bytes security) (deflated 4%)
adding: lv6u09j9e.dll (140 bytes security) (deflated 4%)
adding: lvn2095oe.dll (140 bytes security) (deflated 4%)
adding: lz6u09j9e.dll (140 bytes security) (deflated 4%)
adding: m2nq0c55ef.dll (140 bytes security) (deflated 3%)
adding: MBCAT32.DLL (140 bytes security) (deflated 3%)
adding: MCRATELC.DLL (140 bytes security) (deflated 4%)
adding: MGRMSG.DLL (140 bytes security) (deflated 3%)
adding: MHVIDEO.DLL (140 bytes security) (deflated 5%)
adding: MJCBASE.DLL (140 bytes security) (deflated 4%)
adding: MRPATCHA.DLL (140 bytes security) (deflated 4%)
adding: MUCMS.DLL (140 bytes security) (deflated 5%)
adding: mv2ml9f11.dll (140 bytes security) (deflated 3%)
adding: mvj2l91o1.dll (140 bytes security) (deflated 4%)
adding: n66qlgj516o.dll (140 bytes security) (deflated 3%)
adding: natcfgx.dll (140 bytes security) (deflated 5%)
adding: o0ns0a57ed.dll (140 bytes security) (deflated 5%)
adding: o0pq0a75ed.dll (140 bytes security) (deflated 4%)
adding: o2480chuef480.dll (140 bytes security) (deflated 3%)
adding: okbcji32.dll (140 bytes security) (deflated 3%)
adding: omexl32.dll (140 bytes security) (deflated 3%)
adding: q4rq0e95eh.dll (140 bytes security) (deflated 4%)
adding: r6r6lg9s16.dll (140 bytes security) (deflated 3%)
adding: r8p80i7ue8.dll (140 bytes security) (deflated 3%)
adding: rzhx32.dll (140 bytes security) (deflated 4%)
adding: s6880glue6q80.dll (140 bytes security) (deflated 3%)
adding: szhedsvc.dll (140 bytes security) (deflated 5%)
adding: t8r80i9ue8.dll (140 bytes security) (deflated 3%)
adding: UGRCOINA.DLL (140 bytes security) (deflated 4%)
adding: ukimdmat.dll (140 bytes security) (deflated 5%)
adding: VHA64K.DLL (140 bytes security) (deflated 3%)
adding: wehtcpip.dll (140 bytes security) (deflated 5%)
adding: wkhip6.dll (140 bytes security) (deflated 3%)
adding: wladmod.dll (140 bytes security) (deflated 5%)
adding: guard.tmp (140 bytes security) (deflated 5%)
adding: clear.reg (140 bytes security) (deflated 71%)
adding: echo.reg (140 bytes security) (deflated 9%)
adding: desktop.ini (140 bytes security) (deflated 16%)
adding: direct.txt (140 bytes security) (stored 0%)
adding: lo2.txt (140 bytes security) (deflated 88%)
adding: readme.txt (140 bytes security) (deflated 49%)
adding: report.txt (140 bytes security) (deflated 76%)
adding: test.txt (140 bytes security) (deflated 83%)
adding: test2.txt (140 bytes security) (deflated 50%)
adding: test3.txt (140 bytes security) (deflated 50%)
adding: test5.txt (140 bytes security) (deflated 50%)
adding: xfind.txt (140 bytes security) (deflated 78%)
adding: backregs/04559604-8DD0-42F2-B2C0-647C368B1E5D.reg (140 bytes security) (deflated 70%)
adding: backregs/068357E5-3008-49D0-81E3-7550D7B588AB.reg (140 bytes security) (deflated 70%)
adding: backregs/069B10A8-1A6C-421D-AC31-534BA6731602.reg (140 bytes security) (deflated 70%)
adding: backregs/087767ED-0ADD-4BFB-9881-E0AB8C4F16EA.reg (140 bytes security) (deflated 70%)
adding: backregs/0FB12D48-3AAA-4C18-AFA8-5C74F7FEFB08.reg (140 bytes security) (deflated 70%)
adding: backregs/11170CCC-1677-4074-9D05-4BD3AAF3883E.reg (140 bytes security) (deflated 70%)
adding: backregs/150EDC43-CEC2-495D-BAD3-F1DDB275B52C.reg (140 bytes security) (deflated 70%)
adding: backregs/1FA2EAFA-460D-4B15-8D5F-3FFF6FE7F4B5.reg (140 bytes security) (deflated 70%)
adding: backregs/287E013E-8124-4DA1-BC56-8AD68570EDC2.reg (140 bytes security) (deflated 70%)
adding: backregs/2F754E2A-C52C-4312-96CA-1729CE4AFA46.reg (140 bytes security) (deflated 70%)
adding: backregs/3020E72D-E593-487A-B7F8-28F2215A6A85.reg (140 bytes security) (deflated 70%)
adding: backregs/3865D3E5-DB85-4A0A-8AF2-2D3F093D569E.reg (140 bytes security) (deflated 70%)
adding: backregs/3D13B78E-B62C-489D-A20C-0175DCB6F12E.reg (140 bytes security) (deflated 70%)
adding: backregs/44114228-FFF7-4568-A895-75486245A9D9.reg (140 bytes security) (deflated 70%)
adding: backregs/482210FE-D107-4DB3-A2F9-B956818456A2.reg (140 bytes security) (deflated 70%)
adding: backregs/5522FD2F-14B7-4E21-BEAB-08400BF4AD41.reg (140 bytes security) (deflated 70%)
adding: backregs/6863A670-BFE0-4956-B5D0-1538000F6ED2.reg (140 bytes security) (deflated 70%)
adding: backregs/68D0CE0D-5ACB-4992-BAE0-AC3EDD840401.reg (140 bytes security) (deflated 70%)
adding: backregs/716C9D84-28DC-4CDF-A5BE-02B9E5F3C150.reg (140 bytes security) (deflated 70%)
adding: backregs/71F72C47-A7D2-4AB2-A123-C23B2546B2FD.reg (140 bytes security) (deflated 70%)
adding: backregs/7AC7B45C-EADF-4FCB-ACF7-8E3C82C771BF.reg (140 bytes security) (deflated 70%)
adding: backregs/84CCF67F-2717-4672-A3B8-F7C1CAC1E9EA.reg (140 bytes security) (deflated 70%)
adding: backregs/8997A68B-F9AB-44E6-8A52-3EC25A216B8A.reg (140 bytes security) (deflated 70%)
adding: backregs/8C7356CB-E9E0-4A42-8869-5D6314400B48.reg (140 bytes security) (deflated 70%)
adding: backregs/A2060E0B-AF18-48C0-B691-596E23BFFCFB.reg (140 bytes security) (deflated 70%)
adding: backregs/C2F52995-C213-408C-B9EF-7F25EE8C112E.reg (140 bytes security) (deflated 70%)
adding: backregs/C8BA357E-7D18-4363-942E-33D16298307E.reg (140 bytes security) (deflated 70%)
adding: backregs/DA031F65-48E8-46F4-A4F1-9139D359366C.reg (140 bytes security) (deflated 70%)
adding: backregs/DCFFF8CE-9604-45D8-B807-76AC04694A48.reg (140 bytes security) (deflated 70%)
adding: backregs/EF83E70B-DCEA-495F-9305-8FF5284C8F5A.reg (140 bytes security) (deflated 70%)
adding: backregs/F0957821-C9A2-4E11-AD32-7024B88025D3.reg (140 bytes security) (deflated 70%)
adding: backregs/FA509C6C-5CF6-4F38-8F12-A22FC3A1EAD2.reg (140 bytes security) (deflated 70%)
adding: backregs/FDD18C40-4468-4164-B1D0-40BFA655D25A.reg (140 bytes security) (deflated 70%)
adding: backregs/notibac.reg (140 bytes security) (deflated 87%)
adding: backregs/shell.reg (140 bytes security) (deflated 73%)

Restoring Registry Permissions:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!

Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access    NT AUTHORITY\SYSTEM
(IO) ALLOW Full access    NT AUTHORITY\SYSTEM
(NI) ALLOW Full access    NT AUTHORITY\SYSTEM
(IO) ALLOW Full access    NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read     BUILTIN\Users
(ID-IO) ALLOW Read     BUILTIN\Users
(ID-NI) ALLOW Full access    BUILTIN\Administrators
(ID-IO) ALLOW Full access    BUILTIN\Administrators
(ID-NI) ALLOW Full access    NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access    NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access    CREATOR OWNER

Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful

deleting local copy: cigbkend.dll
deleting local copy: czlbact.dll
deleting local copy: d6j02g1mg6.dll
deleting local copy: d8j02i1mg8.dll
deleting local copy: dbmv2clt.dll
deleting local copy: dgvenum.dll
deleting local copy: dn6u01j9e.dll
deleting local copy: dnns0157e.dll
deleting local copy: dovenum.dll
deleting local copy: dsnet.dll
deleting local copy: dvnet.dll
deleting local copy: dvprpres.dll
deleting local copy: dzvacm.dll
deleting local copy: e8202ifmg82a2.dll
deleting local copy: e8jm0i11e8.dll
deleting local copy: en0ul1d91.dll
deleting local copy: fpl2033oe.dll
deleting local copy: fpr2039oe.dll
deleting local copy: gp28l3fu1.dll
deleting local copy: gppsl3771.dll
deleting local copy: gpr8l39u1.dll
deleting local copy: h04mlah11d4.dll
deleting local copy: h22o0cf3ef2.dll
deleting local copy: h8l2li3o18.dll
deleting local copy: hr4o05h3e.dll
deleting local copy: hr6005jme.dll
deleting local copy: hrns0557e.dll
deleting local copy: i2060cdsef060.dll
deleting local copy: igengine.dll
deleting local copy: ih6fwapi.dll
deleting local copy: irn8l55u1.dll
deleting local copy: IWSHLPR.DLL
deleting local copy: j44o0eh3eh4.dll
deleting local copy: JNSH400.DLL
deleting local copy: jt8u07l9e.dll
deleting local copy: JTDW400.DLL
deleting local copy: jtlu0739e.dll
deleting local copy: k226lcfs1f26.dll
deleting local copy: k6nolg5316.dll
deleting local copy: KDDIT.DLL
deleting local copy: KHDGR.DLL
deleting local copy: KLDYCC.DLL
deleting local copy: knymgr.dll
deleting local copy: KQDAL.DLL
deleting local copy: kt0ol7d31.dll
deleting local copy: kt4sl7h71.dll
deleting local copy: ktj0l71m1.dll
deleting local copy: ktjul7191.dll
deleting local copy: ktn0l75m1.dll
deleting local copy: KYDIT.DLL
deleting local copy: KYDLV.DLL
deleting local copy: l0j80a1ued.dll
deleting local copy: Lekodak.dll
deleting local copy: lv6u09j9e.dll
deleting local copy: lvn2095oe.dll
deleting local copy: lz6u09j9e.dll
deleting local copy: m2nq0c55ef.dll
deleting local copy: MBCAT32.DLL
deleting local copy: MCRATELC.DLL
deleting local copy: MGRMSG.DLL
deleting local copy: MHVIDEO.DLL
deleting local copy: MJCBASE.DLL
deleting local copy: MRPATCHA.DLL
deleting local copy: MUCMS.DLL
deleting local copy: mv2ml9f11.dll
deleting local copy: mvj2l91o1.dll
deleting local copy: n66qlgj516o.dll
deleting local copy: natcfgx.dll
deleting local copy: o0ns0a57ed.dll
deleting local copy: o0pq0a75ed.dll
deleting local copy: o2480chuef480.dll
deleting local copy: okbcji32.dll
deleting local copy: omexl32.dll
deleting local copy: q4rq0e95eh.dll
deleting local copy: r6r6lg9s16.dll
deleting local copy: r8p80i7ue8.dll
deleting local copy: rzhx32.dll
deleting local copy: s6880glue6q80.dll
deleting local copy: szhedsvc.dll
deleting local copy: t8r80i9ue8.dll
deleting local copy: UGRCOINA.DLL
deleting local copy: ukimdmat.dll
deleting local copy: VHA64K.DLL
deleting local copy: wehtcpip.dll
deleting local copy: wkhip6.dll
deleting local copy: wladmod.dll
deleting local copy: guard.tmp

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000

The following are the files found:
****************************************************************************
C:\WINDOWS\system32\cigbkend.dll
C:\WINDOWS\system32\czlbact.dll
C:\WINDOWS\system32\d6j02g1mg6.dll
C:\WINDOWS\system32\d8j02i1mg8.dll
C:\WINDOWS\system32\dbmv2clt.dll
C:\WINDOWS\system32\dgvenum.dll
C:\WINDOWS\system32\dn6u01j9e.dll
C:\WINDOWS\system32\dnns0157e.dll
C:\WINDOWS\system32\dovenum.dll
C:\WINDOWS\system32\dsnet.dll
C:\WINDOWS\system32\dvnet.dll
C:\WINDOWS\system32\dvprpres.dll
C:\WINDOWS\system32\dzvacm.dll
C:\WINDOWS\system32\e8202ifmg82a2.dll
C:\WINDOWS\system32\e8jm0i11e8.dll
C:\WINDOWS\system32\en0ul1d91.dll
C:\WINDOWS\system32\fpl2033oe.dll
C:\WINDOWS\system32\fpr2039oe.dll
C:\WINDOWS\system32\gp28l3fu1.dll
C:\WINDOWS\system32\gppsl3771.dll
C:\WINDOWS\system32\gpr8l39u1.dll
C:\WINDOWS\system32\h04mlah11d4.dll
C:\WINDOWS\system32\h22o0cf3ef2.dll
C:\WINDOWS\system32\h8l2li3o18.dll
C:\WINDOWS\system32\hr4o05h3e.dll
C:\WINDOWS\system32\hr6005jme.dll
C:\WINDOWS\system32\hrns0557e.dll
C:\WINDOWS\system32\i2060cdsef060.dll
C:\WINDOWS\system32\igengine.dll
C:\WINDOWS\system32\ih6fwapi.dll
C:\WINDOWS\system32\irn8l55u1.dll
C:\WINDOWS\system32\IWSHLPR.DLL
C:\WINDOWS\system32\j44o0eh3eh4.dll
C:\WINDOWS\system32\JNSH400.DLL
C:\WINDOWS\system32\jt8u07l9e.dll
C:\WINDOWS\system32\JTDW400.DLL
C:\WINDOWS\system32\jtlu0739e.dll
C:\WINDOWS\system32\k226lcfs1f26.dll
C:\WINDOWS\system32\k6nolg5316.dll
C:\WINDOWS\system32\KDDIT.DLL
C:\WINDOWS\system32\KHDGR.DLL
C:\WINDOWS\system32\KLDYCC.DLL
C:\WINDOWS\system32\knymgr.dll
C:\WINDOWS\system32\KQDAL.DLL
C:\WINDOWS\system32\kt0ol7d31.dll
C:\WINDOWS\system32\kt4sl7h71.dll
C:\WINDOWS\system32\ktj0l71m1.dll
C:\WINDOWS\system32\ktjul7191.dll
C:\WINDOWS\system32\ktn0l75m1.dll
C:\WINDOWS\system32\KYDIT.DLL
C:\WINDOWS\system32\KYDLV.DLL
C:\WINDOWS\system32\l0j80a1ued.dll
C:\WINDOWS\system32\Lekodak.dll
C:\WINDOWS\system32\lv6u09j9e.dll
C:\WINDOWS\system32\lvn2095oe.dll
C:\WINDOWS\system32\lz6u09j9e.dll
C:\WINDOWS\system32\m2nq0c55ef.dll
C:\WINDOWS\system32\MBCAT32.DLL
C:\WINDOWS\system32\MCRATELC.DLL
C:\WINDOWS\system32\MGRMSG.DLL
C:\WINDOWS\system32\MHVIDEO.DLL
C:\WINDOWS\system32\MJCBASE.DLL
C:\WINDOWS\system32\MRPATCHA.DLL
C:\WINDOWS\system32\MUCMS.DLL
C:\WINDOWS\system32\mv2ml9f11.dll
C:\WINDOWS\system32\mvj2l91o1.dll
C:\WINDOWS\system32\n66qlgj516o.dll
C:\WINDOWS\system32\natcfgx.dll
C:\WINDOWS\system32\o0ns0a57ed.dll
C:\WINDOWS\system32\o0pq0a75ed.dll
C:\WINDOWS\system32\o2480chuef480.dll
C:\WINDOWS\system32\okbcji32.dll
C:\WINDOWS\system32\omexl32.dll
C:\WINDOWS\system32\q4rq0e95eh.dll
C:\WINDOWS\system32\r6r6lg9s16.dll
C:\WINDOWS\system32\r8p80i7ue8.dll
C:\WINDOWS\system32\rzhx32.dll
C:\WINDOWS\system32\s6880glue6q80.dll
C:\WINDOWS\system32\szhedsvc.dll
C:\WINDOWS\system32\t8r80i9ue8.dll
C:\WINDOWS\system32\UGRCOINA.DLL
C:\WINDOWS\system32\ukimdmat.dll
C:\WINDOWS\system32\VHA64K.DLL
C:\WINDOWS\system32\wehtcpip.dll
C:\WINDOWS\system32\wkhip6.dll
C:\WINDOWS\system32\wladmod.dll
C:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{3865D3E5-DB85-4A0A-8AF2-2D3F093D569E}"=-
"{C2F52995-C213-408C-B9EF-7F25EE8C112E}"=-
"{150EDC43-CEC2-495D-BAD3-F1DDB275B52C}"=-
"{716C9D84-28DC-4CDF-A5BE-02B9E5F3C150}"=-
"{2F58B2C9-CC51-4E58-8E2A-169D7DA6B497}"=-
"{5522FD2F-14B7-4E21-BEAB-08400BF4AD41}"=-
"{7AC7B45C-EADF-4FCB-ACF7-8E3C82C771BF}"=-
"{8997A68B-F9AB-44E6-8A52-3EC25A216B8A}"=-
"{FDD18C40-4468-4164-B1D0-40BFA655D25A}"=-
"{C8BA357E-7D18-4363-942E-33D16298307E}"=-
"{1FA2EAFA-460D-4B15-8D5F-3FFF6FE7F4B5}"=-
"{0FB12D48-3AAA-4C18-AFA8-5C74F7FEFB08}"=-
"{04559604-8DD0-42F2-B2C0-647C368B1E5D}"=-
"{71F72C47-A7D2-4AB2-A123-C23B2546B2FD}"=-
"{287E013E-8124-4DA1-BC56-8AD68570EDC2}"=-
"{3D13B78E-B62C-489D-A20C-0175DCB6F12E}"=-
"{11170CCC-1677-4074-9D05-4BD3AAF3883E}"=-
"{087767ED-0ADD-4BFB-9881-E0AB8C4F16EA}"=-
"{6863A670-BFE0-4956-B5D0-1538000F6ED2}"=-
"{482210FE-D107-4DB3-A2F9-B956818456A2}"=-
"{068357E5-3008-49D0-81E3-7550D7B588AB}"=-
"{8C7356CB-E9E0-4A42-8869-5D6314400B48}"=-
"{DA031F65-48E8-46F4-A4F1-9139D359366C}"=-
"{FA509C6C-5CF6-4F38-8F12-A22FC3A1EAD2}"=-
"{84CCF67F-2717-4672-A3B8-F7C1CAC1E9EA}"=-
"{68D0CE0D-5ACB-4992-BAE0-AC3EDD840401}"=-
"{A2060E0B-AF18-48C0-B691-596E23BFFCFB}"=-
"{F0957821-C9A2-4E11-AD32-7024B88025D3}"=-
"{EF83E70B-DCEA-495F-9305-8FF5284C8F5A}"=-
"{2F754E2A-C52C-4312-96CA-1729CE4AFA46}"=-
"{DCFFF8CE-9604-45D8-B807-76AC04694A48}"=-
"{069B10A8-1A6C-421D-AC31-534BA6731602}"=-
"{3020E72D-E593-487A-B7F8-28F2215A6A85}"=-
"{44114228-FFF7-4568-A895-75486245A9D9}"=-
[-HKEY_CLASSES_ROOT\CLSID\{3865D3E5-DB85-4A0A-8AF2-2D3F093D569E}]
[-HKEY_CLASSES_ROOT\CLSID\{C2F52995-C213-408C-B9EF-7F25EE8C112E}]
[-HKEY_CLASSES_ROOT\CLSID\{150EDC43-CEC2-495D-BAD3-F1DDB275B52C}]
[-HKEY_CLASSES_ROOT\CLSID\{716C9D84-28DC-4CDF-A5BE-02B9E5F3C150}]
[-HKEY_CLASSES_ROOT\CLSID\{2F58B2C9-CC51-4E58-8E2A-169D7DA6B497}]
[-HKEY_CLASSES_ROOT\CLSID\{5522FD2F-14B7-4E21-BEAB-08400BF4AD41}]
[-HKEY_CLASSES_ROOT\CLSID\{7AC7B45C-EADF-4FCB-ACF7-8E3C82C771BF}]
[-HKEY_CLASSES_ROOT\CLSID\{8997A68B-F9AB-44E6-8A52-3EC25A216B8A}]
[-HKEY_CLASSES_ROOT\CLSID\{FDD18C40-4468-4164-B1D0-40BFA655D25A}]
[-HKEY_CLASSES_ROOT\CLSID\{C8BA357E-7D18-4363-942E-33D16298307E}]
[-HKEY_CLASSES_ROOT\CLSID\{1FA2EAFA-460D-4B15-8D5F-3FFF6FE7F4B5}]
[-HKEY_CLASSES_ROOT\CLSID\{0FB12D48-3AAA-4C18-AFA8-5C74F7FEFB08}]
[-HKEY_CLASSES_ROOT\CLSID\{04559604-8DD0-42F2-B2C0-647C368B1E5D}]
[-HKEY_CLASSES_ROOT\CLSID\{71F72C47-A7D2-4AB2-A123-C23B2546B2FD}]
[-HKEY_CLASSES_ROOT\CLSID\{287E013E-8124-4DA1-BC56-8AD68570EDC2}]
[-HKEY_CLASSES_ROOT\CLSID\{3D13B78E-B62C-489D-A20C-0175DCB6F12E}]
[-HKEY_CLASSES_ROOT\CLSID\{11170CCC-1677-4074-9D05-4BD3AAF3883E}]
[-HKEY_CLASSES_ROOT\CLSID\{087767ED-0ADD-4BFB-9881-E0AB8C4F16EA}]
[-HKEY_CLASSES_ROOT\CLSID\{6863A670-BFE0-4956-B5D0-1538000F6ED2}]
[-HKEY_CLASSES_ROOT\CLSID\{482210FE-D107-4DB3-A2F9-B956818456A2}]
[-HKEY_CLASSES_ROOT\CLSID\{068357E5-3008-49D0-81E3-7550D7B588AB}]
[-HKEY_CLASSES_ROOT\CLSID\{8C7356CB-E9E0-4A42-8869-5D6314400B48}]
[-HKEY_CLASSES_ROOT\CLSID\{DA031F65-48E8-46F4-A4F1-9139D359366C}]
[-HKEY_CLASSES_ROOT\CLSID\{FA509C6C-5CF6-4F38-8F12-A22FC3A1EAD2}]
[-HKEY_CLASSES_ROOT\CLSID\{84CCF67F-2717-4672-A3B8-F7C1CAC1E9EA}]
[-HKEY_CLASSES_ROOT\CLSID\{68D0CE0D-5ACB-4992-BAE0-AC3EDD840401}]
[-HKEY_CLASSES_ROOT\CLSID\{A2060E0B-AF18-48C0-B691-596E23BFFCFB}]
[-HKEY_CLASSES_ROOT\CLSID\{F0957821-C9A2-4E11-AD32-7024B88025D3}]
[-HKEY_CLASSES_ROOT\CLSID\{EF83E70B-DCEA-495F-9305-8FF5284C8F5A}]
[-HKEY_CLASSES_ROOT\CLSID\{2F754E2A-C52C-4312-96CA-1729CE4AFA46}]
[-HKEY_CLASSES_ROOT\CLSID\{DCFFF8CE-9604-45D8-B807-76AC04694A48}]
[-HKEY_CLASSES_ROOT\CLSID\{069B10A8-1A6C-421D-AC31-534BA6731602}]
[-HKEY_CLASSES_ROOT\CLSID\{3020E72D-E593-487A-B7F8-28F2215A6A85}]
[-HKEY_CLASSES_ROOT\CLSID\{44114228-FFF7-4568-A895-75486245A9D9}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
<IDone>{E4805CE5-B0B8-4500-8D40-0B38824A5647}</IDone>
<IDtwo>VT00</IDtwo>
<VERSION>200</VERSION>
****************************************************************************

--------------------------------------------------------------------------

Here's my HighjackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:15:40 AM, on 3/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\program files\support.com\bin\tgcmd.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\??chost.exe
C:\WINDOWS\System32\sysmonnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com (http://\"http://www.dellnet.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/ (http://\"http://www.dellnet.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com\")
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\System32\stlb2.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [TrayComm] TrayComm.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\furious_d\Application Data\ttuh.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Dycku] C:\WINDOWS\System32\mzsuo.exe
O4 - HKCU\..\Run: [Vodojv] C:\WINDOWS\System32\??chost.exe
O4 - HKCU\..\Run: [ESPN BottomLine] C:\Program Files\ESPN\BottomLine\bline.exe
O4 - HKCU\..\Run: [Iou8RRbtQ] rasfldr.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - Startup: DSL Connection.lnk = C:\WINDOWS\SYSTEM32\rasphone.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab\")
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab\")
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe\")
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx (http://\"http://static.topconverting.com/activex/loader2.ocx\")
O16 - DPF: {8E0D4DE5-318

Copy and paste these instructions too a Notepad file and save too your desktop

Reboot into safe mode

Go to START>>>RUN>>>type in services.msc and hit Enter
In the next window, look on the right hand side for this service
name if found---- gkfdvauchrdfi

Double click on it--- STOP the service--
In the drop down menu, change the startup type to Disabled

Do the same for these ones too
jhmcmlykjrgve
krmoasrusxbp
mvcmxhvyrmf
pxedminwnqsedq
rxcqcvfyoihssy

Access your Add/Remove programs and remove if found
BrowserAid
CashToolbar
Web Toolbar
BrowserPal

Find and delete these files or folders if found
C:\Documents and Settings\furious_d\Application Data\ttuh.exe <-file
C:\WINDOWS\System32\mzsuo.exe <-file
C:\WINDOWS\System32\??chost.exe <-file, exact name
C:\WINDOWS\System32\sysmonnt <-file
C:\WINDOWS\System32\wintask.exe <-file
C:\WINDOWS\System32\stlb2.dll <-file

C:\WINDOWS\System32\auchrdfi <-folder
C:\WINDOWS\System32\ykjrgve <-folder
C:\WINDOWS\System32\srusxbp <-folder
C:\WINDOWS\System32\yrmf <-folder
C:\WINDOWS\System32\nqsedq <-folder
C:\WINDOWS\System32\yoihssy <-folder
C:\WINDOWS\isrvs <-folder

Open Hijackthis>>Open Misc tools sections>>Open "Delete an NT Service"
Copy an paste or type into the blank box the entry below in bold
and then hit OK

gkfdvauchrdfi

Do the same for these ones too
jhmcmlykjrgve
krmoasrusxbp
mvcmxhvyrmf
pxedminwnqsedq
rxcqcvfyoihssy

Stay in safe mode

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/...//www.yahoo.com\")
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\System32\stlb2.dll

O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\furious_d\Application Data\ttuh.exe

O4 - HKCU\..\Run: [Dycku] C:\WINDOWS\System32\mzsuo.exe
O4 - HKCU\..\Run: [Vodojv] C:\WINDOWS\System32\??chost.exe

O4 - HKCU\..\Run: [Iou8RRbtQ] rasfldr.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx (http://\"http://static.topconverting.com/activex/loader2.ocx\")

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll

O23 - Service: gkfdvauchrdfi - Unknown owner - C:\WINDOWS\System32\auchrdfi\gkfdv.exe (file missing)
O23 - Service: jhmcmlykjrgve - Unknown owner - C:\WINDOWS\System32\ykjrgve\jhmcml.exe (file missing)
O23 - Service: krmoasrusxbp - Unknown owner - C:\WINDOWS\System32\srusxbp\krmoa.exe (file missing)

O23 - Service: mvcmxhvyrmf - Unknown owner - C:\WINDOWS\System32\yrmf\mvcmxhv.exe (file missing)
O23 - Service: pxedminwnqsedq - Unknown owner - C:\WINDOWS\System32\nqsedq\pxedminw.exe (file missing)
O23 - Service: rxcqcvfyoihssy - Unknown owner - C:\WINDOWS\System32\yoihssy\rxcqcvf.exe (file missing)

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Double click on iSearch.reg again and allow to merge to the registry

Run Windows CleanUp! again

Restart back to Normal mode afterwards

Don't open a browser yet, instead access Internet Options via Control Panel

=== Under the Security tab | Custom Level
Check ActiveX security settings:
Make sure that the following settings are correct:
o Download signed ActiveX controls (Prompt)
o Download unsigned ActiveX controls (Disable)
o Initialize and script ActiveX controls not marked as safe (Disable)
o Run ActiveX controls and plug-ins (Enabled)
o Script ActiveX controls marked safe for scripting (Prompt)

Post back a fresh Hijackthis log afterwards
Could you also Open Notepad (START>>>RUN>>>type in notepad) hit Enter
Copy the contents of the Code box to notepad
In Notepad click FILE>>SAVE AS

Name the file as Export.bat

Save this file on the desktop

Code: [Select]

dir C:\WINDOWS\System32\??chost.exe /a h > files.txt
notepad files.txt

Double click on Export.bat and post back the findings that open in the text file

I've already seen a dramatic improvement, but when I boot in safe mode, a lot of the entries that you told me to fix with HighjackThis aren't there and they reappear when I restart into normal mode. Do you know why this happens?

Here's my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 2:34:29 AM, on 3/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\program files\support.com\bin\tgcmd.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\??chost.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com (http://\"http://www.dellnet.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/ (http://\"http://www.dellnet.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com\")
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [TrayComm] TrayComm.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\furious_d\Application Data\ttuh.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Dycku] C:\WINDOWS\System32\mzsuo.exe
O4 - HKCU\..\Run: [Vodojv] C:\WINDOWS\System32\??chost.exe
O4 - HKCU\..\Run: [ESPN BottomLine] C:\Program Files\ESPN\BottomLine\bline.exe
O4 - HKCU\..\Run: [Iou8RRbtQ] rasfldr.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - Startup: DSL Connection.lnk = C:\WINDOWS\SYSTEM32\rasphone.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab\")
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab\")
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab\")
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} -
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (http://\"http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE96FB46-15EF-4AAD-823A-EF3053CBEC06}: NameServer = 65.43.19.26 206.141.192.60
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

---------------------------------------------------------------------------

And here's the result from the Export.bat file:

Volume in drive C has no label.
Volume Serial Number is B873-61B6

Directory of C:\WINDOWS\System32

08/29/2002 05:00 AM 12,800 svchost.exe
09/08/2004 11:36 AM 372,736 ??chost.exe
2 File(s) 385,536 bytes

Directory of C:\Documents and Settings\furious_d\Desktop

That's ok, we'll do the rest in Normal mode

===Download the The Hoster (http://\"http://members.aol.com/toadbee/hoster.zip\")
Unzip it to a folder
We'll need this later

===Download and save Elite.zip
[attachment=88:attachment]
Unzip the contents to desktop so you now have Elite.reg on the desktop
Double click on Elite.reg and allow to merge to the registry

Open Hijackthis>>Open Misc tools section>>Open Process Manager
Kill this process if found
C:\WINDOWS\System32\??chost.exe

Next: we want to delete that file
Manually navigate to your System32 folder
Your looking for this file
C:\WINDOWS\System32\??chost.exe

As you can see by the Export.bat it does exist
08/29/2002 05:00 AM 12,800 svchost.exe <--this is legit, don't delete it
09/08/2004 11:36 AM 372,736 ??chost.exe <--bad guy
2 File(s) 385,536 bytes

When looking for the file, it may not show the question marks, and may even disguise as the legitimate file svchost.exe
You will have to right click on the file and left click properties
Bad guys Date created was 09/08/2004
File size is about 372 kb in size
Don't try and delete the legit svchost.exe
As mentioned you will have to look closely for the file
The last 5 letters will be chost
I'm not sure what the first 2 will be

After that

Do another scan with Hijackthis and put a check next to these entries:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/...//www.yahoo.com\")
R3 - Default URLSearchHook is missing

O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\furious_d\Application Data\ttuh.exe

O4 - HKCU\..\Run: [Dycku] C:\WINDOWS\System32\mzsuo.exe
O4 - HKCU\..\Run: [Vodojv] C:\WINDOWS\System32\??chost.exe

O4 - HKCU\..\Run: [Iou8RRbtQ] rasfldr.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Restart your computer

Back in Windows, to ensure we got all the Gaobot infection you also had on your computer
Could you Download and save too desktop
FXGaobot.exe (http://\"http://securityresponse.symantec.com/avcenter/FxGaobot.exe\")
by Symantec's

Restart into safe mode
Run the tool and let it fix what it finds
Restart the computer back to Normal mode
Open HOSTER you unzipped earlier and click the "Restore Original Hosts" button

I would also suggest that you run an online Virus scan at Panda's
Save the report afterwards and post it back here
http://www.pandasoftware.com/activescan/co...n_principal.htm (http://\"http://www.pandasoftware.com/activescan/com/activescan_principal.htm\")

Post back a fresh Hijackthis log afterwards too

I deleted the ??chost.exe in my System32 folder. It ended up being disguised as svchost.exe, as you said. I got through the HJT step, but the link for FXGaobot doesn't seem to be working. Is there anywhere else to get it from?

Ahh, sorry about that, the infection likes too rewrite your hosts file
Can you open Hoster at this time and Restore Original hosts and try the link again

If it still doesn't work, let me know and I'll upload it for you

Thank you so much for your help so far! I ran the FXGaobot program and Hoster. Here's my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:39:19 PM, on 3/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\program files\support.com\bin\tgcmd.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com (http://\"http://www.dellnet.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/ (http://\"http://www.dellnet.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [TrayComm] TrayComm.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ESPN BottomLine] C:\Program Files\ESPN\BottomLine\bline.exe
O4 - Startup: DSL Connection.lnk = C:\WINDOWS\SYSTEM32\rasphone.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab\")
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab\")
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5/asinst.cab\")
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} -
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (http://\"http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE96FB46-15EF-4AAD-823A-EF3053CBEC06}: NameServer = 65.43.19.26 206.141.192.60
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

I had a Virus scan done at Panda's as well, I'll make a separate post for that to make sure it doesn't get cut off.

Here are the results from the online Virus scan:

Incident Status Location

Adware:Adware/PurityScan No disinfected C:\Documents and Settings\furious_d\Application Data\HGVE~1.EXE
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[cigbkend.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[czlbact.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[d6j02g1mg6.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[d8j02i1mg8.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[dbmv2clt.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[dn6u01j9e.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[dnns0157e.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[dovenum.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[dvnet.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[dvprpres.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[dzvacm.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[e8202ifmg82a2.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[e8jm0i11e8.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[en0ul1d91.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[fpl2033oe.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[fpr2039oe.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[gp28l3fu1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[gppsl3771.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[gpr8l39u1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[h04mlah11d4.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[h22o0cf3ef2.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[h8l2li3o18.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[hr4o05h3e.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[hrns0557e.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[igengine.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[ih6fwapi.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[irn8l55u1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[IWSHLPR.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[j44o0eh3eh4.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[JNSH400.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[jt8u07l9e.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[JTDW400.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[jtlu0739e.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[k226lcfs1f26.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[k6nolg5316.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[KHDGR.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[knymgr.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[kt4sl7h71.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[ktj0l71m1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[ktn0l75m1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[KYDIT.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[KYDLV.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[l0j80a1ued.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[Lekodak.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[lvn2095oe.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[lz6u09j9e.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[m2nq0c55ef.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[MBCAT32.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[MCRATELC.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[MGRMSG.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[MJCBASE.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[MRPATCHA.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[MUCMS.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[mv2ml9f11.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[mvj2l91o1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[n66qlgj516o.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[o0pq0a75ed.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[o2480chuef480.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[okbcji32.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[omexl32.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[q4rq0e95eh.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[r6r6lg9s16.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[r8p80i7ue8.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[rzhx32.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[s6880glue6q80.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[szhedsvc.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[t8r80i9ue8.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[UGRCOINA.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[ukimdmat.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[VHA64K.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[wkhip6.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[wladmod.dll]
Adware:Adware/EliteBar No disinfected C:\tb.exe
Adware:Adware/EliteBar No disinfected C:\upgradetb093.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\delprot.ini
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\hochkaod3_.ini
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\setup4002b.cab
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\setup4002b.cab[u6f6uftuc_.ini]
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\setup4002b.cab[hochkaod3_.ini]
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\setup4002b.cab[setup4002b.ini]
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\setup4002b.ini
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\u6f6uftuc_.ini
Adware:Adware/EliteBar No disinfected C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\EliteToolBar\EliteToolBar.dll
Adware:Adware/Ucmore No disinfected C:\WINDOWS\IEMenuExtension.exe
Adware:Adware/BTGrab No disinfected C:\WINDOWS\INF\btgrab.inf
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs\ffisearch.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs\isearch.xpi[isearch.jar][isearch.js]
Adware:Adware/Envolo No disinfected C:\WINDOWS\QBAux.exe
Adware:Adware/EliteBar No disinfected C:\WINDOWS\sideb.exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\508hept.exe_
Adware:Adware/Apropos No disinfected C:\WINDOWS\SYSTEM32\951libnt.exe
Adware:Adware/BroadcastPC No disinfected C:\WINDOWS\SYSTEM32\broadcastpc.exe
Adware:Adware/Apropos No disinfected C:\WINDOWS\SYSTEM32\Cache\BlazeVCM.exe
Adware:Adware/nCase No disinfected C:\WINDOWS\SYSTEM32\Cache\pop.exe
Adware:Adware/nCase No disinfected C:\WINDOWS\SYSTEM32\Cache\saie1101.exe
Adware:Adware/QoolAid No disinfected C:\WINDOWS\SYSTEM32\Cache\VCM QOOL_3.exe
Adware:Adware/TopRebates No disinfected C:\WINDOWS\SYSTEM32\Cache\WebRebates_Auto_InstallSilent.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\SYSTEM32\Cache\wrapperouter.exe
Adware:Adware/EliteBar No disinfected C:\WINDOWS\SYSTEM32\doolsav.dat
Adware:Adware/EliteBar No disinfected C:\WINDOWS\SYSTEM32\elitedoolsav.dat
Adware:Adware/Startpage.CM No disinfected C:\WINDOWS\SYSTEM32\elitetpr32.exe
Adware:Adware/Startpage.CM No disinfected C:\WINDOWS\SYSTEM32\eliteuzf32.exe
Possible Virus. No disinfected C:\WINDOWS\SYSTEM32\mssysapps\peopleonpage.exe
Adware:Adware/Apropos No disinfected C:\WINDOWS\SYSTEM32\mssysapps\vertone.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\SYSTEM32\SWRT01.dll
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\SYSTEM32\tsuninst.exe
Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\SYSTEM32\TVM_B5_Bundle_14.EXE
Adware:Adware/Apropos No disinfected C:\WINDOWS\SYSTEM32\vertone.exe
Adware:Adware/Envolo No disinfected C:\WINDOWS\Temp\AutoUpdate0\setup.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\Temp\THI65B.tmp\farmmext.cab[farmmext.inf]
Adware:Adware/IPInsight No disinfected C:\WINDOWS\Temp\THI65B.tmp\farmmext.cab[farmmext.ini]
Adware:Adware/IPInsight No disinfected C:\WINDOWS\Temp\THI65B.tmp\farmmext.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\Temp\THI65B.tmp\farmmext.ini
Adware:Adware/BTGrab No disinfected C:\WINDOWS\Temp\THI7B08.tmp\btgrab.inf

Sorry for the late reply

Can you please download and save to desktop
the Purity Scan Uninstaller from this link
http://www.purityscan.com/ps_uninstaller.exe (http://\"http://www.purityscan.com/ps_uninstaller.exe\")
Don't run it yet

Could you also download and save to desktop
FixAprop.exe by Symantec's (http://\"http://securityresponse.symantec.com/avcenter/FixAprop.exe\")
Don't run it yet

===Download and Install this small program
to help clean your temp folders,cookies,prefetch folder, recylebin
Windows Cleanup (http://\"http://www.antispyware.nextdesigns.net/installs/cleanup.php?type=exe\")
Install for now, don't run a scan yet

===Download the Pocket Killbox (http://\"http://www.downloads.subratam.org/KillBox.zip\")
UNZIP it to a folder of your choice

===Download and UNZIP to deskop Cleanup.zip
So you have Cleanup.reg on your desktop
[attachment=90:attachment]

Save the rest of these instructions too a Notepad file on desktop
close down all other windows, including this one
Leave the saved notepad file open

With ALL other windows closed, do another scan with Hijackthis and Fix Checked this entry
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} -

Run Pocket KillBox
In the Full Path of File to Delete box, copy and paste the entire line directly below in bold, do not type this in

C:\tb.exe

Select the Delete button afterwards
The Red circle and a white X
Do the same for the below entries
For any file that won't delete keep track of them, we'll need those in a bit

Do the same for these file names
C:\upgradetb093.exe
C:\WINDOWS\delprot.ini
C:\WINDOWS\Downloaded Program Files\hochkaod3_.ini
C:\WINDOWS\Downloaded Program Files\setup4002b.cab
C:\WINDOWS\Downloaded Program Files\setup4002b.cab[u6f6uftuc_.ini]
C:\WINDOWS\Downloaded Program Files\setup4002b.cab[hochkaod3_.ini]
C:\WINDOWS\Downloaded Program Files\setup4002b.cab[setup4002b.ini]
C:\WINDOWS\Downloaded Program Files\setup4002b.ini
C:\WINDOWS\Downloaded Program Files\u6f6uftuc_.ini
C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
C:\WINDOWS\EliteToolBar\EliteToolBar.dll
C:\WINDOWS\IEMenuExtension.exe
C:\WINDOWS\INF\btgrab.inf
C:\WINDOWS\isrvs\ffisearch.exe
C:\WINDOWS\isrvs\isearch.xpi[isearch.jar][isearch.js]
C:\WINDOWS\QBAux.exe
C:\WINDOWS\sideb.exe
C:\WINDOWS\SYSTEM32\508hept.exe_
C:\WINDOWS\SYSTEM32\951libnt.exe
C:\WINDOWS\SYSTEM32\broadcastpc.exe
C:\WINDOWS\SYSTEM32\Cache\BlazeVCM.exe
C:\WINDOWS\SYSTEM32\Cache\pop.exe
C:\WINDOWS\SYSTEM32\Cache\saie1101.exe
C:\WINDOWS\SYSTEM32\Cache\VCM
C:\WINDOWS\SYSTEM32\Cache\WebRebates_Auto_InstallSilent.exe
C:\WINDOWS\SYSTEM32\Cache\wrapperouter.exe
C:\WINDOWS\SYSTEM32\doolsav.dat
C:\WINDOWS\SYSTEM32\elitedoolsav.dat
C:\WINDOWS\SYSTEM32\elitetpr32.exe
C:\WINDOWS\SYSTEM32\eliteuzf32.exe
C:\WINDOWS\SYSTEM32\mssysapps\peopleonpage.exe
C:\WINDOWS\SYSTEM32\mssysapps\vertone.exe
C:\WINDOWS\SYSTEM32\SWRT01.dll
C:\WINDOWS\SYSTEM32\tsuninst.exe
C:\WINDOWS\SYSTEM32\TVM_B5_Bundle_14.EXE
C:\WINDOWS\SYSTEM32\vertone.exe
C:\WINDOWS\Temp\AutoUpdate0\setup.inf
C:\WINDOWS\Temp\THI65B.tmp\farmmext.cab[farmmext.inf]
C:\WINDOWS\Temp\THI65B.tmp\farmmext.cab[farmmext.ini]
C:\WINDOWS\Temp\THI65B.tmp\farmmext.inf
C:\WINDOWS\Temp\THI65B.tmp\farmmext.ini
C:\WINDOWS\Temp\THI7B08.tmp\btgrab.inf

For any file that won't delete
Use the Delete on Reboot radio button
When prompted to Delete on Reboot>>Click YES
If prompted to Reboot NOW>>Click NO until you have added the last
path to the file name
At which time>>Select YES to Reboot NOW

or Restart anyways
Please try and restart your computer into safe mode
You can do this by tapping the F8 key as the system is booting up on restart

Find and delete this folder
C:\WINDOWS\SYSTEM32\Cache <-folder
C:\WINDOWS\isrvs <-folder

Double click on Cleanup.reg and allow to merge to the registry

Stay in safe mode
Open Windows CleanUp!>>START>>All programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done

Restart back to Normal mode

Don't open a browser yet
run the Purity Scan uninstaller
Let it finish and then
Restart your computer
Find and delete this file if found
C:\Documents and Settings\furious_d\Application Data\HGVE~1.EXE <-file

Back in Windows
Run the FixAprop.exe Removal tool by Symantec's
Restart your computer if bad guys found
Save the log if given the option

Back in Windows
Post back a fresh Hijackthis log

Could you also
Download and save to desktop
dpf.zip
[attachment=91:attachment]
UNZIP the contents to desktop so you now have dpf.bat on the desktop
Double click on dpf.bat
It will produce a log
Copy and paste the finding back here

The FixAprop.exe found a few files that were infected and got rid of them. Thanks again for all the time you've taken to help me so far. Here's my new HighjackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 7:42:51 PM, on 3/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\program files\support.com\bin\tgcmd.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com (http://\"http://www.dellnet.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/ (http://\"http://www.dellnet.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [TrayComm] TrayComm.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ESPN BottomLine] C:\Program Files\ESPN\BottomLine\bline.exe
O4 - Startup: DSL Connection.lnk = C:\WINDOWS\SYSTEM32\rasphone.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab\")
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab\")
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5/asinst.cab\")
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (http://\"http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE96FB46-15EF-4AAD-823A-EF3053CBEC06}: NameServer = 65.43.19.26 206.141.192.60
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

------------------------------------------------------------------------------

Here's the dpf.bat log:

Volume in drive C has no label.
Volume Serial Number is B873-61B6

Directory of C:\WINDOWS\Downloaded Program Files

03/27/2005 01:39 AM <DIR> BUILTIN\Administrators .
03/27/2005 01:39 AM <DIR> BUILTIN\Administrators ..
02/23/2005 03:13 PM 199,168 JON\furious_d abasa5jrp_.exe
02/08/2005 10:52 AM 110,592 JON\furious_d asinst.dll
02/08/2005 10:54 AM 525 JON\furious_d asinst.inf
02/23/2005 07:01 PM 31,984 JON\furious_d aun_0010.exe
03/17/2005 07:10 PM <DIR> JON\furious_d CONFLICT.1
03/06/2005 10:19 PM <DIR> JON\furious_d CONFLICT.2
09/03/2002 08:57 AM 65 BUILTIN\Administrators DESKTOP.INI
10/14/1997 06:52 PM 697 BUILTIN\Administrators DirectAnimation Java Classes.osd
07/25/2002 05:13 PM 24,576 BUILTIN\Administrators dwusplay.dll
07/25/2002 05:13 PM 196,608 BUILTIN\Administrators dwusplay.exe
03/28/2002 04:05 PM 1,268 JON\furious_d erma.inf
09/09/2004 03:17 PM 65,272 JON\furious_d GDIChk.dll
09/09/2004 03:18 PM 302 JON\furious_d gdichk.inf
02/10/2005 12:28 PM 33,280 JON\furious_d hochkaod3_.exe
12/18/2003 06:18 PM 87,240 JON\furious_d IEAWSDC.DLL
12/17/2003 02:18 AM 438 JON\furious_d ieawsdc.inf
06/16/2004 05:02 AM 323,584 BUILTIN\Administrators isusweb.dll
08/25/2003 05:12 PM 1,096 JON\furious_d iuctl.inf
02/10/2005 12:30 PM 73,728 JON\furious_d lkir8l2gm_.dll
05/29/2003 02:00 PM 160,864 JON\furious_d messengerstatsclient.dll
01/20/2000 02:25 PM 1,162 BUILTIN\Administrators Microsoft XML Parser for Java.osd
05/29/2003 02:00 PM 84,064 JON\furious_d minesweeper.dll
05/29/2003 02:00 PM 77,408 JON\furious_d msgrchkr.dll
10/10/2004 01:54 PM 551 JON\furious_d OSD149F.OSD
03/13/2003 11:04 AM 45,720 JON\furious_d OUTC.DLL
01/15/2003 03:01 PM 939 JON\furious_d outc.inf
07/11/2004 08:19 PM 6,179,984 JON\furious_d QuickTimeInstallCache.qdat
12/08/2003 01:58 PM 3,759 JON\furious_d swflash.inf
02/25/2005 03:34 PM 56,320 JON\furious_d u6f6uftuc_.exe
04/17/2000 01:04 PM 3,072 JON\furious_d voxacm.inf
06/30/2003 09:41 PM 1,689 JON\furious_d WMV9VCM.inf
11/07/2004 03:29 PM 1,206 JON\furious_d yinst.inf
30 File(s) 7,767,161 bytes
4 Dir(s) 49,542,418,432 bytes free

Just some final cleanup
Download and save Elite.zip from HERE (http://\"http://www.thetechguide.com/forum/index.php?act=Attach&type=post&id=93\")
UNZIP the contents so you now have Elite.reg and LQfix.bat on your desktop

Go to START>>RUN>>type in cmd
Hit OK

At the prompt type this
cd C:\WINDOWS\Downloaded Program Files (Hit Enter on the keyboard)
del abasa5jrp_.exe (Enter)
del hochkaod3_.exe (Enter)
del lkir8l2gm_.dll (Enter)
del u6f6uftuc_.exe (Enter)
Rmdir /s CONFLICT.1 (Enter)
Rmdir /s CONFLICT.2 (Enter)
exit (Enter)

Notice the single spaces after cd and del
Also notice them in the 2 conflict directories
Eg...= will be a single space
Rmdir=/s=CONFLICT.1

Double click on Elite.reg and allow to merge to the registry
Double click on LQfix.bat>>A dos window will open and close quickly, this is normal

Restart your computer

If everything is running better

You should clear your System Restore points
disable system restore---restart your computer--enable system restore
This will clear all your restore points and ensure you don't restore any nasties
Once reenabled it will create a fresh restore point
How to Disable and Re-enable System Restore feature (http://\"http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm\")

Once back in Windows and System Restore is reenabled

You should set up protection against future attacks

SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")

IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial (http://\"http://www.bleepingcomputer.com/forums/index.php?showtutorial=53\")
Download link (http://\"https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD\")

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply enable all protection

My computer is working great now, but before I clear my System Restore -- for some reason there's still this "Web Offer" entry in my Add/Remove Programs list. Whenever I click to remove this, nothing happens and it stays there. Is it still on my computer, or is there some other reason the entry won't go away?

^^^Sorry, I forgot to log in.

If you see this folder, delete it

C:\Program Files\Web Offer <--this folder

That entry in your add/Remove programs could be a left over
Open Hijackthis>>Open Misc Tools section>>Open Uninstall manager
Highlight Web Offer
and delete the Entry

Alright, I'll make sure I keep those programs updated and I'll take more precautions to make sure I don't have any more serious infections. I have to thank you one final time for all of the time you took to help me solve this problem.

I'll lock this topic as your problems appear resolved
If you need it reopened, please PM a Mod or the site Admin and supply a link
to this thread

take care

/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

TheTechGuide Forum

General Category => Tech Clinic => Topic started by: snoogans on March 24, 2005, 10:48:01 PM