Page 1 of 4 1234 LastLast
Results 1 to 10 of 32

Thread: look2me/ guard.tmp/ command service etc

  1. #1
    Junior Member
    Join Date
    Nov 2006
    Posts
    24

    Cool look2me/ guard.tmp/ command service etc

    I have some spyware on my Pc and I don’t know how to get rid of it. I was going to reformat the C drive and reinstall windows, but I’ve borrowed two external hard drives from people and my PC doesn’t like either of them. It says the file system is RAW and that the device cannot be accessed because of an I/O error. I have two hard drives, C for program files and assorted necessities, and a D drive because I record a lot of music, using Cubase. Do pc’s not like too many drives?

    When I run Ad-Aware and Spybot scans I always find the same files: guard.tmp, cmdservice, and always a randomly named file in system 32 that’s something to with look2me. None of these can be deleted. I’ve mucked about with my security settings to try to help but I don’t really know what I’m doing, and now I can’t seem to run an online scan – perhaps I’ve blocked that somehow.

    Symptoms: Slow startup, slow surfing, random popups. At first they were just annoying but we’ve had porn ones now – my kids use the pc so I need this sorted. Now I can’t open any icons on the desktop, including internet explorer and my computer. If I try everything disappears then comes back as if I’m restarting explorer. I tried a system restore but the problem hasn’t gone away.

    I’m using MSN explore now which seems to be working fine – and I haven’t had any popups today. Mmm…

    There are other niggly things too. Here is the latest hijackthis log. Please help.

    regards

    Shorn


    Logfile of HijackThis v1.99.1
    Scan saved at 11:02:48, on 26/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    D:\UPDATE_FILES\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe"
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

  2. #2
    Expert-Emeritus illukka's Avatar
    Join Date
    Nov 2005
    Location
    The Pits Of Hell
    Posts
    1,289

    Default

    hi

    i want you to do another hijackthis scan, only this time right click hijackthis before scanning, select "rename"
    rename it to scanner

    then doubleclick scanner.exe to launch it, perform another scan and post the resulting logfile here
    I Am A Proud Member of ASAP Since 2004

    To Ride, Shoot Straight And Speak TheTruth

    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!

  3. #3
    Junior Member
    Join Date
    Nov 2006
    Posts
    24

    Default scanner log

    hope this is right

    thanks

    Stewart

    Logfile of HijackThis v1.99.1
    Scan saved at 00:11:58, on 29/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\MSNMES~1\msnmsgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    D:\UPDATE_FILES\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\noiffvuj.dll
    O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
    O2 - BHO: (no name) - {84D17891-1C72-4489-8797-A46632F6FF80} - C:\WINDOWS\system32\mwytxvwa.dll
    O2 - BHO: (no name) - {DC11CDED-814C-4BB5-BACC-C7D317C18204} - C:\WINDOWS\repair\natiibn.dll
    O2 - BHO: (no name) - {FC69FAC6-1D49-4723-AB15-3A97D285E12D} - C:\WINDOWS\repair\natiibn.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe"
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
    O20 - Winlogon Notify: natiibn - C:\WINDOWS\repair\natiibn.dll
    O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\en8ul1l91.dll (file missing)
    O20 - Winlogon Notify: Run - C:\WINDOWS\system32\jt2207foe.dll
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

  4. #4
    Expert-Emeritus illukka's Avatar
    Join Date
    Nov 2005
    Location
    The Pits Of Hell
    Posts
    1,289

    Default

    hi

    that was right on, and it revealed the infections i suspected--

    1. Download this file - combofix.exe
    be sure to save it to your desktop!

    2. then click start > run > and copy/paste the following command into the box

    "%userprofile\desktop\combofix.exe" /v noiffvuj mwytxvwa natiibn



    3. When finished, it shall produce a log for you. Post that log in your next reply


    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    "%userprofile\desktop\combofix.exe" /v
    I Am A Proud Member of ASAP Since 2004

    To Ride, Shoot Straight And Speak TheTruth

    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!

  5. #5
    Junior Member
    Join Date
    Nov 2006
    Posts
    24

    Default combofix log

    Here we are. It's a bit big, I have to split it over several posts. S


    Stewart - 06-11-29 21:11:42.97 Service Pack 2
    ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Stewart\Desktop"

    ((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

    REGISTRY ENTRIES REMOVED:

    [HKEY_CLASSES_ROOT\clsid\{0715BD10-73A3-43DA-B43F-3063AF9D2805}]
    @=""
    "IDEx"="ADDR"

    [HKEY_CLASSES_ROOT\clsid\{0715BD10-73A3-43DA-B43F-3063AF9D2805}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{0715BD10-73A3-43DA-B43F-3063AF9D2805}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{0715BD10-73A3-43DA-B43F-3063AF9D2805}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mdutilse.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{B024B1B6-5740-4B57-A9CD-F0073064B30B}]
    @=""
    "IDEx"="ADDR"

    [HKEY_CLASSES_ROOT\clsid\{B024B1B6-5740-4B57-A9CD-F0073064B30B}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{B024B1B6-5740-4B57-A9CD-F0073064B30B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{B024B1B6-5740-4B57-A9CD-F0073064B30B}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mqtlsapi.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{82FC3101-A10A-4D42-8313-312F7A276A88}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{82FC3101-A10A-4D42-8313-312F7A276A88}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{82FC3101-A10A-4D42-8313-312F7A276A88}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{82FC3101-A10A-4D42-8313-312F7A276A88}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mrhtmled.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{D44AD208-B09B-4E12-959E-E56501831DC3}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{D44AD208-B09B-4E12-959E-E56501831DC3}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{D44AD208-B09B-4E12-959E-E56501831DC3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{D44AD208-B09B-4E12-959E-E56501831DC3}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mxtime.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{306C8E9C-E5AE-4A37-921E-4C3066E1D3F1}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{306C8E9C-E5AE-4A37-921E-4C3066E1D3F1}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{306C8E9C-E5AE-4A37-921E-4C3066E1D3F1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{306C8E9C-E5AE-4A37-921E-4C3066E1D3F1}\InprocServer32]
    @="C:\\WINDOWS\\system32\\drskcopy.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{08CFE932-0640-4DE5-B090-BCF458D9645A}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{08CFE932-0640-4DE5-B090-BCF458D9645A}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{08CFE932-0640-4DE5-B090-BCF458D9645A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{08CFE932-0640-4DE5-B090-BCF458D9645A}\InprocServer32]
    @="C:\\WINDOWS\\system32\\pbgfilt.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{EA301F74-3BB9-42E6-BD2A-E7EB51125253}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{EA301F74-3BB9-42E6-BD2A-E7EB51125253}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{EA301F74-3BB9-42E6-BD2A-E7EB51125253}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{EA301F74-3BB9-42E6-BD2A-E7EB51125253}\InprocServer32]
    @="C:\\WINDOWS\\system32\\event97.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{1D9FA18A-9933-41AC-9BAB-6E36676C1DF8}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{1D9FA18A-9933-41AC-9BAB-6E36676C1DF8}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{1D9FA18A-9933-41AC-9BAB-6E36676C1DF8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{1D9FA18A-9933-41AC-9BAB-6E36676C1DF8}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wmbhits.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{529BD013-065B-4153-827F-2903A22106EE}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{529BD013-065B-4153-827F-2903A22106EE}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{529BD013-065B-4153-827F-2903A22106EE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{529BD013-065B-4153-827F-2903A22106EE}\InprocServer32]
    @="C:\\WINDOWS\\system32\\saarddlg.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{2F86397E-EAD1-4A72-910A-781D3D756BE8}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{2F86397E-EAD1-4A72-910A-781D3D756BE8}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{2F86397E-EAD1-4A72-910A-781D3D756BE8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{2F86397E-EAD1-4A72-910A-781D3D756BE8}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ueimdmat.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{BF9E72F2-B58F-468A-B038-CABE1952AF4F}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{BF9E72F2-B58F-468A-B038-CABE1952AF4F}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{BF9E72F2-B58F-468A-B038-CABE1952AF4F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{BF9E72F2-B58F-468A-B038-CABE1952AF4F}\InprocServer32]
    @="C:\\WINDOWS\\system32\\sxhannel.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{BA5BA35F-9008-43EB-B174-A268C762D763}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{BA5BA35F-9008-43EB-B174-A268C762D763}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{BA5BA35F-9008-43EB-B174-A268C762D763}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{BA5BA35F-9008-43EB-B174-A268C762D763}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ef66l1js1.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{B523299D-1478-4EC0-8A2E-BC83271E2DC9}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{B523299D-1478-4EC0-8A2E-BC83271E2DC9}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{B523299D-1478-4EC0-8A2E-BC83271E2DC9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{B523299D-1478-4EC0-8A2E-BC83271E2DC9}\InprocServer32]
    @="C:\\WINDOWS\\system32\\aostream.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{B45E0CFF-56C9-48BE-B3C5-86EDCFB5A101}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{B45E0CFF-56C9-48BE-B3C5-86EDCFB5A101}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{B45E0CFF-56C9-48BE-B3C5-86EDCFB5A101}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{B45E0CFF-56C9-48BE-B3C5-86EDCFB5A101}\InprocServer32]
    @="C:\\WINDOWS\\system32\\sqlfx.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{F873640C-BD50-4BCB-BC53-8A6215C429D3}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{F873640C-BD50-4BCB-BC53-8A6215C429D3}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{F873640C-BD50-4BCB-BC53-8A6215C429D3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{F873640C-BD50-4BCB-BC53-8A6215C429D3}\InprocServer32]
    @="C:\\WINDOWS\\system32\\nysdexts.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{553AE8E2-2CAA-4FF8-A680-2955CC99FE05}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{553AE8E2-2CAA-4FF8-A680-2955CC99FE05}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{553AE8E2-2CAA-4FF8-A680-2955CC99FE05}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{553AE8E2-2CAA-4FF8-A680-2955CC99FE05}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mnvcp60.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{BDFFBB30-74EE-4CED-9F5E-730BF0CA0735}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{BDFFBB30-74EE-4CED-9F5E-730BF0CA0735}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{BDFFBB30-74EE-4CED-9F5E-730BF0CA0735}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{BDFFBB30-74EE-4CED-9F5E-730BF0CA0735}\InprocServer32]
    @="C:\\WINDOWS\\system32\\amicap32.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{9554D3B7-822C-42C0-8265-FC42C9F441E3}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{9554D3B7-822C-42C0-8265-FC42C9F441E3}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{9554D3B7-822C-42C0-8265-FC42C9F441E3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{9554D3B7-822C-42C0-8265-FC42C9F441E3}\InprocServer32]
    @="C:\\WINDOWS\\system32\\eys.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{F8B81EAD-7722-4B4C-B038-CDC339A6BF69}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{F8B81EAD-7722-4B4C-B038-CDC339A6BF69}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{F8B81EAD-7722-4B4C-B038-CDC339A6BF69}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{F8B81EAD-7722-4B4C-B038-CDC339A6BF69}\InprocServer32]
    @="C:\\WINDOWS\\system32\\cWtsrvut.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{12C304E3-5CCD-4911-8375-E63DEF2C0140}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{12C304E3-5CCD-4911-8375-E63DEF2C0140}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{12C304E3-5CCD-4911-8375-E63DEF2C0140}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{12C304E3-5CCD-4911-8375-E63DEF2C0140}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{FBD400FB-A558-464F-95EC-25B97BE46EDE}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{FBD400FB-A558-464F-95EC-25B97BE46EDE}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{FBD400FB-A558-464F-95EC-25B97BE46EDE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{FBD400FB-A558-464F-95EC-25B97BE46EDE}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mzxclu.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{2C76E83E-892D-40C5-8A24-9E83AE7E901D}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{2C76E83E-892D-40C5-8A24-9E83AE7E901D}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{2C76E83E-892D-40C5-8A24-9E83AE7E901D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{2C76E83E-892D-40C5-8A24-9E83AE7E901D}\InprocServer32]
    @="C:\\WINDOWS\\system32\\udrsdpia.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{7654FBFD-9200-4DCE-8A8C-B1FBEB262287}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{7654FBFD-9200-4DCE-8A8C-B1FBEB262287}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{7654FBFD-9200-4DCE-8A8C-B1FBEB262287}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{7654FBFD-9200-4DCE-8A8C-B1FBEB262287}\InprocServer32]
    @="C:\\WINDOWS\\system32\\nmtui1.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{072D79B9-496D-4B97-9DEF-1D84028236FE}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{072D79B9-496D-4B97-9DEF-1D84028236FE}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{072D79B9-496D-4B97-9DEF-1D84028236FE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{072D79B9-496D-4B97-9DEF-1D84028236FE}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{57D45B7D-CF5B-47FD-8C2A-8E5FE5A329F2}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{57D45B7D-CF5B-47FD-8C2A-8E5FE5A329F2}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{57D45B7D-CF5B-47FD-8C2A-8E5FE5A329F2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{57D45B7D-CF5B-47FD-8C2A-8E5FE5A329F2}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dwskadp.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{22513F7F-D4A0-4000-B692-AB0667811C61}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{22513F7F-D4A0-4000-B692-AB0667811C61}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{22513F7F-D4A0-4000-B692-AB0667811C61}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{22513F7F-D4A0-4000-B692-AB0667811C61}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{0A8460FB-AAD5-4941-8170-E7BB13B4E43A}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{0A8460FB-AAD5-4941-8170-E7BB13B4E43A}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{0A8460FB-AAD5-4941-8170-E7BB13B4E43A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{0A8460FB-AAD5-4941-8170-E7BB13B4E43A}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mesign32.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{AB9C814C-31CC-4C49-944B-4B2BA6BBD550}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{AB9C814C-31CC-4C49-944B-4B2BA6BBD550}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{AB9C814C-31CC-4C49-944B-4B2BA6BBD550}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{AB9C814C-31CC-4C49-944B-4B2BA6BBD550}\InprocServer32]
    @="C:\\WINDOWS\\system32\\myihnd.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{74A2F35B-039F-402D-81A2-E97C9182B0DF}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{74A2F35B-039F-402D-81A2-E97C9182B0DF}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{74A2F35B-039F-402D-81A2-E97C9182B0DF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{74A2F35B-039F-402D-81A2-E97C9182B0DF}\InprocServer32]
    @="C:\\WINDOWS\\system32\\izxrtmgr.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{B7380D4C-4D3F-485F-B730-5340D499A00F}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{B7380D4C-4D3F-485F-B730-5340D499A00F}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{B7380D4C-4D3F-485F-B730-5340D499A00F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{B7380D4C-4D3F-485F-B730-5340D499A00F}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wlv8dmod.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{160CE84A-C641-4F99-965E-0BE5ECAF1D25}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{160CE84A-C641-4F99-965E-0BE5ECAF1D25}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{160CE84A-C641-4F99-965E-0BE5ECAF1D25}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{160CE84A-C641-4F99-965E-0BE5ECAF1D25}\InprocServer32]
    @="C:\\WINDOWS\\system32\\cpmsvcs.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{56ABAB7F-90E3-4FC6-8FAC-D96C8CCA67B4}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{56ABAB7F-90E3-4FC6-8FAC-D96C8CCA67B4}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{56ABAB7F-90E3-4FC6-8FAC-D96C8CCA67B4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{56ABAB7F-90E3-4FC6-8FAC-D96C8CCA67B4}\InprocServer32]
    @="C:\\WINDOWS\\system32\\muencode.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{71B46EE6-B69A-4EB6-A224-4E10922A8BE8}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{71B46EE6-B69A-4EB6-A224-4E10922A8BE8}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{71B46EE6-B69A-4EB6-A224-4E10922A8BE8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{71B46EE6-B69A-4EB6-A224-4E10922A8BE8}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mrorcl32.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{DF3CADDC-FC79-4B0F-8D28-DDBD1E29C269}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{DF3CADDC-FC79-4B0F-8D28-DDBD1E29C269}\Implemented Categories]
    @=""

  6. #6
    Junior Member
    Join Date
    Nov 2006
    Posts
    24

    Default log contd

    [HKEY_CLASSES_ROOT\clsid\{DF3CADDC-FC79-4B0F-8D28-DDBD1E29C269}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{DF3CADDC-FC79-4B0F-8D28-DDBD1E29C269}\InprocServer32]
    @="C:\\WINDOWS\\system32\\rGcpldlg.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{25F32BBB-5172-4FEB-B326-8E3061570F04}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{25F32BBB-5172-4FEB-B326-8E3061570F04}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{25F32BBB-5172-4FEB-B326-8E3061570F04}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{25F32BBB-5172-4FEB-B326-8E3061570F04}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wkhtcpip.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{56D725AA-8576-460B-89AF-F04574CB7BCD}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{56D725AA-8576-460B-89AF-F04574CB7BCD}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{56D725AA-8576-460B-89AF-F04574CB7BCD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{56D725AA-8576-460B-89AF-F04574CB7BCD}\InprocServer32]
    @="C:\\WINDOWS\\system32\\xTctsrv.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{1E197EE4-BD6D-461D-93F6-7417207F9999}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{1E197EE4-BD6D-461D-93F6-7417207F9999}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{1E197EE4-BD6D-461D-93F6-7417207F9999}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{1E197EE4-BD6D-461D-93F6-7417207F9999}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{830DE4B2-84FB-4C15-BD18-31B463F46E60}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{830DE4B2-84FB-4C15-BD18-31B463F46E60}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{830DE4B2-84FB-4C15-BD18-31B463F46E60}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{830DE4B2-84FB-4C15-BD18-31B463F46E60}\InprocServer32]
    @="C:\\WINDOWS\\system32\\czmaddin.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{BF47DE4F-882E-4E28-A221-12E071211C83}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{BF47DE4F-882E-4E28-A221-12E071211C83}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{BF47DE4F-882E-4E28-A221-12E071211C83}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{BF47DE4F-882E-4E28-A221-12E071211C83}\InprocServer32]
    @="C:\\WINDOWS\\system32\\drocx.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{B7621E48-9559-4752-B9B2-39B2D138BBD7}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{B7621E48-9559-4752-B9B2-39B2D138BBD7}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{B7621E48-9559-4752-B9B2-39B2D138BBD7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{B7621E48-9559-4752-B9B2-39B2D138BBD7}\InprocServer32]
    @="C:\\WINDOWS\\system32\\kfdir.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{13B7B2F3-3801-4015-86C9-C859BD3883D8}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{13B7B2F3-3801-4015-86C9-C859BD3883D8}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{13B7B2F3-3801-4015-86C9-C859BD3883D8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{13B7B2F3-3801-4015-86C9-C859BD3883D8}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{0DAE7718-2178-4A1F-8F6E-D9D5304338FA}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{0DAE7718-2178-4A1F-8F6E-D9D5304338FA}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{0DAE7718-2178-4A1F-8F6E-D9D5304338FA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{0DAE7718-2178-4A1F-8F6E-D9D5304338FA}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mvmtapi.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{2714F8A2-9913-4A67-8515-3201B5ED949E}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{2714F8A2-9913-4A67-8515-3201B5ED949E}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{2714F8A2-9913-4A67-8515-3201B5ED949E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{2714F8A2-9913-4A67-8515-3201B5ED949E}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{26B7C83D-C27A-4557-9D0B-13D34FE75A28}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{26B7C83D-C27A-4557-9D0B-13D34FE75A28}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{26B7C83D-C27A-4557-9D0B-13D34FE75A28}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{26B7C83D-C27A-4557-9D0B-13D34FE75A28}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dalayx.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{0A8F9F15-686C-4C9E-8919-AE522C913DAB}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{0A8F9F15-686C-4C9E-8919-AE522C913DAB}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{0A8F9F15-686C-4C9E-8919-AE522C913DAB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{0A8F9F15-686C-4C9E-8919-AE522C913DAB}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{563202AA-AB4A-401B-A475-171076CBC512}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{563202AA-AB4A-401B-A475-171076CBC512}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{563202AA-AB4A-401B-A475-171076CBC512}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{563202AA-AB4A-401B-A475-171076CBC512}\InprocServer32]
    @="C:\\WINDOWS\\system32\\nkevtmsg.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{9364D38E-80FB-410F-8403-051C95842E5A}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{9364D38E-80FB-410F-8403-051C95842E5A}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{9364D38E-80FB-410F-8403-051C95842E5A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{9364D38E-80FB-410F-8403-051C95842E5A}\InprocServer32]
    @="C:\\WINDOWS\\system32\\amvapi32.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{3B2DB45F-889A-4951-A03B-3BFDDB9B611F}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{3B2DB45F-889A-4951-A03B-3BFDDB9B611F}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{3B2DB45F-889A-4951-A03B-3BFDDB9B611F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{3B2DB45F-889A-4951-A03B-3BFDDB9B611F}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mur2cenu.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{35CE0589-91FA-407E-A445-98555B1DD9BD}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{35CE0589-91FA-407E-A445-98555B1DD9BD}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{35CE0589-91FA-407E-A445-98555B1DD9BD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{35CE0589-91FA-407E-A445-98555B1DD9BD}\InprocServer32]
    @="C:\\WINDOWS\\system32\\MJC71ENU.DLL"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{C05F3712-0DAC-46F5-92CA-28A7FA487DD4}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{C05F3712-0DAC-46F5-92CA-28A7FA487DD4}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{C05F3712-0DAC-46F5-92CA-28A7FA487DD4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{C05F3712-0DAC-46F5-92CA-28A7FA487DD4}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ikv6mon.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{9580299B-98D0-4548-B229-C280DCA7ACF5}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{9580299B-98D0-4548-B229-C280DCA7ACF5}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{9580299B-98D0-4548-B229-C280DCA7ACF5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{9580299B-98D0-4548-B229-C280DCA7ACF5}\InprocServer32]
    @="C:\\WINDOWS\\system32\\akmparse.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{F9B25F5C-55F7-4C03-BDDE-C9CC867C9550}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{F9B25F5C-55F7-4C03-BDDE-C9CC867C9550}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{F9B25F5C-55F7-4C03-BDDE-C9CC867C9550}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{F9B25F5C-55F7-4C03-BDDE-C9CC867C9550}\InprocServer32]
    @="C:\\WINDOWS\\system32\\hFlu0539e.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{51BA42BA-C3C0-44B1-A6DD-F88594086599}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{51BA42BA-C3C0-44B1-A6DD-F88594086599}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{51BA42BA-C3C0-44B1-A6DD-F88594086599}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{51BA42BA-C3C0-44B1-A6DD-F88594086599}\InprocServer32]
    @="C:\\WINDOWS\\system32\\agao09f3e.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{F85FD67B-62AC-4F46-A384-FE69F69AD22A}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{F85FD67B-62AC-4F46-A384-FE69F69AD22A}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{F85FD67B-62AC-4F46-A384-FE69F69AD22A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{F85FD67B-62AC-4F46-A384-FE69F69AD22A}\InprocServer32]
    @="C:\\WINDOWS\\system32\\qaartz.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{D6D189FC-1019-48AD-B6E4-D9F7C01DCADF}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{D6D189FC-1019-48AD-B6E4-D9F7C01DCADF}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{D6D189FC-1019-48AD-B6E4-D9F7C01DCADF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{D6D189FC-1019-48AD-B6E4-D9F7C01DCADF}\InprocServer32]
    @="C:\\WINDOWS\\system32\\rfutils.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{F192788C-4761-42E6-8A25-A49A7B807696}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{F192788C-4761-42E6-8A25-A49A7B807696}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{F192788C-4761-42E6-8A25-A49A7B807696}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{F192788C-4761-42E6-8A25-A49A7B807696}\InprocServer32]
    @="C:\\WINDOWS\\system32\\izircl.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{B7D12971-B131-4BC7-9A79-CB48541ECFA3}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{B7D12971-B131-4BC7-9A79-CB48541ECFA3}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{B7D12971-B131-4BC7-9A79-CB48541ECFA3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{B7D12971-B131-4BC7-9A79-CB48541ECFA3}\InprocServer32]
    @="C:\\WINDOWS\\system32\\njwmsdrm.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{20793309-8BB1-4716-A056-65E6F0EB2080}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{20793309-8BB1-4716-A056-65E6F0EB2080}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{20793309-8BB1-4716-A056-65E6F0EB2080}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{20793309-8BB1-4716-A056-65E6F0EB2080}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{7CF7EA34-F75F-4F34-B1EF-126B40EE6E25}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{7CF7EA34-F75F-4F34-B1EF-126B40EE6E25}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{7CF7EA34-F75F-4F34-B1EF-126B40EE6E25}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{7CF7EA34-F75F-4F34-B1EF-126B40EE6E25}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dhnksfxm.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{98955577-63AD-4F7A-B19A-F22896B09EF3}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{98955577-63AD-4F7A-B19A-F22896B09EF3}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{98955577-63AD-4F7A-B19A-F22896B09EF3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{98955577-63AD-4F7A-B19A-F22896B09EF3}\InprocServer32]
    @="C:\\WINDOWS\\system32\\donaddr.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{3F6355BE-FED7-4C08-A30B-DFCC85C21CA4}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{3F6355BE-FED7-4C08-A30B-DFCC85C21CA4}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{3F6355BE-FED7-4C08-A30B-DFCC85C21CA4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{3F6355BE-FED7-4C08-A30B-DFCC85C21CA4}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{188EA058-2FDE-4467-BA7D-F3D7977F40F9}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{188EA058-2FDE-4467-BA7D-F3D7977F40F9}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{188EA058-2FDE-4467-BA7D-F3D7977F40F9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{188EA058-2FDE-4467-BA7D-F3D7977F40F9}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mlmefilt.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{4E0B2B4A-780E-416C-84D8-6AD22D6F8D14}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{4E0B2B4A-780E-416C-84D8-6AD22D6F8D14}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{4E0B2B4A-780E-416C-84D8-6AD22D6F8D14}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{4E0B2B4A-780E-416C-84D8-6AD22D6F8D14}\InprocServer32]
    @="C:\\WINDOWS\\system32\\jLvaprxy.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{58E83CBF-84E1-4176-BF52-AA74EE43DCF2}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{58E83CBF-84E1-4176-BF52-AA74EE43DCF2}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{58E83CBF-84E1-4176-BF52-AA74EE43DCF2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{58E83CBF-84E1-4176-BF52-AA74EE43DCF2}\InprocServer32]
    @="C:\\WINDOWS\\system32\\cHmocx.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{6B96E708-FB34-4220-A266-0F17CEC22299}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{6B96E708-FB34-4220-A266-0F17CEC22299}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{6B96E708-FB34-4220-A266-0F17CEC22299}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{6B96E708-FB34-4220-A266-0F17CEC22299}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wmavusd.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{A180FF5B-65FC-4FF7-8547-09230D71A757}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{A180FF5B-65FC-4FF7-8547-09230D71A757}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{A180FF5B-65FC-4FF7-8547-09230D71A757}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{A180FF5B-65FC-4FF7-8547-09230D71A757}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mnsnap.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{D23F61CA-6434-4508-82B5-62C08963A02E}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{D23F61CA-6434-4508-82B5-62C08963A02E}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{D23F61CA-6434-4508-82B5-62C08963A02E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{D23F61CA-6434-4508-82B5-62C08963A02E}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dv0m01d1e.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{5043BBB1-5138-4B96-A99A-E8A754475BD5}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{5043BBB1-5138-4B96-A99A-E8A754475BD5}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{5043BBB1-5138-4B96-A99A-E8A754475BD5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{5043BBB1-5138-4B96-A99A-E8A754475BD5}\InprocServer32]
    @="C:\\WINDOWS\\system32\\drdskmgr.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{4837F8D4-3806-40D9-B249-B5F7474F3379}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{4837F8D4-3806-40D9-B249-B5F7474F3379}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{4837F8D4-3806-40D9-B249-B5F7474F3379}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{4837F8D4-3806-40D9-B249-B5F7474F3379}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wqdmps.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{27FD5E13-F952-4FEA-B72E-A1A64AAA4009}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{27FD5E13-F952-4FEA-B72E-A1A64AAA4009}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{27FD5E13-F952-4FEA-B72E-A1A64AAA4009}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{27FD5E13-F952-4FEA-B72E-A1A64AAA4009}\InprocServer32]
    @="C:\\WINDOWS\\system32\\sgi.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{6490AECE-D83F-4D91-BFBD-FE7F4A445A19}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{6490AECE-D83F-4D91-BFBD-FE7F4A445A19}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{6490AECE-D83F-4D91-BFBD-FE7F4A445A19}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{6490AECE-D83F-4D91-BFBD-FE7F4A445A19}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ccosys.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{DE46557C-4ABE-4C66-A149-7ADB3F2F5A72}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{DE46557C-4ABE-4C66-A149-7ADB3F2F5A72}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{DE46557C-4ABE-4C66-A149-7ADB3F2F5A72}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{DE46557C-4ABE-4C66-A149-7ADB3F2F5A72}\InprocServer32]
    @="C:\\WINDOWS\\system32\\sbcpack.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{2F3415A0-CA3A-4500-9534-1CECCA18B2AB}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{2F3415A0-CA3A-4500-9534-1CECCA18B2AB}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{2F3415A0-CA3A-4500-9534-1CECCA18B2AB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{2F3415A0-CA3A-4500-9534-1CECCA18B2AB}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{C8762F8F-1BC9-4447-A4B8-C9834B6ABDF0}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{C8762F8F-1BC9-4447-A4B8-C9834B6ABDF0}\Implemented Categories]
    @=""

  7. #7
    Junior Member
    Join Date
    Nov 2006
    Posts
    24

    Default contd

    [HKEY_CLASSES_ROOT\clsid\{C8762F8F-1BC9-4447-A4B8-C9834B6ABDF0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{C8762F8F-1BC9-4447-A4B8-C9834B6ABDF0}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dIdxof.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{66B258BD-B41F-43CD-AB5C-4E738D887A37}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{66B258BD-B41F-43CD-AB5C-4E738D887A37}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{66B258BD-B41F-43CD-AB5C-4E738D887A37}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{66B258BD-B41F-43CD-AB5C-4E738D887A37}\InprocServer32]
    @="C:\\WINDOWS\\system32\\Mqos432.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{B05FD176-ADC9-4F24-94DD-3B2810C29D66}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{B05FD176-ADC9-4F24-94DD-3B2810C29D66}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{B05FD176-ADC9-4F24-94DD-3B2810C29D66}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{B05FD176-ADC9-4F24-94DD-3B2810C29D66}\InprocServer32]
    @="C:\\WINDOWS\\system32\\kwrberos.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{2359BC93-9FCD-4870-B047-AEC1FDCC0802}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{2359BC93-9FCD-4870-B047-AEC1FDCC0802}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{2359BC93-9FCD-4870-B047-AEC1FDCC0802}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{2359BC93-9FCD-4870-B047-AEC1FDCC0802}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{AE37A4E9-EF4D-4C2B-8650-1CEC5E237C52}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{AE37A4E9-EF4D-4C2B-8650-1CEC5E237C52}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{AE37A4E9-EF4D-4C2B-8650-1CEC5E237C52}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{AE37A4E9-EF4D-4C2B-8650-1CEC5E237C52}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wcnnls.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{3D3ED9E6-AE71-4814-9DD7-61C1E7665747}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{3D3ED9E6-AE71-4814-9DD7-61C1E7665747}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{3D3ED9E6-AE71-4814-9DD7-61C1E7665747}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{3D3ED9E6-AE71-4814-9DD7-61C1E7665747}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ouecli.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{ECEB7842-A31C-4DC9-971E-BB886D675144}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{ECEB7842-A31C-4DC9-971E-BB886D675144}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{ECEB7842-A31C-4DC9-971E-BB886D675144}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{ECEB7842-A31C-4DC9-971E-BB886D675144}\InprocServer32]
    @="C:\\WINDOWS\\system32\\fulemgmt.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{FC63007F-B1DE-425B-8E64-83E067DDF008}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{FC63007F-B1DE-425B-8E64-83E067DDF008}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{FC63007F-B1DE-425B-8E64-83E067DDF008}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{FC63007F-B1DE-425B-8E64-83E067DDF008}\InprocServer32]
    @="C:\\WINDOWS\\system32\\jOvacypt.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{4A061480-36BF-4149-B683-B81EAC1897BC}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{4A061480-36BF-4149-B683-B81EAC1897BC}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{4A061480-36BF-4149-B683-B81EAC1897BC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{4A061480-36BF-4149-B683-B81EAC1897BC}\InprocServer32]
    @="C:\\WINDOWS\\system32\\jvdw400.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{CF380040-C236-40C4-A900-B93078B1EF15}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{CF380040-C236-40C4-A900-B93078B1EF15}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{CF380040-C236-40C4-A900-B93078B1EF15}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{CF380040-C236-40C4-A900-B93078B1EF15}\InprocServer32]
    @="C:\\WINDOWS\\system32\\moisam11.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{603BCE56-CE2C-49D7-AAAB-B31F9B2B357A}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{603BCE56-CE2C-49D7-AAAB-B31F9B2B357A}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{603BCE56-CE2C-49D7-AAAB-B31F9B2B357A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{603BCE56-CE2C-49D7-AAAB-B31F9B2B357A}\InprocServer32]
    @="C:\\WINDOWS\\system32\\kldgr1.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{6120A0A0-C1AC-4070-AA87-7C98D712B9FC}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{6120A0A0-C1AC-4070-AA87-7C98D712B9FC}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{6120A0A0-C1AC-4070-AA87-7C98D712B9FC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{6120A0A0-C1AC-4070-AA87-7C98D712B9FC}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ldcalui.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{1535274F-5C85-4F73-9617-D92F2892EA35}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{1535274F-5C85-4F73-9617-D92F2892EA35}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{1535274F-5C85-4F73-9617-D92F2892EA35}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{1535274F-5C85-4F73-9617-D92F2892EA35}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{2627B18C-9A06-48A9-B913-B3DCA9B8F6A2}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{2627B18C-9A06-48A9-B913-B3DCA9B8F6A2}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{2627B18C-9A06-48A9-B913-B3DCA9B8F6A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{2627B18C-9A06-48A9-B913-B3DCA9B8F6A2}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{EABEA7A8-06A7-44D2-B628-4D7537997D58}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{EABEA7A8-06A7-44D2-B628-4D7537997D58}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{EABEA7A8-06A7-44D2-B628-4D7537997D58}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{EABEA7A8-06A7-44D2-B628-4D7537997D58}\InprocServer32]
    @="C:\\WINDOWS\\system32\\scrmfilt.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{CA63A942-9ACA-4A14-ADB2-3808BDEF2756}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{CA63A942-9ACA-4A14-ADB2-3808BDEF2756}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{CA63A942-9ACA-4A14-ADB2-3808BDEF2756}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{CA63A942-9ACA-4A14-ADB2-3808BDEF2756}\InprocServer32]
    @="C:\\WINDOWS\\system32\\nxdll.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{8278ACF7-7F33-4BC5-9C3A-5F2A5EDB1C12}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{8278ACF7-7F33-4BC5-9C3A-5F2A5EDB1C12}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{8278ACF7-7F33-4BC5-9C3A-5F2A5EDB1C12}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{8278ACF7-7F33-4BC5-9C3A-5F2A5EDB1C12}\InprocServer32]
    @="C:\\WINDOWS\\system32\\muidle.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{3391ABA2-540B-4A1D-A5AF-A6C798343417}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{3391ABA2-540B-4A1D-A5AF-A6C798343417}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{3391ABA2-540B-4A1D-A5AF-A6C798343417}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{3391ABA2-540B-4A1D-A5AF-A6C798343417}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dq0m01d1e.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{2721810A-D1B0-4D19-A1DA-F058D7259D12}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{2721810A-D1B0-4D19-A1DA-F058D7259D12}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{2721810A-D1B0-4D19-A1DA-F058D7259D12}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{2721810A-D1B0-4D19-A1DA-F058D7259D12}\InprocServer32]
    @="C:\\WINDOWS\\system32\\MPC42ENU.DLL"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{77C84760-C4D4-48FA-B3AE-DE3047D8417D}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{77C84760-C4D4-48FA-B3AE-DE3047D8417D}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{77C84760-C4D4-48FA-B3AE-DE3047D8417D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{77C84760-C4D4-48FA-B3AE-DE3047D8417D}\InprocServer32]
    @="C:\\WINDOWS\\system32\\SMP32.DLL"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{F56FBEEC-9E01-4EF5-ADEE-31138D44AF41}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{F56FBEEC-9E01-4EF5-ADEE-31138D44AF41}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{F56FBEEC-9E01-4EF5-ADEE-31138D44AF41}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{F56FBEEC-9E01-4EF5-ADEE-31138D44AF41}\InprocServer32]
    @="C:\\WINDOWS\\system32\\cvyptsvc.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{C85130A8-CB5A-466B-9398-6D6367BEB6EB}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{C85130A8-CB5A-466B-9398-6D6367BEB6EB}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{C85130A8-CB5A-466B-9398-6D6367BEB6EB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{C85130A8-CB5A-466B-9398-6D6367BEB6EB}\InprocServer32]
    @="C:\\WINDOWS\\system32\\asi3d1ag.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{6B44EFF2-68F1-410E-89C0-66B861D0B2BA}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{6B44EFF2-68F1-410E-89C0-66B861D0B2BA}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{6B44EFF2-68F1-410E-89C0-66B861D0B2BA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{6B44EFF2-68F1-410E-89C0-66B861D0B2BA}\InprocServer32]
    @="C:\\WINDOWS\\system32\\rLssapi.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{77C01624-CE76-4871-AB27-8302E696F217}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{77C01624-CE76-4871-AB27-8302E696F217}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{77C01624-CE76-4871-AB27-8302E696F217}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{77C01624-CE76-4871-AB27-8302E696F217}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wbhtcpip.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{DF58BC62-CF6B-4AE8-9E8D-FED173764C41}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{DF58BC62-CF6B-4AE8-9E8D-FED173764C41}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{DF58BC62-CF6B-4AE8-9E8D-FED173764C41}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{DF58BC62-CF6B-4AE8-9E8D-FED173764C41}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

  8. #8
    Junior Member
    Join Date
    Nov 2006
    Posts
    24

    Default and finally

    C:\WINDOWS\system32\acptif.dll
    C:\WINDOWS\system32\aea2l31o1.dll
    C:\WINDOWS\system32\aevapi32.dll
    C:\WINDOWS\system32\agao09f3e.dll
    C:\WINDOWS\system32\aki3duag.dll
    C:\WINDOWS\system32\akmparse.dll
    C:\WINDOWS\system32\aksldpc.dll
    C:\WINDOWS\system32\ansmsext.dll
    C:\WINDOWS\system32\aqapi.dll
    C:\WINDOWS\system32\aqifil32.dll
    C:\WINDOWS\system32\aqsldpc.dll
    C:\WINDOWS\system32\arifil32.dll
    C:\WINDOWS\system32\asi3d1ag.dll
    C:\WINDOWS\system32\aua2l31o1.dll
    C:\WINDOWS\system32\ayifil32.dll
    C:\WINDOWS\system32\aza2l31o1.dll
    C:\WINDOWS\system32\aza2l5jo1.dll
    C:\WINDOWS\system32\azao09f3e.dll
    C:\WINDOWS\system32\bbowselc.dll
    C:\WINDOWS\system32\bItt.dll
    C:\WINDOWS\system32\c200lcdm1f0a.dll
    C:\WINDOWS\system32\ccm.dll
    C:\WINDOWS\system32\ccosys.dll
    C:\WINDOWS\system32\cctdll.dll
    C:\WINDOWS\system32\cFpesnpn.dll
    C:\WINDOWS\system32\cgrpol.dll
    C:\WINDOWS\system32\cHmocx.dll
    C:\WINDOWS\system32\ckc.dll
    C:\WINDOWS\system32\ckmcat.dll
    C:\WINDOWS\system32\cnyptdll.dll
    C:\WINDOWS\system32\cpc.dll
    C:\WINDOWS\system32\cpmrepl.dll
    C:\WINDOWS\system32\cpmsvcs.dll
    C:\WINDOWS\system32\cpyptdll.dll
    C:\WINDOWS\system32\crgmgr32.dll
    C:\WINDOWS\system32\ctetcfg.dll
    C:\WINDOWS\system32\CUDEVCON.DLL
    C:\WINDOWS\system32\cumdlg32.dll
    C:\WINDOWS\system32\cvyptsvc.dll
    C:\WINDOWS\system32\cWtsrvut.dll
    C:\WINDOWS\system32\cwutil.dll
    C:\WINDOWS\system32\CwxHwIo.dll
    C:\WINDOWS\system32\cxm.dll
    C:\WINDOWS\system32\d00mlad11d0.dll
    C:\WINDOWS\system32\daprov.dll
    C:\WINDOWS\system32\dCdxof.dll
    C:\WINDOWS\system32\dcnput.dll
    C:\WINDOWS\system32\dcrpsetu.dll
    C:\WINDOWS\system32\decprop2.dll
    C:\WINDOWS\system32\dgnaddr.dll
    C:\WINDOWS\system32\diauth.dll
    C:\WINDOWS\system32\dicprop.dll
    C:\WINDOWS\system32\dIdxof.dll
    C:\WINDOWS\system32\diiman32.dll
    C:\WINDOWS\system32\dinwsock.dll
    C:\WINDOWS\system32\dlmstor.dll
    C:\WINDOWS\system32\dlvmgr.dll
    C:\WINDOWS\system32\dn0m01d1e.dll
    C:\WINDOWS\system32\dnnmpntw.dll
    C:\WINDOWS\system32\dolay.dll
    C:\WINDOWS\system32\donaddr.dll
    C:\WINDOWS\system32\dq0m01d1e.dll
    C:\WINDOWS\system32\dqwave.dll
    C:\WINDOWS\system32\drsrslvr.dll
    C:\WINDOWS\system32\dsiman32.dll
    C:\WINDOWS\system32\duusic.dll
    C:\WINDOWS\system32\dv0m01d1e.dll
    C:\WINDOWS\system32\dwnaddr.dll
    C:\WINDOWS\system32\dxcprop.dll
    C:\WINDOWS\system32\dxnlobby.dll
    C:\WINDOWS\system32\dZtime.dll
    C:\WINDOWS\system32\e0jmla111d.dll
    C:\WINDOWS\system32\e8020idoe80c0.dll
    C:\WINDOWS\system32\e820lifm182a.dll
    C:\WINDOWS\system32\eA20lifm182a.dll
    C:\WINDOWS\system32\EBFBCHAIE.DLL
    C:\WINDOWS\system32\ebts.dll
    C:\WINDOWS\system32\edcdec.dll
    C:\WINDOWS\system32\Eecdnet.dll
    C:\WINDOWS\system32\ehcapi.dll
    C:\WINDOWS\system32\eient97.dll
    C:\WINDOWS\system32\eks.dll
    C:\WINDOWS\system32\ELCAPI32.DLL
    C:\WINDOWS\system32\en24l1fq1.dll
    C:\WINDOWS\system32\en26l1fs1.dll
    C:\WINDOWS\system32\en2ql1f51.dll
    C:\WINDOWS\system32\en66l1js1.dll
    C:\WINDOWS\system32\enjul1191.dll
    C:\WINDOWS\system32\enpsl1771.dll
    C:\WINDOWS\system32\enr4l19q1.dll
    C:\WINDOWS\system32\EOCAPI32.DLL
    C:\WINDOWS\system32\evcapi.dll
    C:\WINDOWS\system32\event97.dll
    C:\WINDOWS\system32\f20o0cd3ef0.dll
    C:\WINDOWS\system32\f2j2lc1o1f.dll
    C:\WINDOWS\system32\f8l00i3me8.dll
    C:\WINDOWS\system32\fklemgmt.dll
    C:\WINDOWS\system32\fn4021hmg.dll
    C:\WINDOWS\system32\fOj2lc1o1f.dll
    C:\WINDOWS\system32\fp2003fme.dll
    C:\WINDOWS\system32\fp2m03f1e.dll
    C:\WINDOWS\system32\fp4003hme.dll
    C:\WINDOWS\system32\fp8003lme.dll
    C:\WINDOWS\system32\fp8s03l7e.dll
    C:\WINDOWS\system32\fpj0031me.dll
    C:\WINDOWS\system32\fplu0339e.dll
    C:\WINDOWS\system32\fpp2037oe.dll
    C:\WINDOWS\system32\fulemgmt.dll
    C:\WINDOWS\system32\fvlemgmt.dll
    C:\WINDOWS\system32\fzntext.dll
    C:\WINDOWS\system32\g422lefo1h2c.dll
    C:\WINDOWS\system32\gakrsrc.dll
    C:\WINDOWS\system32\gekcsp.dll
    C:\WINDOWS\system32\gmedit.dll
    C:\WINDOWS\system32\gnedit.dll
    C:\WINDOWS\system32\gp40l3hm1.dll
    C:\WINDOWS\system32\gpj2l31o1.dll
    C:\WINDOWS\system32\gpj6l31s1.dll
    C:\WINDOWS\system32\gvi32.dll
    C:\WINDOWS\system32\h02olaf31d2.dll
    C:\WINDOWS\system32\h82o0if3e82.dll
    C:\WINDOWS\system32\h84m0ih1e84.dll
    C:\WINDOWS\system32\h8j40i1qe8.dll
    C:\WINDOWS\system32\halu0539e.dll
    C:\WINDOWS\system32\hbetmon.dll
    C:\WINDOWS\system32\hFlu0539e.dll
    C:\WINDOWS\system32\hr0s05d7e.dll
    C:\WINDOWS\system32\hr6u05j9e.dll
    C:\WINDOWS\system32\hrl8053ue.dll
    C:\WINDOWS\system32\hrls0537e.dll
    C:\WINDOWS\system32\hrlu0539e.dll
    C:\WINDOWS\system32\hxfcisp2.dll
    C:\WINDOWS\system32\hxls0537e.dll
    C:\WINDOWS\system32\i024lafq1d2e.dll
    C:\WINDOWS\system32\i0jq0a15ed.dll
    C:\WINDOWS\system32\i4240efqeh2e0.dll
    C:\WINDOWS\system32\i4lo0e33eh.dll
    C:\WINDOWS\system32\ibssuba.dll
    C:\WINDOWS\system32\icengine.dll
    C:\WINDOWS\system32\ieetpp.dll
    C:\WINDOWS\system32\ieign32.dll
    C:\WINDOWS\system32\ierdbg32.dll
    C:\WINDOWS\system32\ifign32.dll
    C:\WINDOWS\system32\igagehlp.dll
    C:\WINDOWS\system32\iJssam.dll
    C:\WINDOWS\system32\ikv6mon.dll
    C:\WINDOWS\system32\iLssam.dll
    C:\WINDOWS\system32\imakeng.dll
    C:\WINDOWS\system32\ioaapi.dll
    C:\WINDOWS\system32\ir00l5dm1.dll
    C:\WINDOWS\system32\ir0ol5d31.dll
    C:\WINDOWS\system32\ir4ml5h11.dll
    C:\WINDOWS\system32\ir62l5jo1.dll
    C:\WINDOWS\system32\ir66l5js1.dll
    C:\WINDOWS\system32\ir82l5lo1.dll
    C:\WINDOWS\system32\iraapi.dll
    C:\WINDOWS\system32\irircl.dll
    C:\WINDOWS\system32\irn2l55o1.dll
    C:\WINDOWS\system32\irv6mon.dll
    C:\WINDOWS\system32\isetcfg.dll
    C:\WINDOWS\system32\ivetppui.dll
    C:\WINDOWS\system32\iwrdbg32.dll
    C:\WINDOWS\system32\ixakeng.dll
    C:\WINDOWS\system32\ixetpp.dll
    C:\WINDOWS\system32\ixnathlp.dll
    C:\WINDOWS\system32\iysetup.dll
    C:\WINDOWS\system32\izircl.dll
    C:\WINDOWS\system32\izwdial.dll
    C:\WINDOWS\system32\izxrtmgr.dll
    C:\WINDOWS\system32\j6l4lg3q16.dll
    C:\WINDOWS\system32\j8n2li5o18.dll
    C:\WINDOWS\system32\jcproxy.dll
    C:\WINDOWS\system32\jHl4lg3q16.dll
    C:\WINDOWS\system32\jjt.dll
    C:\WINDOWS\system32\jLvaprxy.dll
    C:\WINDOWS\system32\jr0025dmg.dll
    C:\WINDOWS\system32\jt2207foe.dll
    C:\WINDOWS\system32\jt2m07f1e.dll
    C:\WINDOWS\system32\jt4m07h1e.dll
    C:\WINDOWS\system32\jt4u07h9e.dll
    C:\WINDOWS\system32\jt8407lqe.dll
    C:\WINDOWS\system32\jtl8073ue.dll
    C:\WINDOWS\system32\jtp6077se.dll
    C:\WINDOWS\system32\k2440chqef4e0.dll
    C:\WINDOWS\system32\k4no0e53eh.dll
    C:\WINDOWS\system32\kddhela3.dll
    C:\WINDOWS\system32\kddit.dll
    C:\WINDOWS\system32\kecom.dll
    C:\WINDOWS\system32\kfdfc.dll
    C:\WINDOWS\system32\kfdkyr.dll
    C:\WINDOWS\system32\kgdhu1.dll
    C:\WINDOWS\system32\kgdmac.dll
    C:\WINDOWS\system32\khdbu.dll
    C:\WINDOWS\system32\khdus.dll
    C:\WINDOWS\system32\kidsl.dll
    C:\WINDOWS\system32\kldgr1.dll
    C:\WINDOWS\system32\kldlv.dll
    C:\WINDOWS\system32\kmdbr.dll
    C:\WINDOWS\system32\kndmac.dll
    C:\WINDOWS\system32\kodlv.dll
    C:\WINDOWS\system32\kodtuf.dll
    C:\WINDOWS\system32\kpddv.dll
    C:\WINDOWS\system32\kpdsg.dll
    C:\WINDOWS\system32\kpdsw.dll
    C:\WINDOWS\system32\krdpo.dll
    C:\WINDOWS\system32\kt0ul7d91.dll
    C:\WINDOWS\system32\ktdne.dll
    C:\WINDOWS\system32\ktp0l77m1.dll
    C:\WINDOWS\system32\ktrul7991.dll
    C:\WINDOWS\system32\kudru.dll
    C:\WINDOWS\system32\kvdcr.dll
    C:\WINDOWS\system32\kvdinbe1.dll
    C:\WINDOWS\system32\kvdsf.dll
    C:\WINDOWS\system32\kwdus.dll
    C:\WINDOWS\system32\kwrberos.dll
    C:\WINDOWS\system32\kzdkyr.dll
    C:\WINDOWS\system32\l08mlal11dq.dll
    C:\WINDOWS\system32\l0j80a1ued.dll
    C:\WINDOWS\system32\l26o0cj3efo.dll
    C:\WINDOWS\system32\l4n40e5qeh.dll
    C:\WINDOWS\system32\letif13n.dll
    C:\WINDOWS\system32\lgcwmi.dll
    C:\WINDOWS\system32\lgrt.dll
    C:\WINDOWS\system32\llexpand.dll
    C:\WINDOWS\system32\lN8mlal11dq.dll
    C:\WINDOWS\system32\lotga13n.dll
    C:\WINDOWS\system32\lscmgr10.dll
    C:\WINDOWS\system32\lSprxy.dll
    C:\WINDOWS\system32\ltcdll.dll
    C:\WINDOWS\system32\lv0m09d1e.dll
    C:\WINDOWS\system32\lv2409fqe.dll
    C:\WINDOWS\system32\lv2609fse.dll
    C:\WINDOWS\system32\lv2o09f3e.dll
    C:\WINDOWS\system32\lv4609hse.dll
    C:\WINDOWS\system32\lvp0097me.dll
    C:\WINDOWS\system32\lvro0993e.dll
    C:\WINDOWS\system32\lwcmgr10.dll
    C:\WINDOWS\system32\m0rmla911d.dll
    C:\WINDOWS\system32\m664lgjq16oe.dll
    C:\WINDOWS\system32\m6julg1916.dll
    C:\WINDOWS\system32\m8640ijqe8oe0.dll
    C:\WINDOWS\system32\mbrmsg.dll
    C:\WINDOWS\system32\MBRTEDIT.DLL
    C:\WINDOWS\system32\mcacm32.dll
    C:\WINDOWS\system32\mcaudite.dll
    C:\WINDOWS\system32\MCIMTF.dll
    C:\WINDOWS\system32\MCIMUSIC.DLL
    C:\WINDOWS\system32\mcutil.dll
    C:\WINDOWS\system32\mdhtml.dll
    C:\WINDOWS\system32\mesign32.dll
    C:\WINDOWS\system32\mfcat32.dll
    C:\WINDOWS\system32\mfcertui.dll
    C:\WINDOWS\system32\mgports.dll
    C:\WINDOWS\system32\mgxex.dll
    C:\WINDOWS\system32\mhpatcha.dll
    C:\WINDOWS\system32\mixclu.dll
    C:\WINDOWS\system32\MJC71ENU.DLL
    C:\WINDOWS\system32\mjutilse.dll
    C:\WINDOWS\system32\mjwsock.dll
    C:\WINDOWS\system32\mkcat32.dll
    C:\WINDOWS\system32\mkieftp.dll
    C:\WINDOWS\system32\mkl_hp.dll
    C:\WINDOWS\system32\mkrating.dll
    C:\WINDOWS\system32\mkvcrt40.dll
    C:\WINDOWS\system32\mkxdm.dll
    C:\WINDOWS\system32\mlmefilt.dll
    C:\WINDOWS\system32\mmaudite.dll
    C:\WINDOWS\system32\MMCANS32.DLL
    C:\WINDOWS\system32\MNC71ENU.DLL
    C:\WINDOWS\system32\mncndmgr.dll
    C:\WINDOWS\system32\mnfutil.dll
    C:\WINDOWS\system32\mnhgrcoi.dll
    C:\WINDOWS\system32\mnihnd.dll
    C:\WINDOWS\system32\MNPI.DLL
    C:\WINDOWS\system32\mnsec.dll
    C:\WINDOWS\system32\mnsnap.dll
    C:\WINDOWS\system32\mnvcp60.dll
    C:\WINDOWS\system32\movbvm60.dll
    C:\WINDOWS\system32\movidctl.dll
    C:\WINDOWS\system32\mOyufxod.dll
    C:\WINDOWS\system32\MPC42ENU.DLL
    C:\WINDOWS\system32\mpcat32.dll
    C:\WINDOWS\system32\mphtmled.dll
    C:\WINDOWS\system32\mpperf.dll
    C:\WINDOWS\system32\mqc40u.dll
    C:\WINDOWS\system32\mqmdd.dll
    C:\WINDOWS\system32\Mqos432.dll
    C:\WINDOWS\system32\mqtask.dll
    C:\WINDOWS\system32\mrhtmled.dll
    C:\WINDOWS\system32\mrorcl32.dll
    C:\WINDOWS\system32\mRpi32.dll
    C:\WINDOWS\system32\mrrating.dll
    C:\WINDOWS\system32\mrvcrt40.dll
    C:\WINDOWS\system32\mtcpxl32.dLL
    C:\WINDOWS\system32\mthgrcoi.dll
    C:\WINDOWS\system32\mtvidctl.dll
    C:\WINDOWS\system32\muencode.dll
    C:\WINDOWS\system32\muidle.dll
    C:\WINDOWS\system32\mur2cenu.dll
    C:\WINDOWS\system32\mv2ql9f51.dll
    C:\WINDOWS\system32\mvcat32.dll
    C:\WINDOWS\system32\MVCUIA32.DLL
    C:\WINDOWS\system32\mvnml9511.dll
    C:\WINDOWS\system32\mVpi32.dll
    C:\WINDOWS\system32\mvr8l99u1.dll
    C:\WINDOWS\system32\mvratelc.dll
    C:\WINDOWS\system32\mvrdim.dll
    C:\WINDOWS\system32\mw3216.dll
    C:\WINDOWS\system32\mwbsync.dll
    C:\WINDOWS\system32\mwjtes40.dll
    C:\WINDOWS\system32\mxtime.dll
    C:\WINDOWS\system32\mydex.dll
    C:\WINDOWS\system32\myihnd.dll
    C:\WINDOWS\system32\myjter40.dll
    C:\WINDOWS\system32\Myos416.dll
    C:\WINDOWS\system32\mzdemui.dll
    C:\WINDOWS\system32\mzjava.dll
    C:\WINDOWS\system32\mzl_qic.dll
    C:\WINDOWS\system32\n06qlaj51do.dll
    C:\WINDOWS\system32\n0r2la9o1d.dll
    C:\WINDOWS\system32\n46q0ej5eho.dll
    C:\WINDOWS\system32\n4p40e7qeh.dll
    C:\WINDOWS\system32\n6r2lg9o16.dll
    C:\WINDOWS\system32\n8l80i3ue8.dll
    C:\WINDOWS\system32\nfwmsdrm.dll
    C:\WINDOWS\system32\nJ6qlaj51do.dll
    C:\WINDOWS\system32\njwmsdrm.dll
    C:\WINDOWS\system32\nkprovau.dll
    C:\WINDOWS\system32\nmapi32.dll
    C:\WINDOWS\system32\nnobjapi.dll
    C:\WINDOWS\system32\npobjapi.dll
    C:\WINDOWS\system32\nwvdmd.dll
    C:\WINDOWS\system32\nxdll.dll
    C:\WINDOWS\system32\nxtui2.dll
    C:\WINDOWS\system32\nysdexts.dll
    C:\WINDOWS\system32\nytevent.dll
    C:\WINDOWS\system32\o0lu0a39ed.dll
    C:\WINDOWS\system32\o6pqlg7516.dll
    C:\WINDOWS\system32\o8480ihue8480.dll
    C:\WINDOWS\system32\oae32.dll
    C:\WINDOWS\system32\oatext32.dll
    C:\WINDOWS\system32\obbcji32.dll
    C:\WINDOWS\system32\octext32.dll
    C:\WINDOWS\system32\oNe32.dll
    C:\WINDOWS\system32\onesvr32.dll
    C:\WINDOWS\system32\orbcjt32.dll
    C:\WINDOWS\system32\ote2disp.dll
    C:\WINDOWS\system32\ouecli.dll
    C:\WINDOWS\system32\owffilt.dll
    C:\WINDOWS\system32\oybcji32.dll
    C:\WINDOWS\system32\ozuninst.dll
    C:\WINDOWS\system32\pbgfilt.dll
    C:\WINDOWS\system32\peintui.dll
    C:\WINDOWS\system32\pfbase.dll
    C:\WINDOWS\system32\pgofmap.dll
    C:\WINDOWS\system32\PKBDLG.DLL
    C:\WINDOWS\system32\Pkcrt.dll
    C:\WINDOWS\system32\pkrfnw.dll
    C:\WINDOWS\system32\pldgen.dll
    C:\WINDOWS\system32\pntorsvc.dll
    C:\WINDOWS\system32\pqvoftsl.dll
    C:\WINDOWS\system32\psintui.dll
    C:\WINDOWS\system32\psustab.dll
    C:\WINDOWS\system32\pulmon.dll
    C:\WINDOWS\system32\pvofmap.dll
    C:\WINDOWS\system32\pwotowiz.dll
    C:\WINDOWS\system32\PXBOLE32.DLL
    C:\WINDOWS\system32\q0ps0a77ed.dll
    C:\WINDOWS\system32\q8nuli5918.dll
    C:\WINDOWS\system32\qaartz.dll
    C:\WINDOWS\system32\qegr.dll
    C:\WINDOWS\system32\qfartz.dll
    C:\WINDOWS\system32\qidit.dll
    C:\WINDOWS\system32\qkppp.dll
    C:\WINDOWS\system32\qWsf.dll
    C:\WINDOWS\system32\r6r6lg9s16.dll
    C:\WINDOWS\system32\rabdyctl.dll
    C:\WINDOWS\system32\rbm.dll
    C:\WINDOWS\system32\rbmps.dll
    C:\WINDOWS\system32\rfvpperf.dll
    C:\WINDOWS\system32\rGsctrs.dll
    C:\WINDOWS\system32\rjutils.dll
    C:\WINDOWS\system32\rkched32.dll
    C:\WINDOWS\system32\rkchost.dll
    C:\WINDOWS\system32\rkpwsx.dll
    C:\WINDOWS\system32\rLssapi.dll
    C:\WINDOWS\system32\rmbdyctl.dll
    C:\WINDOWS\system32\RN3214_4.dll
    C:\WINDOWS\system32\rNsman.dll
    C:\WINDOWS\system32\rpgwizc.dll
    C:\WINDOWS\system32\rPsmans.dll
    C:\WINDOWS\system32\rrched32.dll
    C:\WINDOWS\system32\rycrt4.dll
    C:\WINDOWS\system32\s688lglu16q8.dll
    C:\WINDOWS\system32\saarddlg.dll
    C:\WINDOWS\system32\sadpapi.dll
    C:\WINDOWS\system32\sbcpack.dll
    C:\WINDOWS\system32\sbrrun.dll
    C:\WINDOWS\system32\scdocvw.dll
    C:\WINDOWS\system32\scdpsrv.dll
    C:\WINDOWS\system32\scrmfilt.dll
    C:\WINDOWS\system32\sdrmfilt.dll
    C:\WINDOWS\system32\sFarddlg.dll
    C:\WINDOWS\system32\shbcsp.dll
    C:\WINDOWS\system32\shdjankq.dll
    C:\WINDOWS\system32\sihannel.dll
    C:\WINDOWS\system32\silunirl.dll
    C:\WINDOWS\system32\slssetup.dll
    C:\WINDOWS\system32\smrrun.dll
    C:\WINDOWS\system32\sonceng.dll
    C:\WINDOWS\system32\spssetup.dll
    C:\WINDOWS\system32\sqlfx.dll
    C:\WINDOWS\system32\sRfrcdlg.dll
    C:\WINDOWS\system32\sri_ci.dll
    C:\WINDOWS\system32\SRMS32.DLL
    C:\WINDOWS\system32\ssndmail.dll
    C:\WINDOWS\system32\stdoclc.dll
    C:\WINDOWS\system32\stfolder.dll
    C:\WINDOWS\system32\stssetup.dll
    C:\WINDOWS\system32\svellstyle.dll
    C:\WINDOWS\system32\SVMS32.DLL
    C:\WINDOWS\system32\swlfx.dll
    C:\WINDOWS\system32\swrialui.dll
    C:\WINDOWS\system32\sXfrdm.dll
    C:\WINDOWS\system32\sxhannel.dll
    C:\WINDOWS\system32\szmedia.dll
    C:\WINDOWS\system32\szrmfilt.dll
    C:\WINDOWS\system32\sztupapi.dll
    C:\WINDOWS\system32\t68ulgl916q.dll
    C:\WINDOWS\system32\tcntsvrp.dll
    C:\WINDOWS\system32\tdd32.dll
    C:\WINDOWS\system32\tEpi.dll
    C:\WINDOWS\system32\tOpiperf.dll
    C:\WINDOWS\system32\tspmib.dll
    C:\WINDOWS\system32\tVpi3.dll
    C:\WINDOWS\system32\tXembed.dll
    C:\WINDOWS\system32\u0ru0a99ed.dll
    C:\WINDOWS\system32\u4ru0e99eh.dll
    C:\WINDOWS\system32\udrsdpia.dll
    C:\WINDOWS\system32\ueimdmat.dll
    C:\WINDOWS\system32\ukrlbva.dll
    C:\WINDOWS\system32\uxrvpa.dll
    C:\WINDOWS\system32\vfrcodec.dll
    C:\WINDOWS\system32\vmmredir.dll
    C:\WINDOWS\system32\vqmdbg.dll
    C:\WINDOWS\system32\vtipxspx.dll
    C:\WINDOWS\system32\vtmdbg.dll
    C:\WINDOWS\system32\vvdex.dll
    C:\WINDOWS\system32\vydex.dll
    C:\WINDOWS\system32\waock32.dll
    C:\WINDOWS\system32\wbhnetbs.dll
    C:\WINDOWS\system32\wbhtcpip.dll
    C:\WINDOWS\system32\wcnnls.dll
    C:\WINDOWS\system32\wehatm.dll
    C:\WINDOWS\system32\wjn87em.dll
    C:\WINDOWS\system32\wkavusd.dll
    C:\WINDOWS\system32\wkhtcpip.dll
    C:\WINDOWS\system32\wlv8dmod.dll
    C:\WINDOWS\system32\wmavusd.dll
    C:\WINDOWS\system32\wmbhits.dll
    C:\WINDOWS\system32\wmssvc.dll
    C:\WINDOWS\system32\wnpdxm.dll
    C:\WINDOWS\system32\wopcd.dll
    C:\WINDOWS\system32\wqdmps.dll
    C:\WINDOWS\system32\wqpcd.dll
    C:\WINDOWS\system32\wsnhttp.dll
    C:\WINDOWS\system32\wtcltui.dll
    C:\WINDOWS\system32\wwbvw.dll
    C:\WINDOWS\system32\wwstream.dll
    C:\WINDOWS\system32\wysapi32.dll
    C:\WINDOWS\system32\xklehlp.dll
    C:\WINDOWS\system32\xMctsrv.dll
    C:\WINDOWS\system32\xTctsrv.dll
    C:\WINDOWS\system32\xUctsrv.dll
    C:\WINDOWS\system32\yNbxv.dll
    C:\WINDOWS\system32\ztpfldr.dll
    C:\WINDOWS\system32\guard.tmp_tobedeleted


    Granting sedebugprivilege to Administrators ... successful


    ((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Documents and Settings\Natalie\Application Data\Sskcwrd.dll
    C:\Documents and Settings\Natalie\Application Data\Sskknwrd.dll
    C:\Documents and Settings\Natalie\Application Data\Sskuknwrd.dll

  9. #9
    Junior Member
    Join Date
    Nov 2006
    Posts
    24

    Default finally now

    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Deskbar


    ((((((((((((((((((((((((((((((( Files Created from 2006-10-29 to 2006-11-29 ))))))))))))))))))))))))))))))))))


    2006-11-28 23:30 88,340 --a------ C:\WINDOWS\system32\iapmofwh.exe
    2006-11-28 23:30 42,516 --a------ C:\WINDOWS\system32\noiffvuj.dll
    2006-11-28 23:30 132,116 --a------ C:\WINDOWS\system32\mwytxvwa.dll
    2006-11-28 23:30 <DIR> d-------- C:\Program Files\VSAdd-in
    2006-11-25 23:52 233,763 -r--s---- C:\WINDOWS\system32\CODetres.dll
    2006-11-25 20:45 38,420 --a------ C:\WINDOWS\system32\jyrmiqty.dll
    2006-11-20 12:36 60,436 --a------ C:\WINDOWS\system32\okuqjfau.dll
    2006-11-19 12:35 60,436 --a------ C:\WINDOWS\system32\oilgnalr.dll
    2006-11-19 12:35 131,604 --a------ C:\WINDOWS\system32\hlgojykq.dll
    2006-11-19 11:37 60,436 --a------ C:\WINDOWS\system32\dqpnbtgj.dll
    2006-11-16 17:54 60,436 --a------ C:\WINDOWS\system32\bmffupsx.dll
    2006-11-12 19:21 118,804 --a------ C:\WINDOWS\system32\bmngnoys.dll
    2006-11-12 19:19 118,804 --a------ C:\WINDOWS\system32\hyiymbbs.dll
    2006-11-10 18:20 118,804 --a------ C:\WINDOWS\system32\ydplxsjj.dll
    2006-11-10 18:12 118,804 --a------ C:\WINDOWS\system32\klsniuuw.dll
    2006-11-08 10:54 118,804 --a------ C:\WINDOWS\system32\heavnhys.dll
    2006-11-08 10:16 118,804 --a------ C:\WINDOWS\system32\kdcevxys.dll
    2006-11-08 10:08 118,804 --a------ C:\WINDOWS\system32\luslmmet.dll
    2006-11-08 00:21 118,804 --a------ C:\WINDOWS\system32\ahjukbpj.dll
    2006-11-07 22:46 118,804 --a------ C:\WINDOWS\system32\lcnfmqnr.dll
    2006-11-07 20:37 <DIR> d-------- C:\Documents and Settings\Stewart\Application Data\Apple Computer
    2006-11-07 20:34 <DIR> d-------- C:\Program Files\iTunes
    2006-11-07 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2006-11-07 20:32 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
    2006-11-07 20:31 <DIR> d-------- C:\Program Files\iPod
    2006-11-07 20:27 <DIR> d-------- C:\WINDOWS\Downloaded Installations
    2006-11-06 15:26 73,432 --a------ C:\WINDOWS\system32\ipv6monl.dll
    2006-11-06 11:07 118,804 --a------ C:\WINDOWS\system32\ljulvfhr.dll
    2006-11-06 09:57 118,804 --a------ C:\WINDOWS\system32\ngqgunfj.dll
    2006-11-05 20:04 118,804 --a------ C:\WINDOWS\system32\viggwufx.dll
    2006-11-04 16:47 118,804 --a------ C:\WINDOWS\system32\dhueegao.dll
    2006-11-04 00:03 118,804 --a------ C:\WINDOWS\system32\kdhfukux.dll
    2006-11-03 23:54 118,804 --a------ C:\WINDOWS\system32\tvejosdj.dll
    2006-11-03 17:23 118,804 --a------ C:\WINDOWS\system32\kdbkdwks.dll
    2006-11-02 22:14 118,804 --a------ C:\WINDOWS\system32\msabnbvn.dll
    2006-11-02 22:02 118,804 --a------ C:\WINDOWS\system32\sxjhxyjb.dll
    2006-11-02 22:02 110,612 --a------ C:\WINDOWS\system32\rjnkrlkw.exe
    2006-11-01 23:46 60,436 --a------ C:\WINDOWS\system32\fplceqht.dll
    2006-11-01 23:46 118,804 --a------ C:\WINDOWS\system32\jochoaka.dll
    2006-11-01 21:26 118,804 --a------ C:\WINDOWS\system32\cmxugour.dll
    2006-11-01 21:24 118,804 --a------ C:\WINDOWS\system32\yabpqdrh.dll
    2006-11-01 16:06 118,804 --a------ C:\WINDOWS\system32\dyphelio.dll
    2006-11-01 16:06 110,612 --a------ C:\WINDOWS\system32\eumelmti.exe
    2006-10-31 21:35 118,804 --a------ C:\WINDOWS\system32\dbnksfxm.dll
    2006-10-31 16:10 60,436 --a------ C:\WINDOWS\system32\ukaaeffb.dll
    2006-10-30 23:22 110,612 --a------ C:\WINDOWS\system32\tgxahyrh.exe
    2006-10-30 21:49 110,612 --a------ C:\WINDOWS\system32\jibhrtxb.exe
    2006-10-30 17:37 <DIR> d-------- C:\Program Files\BravoBisMusic
    2006-10-30 17:35 <DIR> d-------- C:\BBMKit
    2006-10-30 11:04 110,612 --a------ C:\WINDOWS\system32\sbbhjiou.exe
    2006-10-29 22:44 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
    2006-10-29 22:44 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
    2006-10-29 22:44 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
    2006-10-29 22:36 82,432 --------- C:\WINDOWS\system32\msxml4r.dll
    2006-10-29 22:36 81,920 --------- C:\WINDOWS\system32\vdrmux.dll
    2006-10-29 22:36 76,800 --------- C:\WINDOWS\system32\Lfwmf13n.dll
    2006-10-29 22:36 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll
    2006-10-29 22:36 73,728 --------- C:\WINDOWS\system32\lffax13n.dll
    2006-10-29 22:36 65,536 --------- C:\WINDOWS\system32\Lfpct13n.dll
    2006-10-29 22:36 46,592 --------- C:\WINDOWS\system32\vdrcodec.dll
    2006-10-29 22:36 453,120 --------- C:\WINDOWS\system32\ltkrn13n.dll
    2006-10-29 22:36 44,544 --------- C:\WINDOWS\system32\msxml4a.dll
    2006-10-29 22:36 40,960 --------- C:\WINDOWS\system32\langserv.dll
    2006-10-29 22:36 393,216 --------- C:\WINDOWS\system32\LFCMP13n.DLL
    2006-10-29 22:36 32,838 --------- C:\WINDOWS\system32\Cachex.dll
    2006-10-29 22:36 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll
    2006-10-29 22:36 30,208 --------- C:\WINDOWS\system32\lfbmp13n.dll
    2006-10-29 22:36 294,912 --------- C:\WINDOWS\system32\pvmjpg21.dll
    2006-10-29 22:36 278,016 --------- C:\WINDOWS\system32\LFJ2K13n.dll
    2006-10-29 22:36 24,576 --------- C:\WINDOWS\system32\lftga13n.dll
    2006-10-29 22:36 204,881 --------- C:\WINDOWS\system32\DiskIO.dll
    2006-10-29 22:36 155,721 --------- C:\WINDOWS\system32\RALMain.dll
    2006-10-29 22:36 153,088 --------- C:\WINDOWS\system32\ltfil13n.DLL
    2006-10-29 22:36 143,360 --------- C:\WINDOWS\system32\lftif13n.dll
    2006-10-29 22:36 114,759 --------- C:\WINDOWS\system32\Aviprax.dll
    2006-10-29 22:36 1,693,696 --------- C:\WINDOWS\system32\LTCLR13n.dll
    2006-10-29 22:36 1,230,336 --------- C:\WINDOWS\system32\msxml4.dll
    2006-10-29 22:32 90,112 --a------ C:\WINDOWS\unvise32.exe
    2006-10-29 22:29 406,016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe
    2006-10-29 22:29 19,456 --a------ C:\WINDOWS\system32\asapi.dll
    2006-10-29 22:29 11,264 --a------ C:\WINDOWS\system32\drivers\asapiW2k.sys
    2006-10-29 22:28 974,848 --a------ C:\WINDOWS\system32\MFC70.DLL
    2006-10-29 22:28 964,608 --a------ C:\WINDOWS\system32\MFC70U.DLL
    2006-10-29 22:28 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
    2006-10-29 22:28 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
    2006-10-29 22:28 61,440 --a------ C:\WINDOWS\system32\pclepim1.dll
    2006-10-29 22:28 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
    2006-10-29 22:28 61,440 --a------ C:\WINDOWS\system32\MFC71FRA.DLL
    2006-10-29 22:28 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
    2006-10-29 22:28 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
    2006-10-29 22:28 54,784 --a------ C:\WINDOWS\system32\MSVCI70.DLL
    2006-10-29 22:28 49,152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll
    2006-10-29 22:28 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
    2006-10-29 22:28 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
    2006-10-29 22:28 487,424 --a------ C:\WINDOWS\system32\MSVCP70.DLL
    2006-10-29 22:28 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
    2006-10-29 22:28 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
    2006-10-29 22:28 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
    2006-10-29 22:28 106,496 --a------ C:\WINDOWS\system32\atl71.dll
    2006-10-29 22:28 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2006-10-29 22:28 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
    2006-10-29 22:25 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys
    2006-10-29 22:25 <DIR> d-------- C:\Program Files\Pinnacle
    2006-10-29 22:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-11-29 15:16 -------- d-------- C:\Documents and Settings\Stewart\Application Data\MSN6
    2006-11-07 20:37 -------- d-------- C:\Program Files\QuickTime
    2006-10-29 23:21 -------- d-------- C:\Program Files\EPSON Print CD
    2006-10-29 22:27 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-10-28 14:20 98324 --a------ C:\WINDOWS\system32\mepdkrmf.dll
    2006-10-27 21:22 98324 --a------ C:\WINDOWS\system32\uairdsbq.dll
    2006-10-25 20:29 234347 -r--s---- C:\WINDOWS\system32\wXdll
    2006-10-22 01:04 67604 --a------ C:\WINDOWS\system32\lklthkke.exe
    2006-10-21 18:52 21527 --a------ C:\WINDOWS\system32\prnjobs.vbs
    2006-10-21 11:19 -------- d-------- C:\Program Files\Unlocker
    2006-10-21 10:21 110592 --a------ C:\Program Files\vx2finder.exe
    2006-10-21 09:50 67604 --a------ C:\WINDOWS\system32\mwvuptyb.exe
    2006-10-21 08:54 67604 --a------ C:\WINDOWS\system32\xvvrrglp.exe
    2006-10-20 19:27 67604 --a------ C:\WINDOWS\system32\sfkoiwjv.exe
    2006-10-17 15:19 -------- d-------- C:\Program Files\MSN Messenger
    2006-10-17 09:34 -------- d---s---- C:\Documents and Settings\Stewart\Application Data\Microsoft
    2006-10-16 22:05 -------- d-------- C:\Program Files\Windows Media Player
    2006-10-16 21:52 -------- d-------- C:\Program Files\Movie Maker
    2006-10-16 21:52 -------- d-------- C:\Program Files\Messenger
    2006-10-16 21:52 -------- d-------- C:\Program Files\Internet Explorer
    2006-10-16 21:49 -------- d-------- C:\Program Files\NetMeeting
    2006-10-16 21:48 -------- d-------- C:\Program Files\Windows NT
    2006-10-16 21:48 -------- d-------- C:\Program Files\Outlook Express
    2006-10-16 21:48 -------- d-------- C:\Program Files\Common Files\System
    2006-10-16 04:09 98324 --a------ C:\WINDOWS\system32\xjwkvnug.dll
    2006-10-15 10:52 98324 --a------ C:\WINDOWS\system32\hxpdmoye.dll
    2006-10-14 19:11 -------- d-------- C:\Program Files\REGSHAVE
    2006-10-14 19:04 25600 --a------ C:\WINDOWS\UpdReg.EXE
    2006-10-14 19:04 25600 --a------ C:\WINDOWS\system32\NeroCheck.exe
    2006-10-13 19:15 98324 --a------ C:\WINDOWS\system32\dtfucdcf.dll
    2006-10-10 23:46 86036 --a------ C:\WINDOWS\system32\jxetbvbd.dll
    2006-10-09 10:10 -------- d-------- C:\Documents and Settings\Stewart\Application Data\VideoEgg
    2006-10-03 20:14 -------- d-------- C:\Program Files\Spybot - Search & Destroy
    2006-10-03 19:48 -------- d-------- C:\Documents and Settings\Stewart\Application Data\Steinberg
    2006-10-03 18:18 86036 --a------ C:\WINDOWS\system32\sudjankq.dll
    2006-10-01 16:14 -------- d-------- C:\Program Files\Steinberg
    2006-10-01 15:28 143380 --a------ C:\WINDOWS\system32\qejmboyl.exe
    2006-10-01 15:27 86068 --a------ C:\WINDOWS\system32\pkvoftsl.dll
    2006-09-30 19:04 -------- d-------- C:\Program Files\Neuratron PhotoScore Lite
    2006-09-30 11:57 86068 --a------ C:\WINDOWS\system32\wcudrcoj.dll
    2006-09-29 14:07 73748 --a------ C:\WINDOWS\system32\kiwclxah.dll
    2006-09-29 14:06 143380 --a------ C:\WINDOWS\system32\phymhoey.exe
    2006-09-28 22:36 73748 --a------ C:\WINDOWS\system32\nbublfjr.dll
    2006-09-28 22:33 73748 --a------ C:\WINDOWS\system32\mayufxod.dll
    2006-09-28 18:36 73748 --a------ C:\WINDOWS\system32\mhdavqbe.dll
    2006-09-25 22:21 143380 --a------ C:\WINDOWS\system32\enehrshb.exe
    2006-09-25 20:36 143380 --a------ C:\WINDOWS\system32\rctpbqyg.exe
    2006-09-25 19:18 143380 --a------ C:\WINDOWS\system32\upwafkak.exe
    2006-09-24 22:10 2048 --a------ C:\WINDOWS\system32\eraseme_44882.exe
    2006-09-23 13:18 2368 --a------ C:\WINDOWS\system32\SVKP.sys
    2006-09-19 09:28 86068 --a------ C:\WINDOWS\system32\iywpmlpn.dll
    2006-09-18 07:34 62 --a------ C:\WINDOWS\system32\w.dll
    2006-09-18 07:34 0 --a------ C:\WINDOWS\system32\windows.exe
    2006-09-14 15:45 40973 ---hs---- C:\WINDOWS\system32\ddccaby.dll
    2006-09-14 15:44 8012 --a------ C:\WINDOWS\svcchost.exe
    2006-09-14 00:20 577588 ---hs---- C:\WINDOWS\system32\nnlkl.dll
    2006-09-14 00:14 577588 ---hs---- C:\WINDOWS\system32\opnmj.dll
    2006-09-14 00:09 577588 ---hs---- C:\WINDOWS\system32\opnnk.dll
    2006-09-14 00:04 577588 ---hs---- C:\WINDOWS\system32\efcaw.dll
    2006-09-13 23:53 577588 ---hs---- C:\WINDOWS\system32\qoppp.dll
    2006-09-13 23:48 577588 ---hs---- C:\WINDOWS\system32\qopnn.dll
    2006-09-13 23:42 577588 ---hs---- C:\WINDOWS\system32\pmnll.dll
    2006-09-13 23:37 577588 ---hs---- C:\WINDOWS\system32\wvwuv.dll
    2006-09-13 23:32 577588 ---hs---- C:\WINDOWS\system32\xxyab.dll
    2006-09-13 23:26 577588 ---hs---- C:\WINDOWS\system32\cbaya.dll
    2006-09-13 23:21 577588 ---hs---- C:\WINDOWS\system32\pmkki.dll
    2006-09-13 23:15 577588 ---hs---- C:\WINDOWS\system32\ursrp.dll
    2006-09-13 23:05 577588 ---hs---- C:\WINDOWS\system32\ssqqo.dll
    2006-09-13 22:59 577588 ---hs---- C:\WINDOWS\system32\byxwt.dll
    2006-09-13 22:49 577588 ---hs---- C:\WINDOWS\system32\ssttt.dll
    2006-09-13 22:43 577588 ---hs---- C:\WINDOWS\system32\awtqo.dll
    2006-09-13 22:38 577588 ---hs---- C:\WINDOWS\system32\yabcy.dll
    2006-09-13 22:33 577588 ---hs---- C:\WINDOWS\system32\yabxv.dll
    2006-09-13 22:27 577588 ---hs---- C:\WINDOWS\system32\efcbx.dll
    2006-09-13 22:21 40973 ---hs---- C:\WINDOWS\system32\awtqnkh.dll
    2006-09-13 22:21 13528 --ahs---- C:\WINDOWS\system32\sms.exe
    2006-09-10 10:03 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
    2006-09-10 10:03 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
    2006-09-09 20:38 62 --ahs---- C:\Documents and Settings\Stewart\Application Data\desktop.ini
    2006-09-09 19:52 0 -rahs---- C:\MSDOS.SYS
    2006-09-09 19:52 0 -rahs---- C:\IO.SYS
    2006-09-09 19:52 0 --a------ C:\CONFIG.SYS
    2006-09-09 19:52 0 --a------ C:\AUTOEXEC.BAT


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "CnxDslTaskBar"="\"C:\\Program Files\\Conexant\\AccessRunner ADSL\\CnxDslTb.exe\""
    "SCANINICIO"="\"C:\\Program Files\\Panda Software\\Panda Antivirus Platinum\\Inicio.exe\""
    "APVXDWIN"="\"C:\\Program Files\\Panda Software\\Panda Antivirus Platinum\\APVXDWIN.EXE\" /s"
    "WINDVDPatch"="CTHELPER.EXE"
    "Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
    "EPSON Stylus Photo R220 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAIE.EXE /P30 \"EPSON Stylus Photo R220 Series\" /O6 \"USB001\" /M \"Stylus Photo R220\""
    "REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
    "Disc Detector"="C:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe"
    "PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "NoChange"="1"
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
    "Microsoft Telecoms Center"="winupcd.exe"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
    "Microsoft Telecoms Center"="winupcd.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    @=""
    "NoDriveTypeAutoRun"=hex:5f,00,00,00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\natiibn

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    Completion time: 06-11-29 21:25:39.38
    C:\ComboFix.txt ... 06-11-29 21:25

  10. #10
    Expert-Emeritus illukka's Avatar
    Join Date
    Nov 2005
    Location
    The Pits Of Hell
    Posts
    1,289

    Default

    fine !

    next a fresh hjt log, but before that lets do a big cleanup:



    First download AVG Anti-Spyware from HERE and save that file to your desktop.
    This is a 30 day trial of the program
    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
    1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
      IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
    2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions"
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.


    so what i need next is:
    avg antispyware report
    a log of renamed hijackthis

    good luck ;D
    I Am A Proud Member of ASAP Since 2004

    To Ride, Shoot Straight And Speak TheTruth

    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •