After DHCP failed evil ware detected

Hi folks,

Well, after my DHCP problems, I ran Bazooka to get a good idea of how much infected the computer was. I was recommended to run HJT to get a log so you gurus can help me get this computer running safely again. So here is the HJT log, hum hum , if this wasn`t the standard way of doing things, I`m sorry and will try to comply next time.

Logfile of HijackThis v1.99.1
Scan saved at 19:45:52, on 2005-02-22
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\msupd6.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\FVProtect.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\System32\SahAgent.exe
C:\Program Files\Dtcaev\Fkneu.exe
C:\Program Files\SED\SED.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\ezula\mmod.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HighJack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://frca6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com/default_tc.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {4016CD6D-1A2C-366E-368B-DD19050D65BD} - C:\WINDOWS\System32\ufihiflc.dll
O2 - BHO: (no name) - {8476CB16-3B54-0E3B-1FF6-501E6CCF22B8} - C:\WINDOWS\System32\miqbrdfc.dll
O2 - BHO: (no name) - {F62F90F4-F540-300E-EAAF-582AF2B1696A} - C:\WINDOWS\System32\vpkasxxf.dll
O3 - Toolbar: boîte à outils hp - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-4208340c1f7f} - C:\Program Files\IEMenuExtension\tbextn.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scannercamera\scannerfb.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Norton Antivirus AV] C:\WINDOWS\FVProtect.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe "
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe "C:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB
O4 - HKLM\..\Run: [Dsolphs] C:\Program Files\Dtcaev\Fkneu.exe
O4 - HKLM\..\Run: [SESync] "C:\Program Files\SED\SED.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O16 - DPF: {01C17CA5-D863-42ED-B8DD-C3E325A22E4E} (EGDownload Class) - http://www.vizit.us/private/downloadcenter/downloader/EGDownloaderXP.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab
O16 - DPF: {3446598E-00E4-4B5E-99A6-87ECCA8324A2} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1056_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1055_XP.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_FR_XP.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_FR_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{53ABCEDD-DAE5-4BC1-ABAF-D6ED77C300C1}: NameServer = 206.47.244.137,206.47.244.59
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\f4l02e3mgh.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Miscrosoft Updates Service 6 (MsUpdate6) - Unknown owner - C:\WINDOWS\System32\msupd6.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


CheGueVerra

 

Welcome to the forums,

To start:
Start Hijackthis and place a check next to these items,
Close all browser windows and shut down all other programs that show in the taskbar. (even Folders) [WE do not mean stop the programs in the tray area near the clock]
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binari...tia32_FR_XP.cab
O16 - DPF: {3446598E-00E4-4B5E-99A6-87ECCA8324A2} - http://akamai.downloadv3.com/binari...ESS_1056_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binari...thv32_FR_XP.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - http://akamai.downloadv3.com/binari...ESS_1055_XP.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binari...tpe32_FR_XP.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binari...slv32_FR_XP.cab
=========================
Hit fix checked and close Hijackthis.



Download L2mfix from one of these two locations:
(version 1.02a )
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Once posted do not restart your pc untill suggested

 

I'll post the log tonight when I run the test,

Thanks for the heads up...

CheGueVerra

 

l2mfix log

I was trying to post the log from the l2mfix but it seems that the log file has more characters that I can post in a message, so before deleting important parts, what can I do. Do I post the log in two parts or some parts of the log I can erase with no problem at all....

Thanks for yourt help
CheGueVerra

 

Post it all - two or more parts is fine.

 

Ok the lm2fix report part(1)

[Start of part 1]
L2MFIX find log 1.02b
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous "=dword:00000000
"Impersonate "=dword:00000000
"DllName "=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff "= "ChainWlxLogoffEvent "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous "=dword:00000000
"Impersonate "=dword:00000000
"DllName "=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff "= "CryptnetWlxLogoffEvent "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName "= "cscdll.dll "
"Logon "= "WinlogonLogonEvent "
"Logoff "= "WinlogonLogoffEvent "
"ScreenSaver "= "WinlogonScreenSaverEvent "
"Startup "= "WinlogonStartupEvent "
"Shutdown "= "WinlogonShutdownEvent "
"StartShell "= "WinlogonStartShellEvent "
"Impersonate "=dword:00000000
"Asynchronous "=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=" "
"DLLName "= "igfxsrvc.dll "
"Asynchronous "=dword:00000001
"Impersonate "=dword:00000001
"Unlock "= "WinlogonUnlockEvent "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName "= "wlnotify.dll "
"Logon "= "SCardStartCertProp "
"Logoff "= "SCardStopCertProp "
"Lock "= "SCardSuspendCertProp "
"Unlock "= "SCardResumeCertProp "
"Enabled "=dword:00000001
"Impersonate "=dword:00000001
"Asynchronous "=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous "=dword:00000000
"DllName "=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate "=dword:00000000
"StartShell "= "SchedStartShell "
"Logoff "= "SchedEventLogOff "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff "= "WLEventLogoff "
"Impersonate "=dword:00000000
"Asynchronous "=dword:00000001
"DllName "=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName "= "WlNotify.dll "
"Lock "= "SensLockEvent "
"Logon "= "SensLogonEvent "
"Logoff "= "SensLogoffEvent "
"Safe "=dword:00000001
"MaxWait "=dword:00000258
"StartScreenSaver "= "SensStartScreenSaverEvent "
"StopScreenSaver "= "SensStopScreenSaverEvent "
"Startup "= "SensStartupEvent "
"Shutdown "= "SensShutdownEvent "
"StartShell "= "SensStartShellEvent "
"PostShell "= "SensPostShellEvent "
"Disconnect "= "SensDisconnectEvent "
"Reconnect "= "SensReconnectEvent "
"Unlock "= "SensUnlockEvent "
"Impersonate "=dword:00000001
"Asynchronous "=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellScrap]
"Asynchronous "=dword:00000000
"DllName "= "C:\\WINDOWS\\system32\\k2pm0c71ef.dll "
"Impersonate "=dword:00000000
"Logon "= "WinLogon "
"Logoff "= "WinLogoff "
"Shutdown "= "WinShutdown "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous "=dword:00000000
"DllName "=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate "=dword:00000000
"Logoff "= "TSEventLogoff "
"Logon "= "TSEventLogon "
"PostShell "= "TSEventPostShell "
"Shutdown "= "TSEventShutdown "
"StartShell "= "TSEventStartShell "
"Startup "= "TSEventStartup "
"MaxWait "=dword:00000258
"Reconnect "= "TSEventReconnect "
"Disconnect "= "TSEventDisconnect "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName "= "wlnotify.dll "
"Logon "= "RegisterTicketExpiredNotificationEvent "
"Logoff "= "UnregisterTicketExpiredNotificationEvent "
"Impersonate "=dword:00000001
"Asynchronous "=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{D5468DD7-C294-9FE7-DA07-8E5AE3F532B3} "=" "

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046} "= "Feuille de propri‚t‚s du fichier multim‚dia "
"{176d6597-26d3-11d1-b350-080036a75b03} "= "Gestion de scanneur ICM "
"{1F2E5C40-9550-11CE-99D2-00AA006E086C} "= "Page de s‚curit‚ NTFS "
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32} "= "Page des propri‚t‚s de OLE DocFile "
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6} "= "Extensions de l'environnement pour le partage "
"{41E300E0-78B6-11ce-849B-444553540000} "= "PlusPack CPL Extension "
"{42071712-76d4-11d1-8b24-00a0c9068ff3} "= "Extension Affichage Carte du Panneau de configuration "
"{42071713-76d4-11d1-8b24-00a0c9068ff3} "= "Extension Affichage cran du Panneau de configuration "
"{42071714-76d4-11d1-8b24-00a0c9068ff3} "= "Extension Affichage Panorama du Panneau de configuration "
"{4E40F770-369C-11d0-8922-00A024AB2DBB} "= "Page de s‚curit‚ DS "
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} "= "Page de compatibilit‚ "
"{56117100-C0CD-101B-81E2-00AA004AE837} "= "Gestionnaire de donn‚es endommag‚es de l'environnement "
"{59099400-57FF-11CE-BD94-0020AF85B590} "= "Extension copie de disquette "
"{59be4990-f85c-11ce-aff7-00aa003ca9f6} "= "Extensions de l'environnement pour les objets r‚seau de Microsoft Windows "
"{5DB2625A-54DF-11D0-B6C4-0800091AA605} "= "Gestion d'‚cran ICM "
"{675F097E-4C4D-11D0-B6C1-0800091AA605} "= "Gestion d'imprimante ICM "
"{764BF0E1-F219-11ce-972D-00AA00A14F56} "= "Extensions de l'environnement de compression de fichiers "
"{77597368-7b15-11d0-a0c2-080036af3f03} "= "Extension de l'environnement d'imprimante Web "
"{7988B573-EC89-11cf-9C00-00AA00A14F56} "= "Disk Quota UI "
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "= "Menu contextuel de cryptage "
"{85BBD920-42A0-1069-A2E4-08002B30309D} "= "Porte-documents "
"{88895560-9AA2-1069-930E-00AA0030EBC8} "= "Extension ic“ne HyperTerminal "
"{BD84B380-8CA2-1069-AB1D-08000948F534} "= "Fonts "
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27} "= "Profil ICC "
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} "= "Page de s‚curit‚ des imprimantes "
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} "= "Extensions de l'environnement pour le partage "
"{f92e8c40-3d33-11d2-b1aa-080036a75b03} "= "Display TroubleShoot CPL Extension "
"{7444C717-39BF-11D1-8CD9-00C04FC29D45} "= "Extension de cryptographie PKO "
"{7444C719-39BF-11D1-8CD9-00C04FC29D45} "= "Extension de cryptographie Sign "
"{7007ACC7-3202-11D1-AAD2-00805FC1270E} "= "Connexions r‚seau "
"{992CFFA0-F557-101A-88EC-00DD010CCC48} "= "Connexions r‚seau "
"{E211B736-43FD-11D1-9EFB-0000F8757FCD} "= "&Scanneurs et appareils photo "
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} "= "&Scanneurs et appareils photo "
"{905667aa-acd6-11d2-8080-00805f6596d2} "= "&Scanneurs et appareils photo "
"{3F953603-1008-4f6e-A73A-04AAC7A992F1} "= "&Scanneurs et appareils photo "
"{83bbcbf3-b28a-4919-a5aa-73027445d672} "= "&Scanneurs et appareils photo "
"{F0152790-D56E-4445-850E-4F3117DB740C} "= "Remote Sessions CPL Extension "
"{60254CA5-953B-11CF-8C96-00AA00B8708C} "= "Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows "
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829} "= "Liaison de donn‚es Microsoft "
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} "= "Tasks Folder Icon Handler "
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} "= "Tasks Folder Shell Extension "
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF} "= "Tƒches planifi‚es "
"{0DF44EAA-FF21-4412-828E-260A8728E7F1} "= "Barre des tƒches et menu D‚marrer "
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} "= "Rechercher "
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} "= "Aide et support "
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} "= "Aide et support "
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} "= "Ex‚cuter... "
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} "= "Internet "
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} "= "Courrier "šlectronique "
"{D20EA4E1-3957-11d2-A40B-0C5020524152} "= "Polices "
"{D20EA4E1-3957-11d2-A40B-0C5020524153} "= "Outils d'administration "
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} "= "Audio Media Properties Handler "
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} "= "Video Media Properties Handler "
"{E4B29F9D-D390-480b-92FD-7DDB47101D71} "= "Wav Properties Handler "
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E} "= "Avi Properties Handler "
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9} "= "Midi Properties Handler "
"{c5a40261-cd64-4ccf-84cb-c394da41d590} "= "Video Thumbnail Extractor "
"{5E6AB780-7743-11CF-A12B-00AA004AE837} "= "Barre d'outils Internet Microsoft "
"{22BF0C20-6DA7-11D0-B373-00A0C9034938} "= "tat du t‚l‚chargement "
"{91EA3F8B-C99B-11d0-9815-00C04FD91972} "= "Dossier Bureau "štendu "
"{6413BA2C-B461-11d1-A18A-080036B11A03} "= "Dossier du shell augment‚ "
"{F61FFEC1-754F-11d0-80CA-00AA005B4383} "= "BandProxy "
"{7BA4C742-9E81-11CF-99D3-00AA004AE837} "= "Bande du navigateur Microsoft "
"{30D02401-6A81-11d0-8274-00C04FD5AE38} "= "Bande de recherche "
"{32683183-48a0-441b-a342-7c2a440a9478} "= "Media Band "
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13} "= "Volet int‚gr‚ de recherche "
"{07798131-AF23-11d1-9111-00A0C98BA67D} "= "Recherche Web "
"{AF4F6510-F982-11d0-8595-00AA004CD6D8} "= "Utilitaire des options de l'arborescence du Registre "
"{01E04581-4EEE-11d0-BFE9-00AA005B4383} "= "&Adresse "
"{A08C11D2-A228-11d0-825B-00AA005B4383} "= "BoŒte d'entr‚e de l'adresse "
"{00BB2763-6A77-11D0-A535-00C04FD7D062} "= "Saisie semi-automatique Microsoft "
"{7376D660-C583-11d0-A3A5-00C04FD706EC} "= "TridentImageExtractor "
"{6756A641-DE71-11d0-831B-00AA005B4383} "= "Liste de saisie semi-automatique MRU "
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} "= "Liste de saisie semi-automatique personnalis‚e MRU "
"{7e653215-fa25-46bd-a339-34a2790f3cb7} "= "Accessible "
"{acf35015-526e-4230-9596-becbe19f0ac9} "= "Barre de progrÅ s auto-ouvrante "
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2} "= "Analyseur de la barre d'adresses "
"{00BB2764-6A77-11D0-A535-00C04FD7D062} "= "Liste de saisie semi-automatique de l'historique Microsoft "
"{03C036F1-A186-11D0-824A-00AA005B4383} "= "Liste de saisie semi-automatique du dossier Shell Microsoft "
"{00BB2765-6A77-11D0-A535-00C04FD7D062} "= "Conteneur de la liste de saisie semi-automatique multiple Microsoft "
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1} "= "Menu Site de bandes "
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} "= "Shell DeskBarApp "
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1} "= "Barre du Bureau "
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1} "= "Shell Rebar BandSite "
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C} "= "Assistance utilisateur "
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "= "ParamÅ tres du dossier global "
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E} "= "Favorites Band "
"{0A89A860-D7B1-11CE-8350-444553540000} "= "Shell Automation Inproc Service "
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} "= "Shell DocObject Viewer "
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} "= "Microsoft Browser Architecture "
"{FBF23B40-E3F0-101B-8488-00AA003E56F8} "= "InternetShortcut "
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE} "= "Microsoft Url History Service "
"{FF393560-C2A7-11CF-BFF4-444553540000} "= "Historique "
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933} "= "Temporary Internet Files "
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933} "= "Temporary Internet Files "
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497} "= "Microsoft Url Search Hook "
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} "= "Image de d‚marrage de la Suite IE4 "
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13} "= "CDF Extension Copy Hook "
"{131A6951-7F78-11D0-A979-00C04FD705A2} "= "ISFBand OC "
"{9461b922-3c5a-11d2-bf8b-00c04fb93661} "= "Search Assistant OC "
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} "= "Internet "
"{871C5380-42A0-1069-A2EA-08002B30309D} "= "Internet Name Space "
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E} "= "Explorer Band "
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} "= "Sendmail service "
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} "= "Sendmail service "
"{88C6C381-2E85-11D0-94DE-444553540000} "= "Dossier ActiveX Cache "
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "= "WebCheck "
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} "= "Subscription Mgr "
"{F5175861-2688-11d0-9C5E-00AA00A45957} "= "Dossier Inscription "
"{08165EA0-E946-11CF-9C87-00AA005127ED} "= "WebCheckWebCrawler "
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} "= "WebCheckChannelAgent "
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} "= "TrayAgent "
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02} "= "Code Download Agent "
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} "= "ConnectionAgent "
"{D8BD2030-6FC9-11D0-864F-00AA006809D9} "= "PostAgent "
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} "= "WebCheck SyncMgr Handler "
"{352EC2B7-8B9A-11D1-B8AE-006008059382} "= "Gestionnaire d'applications d'environnement "
"{0B124F8F-91F0-11D1-B8B5-006008059382} "= "num‚rateur d'applications install‚es "
"{CFCCC7A0-A282-11D1-9082-006008059382} "= "Publication d'application Darwin "
"{e84fda7c-1d6a-45f6-b725-cb260c236066} "= "Shell Image Verbs "
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} "= "Shell Image Data Factory "
"{3F30C968-480A-4C6C-862D-EFC0897BB84B} "= "Extracteur de miniatures de fichier + GDI "
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC} "= "Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES) "
"{EAB841A0-9550-11cf-8C16-00805F1408F3} "= "Extracteur de miniatures HTML "
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} "= "Shell Image Property Handler "
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D} "= "Assistant Publication de sites Web "
"{add36aa8-751a-4579-a266-d66f5202ccbb} "= "Commande d'impressions via le Web "
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1} "= "Objet Assistant de publication Shell "
"{58f1f272-9240-4f51-b6d4-fd63d1618591} "= "Assistant Obtenir une identit‚ Passport "
"{7A9D77BD-5403-11d2-8785-2E0420524153} "= "Comptes d'utilisateurs "
"{BD472F60-27FA-11cf-B8B4-444553540000} "= "Compressed (zipped) Folder Right Drag Handler "
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} "= "Compressed (zipped) Folder SendTo Target "
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433} "= "Fichier de chaÅ’ne "
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} "= "Raccourci de chaÅ’ne "
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} "= "Channel Handler Object "
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437} "= "Channel Menu "
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} "= "Channel Properties "
"{63da6ec0-2e98-11cf-8d82-444553540000} "= "FTP Folders Webview "
"{883373C3-BF89-11D1-BE35-080036B11A03} "= "Microsoft DocProp Shell Ext "
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D} "= "Microsoft DocProp Inplace Edit Box Control "
"{8EE97210-FD1F-4B19-91DA-67914005F020} "= "Microsoft DocProp Inplace ML Edit Box Control "
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} "= "Microsoft DocProp Inplace Droplist Combo Control "
"{6A205B57-2567-4A2C-B881-F787FAB579A3} "= "Microsoft DocProp Inplace Calendar Control "
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} "= "Microsoft DocProp Inplace Time Control "
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB} "= "Directory Query UI "
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} "= "Shell properties for a DS object "
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} "= "Directory Object Find "
"{F020E586-5264-11d1-A532-0000F8757D7E} "= "Directory Start/Search Find "
"{0D45D530-764B-11d0-A1CA-00AA00C16E65} "= "Directory Property UI "
"{62AE1F9A-126A-11D0-A14B-0800361B1103} "= "Directory Context Menu Verbs "
"{ECF03A33-103D-11d2-854D-006008059367} "= "MyDocs Copy Hook "
"{ECF03A32-103D-11d2-854D-006008059367} "= "MyDocs Drop Target "
"{4a7ded0a-ad25-11d0-98a8-0800361b1103} "= "MyDocs Properties "
"{750fdf0e-2a26-11d1-a3ea-080036587f03} "= "Offline Files Menu "
"{10CFC467-4392-11d2-8DB4-00C04FA31A66} "= "Offline Files Folder Options "
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} "= "Dossier Fichiers hors connexion "
"{143A62C8-C33B-11D1-84FE-00C04FA34A14} "= "Microsoft Agent Character Property Sheet Handler "
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} "= "DfsShell "
"{60fd46de-f830-4894-a628-6fa81bc0190d} "= "%DESC_PublishDropTarget% "
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717} "= "MMC Icon Handler "
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} "= ".CAB file viewer "
"{32714800-2E5F-11d0-8B85-00AA0044F941} "= "Des &personnes... "
"{8DD448E6-C188-4aed-AF92-44956194EB1F} "= "Windows Media Player Play as Playlist Context Menu Handler "
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "= "Windows Media Player Burn Audio CD Context Menu Handler "
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "= "Windows Media Player Add to Playlist Context Menu Handler "
"{5CA3D70E-1895-11CF-8E15-001234567890} "= "DriveLetterAccess "
"{1CDB2949-8F65-4355-8456-263E7C208A5D} "= "Explorateur de Bureau "
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "= "Desktop Explorer Menu "
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "= "Auto Update Property Sheet Extension "
"{BB7DF450-F119-11CD-8465-00AA00425D90} "= "Microsoft Access Custom Icon Handler "
"{59850401-6664-101B-B21C-00AA004BA90B} "= "S‚parateur du Classeur Microsoft Office "
"{640167b4-59b0-47a6-b335-a6b3c0695aea} "= "Portable Media Devices "
"{cc86590a-b60a-48e6-996b-41d25ed39a1e} "= "Portable Media Devices Menu "
"{16537C13-7989-456E-8115-5E02C07318C8} "=" "
"{F3D39397-8804-407E-B373-7A0DAA4C730B} "=" "
"{A76C9149-9354-4C8E-9F44-9B59E22A5B69} "=" "
"{B14812E1-E21F-41EE-9FBC-2C34AB07E586} "=" "
"{D627195F-A23E-437E-83E2-3627623CF36B} "=" "
"{A9775B9B-A0EA-4D3E-8017-FC8EE571090F} "=" "
"{8AF7A928-005B-422E-98CB-E48D29411783} "=" "
"{B42F24F4-7BD5-40A8-B6F2-051374B280B6} "=" "
"{B8A0093E-7997-4628-A18B-9DF8C87D0651} "=" "
"{C3DAB56C-84E9-4093-A1E2-4F67F8689A7F} "=" "
"{F285591B-C851-45CF-8C15-81E38AEC0978} "=" "
"{FB17C97F-A6DC-4652-A1B6-1CD0AAC34207} "=" "
"{61197377-45CC-4667-A6BE-B1210AFAE186} "=" "
"{13883DB5-7407-44F1-8A8A-4087D1BF4BF9} "=" "
"{2813CD0E-9CE6-46A9-BBCA-3A75DBC8E60C} "=" "
"{0345120A-043D-41E9-B4B3-80F1FCD19318} "=" "
"{B47043DE-3BEE-4C58-A293-B6ACE2E10452} "=" "
"{ACD2EB57-267D-4456-939C-E3099E92D736} "=" "
"{01D320BB-F7CB-420B-880B-398AB6ABFB9F} "=" "
"{82275D52-EBC0-4A68-9C08-8C27FA0CBB9D} "=" "
"{AA4C5E5B-583F-4F0C-989B-3AE8A777613A} "=" "
"{DE71D77F-2CC3-451E-AC59-EEB97D37535C} "=" "
"{59168E5C-233A-4302-9844-A2B33D8383B8} "=" "
"{F08A374C-86E6-4F10-BFD4-60FAFBB471B5} "=" "
"{A1440459-C09E-40B8-98E4-13C3D6AE033F} "=" "

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{16537C13-7989-456E-8115-5E02C07318C8}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{16537C13-7989-456E-8115-5E02C07318C8}\Implemented Categories]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{16537C13-7989-456E-8115-5E02C07318C8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{16537C13-7989-456E-8115-5E02C07318C8}\InprocServer32]
@= "C:\\WINDOWS\\system32\\rNschap.dll "
"ThreadingModel "= "Apartment "

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F3D39397-8804-407E-B373-7A0DAA4C730B}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{F3D39397-8804-407E-B373-7A0DAA4C730B}\Implemented Categories]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{F3D39397-8804-407E-B373-7A0DAA4C730B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{F3D39397-8804-407E-B373-7A0DAA4C730B}\InprocServer32]
@= "C:\\WINDOWS\\system32\\wgcdlg.dll "
"ThreadingModel "= "Apartment "

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A76C9149-9354-4C8E-9F44-9B59E22A5B69}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{A76C9149-9354-4C8E-9F44-9B59E22A5B69}\Implemented Categories]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{A76C9149-9354-4C8E-9F44-9B59E22A5B69}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{A76C9149-9354-4C8E-9F44-9B59E22A5B69}\InprocServer32]
@= "C:\\WINDOWS\\system32\\nptapi.dll "
"ThreadingModel "= "Apartment "

[Part 1 end]

 

Start part 2

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B14812E1-E21F-41EE-9FBC-2C34AB07E586}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{B14812E1-E21F-41EE-9FBC-2C34AB07E586}\Implemented Categories]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{B14812E1-E21F-41EE-9FBC-2C34AB07E586}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{B14812E1-E21F-41EE-9FBC-2C34AB07E586}\InprocServer32]
@= "C:\\WINDOWS\\system32\\wdwfax.dll "
"ThreadingModel "= "Apartment "

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D627195F-A23E-437E-83E2-3627623CF36B}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{D627195F-A23E-437E-83E2-3627623CF36B}\Implemented Categories]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{D627195F-A23E-437E-83E2-3627623CF36B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{D627195F-A23E-437E-83E2-3627623CF36B}\InprocServer32]
@= "C:\\WINDOWS\\system32\\bxc42d.dll "
"ThreadingModel "= "Apartment "

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A9775B9B-A0EA-4D3E-8017-FC8EE571090F}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{A9775B9B-A0EA-4D3E-8017-FC8EE571090F}\Implemented Categories]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{A9775B9B-A0EA-4D3E-8017-FC8EE571090F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{A9775B9B-A0EA-4D3E-8017-FC8EE571090F}\InprocServer32]
@= "C:\\WINDOWS\\system32\\cqbjmon.dll "
"ThreadingModel "= "Apartment "

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8AF7A928-005B-422E-98CB-E48D29411783}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{8AF7A928-005B-422E-98CB-E48D29411783}\Implemented Categories]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{8AF7A928-005B-422E-98CB-E48D29411783}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{8AF7A928-005B-422E-98CB-E48D29411783}\InprocServer32]
@= "C:\\WINDOWS\\system32\\MIRD2X35.DLL "
"ThreadingModel "= "Apartment "

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B42F24F4-7BD5-40A8-B6F2-051374B280B6}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{B42F24F4-7BD5-40A8-B6F2-051374B280B6}\Implemented Categories]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{B42F24F4-7BD5-40A8-B6F2-051374B280B6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{B42F24F4-7BD5-40A8-B6F2-051374B280B6}\InprocServer32]
@= "C:\\WINDOWS\\system32\\jkproxy.dll "
"ThreadingModel "= "Apartment "

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B8A0093E-7997-4628-A18B-9DF8C87D0651}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{B8A0093E-7997-4628-A18B-9DF8C87D0651}\Implemented Categories]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{B8A0093E-7997-4628-A18B-9DF8C87D0651}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{B8A0093E-7997-4628-A18B-9DF8C87D0651}\InprocServer32]
@= "C:\\WINDOWS\\system32\\fpsrch.dll "
"ThreadingModel "= "Apartment "

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C3DAB56C-84E9-4093-A1E2-4F67F8689A7F}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{C3DAB56C-84E9-4093-A1E2-4F67F8689A7F}\Implemented Categories]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{C3DAB56C-84E9-4093-A1E2-4F67F8689A7F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{C3DAB56C-84E9-4093-A1E2-4F67F8689A7F}\InprocServer32]
@= "C:\\WINDOWS\\system32\\ndlanman.dll "
"ThreadingModel "= "Apartment "

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F285591B-C851-45CF-8C15-81E38AEC0978}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{F285591B-C851-45CF-8C15-81E38AEC0978}\Implemented Categories]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{F285591B-C851-45CF-8C15-81E38AEC0978}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{F285591B-C851-45CF-8C15-81E38AEC0978}\InprocServer32]
@= "C:\\WINDOWS\\system32\\sXmsrv.dll "
"ThreadingModel "= "Apartment "

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FB17C97F-A6DC-4652-A1B6-1CD0AAC34207}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{FB17C97F-A6DC-4652-A1B6-1CD0AAC34207}\Implemented Categories]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{FB17C97F-A6DC-4652-A1B6-1CD0AAC34207}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{FB17C97F-A6DC-4652-A1B6-1CD0AAC34207}\InprocServer32]
@= "C:\\WINDOWS\\system32\\iigutil.dll "
"ThreadingModel "= "Apartment "

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{61197377-45CC-4667-A6BE-B1210AFAE186}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{61197377-45CC-4667-A6BE-B1210AFAE186}\Implemented Categories]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{61197377-45CC-4667-A6BE-B1210AFAE186}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{61197377-45CC-4667-A6BE-B1210AFAE186}\InprocServer32]
@= "C:\\WINDOWS\\system32\\ogeacc.dll "
"ThreadingModel "= "Apartment "

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{13883DB5-7407-44F1-8A8A-4087D1BF4BF9}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{13883DB5-7407-44F1-8A8A-4087D1BF4BF9}\Implemented Categories]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{13883DB5-7407-44F1-8A8A-4087D1BF4BF9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{13883DB5-7407-44F1-8A8A-4087D1BF4BF9}\InprocServer32]
@= "C:\\WINDOWS\\system32\\bydispl.dll "
"ThreadingModel "= "Apartment "

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2813CD0E-9CE6-46A9-BBCA-3A75DBC8E60C}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{2813CD0E-9CE6-46A9-BBCA-3A75DBC8E60C}\Implemented Categories]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{2813CD0E-9CE6-46A9-BBCA-3A75DBC8E60C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{2813CD0E-9CE6-46A9-BBCA-3A75DBC8E60C}\InprocServer32]
@= "C:\\WINDOWS\\system32\\wgavideo.dll "
"ThreadingModel "= "Apartment "

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0345120A-043D-41E9-B4B3-80F1FCD19318}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{0345120A-043D-41E9-B4B3-80F1FCD19318}\Implemented Categories]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{0345120A-043D-41E9-B4B3-80F1FCD19318}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{0345120A-043D-41E9-B4B3-80F1FCD19318}\InprocServer32]
@= "C:\\WINDOWS\\system32\\raaenh.dll "
"ThreadingModel "= "Apartment "

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B47043DE-3BEE-4C58-A293-B6ACE2E10452}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{B47043DE-3BEE-4C58-A293-B6ACE2E10452}\Implemented Categories]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{B47043DE-3BEE-4C58-A293-B6ACE2E10452}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{B47043DE-3BEE-4C58-A293-B6ACE2E10452}\InprocServer32]
@= "C:\\WINDOWS\\system32\\axrsvc.dll "
"ThreadingModel "= "Apartment "

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{ACD2EB57-267D-4456-939C-E3099E92D736}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{ACD2EB57-267D-4456-939C-E3099E92D736}\Implemented Categories]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{ACD2EB57-267D-4456-939C-E3099E92D736}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{ACD2EB57-267D-4456-939C-E3099E92D736}\InprocServer32]
@= "C:\\WINDOWS\\system32\\wnnipsec.dll "
"ThreadingModel "= "Apartment "

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{01D320BB-F7CB-420B-880B-398AB6ABFB9F}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{01D320BB-F7CB-420B-880B-398AB6ABFB9F}\Implemented Categories]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{01D320BB-F7CB-420B-880B-398AB6ABFB9F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{01D320BB-F7CB-420B-880B-398AB6ABFB9F}\InprocServer32]
@= "C:\\WINDOWS\\system32\\jzt500.dll "
"ThreadingModel "= "Apartment "

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{82275D52-EBC0-4A68-9C08-8C27FA0CBB9D}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{82275D52-EBC0-4A68-9C08-8C27FA0CBB9D}\Implemented Categories]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{82275D52-EBC0-4A68-9C08-8C27FA0CBB9D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{82275D52-EBC0-4A68-9C08-8C27FA0CBB9D}\InprocServer32]
@= "C:\\WINDOWS\\system32\\dtskmon.dll "
"ThreadingModel "= "Apartment "

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{AA4C5E5B-583F-4F0C-989B-3AE8A777613A}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{AA4C5E5B-583F-4F0C-989B-3AE8A777613A}\Implemented Categories]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{AA4C5E5B-583F-4F0C-989B-3AE8A777613A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{AA4C5E5B-583F-4F0C-989B-3AE8A777613A}\InprocServer32]
@= "C:\\WINDOWS\\system32\\dwprop.dll "
"ThreadingModel "= "Apartment "

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DE71D77F-2CC3-451E-AC59-EEB97D37535C}]
@=" "
"IDEx "= "AD "

[HKEY_CLASSES_ROOT\CLSID\{DE71D77F-2CC3-451E-AC59-EEB97D37535C}\Implemented Categories]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{DE71D77F-2CC3-451E-AC59-EEB97D37535C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{DE71D77F-2CC3-451E-AC59-EEB97D37535C}\InprocServer32]
@= "C:\\WINDOWS\\system32\\ivmpagnt.dll "
"ThreadingModel "= "Apartment "

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{59168E5C-233A-4302-9844-A2B33D8383B8}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{59168E5C-233A-4302-9844-A2B33D8383B8}\Implemented Categories]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{59168E5C-233A-4302-9844-A2B33D8383B8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{59168E5C-233A-4302-9844-A2B33D8383B8}\InprocServer32]
@= "C:\\WINDOWS\\system32\\mDpi32x.dll "
"ThreadingModel "= "Apartment "

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F08A374C-86E6-4F10-BFD4-60FAFBB471B5}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{F08A374C-86E6-4F10-BFD4-60FAFBB471B5}\Implemented Categories]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{F08A374C-86E6-4F10-BFD4-60FAFBB471B5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{F08A374C-86E6-4F10-BFD4-60FAFBB471B5}\InprocServer32]
@= "C:\\WINDOWS\\system32\\cimpobj.dll "
"ThreadingModel "= "Apartment "

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A1440459-C09E-40B8-98E4-13C3D6AE033F}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{A1440459-C09E-40B8-98E4-13C3D6AE033F}\Implemented Categories]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{A1440459-C09E-40B8-98E4-13C3D6AE033F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=" "

[HKEY_CLASSES_ROOT\CLSID\{A1440459-C09E-40B8-98E4-13C3D6AE033F}\InprocServer32]
@= "C:\\WINDOWS\\system32\\wahatm.dll "
"ThreadingModel "= "Apartment "

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
akcore.dll Fri 2005-01-28 20:05:06 A.... 188 416 184,00 K
aklsp.dll Fri 2005-01-28 20:05:06 A.... 196 608 192,00 K
akrules.dll Fri 2005-01-28 20:05:06 A.... 110 592 108,00 K
akupd.dll Fri 2005-01-28 20:04:58 A.... 155 648 152,00 K
axrsvc.dll Wed 2005-02-23 21:12:50 A.... 225 884 220,59 K
bxc42d.dll Tue 2005-02-01 19:57:04 A.... 224 808 219,54 K
bydispl.dll Sun 2005-02-20 20:58:20 A.... 224 999 219,72 K
cimpobj.dll Sat 2005-03-12 20:45:28 ..S.R 234 567 229,07 K
cqbjmon.dll Sat 2005-02-05 19:51:30 A.... 224 475 219,21 K
dnn001~1.dll Mon 2005-03-07 19:24:22 ..S.R 224 999 219,72 K
docore.dll Sun 2005-02-20 22:04:26 A.... 151 552 148,00 K
dolsp.dll Sun 2005-02-20 22:04:28 A.... 139 264 136,00 K
dosync.dll Mon 2005-02-28 11:25:58 A.... 114 688 112,00 K
dtskmon.dll Mon 2005-03-07 16:43:38 A.... 225 884 220,59 K
dwprop.dll Mon 2005-03-07 19:03:20 A.... 224 999 219,72 K
fpsrch.dll Mon 2005-02-07 17:19:58 A.... 224 475 219,21 K
gp0ul3~1.dll Sun 2005-02-20 20:31:14 ..S.R 224 475 219,21 K
hr8205~1.dll Mon 2005-03-07 19:01:38 ..S.R 225 884 220,59 K
iigutil.dll Fri 2005-02-18 20:04:40 A.... 224 999 219,72 K
jkproxy.dll Sun 2005-02-06 17:10:10 A.... 224 999 219,72 K
jt8o07~1.dll Sat 2005-03-12 20:45:36 ..S.R 235 142 229,63 K
jtl607~1.dll Sun 2005-02-20 20:37:26 ..S.R 225 712 220,42 K
jzt500.dll Sun 2005-03-06 12:10:32 A.... 224 999 219,72 K
k6080g~1.dll Fri 2005-01-28 18:08:14 ..S.R 224 380 219,12 K
kudla.dll Tue 2005-03-08 19:07:10 ..S.R 225 884 220,59 K
mdpi32x.dll Sat 2005-03-12 20:27:04 ..S.R 232 736 227,28 K
mird2x35.dll Sat 2005-02-05 20:08:28 A.... 224 475 219,21 K
n68olg~1.dll Thu 2005-01-13 20:28:04 ..S.R 225 039 219,76 K
ndlanman.dll Thu 2005-02-17 19:01:28 A.... 224 999 219,72 K
nptapi.dll Tue 2005-02-01 18:41:38 A.... 224 566 219,30 K
nwevtmsg.dll Sun 2005-01-30 22:12:18 A.... 223 232 218,00 K
odano.dll Sat 2005-02-05 20:02:36 ..S.R 224 808 219,54 K
ogeacc.dll Sun 2005-02-20 20:28:14 A.... 224 475 219,21 K
raaenh.dll Wed 2005-02-23 18:37:36 A.... 224 999 219,72 K
rxrrsfdq.dll Fri 2005-02-25 21:06:40 A.... 271 533 265,17 K
sxmsrv.dll Fri 2005-02-18 19:47:24 A.... 224 475 219,21 K
sxpshftr.dll Fri 2005-01-28 18:08:08 A.... 223 232 218,00 K
ukbui.dll Tue 2005-02-15 21:53:16 ..S.R 224 475 219,21 K
umib.dll Tue 2005-02-15 20:24:24 ..S.R 224 999 219,72 K
wahatm.dll Sat 2005-03-12 20:58:46 ..S.R 232 736 227,28 K
wdwfax.dll Tue 2005-02-01 18:55:28 A.... 223 232 218,00 K
wgavideo.dll Tue 2005-02-22 19:25:34 A.... 224 999 219,72 K
wgcdlg.dll Tue 2005-02-01 17:29:42 A.... 223 232 218,00 K
wnnipsec.dll Thu 2005-02-24 19:37:06 A.... 224 999 219,72 K

44 items found: 44 files (14 H/S), 0 directories.
Total of file sizes: 9 455 573 bytes 9,02 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Sat 2005-03-12 21:12:46 ..S.R 232 736 227,28 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 232 736 bytes 227,28 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle HP_PAVILION
Le num‚ro de s‚rie du volume est C0AF-617E

R‚pertoire de C:\WINDOWS\System32

2005-03-12 21:12 232ÿ736 guard.tmp
2005-03-12 20:58 232ÿ736 wahatm.dll
2005-03-12 20:45 235ÿ142 jt8o07l3e.dll
2005-03-12 20:45 234ÿ567 cimpobj.dll
2005-03-12 20:27 232ÿ736 mDpi32x.dll
2005-03-08 19:07 225ÿ884 kudla.dll
2005-03-07 19:24 224ÿ999 dnn0015me.dll
2005-03-07 19:01 225ÿ884 hr8205loe.dll
2005-03-04 14:26 <REP> dllcache
2005-02-20 20:37 225ÿ712 jtl6073se.dll
2005-02-20 20:31 224ÿ475 gp0ul3d91.dll
2005-02-15 21:53 224ÿ475 ukbui.dll
2005-02-15 20:24 224ÿ999 umib.dll
2005-02-05 20:02 224ÿ808 odano.dll
2005-01-28 18:08 224ÿ380 k6080gdue6080.dll
2005-01-13 20:28 225ÿ039 n68olgl316q.dll
2002-08-13 21:02 <REP> Microsoft
15 fichier(s) 3ÿ418ÿ572 octets
2 R‚p(s) 39ÿ745ÿ134ÿ592 octets libres

[End of part 2]
Thanks for your help and support during this process
CheGueVerra

 

Hello

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

Note: once the pc has restarted if a text does not open run
Run Hijackthis and fix just this item
O4 - HKLM\..\Run: [second] C:\Documents and Settings\(username)\second.bat

Open the L2mfix folder and doubleclick the "second.bat" file,
after windows has completly restarted if a text doesnt open look in the L2mfix folder for a log.txt file, post it back here in the next reply.


Then in another reply post a fresh hijackthis log

 

So first post the Hijak log File:

Logfile of HijackThis v1.99.1
Scan saved at 19:44:21, on 2005-03-14
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\msupd6.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\FVProtect.exe
C:\Program Files\Dtcaev\Fkneu.exe
C:\WINDOWS\System32\uxgrjafi.exe
C:\WINDOWS\isrvs\desktop.exe
C:\windows\system32\lykiegc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\ezula\mmod.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\windows\system32\calc.exe
C:\WINDOWS\explorer.exe
C:\HighJack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com/default_tc.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\Program Files\se\v11\se.DLL (file missing)
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll
O2 - BHO: (no name) - {4016CD6D-1A2C-366E-368B-DD19050D65BD} - C:\WINDOWS\System32\rawieguy.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: (no name) - {8476CB16-3B54-0E3B-1FF6-501E6CCF22B8} - C:\WINDOWS\System32\miqbrdfc.dll
O2 - BHO: (no name) - {F62F90F4-F540-300E-EAAF-582AF2B1696A} - C:\WINDOWS\System32\vpkasxxf.dll
O3 - Toolbar: boîte à outils hp - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scannercamera\scannerfb.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Norton Antivirus AV] C:\WINDOWS\FVProtect.exe
O4 - HKLM\..\Run: [Dsolphs] C:\Program Files\Dtcaev\Fkneu.exe
O4 - HKLM\..\Run: [uxgrjafi] C:\WINDOWS\System32\uxgrjafi.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [lykiegc] c:\windows\system32\lykiegc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{53ABCEDD-DAE5-4BC1-ABAF-D6ED77C300C1}: NameServer = 206.47.244.137,206.47.244.59
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\k2pm0c71ef.dll (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Miscrosoft Updates Service 6 (MsUpdate6) - Unknown owner - C:\WINDOWS\System32\msupd6.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

First part of L2mFix report

Like the thread says First part

This same log was posted above, no need to see it again.

 

Second part of the l2mfix report

This same log was posted above, no need to see it again. Its not a problem, though Lonny.

Directory Listing of system files:
Le volume dans le lecteur C s'appelle HP_PAVILION
Le num‚ro de s‚rie du volume est C0AF-617E

R‚pertoire de C:\WINDOWS\System32

2005-03-12 21:12 232ÿ736 guard.tmp
2005-03-12 20:58 232ÿ736 wahatm.dll
2005-03-12 20:45 235ÿ142 jt8o07l3e.dll
2005-03-12 20:45 234ÿ567 cimpobj.dll
2005-03-12 20:27 232ÿ736 mDpi32x.dll
2005-03-08 19:07 225ÿ884 kudla.dll
2005-03-07 19:24 224ÿ999 dnn0015me.dll
2005-03-07 19:01 225ÿ884 hr8205loe.dll
2005-03-04 14:26 <REP> dllcache
2005-02-20 20:37 225ÿ712 jtl6073se.dll
2005-02-20 20:31 224ÿ475 gp0ul3d91.dll
2005-02-15 21:53 224ÿ475 ukbui.dll
2005-02-15 20:24 224ÿ999 umib.dll
2005-02-05 20:02 224ÿ808 odano.dll
2005-01-28 18:08 224ÿ380 k6080gdue6080.dll
2005-01-13 20:28 225ÿ039 n68olgl316q.dll
2002-08-13 21:02 <REP> Microsoft
15 fichier(s) 3ÿ418ÿ572 octets
2 R‚p(s) 39ÿ745ÿ134ÿ592 octets libres


I would like to thank all of you for your patience with me puny nuub

CheGueVerra

 

Hi CheGueVerra
Thats the results of option 1
Please read my last post again and fallow those instructions. No need for another hijackthis log.