posted April 03, 2005 12:58 AM         

------------------
Powered by Intelligent Computing Solutions.
------------------------
www.footslog.com

www.compsol.8k.com

For every problem, there is a solution.

posted March 24, 2005 02:54 PM         

------------------
Powered by Intelligent Computing Solutions.
------------------------
www.footslog.com

www.compsol.8k.com

For every problem, there is a solution.

posted March 24, 2005 12:42 PM         

I ran all the anti-spyware programs this morning and they all were clean!!!!!!! I just can't believe it. It is sooooooo nice. Believe me, I will be extra careful from now on about downloads. This happened right after I downloaded Yahoo Sitebuilder. It may have started prior to this and then sitebuilder just added to it, I don't know though.

I will continue to run these programs on a regular basis. They have already become a habit - wonder why????

posted March 24, 2005 09:19 AM         

It has a firewall, anti-spam for Outlook and anti-spyware.

posted March 23, 2005 10:17 PM         

1. Install a Antivirus
2. Keep Zone Alarm on your computer
3. Keep and run Adaware, Spybot, and MSantispyware on your computer, and run the programs regularly.
4. Set Automatic Updates to install automatically
5. Be careful of what you download
6. Update your Antispyware programs
7. Visit Windows update about every month

I am sure there are some others, that can be added.

Do you still get the low memory errors?

------------------
Powered by Intelligent Computing Solutions.
------------------------
www.footslog.com

www.compsol.8k.com

For every problem, there is a solution.

posted March 23, 2005 07:38 PM         

In this case it would have simplified some of this.

Once your system is clean it is just a matter of prevention to keep this from happening again.

posted March 23, 2005 07:34 PM         

It depends on which one of the evil bugs gets into your system, they can wreak all sorts of havoc and then invite all their friends over.

If you can get rid of the ringleaders then you can convince the rest to go away as well.

In a worst case scenario you would back-up your critical data, format your drive and re-install XP, then install good anti-virus and anti-spyware programs because prevention is much easier than the cure.

The reason we are going about this the long way is that you had critical data you wanted to save and could not back-up, that meant working with what you had, not wiping it out and starting over.

posted March 23, 2005 10:19 AM         

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{8FF43EAA-2BB1-4A53-8E18-D9221E56E593}"="CePMTab Property Sheet"
"{9ED66769-A198-41FE-8615-601691C68846}"="TouchPad Property Sheet"
"{955B7B84-5308-419c-8ED8-0B9CA3C56985}"="America Online"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{32A9D769-5B55-4a25-9A62-86B5683FE50A}"="NikonView Drop Extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"="SpySubtract Shell Extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
akcore.dll Thu Mar 3 2005 5:52:24a A.... 188,416 184.00 K
akrules.dll Thu Mar 3 2005 5:52:24a A.... 110,592 108.00 K
akupd.dll Thu Mar 3 2005 5:52:16a A.... 155,648 152.00 K
browseui.dll Thu Jan 27 2005 11:13:16a A.... 1,016,832 993.00 K
cdfview.dll Thu Jan 27 2005 11:13:16a A.... 151,040 147.50 K
docore.dll Thu Mar 3 2005 6:34:20a A.... 151,552 148.00 K
dolsp.dll Thu Mar 3 2005 6:34:22a A.... 139,264 136.00 K
dosync.dll Sun Mar 20 2005 8:40:22a A.... 114,688 112.00 K
gccoll~1.dll Thu Feb 10 2005 10:32:20p A.... 119,520 116.72 K
gcmd5q~1.dll Mon Mar 7 2005 6:48:02a A.... 10,752 10.50 K
gcunco~1.dll Thu Feb 10 2005 10:32:20p A.... 130,272 127.22 K
gwfspi~1.dll Fri Jan 28 2005 3:37:58p A.... 23,304 22.76 K
hashlib.dll Thu Feb 10 2005 10:32:18p A.... 81,120 79.22 K
iepeers.dll Thu Jan 27 2005 11:13:16a A.... 249,856 244.00 K
inseng.dll Thu Jan 27 2005 11:13:16a A.... 96,256 94.00 K
mshtml.dll Thu Jan 27 2005 11:13:18a A.... 3,006,976 2.87 M
ole32.dll Fri Jan 14 2005 2:55:50a A.... 1,285,120 1.22 M
olecli32.dll Fri Jan 14 2005 2:55:50a A.... 74,752 73.00 K
olecnv32.dll Fri Jan 14 2005 2:55:50a A.... 37,888 37.00 K
rpcss.dll Fri Jan 14 2005 2:55:50a A.... 395,776 386.50 K
shdocvw.dll Thu Jan 27 2005 11:13:18a A.... 1,483,264 1.41 M
shlwapi.dll Thu Jan 27 2005 11:13:18a A.... 473,600 462.50 K
sporder.dll Thu Mar 3 2005 5:52:24a A.... 8,464 8.27 K
urlmon.dll Thu Jan 27 2005 11:13:18a A.... 607,744 593.50 K
wininet.dll Thu Jan 27 2005 11:13:18a A.... 656,896 641.50 K

25 items found: 25 files, 0 directories.
Total of file sizes: 10,769,592 bytes 10.27 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 0412-E42C

Directory of C:\WINDOWS\System32

posted March 23, 2005 09:43 AM         

Here's step 2 Do step 3 next?
L2Mfix 1.03

Running From:
C:\DOCUME~1\Marilyn\Desktop\l2mfix

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

Setting registry permissions:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry

Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

Setting up for Reboot


Starting Reboot!

C:\Documents and Settings\Marilyn\Desktop\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\Marilyn\Desktop\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Pea****@beyondlogic.org
Killing PID 1680 'explorer.exe'
Killing PID 1680 'explorer.exe'
Killing PID 1680 'explorer.exe'
Killing PID 1680 'explorer.exe'
Killing PID 1680 'explorer.exe'
Killing PID 1680 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Pea****@beyondlogic.org
Killing PID 1716 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\az1qlg7516.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azaqlg7516.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\crnsole.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\d0j0la1m1d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dAdrm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dFnim.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\en4sl1h71.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enn8l15u1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fpnm0351e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\g004ladq1d0e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\g4220efoeh2c0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hr8s05l7e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hrnu0559e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\i060lajm1doa.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\i4420ehoeh4c0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir02l5do1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir0ol5d31.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j46m0ej1eho.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j4j60e1seh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j6j6lg1s16.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jtlo0733e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\k6jslg1716.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m0ju0a19ed.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m4nq0e55eh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mccoree.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mdisam11.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\medxmlc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mhcpxl32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\miuni11.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mrctf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mrvbvm50.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mtjdbc10.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mv00l9dm1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mwjdbc10.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MWSTDFMT.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mwxml4.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\NWOCApi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o0480ahued480.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o0lu0a39ed.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o6lulg3916.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o6pqlg7516.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\oweacc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\peapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\pmwrprof.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\r4r60e9seh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\r6p8lg7u16.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sdclogon.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\svhedsvc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\swi_ci.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\tqolhelp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ufrvoica.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\unrsdpia.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wcnmm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wdvadvd.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wedmtpus.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wnnmp32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wuvdmod.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINDOWS\system32\az1qlg7516.dll
Successfully Deleted: C:\WINDOWS\system32\az1qlg7516.dll
deleting: C:\WINDOWS\system32\azaqlg7516.dll
Successfully Deleted: C:\WINDOWS\system32\azaqlg7516.dll
deleting: C:\WINDOWS\system32\crnsole.dll
Successfully Deleted: C:\WINDOWS\system32\crnsole.dll
deleting: C:\WINDOWS\system32\d0j0la1m1d.dll
Successfully Deleted: C:\WINDOWS\system32\d0j0la1m1d.dll
deleting: C:\WINDOWS\system32\dAdrm.dll
Successfully Deleted: C:\WINDOWS\system32\dAdrm.dll
deleting: C:\WINDOWS\system32\dFnim.dll
Successfully Deleted: C:\WINDOWS\system32\dFnim.dll
deleting: C:\WINDOWS\system32\en4sl1h71.dll
Successfully Deleted: C:\WINDOWS\system32\en4sl1h71.dll
deleting: C:\WINDOWS\system32\enn8l15u1.dll
Successfully Deleted: C:\WINDOWS\system32\enn8l15u1.dll
deleting: C:\WINDOWS\system32\fpnm0351e.dll
Successfully Deleted: C:\WINDOWS\system32\fpnm0351e.dll
deleting: C:\WINDOWS\system32\g004ladq1d0e.dll
Successfully Deleted: C:\WINDOWS\system32\g004ladq1d0e.dll
deleting: C:\WINDOWS\system32\g4220efoeh2c0.dll
Successfully Deleted: C:\WINDOWS\system32\g4220efoeh2c0.dll
deleting: C:\WINDOWS\system32\hr8s05l7e.dll
Successfully Deleted: C:\WINDOWS\system32\hr8s05l7e.dll
deleting: C:\WINDOWS\system32\hrnu0559e.dll
Successfully Deleted: C:\WINDOWS\system32\hrnu0559e.dll
deleting: C:\WINDOWS\system32\i060lajm1doa.dll
Successfully Deleted: C:\WINDOWS\system32\i060lajm1doa.dll
deleting: C:\WINDOWS\system32\i4420ehoeh4c0.dll
Successfully Deleted: C:\WINDOWS\system32\i4420ehoeh4c0.dll
deleting: C:\WINDOWS\system32\ir02l5do1.dll
Successfully Deleted: C:\WINDOWS\system32\ir02l5do1.dll
deleting: C:\WINDOWS\system32\ir0ol5d31.dll
Successfully Deleted: C:\WINDOWS\system32\ir0ol5d31.dll
deleting: C:\WINDOWS\system32\j46m0ej1eho.dll
Successfully Deleted: C:\WINDOWS\system32\j46m0ej1eho.dll
deleting: C:\WINDOWS\system32\j4j60e1seh.dll
Successfully Deleted: C:\WINDOWS\system32\j4j60e1seh.dll
deleting: C:\WINDOWS\system32\j6j6lg1s16.dll
Successfully Deleted: C:\WINDOWS\system32\j6j6lg1s16.dll
deleting: C:\WINDOWS\system32\jtlo0733e.dll
Successfully Deleted: C:\WINDOWS\system32\jtlo0733e.dll
deleting: C:\WINDOWS\system32\k6jslg1716.dll
Successfully Deleted: C:\WINDOWS\system32\k6jslg1716.dll
deleting: C:\WINDOWS\system32\m0ju0a19ed.dll
Successfully Deleted: C:\WINDOWS\system32\m0ju0a19ed.dll
deleting: C:\WINDOWS\system32\m4nq0e55eh.dll
Successfully Deleted: C:\WINDOWS\system32\m4nq0e55eh.dll
deleting: C:\WINDOWS\system32\mccoree.dll
Successfully Deleted: C:\WINDOWS\system32\mccoree.dll
deleting: C:\WINDOWS\system32\mdisam11.dll
Successfully Deleted: C:\WINDOWS\system32\mdisam11.dll
deleting: C:\WINDOWS\system32\medxmlc.dll
Successfully Deleted: C:\WINDOWS\system32\medxmlc.dll
deleting: C:\WINDOWS\system32\mhcpxl32.dll
Successfully Deleted: C:\WINDOWS\system32\mhcpxl32.dll
deleting: C:\WINDOWS\system32\miuni11.dll
Successfully Deleted: C:\WINDOWS\system32\miuni11.dll
deleting: C:\WINDOWS\system32\mrctf.dll
Successfully Deleted: C:\WINDOWS\system32\mrctf.dll
deleting: C:\WINDOWS\system32\mrvbvm50.dll
Successfully Deleted: C:\WINDOWS\system32\mrvbvm50.dll
deleting: C:\WINDOWS\system32\mtjdbc10.dll
Successfully Deleted: C:\WINDOWS\system32\mtjdbc10.dll
deleting: C:\WINDOWS\system32\mv00l9dm1.dll
Successfully Deleted: C:\WINDOWS\system32\mv00l9dm1.dll
deleting: C:\WINDOWS\system32\mwjdbc10.dll
Successfully Deleted: C:\WINDOWS\system32\mwjdbc10.dll
deleting: C:\WINDOWS\system32\MWSTDFMT.DLL
Successfully Deleted: C:\WINDOWS\system32\MWSTDFMT.DLL
deleting: C:\WINDOWS\system32\mwxml4.dll
Successfully Deleted: C:\WINDOWS\system32\mwxml4.dll
deleting: C:\WINDOWS\system32\NWOCApi.dll
Successfully Deleted: C:\WINDOWS\system32\NWOCApi.dll
deleting: C:\WINDOWS\system32\o0480ahued480.dll
Successfully Deleted: C:\WINDOWS\system32\o0480ahued480.dll
deleting: C:\WINDOWS\system32\o0lu0a39ed.dll
Successfully Deleted: C:\WINDOWS\system32\o0lu0a39ed.dll
deleting: C:\WINDOWS\system32\o6lulg3916.dll
Successfully Deleted: C:\WINDOWS\system32\o6lulg3916.dll
deleting: C:\WINDOWS\system32\o6pqlg7516.dll
Successfully Deleted: C:\WINDOWS\system32\o6pqlg7516.dll
deleting: C:\WINDOWS\system32\oweacc.dll
Successfully Deleted: C:\WINDOWS\system32\oweacc.dll
deleting: C:\WINDOWS\system32\peapi.dll
Successfully Deleted: C:\WINDOWS\system32\peapi.dll
deleting: C:\WINDOWS\system32\pmwrprof.dll
Successfully Deleted: C:\WINDOWS\system32\pmwrprof.dll
deleting: C:\WINDOWS\system32\r4r60e9seh.dll
Successfully Deleted: C:\WINDOWS\system32\r4r60e9seh.dll
deleting: C:\WINDOWS\system32\r6p8lg7u16.dll
Successfully Deleted: C:\WINDOWS\system32\r6p8lg7u16.dll
deleting: C:\WINDOWS\system32\sdclogon.dll
Successfully Deleted: C:\WINDOWS\system32\sdclogon.dll
deleting: C:\WINDOWS\system32\svhedsvc.dll
Successfully Deleted: C:\WINDOWS\system32\svhedsvc.dll
deleting: C:\WINDOWS\system32\swi_ci.dll
Successfully Deleted: C:\WINDOWS\system32\swi_ci.dll
deleting: C:\WINDOWS\system32\tqolhelp.dll
Successfully Deleted: C:\WINDOWS\system32\tqolhelp.dll
deleting: C:\WINDOWS\system32\ufrvoica.dll
Successfully Deleted: C:\WINDOWS\system32\ufrvoica.dll
deleting: C:\WINDOWS\system32\unrsdpia.dll
Successfully Deleted: C:\WINDOWS\system32\unrsdpia.dll
deleting: C:\WINDOWS\system32\wcnmm.dll
Successfully Deleted: C:\WINDOWS\system32\wcnmm.dll
deleting: C:\WINDOWS\system32\wdvadvd.dll
Successfully Deleted: C:\WINDOWS\system32\wdvadvd.dll
deleting: C:\WINDOWS\system32\wedmtpus.dll
Successfully Deleted: C:\WINDOWS\system32\wedmtpus.dll
deleting: C:\WINDOWS\system32\wnnmp32.dll
Successfully Deleted: C:\WINDOWS\system32\wnnmp32.dll
deleting: C:\WINDOWS\system32\wuvdmod.dll
Successfully Deleted: C:\WINDOWS\system32\wuvdmod.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp

Desktop.ini sucessfully removed

Zipping up files for submission:
adding: az1qlg7516.dll (140 bytes security) (deflated 4%)
adding: azaqlg7516.dll (140 bytes security) (deflated 4%)
adding: crnsole.dll (140 bytes security) (deflated 5%)
adding: d0j0la1m1d.dll (140 bytes security) (deflated 5%)
adding: dAdrm.dll (140 bytes security) (deflated 5%)
adding: dFnim.dll (140 bytes security) (deflated 5%)
adding: en4sl1h71.dll (140 bytes security) (deflated 4%)
adding: enn8l15u1.dll (140 bytes security) (deflated 5%)
adding: fpnm0351e.dll (140 bytes security) (deflated 4%)
adding: g004ladq1d0e.dll (140 bytes security) (deflated 5%)
adding: g4220efoeh2c0.dll (140 bytes security) (deflated 5%)
adding: hr8s05l7e.dll (140 bytes security) (deflated 5%)
adding: hrnu0559e.dll (140 bytes security) (deflated 5%)
adding: i060lajm1doa.dll (140 bytes security) (deflated 4%)
adding: i4420ehoeh4c0.dll (140 bytes security) (deflated 5%)
adding: ir02l5do1.dll (140 bytes security) (deflated 5%)
adding: ir0ol5d31.dll (140 bytes security) (deflated 5%)
adding: j46m0ej1eho.dll (140 bytes security) (deflated 5%)
adding: j4j60e1seh.dll (140 bytes security) (deflated 5%)
adding: j6j6lg1s16.dll (140 bytes security) (deflated 5%)
adding: jtlo0733e.dll (140 bytes security) (deflated 4%)
adding: k6jslg1716.dll (140 bytes security) (deflated 5%)
adding: m0ju0a19ed.dll (140 bytes security) (deflated 4%)
adding: m4nq0e55eh.dll (140 bytes security) (deflated 5%)
adding: mccoree.dll (140 bytes security) (deflated 5%)
adding: mdisam11.dll (140 bytes security) (deflated 4%)
adding: medxmlc.dll (140 bytes security) (deflated 4%)
adding: mhcpxl32.dll (140 bytes security) (deflated 4%)
adding: miuni11.dll (140 bytes security) (deflated 5%)
adding: mrctf.dll (140 bytes security) (deflated 4%)
adding: mrvbvm50.dll (140 bytes security) (deflated 5%)
adding: mtjdbc10.dll (140 bytes security) (deflated 4%)
adding: mv00l9dm1.dll (140 bytes security) (deflated 4%)
adding: mwjdbc10.dll (140 bytes security) (deflated 4%)
adding: MWSTDFMT.DLL (140 bytes security) (deflated 5%)
adding: mwxml4.dll (140 bytes security) (deflated 5%)
adding: NWOCApi.dll (140 bytes security) (deflated 5%)
adding: o0480ahued480.dll (140 bytes security) (deflated 5%)
adding: o0lu0a39ed.dll (140 bytes security) (deflated 5%)
adding: o6lulg3916.dll (140 bytes security) (deflated 5%)
adding: o6pqlg7516.dll (140 bytes security) (deflated 5%)
adding: oweacc.dll (140 bytes security) (deflated 5%)
adding: peapi.dll (140 bytes security) (deflated 5%)
adding: pmwrprof.dll (140 bytes security) (deflated 4%)
adding: r4r60e9seh.dll (140 bytes security) (deflated 5%)
adding: r6p8lg7u16.dll (140 bytes security) (deflated 5%)
adding: sdclogon.dll (140 bytes security) (deflated 4%)
adding: svhedsvc.dll (140 bytes security) (deflated 4%)
adding: swi_ci.dll (140 bytes security) (deflated 5%)
adding: tqolhelp.dll (140 bytes security) (deflated 4%)
adding: ufrvoica.dll (140 bytes security) (deflated 4%)
adding: unrsdpia.dll (140 bytes security) (deflated 4%)
adding: wcnmm.dll (140 bytes security) (deflated 4%)
adding: wdvadvd.dll (140 bytes security) (deflated 4%)
adding: wedmtpus.dll (140 bytes security) (deflated 4%)
adding: wnnmp32.dll (140 bytes security) (deflated 5%)
adding: wuvdmod.dll (140 bytes security) (deflated 4%)
adding: guard.tmp (140 bytes security) (deflated 5%)
adding: clear.reg (140 bytes security) (deflated 37%)
adding: echo.reg (140 bytes security) (deflated 9%)
adding: desktop.ini (140 bytes security) (deflated 14%)
adding: direct.txt (140 bytes security) (stored 0%)
adding: lo2.txt (140 bytes security) (deflated 87%)
adding: readme.txt (140 bytes security) (deflated 49%)
adding: report.txt (140 bytes security) (deflated 68%)
adding: report2.txt (140 bytes security) (deflated 68%)
adding: test.txt (140 bytes security) (deflated 83%)
adding: test2.txt (140 bytes security) (deflated 17%)
adding: test3.txt (140 bytes security) (deflated 17%)
adding: test5.txt (140 bytes security) (deflated 17%)
adding: xfind.txt (140 bytes security) (deflated 78%)
adding: backregs/6E20FC22-E69A-4169-AB02-6D997B1590F5.reg (140 bytes security) (deflated 70%)
adding: backregs/CCDD160F-D49E-41F6-BAD9-7A70DFC79669.reg (140 bytes security) (deflated 70%)
adding: backregs/shell.reg (140 bytes security) (deflated 74%)

Restoring Registry Permissions:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!

Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful

deleting local copy: az1qlg7516.dll
deleting local copy: azaqlg7516.dll
deleting local copy: crnsole.dll
deleting local copy: d0j0la1m1d.dll
deleting local copy: dAdrm.dll
deleting local copy: dFnim.dll
deleting local copy: en4sl1h71.dll
deleting local copy: enn8l15u1.dll
deleting local copy: fpnm0351e.dll
deleting local copy: g004ladq1d0e.dll
deleting local copy: g4220efoeh2c0.dll
deleting local copy: hr8s05l7e.dll
deleting local copy: hrnu0559e.dll
deleting local copy: i060lajm1doa.dll
deleting local copy: i4420ehoeh4c0.dll
deleting local copy: ir02l5do1.dll
deleting local copy: ir0ol5d31.dll
deleting local copy: j46m0ej1eho.dll
deleting local copy: j4j60e1seh.dll
deleting local copy: j6j6lg1s16.dll
deleting local copy: jtlo0733e.dll
deleting local copy: k6jslg1716.dll
deleting local copy: m0ju0a19ed.dll
deleting local copy: m4nq0e55eh.dll
deleting local copy: mccoree.dll
deleting local copy: mdisam11.dll
deleting local copy: medxmlc.dll
deleting local copy: mhcpxl32.dll
deleting local copy: miuni11.dll
deleting local copy: mrctf.dll
deleting local copy: mrvbvm50.dll
deleting local copy: mtjdbc10.dll
deleting local copy: mv00l9dm1.dll
deleting local copy: mwjdbc10.dll
deleting local copy: MWSTDFMT.DLL
deleting local copy: mwxml4.dll
deleting local copy: NWOCApi.dll
deleting local copy: o0480ahued480.dll
deleting local copy: o0lu0a39ed.dll
deleting local copy: o6lulg3916.dll
deleting local copy: o6pqlg7516.dll
deleting local copy: oweacc.dll
deleting local copy: peapi.dll
deleting local copy: pmwrprof.dll
deleting local copy: r4r60e9seh.dll
deleting local copy: r6p8lg7u16.dll
deleting local copy: sdclogon.dll
deleting local copy: svhedsvc.dll
deleting local copy: swi_ci.dll
deleting local copy: tqolhelp.dll
deleting local copy: ufrvoica.dll
deleting local copy: unrsdpia.dll
deleting local copy: wcnmm.dll
deleting local copy: wdvadvd.dll
deleting local copy: wedmtpus.dll
deleting local copy: wnnmp32.dll
deleting local copy: wuvdmod.dll
deleting local copy: guard.tmp

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

The following are the files found:
****************************************************************************
C:\WINDOWS\system32\az1qlg7516.dll
C:\WINDOWS\system32\azaqlg7516.dll
C:\WINDOWS\system32\crnsole.dll
C:\WINDOWS\system32\d0j0la1m1d.dll
C:\WINDOWS\system32\dAdrm.dll
C:\WINDOWS\system32\dFnim.dll
C:\WINDOWS\system32\en4sl1h71.dll
C:\WINDOWS\system32\enn8l15u1.dll
C:\WINDOWS\system32\fpnm0351e.dll
C:\WINDOWS\system32\g004ladq1d0e.dll
C:\WINDOWS\system32\g4220efoeh2c0.dll
C:\WINDOWS\system32\hr8s05l7e.dll
C:\WINDOWS\system32\hrnu0559e.dll
C:\WINDOWS\system32\i060lajm1doa.dll
C:\WINDOWS\system32\i4420ehoeh4c0.dll
C:\WINDOWS\system32\ir02l5do1.dll
C:\WINDOWS\system32\ir0ol5d31.dll
C:\WINDOWS\system32\j46m0ej1eho.dll
C:\WINDOWS\system32\j4j60e1seh.dll
C:\WINDOWS\system32\j6j6lg1s16.dll
C:\WINDOWS\system32\jtlo0733e.dll
C:\WINDOWS\system32\k6jslg1716.dll
C:\WINDOWS\system32\m0ju0a19ed.dll
C:\WINDOWS\system32\m4nq0e55eh.dll
C:\WINDOWS\system32\mccoree.dll
C:\WINDOWS\system32\mdisam11.dll
C:\WINDOWS\system32\medxmlc.dll
C:\WINDOWS\system32\mhcpxl32.dll
C:\WINDOWS\system32\miuni11.dll
C:\WINDOWS\system32\mrctf.dll
C:\WINDOWS\system32\mrvbvm50.dll
C:\WINDOWS\system32\mtjdbc10.dll
C:\WINDOWS\system32\mv00l9dm1.dll
C:\WINDOWS\system32\mwjdbc10.dll
C:\WINDOWS\system32\MWSTDFMT.DLL
C:\WINDOWS\system32\mwxml4.dll
C:\WINDOWS\system32\NWOCApi.dll
C:\WINDOWS\system32\o0480ahued480.dll
C:\WINDOWS\system32\o0lu0a39ed.dll
C:\WINDOWS\system32\o6lulg3916.dll
C:\WINDOWS\system32\o6pqlg7516.dll
C:\WINDOWS\system32\oweacc.dll
C:\WINDOWS\system32\peapi.dll
C:\WINDOWS\system32\pmwrprof.dll
C:\WINDOWS\system32\r4r60e9seh.dll
C:\WINDOWS\system32\r6p8lg7u16.dll
C:\WINDOWS\system32\sdclogon.dll
C:\WINDOWS\system32\svhedsvc.dll
C:\WINDOWS\system32\swi_ci.dll
C:\WINDOWS\system32\tqolhelp.dll
C:\WINDOWS\system32\ufrvoica.dll
C:\WINDOWS\system32\unrsdpia.dll
C:\WINDOWS\system32\wcnmm.dll
C:\WINDOWS\system32\wdvadvd.dll
C:\WINDOWS\system32\wedmtpus.dll
C:\WINDOWS\system32\wnnmp32.dll
C:\WINDOWS\system32\wuvdmod.dll
C:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{6E20FC22-E69A-4169-AB02-6D997B1590F5}"=-
"{CCDD160F-D49E-41F6-BAD9-7A70DFC79669}"=-
[-HKEY_CLASSES_ROOT\CLSID\{6E20FC22-E69A-4169-AB02-6D997B1590F5}]
[-HKEY_CLASSES_ROOT\CLSID\{CCDD160F-D49E-41F6-BAD9-7A70DFC79669}]
REGEDIT4

posted March 22, 2005 07:17 PM         

------------------
Powered by Intelligent Computing Solutions.
------------------------
www.footslog.com

www.compsol.8k.com

For every problem, there is a solution.

posted March 22, 2005 06:59 PM         

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\lvrm0991e.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{44A47E4D-85CE-9F3C-DC99-34D25DC0C51C}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{8FF43EAA-2BB1-4A53-8E18-D9221E56E593}"="CePMTab Property Sheet"
"{9ED66769-A198-41FE-8615-601691C68846}"="TouchPad Property Sheet"
"{955B7B84-5308-419c-8ED8-0B9CA3C56985}"="America Online"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{32A9D769-5B55-4a25-9A62-86B5683FE50A}"="NikonView Drop Extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{6E20FC22-E69A-4169-AB02-6D997B1590F5}"=""
"{CCDD160F-D49E-41F6-BAD9-7A70DFC79669}"=""
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"="SpySubtract Shell Extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6E20FC22-E69A-4169-AB02-6D997B1590F5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6E20FC22-E69A-4169-AB02-6D997B1590F5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6E20FC22-E69A-4169-AB02-6D997B1590F5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6E20FC22-E69A-4169-AB02-6D997B1590F5}\InprocServer32]
@="C:\\WINDOWS\\system32\\rsmotepg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CCDD160F-D49E-41F6-BAD9-7A70DFC79669}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CCDD160F-D49E-41F6-BAD9-7A70DFC79669}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CCDD160F-D49E-41F6-BAD9-7A70DFC79669}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CCDD160F-D49E-41F6-BAD9-7A70DFC79669}\InprocServer32]
@="C:\\WINDOWS\\system32\\masap.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
akcore.dll Thu Mar 3 2005 5:52:24a A.... 188,416 184.00 K
akrules.dll Thu Mar 3 2005 5:52:24a A.... 110,592 108.00 K
akupd.dll Thu Mar 3 2005 5:52:16a A.... 155,648 152.00 K
az1qlg~1.dll Sun Mar 20 2005 10:04:46a ..S.R 233,097 227.63 K
azaqlg~1.dll Tue Mar 15 2005 8:14:48p ..S.R 233,170 227.70 K
browseui.dll Thu Jan 27 2005 11:13:16a A.... 1,016,832 993.00 K
cdfview.dll Thu Jan 27 2005 11:13:16a A.... 151,040 147.50 K
crnsole.dll Wed Mar 9 2005 8:10:56a ..S.R 235,410 229.89 K
d0j0la~1.dll Tue Mar 15 2005 7:14:52a ..S.R 234,534 229.04 K
d2j02c~1.dll Tue Mar 22 2005 8:24:44a ..S.R 235,019 229.51 K
dfnim.dll Wed Mar 9 2005 7:55:24a ..S.R 234,565 229.07 K
docore.dll Thu Mar 3 2005 6:34:20a A.... 151,552 148.00 K
dolsp.dll Thu Mar 3 2005 6:34:22a A.... 139,264 136.00 K
dosync.dll Sun Mar 20 2005 8:40:22a A.... 114,688 112.00 K
en4sl1~1.dll Tue Mar 8 2005 8:54:30a ..S.R 229,173 223.80 K
fpnm03~1.dll Tue Mar 8 2005 8:18:08a ..S.R 229,173 223.80 K
g004la~1.dll Fri Mar 18 2005 5:12:30p ..S.R 234,938 229.43 K
g4220e~1.dll Mon Mar 14 2005 2:08:02p ..S.R 234,713 229.21 K
gccoll~1.dll Thu Feb 10 2005 10:32:20p A.... 119,520 116.72 K
gcmd5q~1.dll Mon Mar 7 2005 6:48:02a A.... 10,752 10.50 K
gcunco~1.dll Thu Feb 10 2005 10:32:20p A.... 130,272 127.22 K
gwfspi~1.dll Fri Jan 28 2005 3:37:58p A.... 23,304 22.76 K
hashlib.dll Thu Feb 10 2005 10:32:18p A.... 81,120 79.22 K
hr8s05~1.dll Wed Mar 16 2005 7:55:56a ..S.R 235,679 230.15 K
hrnu05~1.dll Fri Mar 18 2005 8:18:38p ..S.R 234,616 229.12 K
i060la~1.dll Wed Mar 9 2005 8:10:54a ..S.R 232,754 227.30 K
i4420e~1.dll Sat Mar 5 2005 10:16:06p ..S.R 230,635 225.23 K
iepeers.dll Thu Jan 27 2005 11:13:16a A.... 249,856 244.00 K
inseng.dll Thu Jan 27 2005 11:13:16a A.... 96,256 94.00 K
ir02l5~1.dll Wed Mar 16 2005 7:05:28a ..S.R 234,453 228.96 K
ir0ol5~1.dll Wed Mar 9 2005 1:40:36p ..S.R 235,776 230.25 K
j46m0e~1.dll Fri Mar 18 2005 5:39:06p ..S.R 233,702 228.22 K
j6j6lg~1.dll Tue Mar 8 2005 8:22:48a ..S.R 230,988 225.57 K
jtlo07~1.dll Mon Mar 7 2005 6:03:28p ..S.R 229,165 223.79 K
k6jslg~1.dll Thu Mar 17 2005 9:37:48p ..S.R 235,254 229.74 K
lvrm09~1.dll Tue Mar 22 2005 7:21:44a ..S.R 234,019 228.53 K
m0ju0a~1.dll Tue Mar 8 2005 3:23:06p ..S.R 232,736 227.28 K
m4nq0e~1.dll Fri Mar 18 2005 6:31:32p ..S.R 234,345 228.85 K
masap.dll Tue Mar 22 2005 2:50:04p ..S.R 234,019 228.53 K
mccoree.dll Sun Mar 20 2005 5:36:44a ..S.R 233,791 228.31 K
mdisam11.dll Tue Mar 8 2005 4:33:08p ..S.R 232,736 227.28 K
medxmlc.dll Tue Mar 15 2005 1:10:20p ..S.R 233,248 227.78 K
mhcpxl32.dll Tue Mar 15 2005 3:10:16p ..S.R 233,248 227.78 K
miuni11.dll Sun Mar 20 2005 8:16:32a ..S.R 235,786 230.26 K
mrctf.dll Tue Mar 15 2005 3:10:22p ..S.R 233,248 227.78 K
mrvbvm50.dll Tue Mar 22 2005 6:20:20a ..S.R 234,019 228.53 K
mshtml.dll Thu Jan 27 2005 11:13:18a A.... 3,006,976 2.87 M
mtjdbc10.dll Tue Mar 8 2005 4:33:04p ..S.R 232,736 227.28 K
mv00l9~1.dll Wed Mar 9 2005 11:14:44a ..S.R 233,057 227.59 K
mwjdbc10.dll Tue Mar 15 2005 1:10:28p ..S.R 233,248 227.78 K
mwxml4.dll Mon Mar 21 2005 7:19:28p ..S.R 236,038 230.50 K
nwocapi.dll Wed Mar 9 2005 11:18:28a ..S.R 233,907 228.42 K
o0480a~1.dll Tue Mar 15 2005 5:49:06a ..S.R 234,534 229.04 K
o0lu0a~1.dll Wed Mar 16 2005 5:58:42p ..S.R 234,366 228.87 K
o6lulg~1.dll Thu Mar 17 2005 5:50:58p ..S.R 235,474 229.95 K
o6pqlg~1.dll Wed Mar 9 2005 11:48:24a ..S.R 233,907 228.42 K
ole32.dll Fri Jan 14 2005 2:55:50a A.... 1,285,120 1.22 M
olecli32.dll Fri Jan 14 2005 2:55:50a A.... 74,752 73.00 K
olecnv32.dll Fri Jan 14 2005 2:55:50a A.... 37,888 37.00 K
oweacc.dll Wed Mar 16 2005 7:23:42a ..S.R 235,244 229.73 K
peapi.dll Tue Mar 15 2005 8:14:48p ..S.R 234,534 229.04 K
pmwrprof.dll Tue Mar 8 2005 3:31:52p ..S.R 229,173 223.80 K
r4r60e~1.dll Wed Mar 16 2005 5:38:52p ..S.R 234,130 228.64 K
r6p8lg~1.dll Sun Mar 13 2005 7:26:56p ..S.R 234,534 229.04 K
rpcss.dll Fri Jan 14 2005 2:55:50a A.... 395,776 386.50 K
sdclogon.dll Tue Mar 8 2005 5:33:06p ..S.R 232,736 227.28 K
shdocvw.dll Thu Jan 27 2005 11:13:18a A.... 1,483,264 1.41 M
shlwapi.dll Thu Jan 27 2005 11:13:18a A.... 473,600 462.50 K
sporder.dll Thu Mar 3 2005 5:52:24a A.... 8,464 8.27 K
svhedsvc.dll Tue Mar 8 2005 5:33:02p ..S.R 232,736 227.28 K
swi_ci.dll Sun Mar 20 2005 6:35:24a ..S.R 234,200 228.71 K
tqolhelp.dll Thu Mar 17 2005 2:36:32p ..S.R 233,538 228.06 K
ufrvoica.dll Tue Mar 8 2005 3:33:20p ..S.R 232,736 227.28 K
unrsdpia.dll Tue Mar 8 2005 3:33:16p ..S.R 232,736 227.28 K
urlmon.dll Thu Jan 27 2005 11:13:18a A.... 607,744 593.50 K
wcnmm.dll Tue Mar 8 2005 2:54:36p ..S.R 232,736 227.28 K
wdvadvd.dll Thu Mar 17 2005 2:21:22p ..S.R 233,538 228.06 K
wedmtpus.dll Tue Mar 15 2005 2:10:22p ..S.R 233,248 227.78 K
wininet.dll Thu Jan 27 2005 11:13:18a A.... 656,896 641.50 K
wnnmp32.dll Mon Mar 21 2005 7:09:34a ..S.R 234,432 228.94 K
wuvdmod.dll Tue Mar 15 2005 2:10:16p ..S.R 233,248 227.78 K

81 items found: 81 files (56 H/S), 0 directories.
Total of file sizes: 23,848,367 bytes 22.74 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 0412-E42C

Directory of C:\WINDOWS\System32

posted March 22, 2005 01:53 PM         

------------------
Powered by Intelligent Computing Solutions.
------------------------
www.footslog.com

www.compsol.8k.com

For every problem, there is a solution.

posted March 22, 2005 01:18 PM         

Download L2mfix from one of these two locations:
http://www.atribune.org/downloads/l2mfix.exe http://www.downloads.subratam.org/l2mfix.exe

posted March 22, 2005 07:53 AM         

Logfile of HijackThis v1.99.1
Scan saved at 7:30:22 AM, on 3/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\HJT\HijackThis.exe

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\en28l1fu1.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

posted March 22, 2005 07:49 AM         

Winlogon Notify won't delete either from Hijack This. Keeps recurring as before - same with the ones above.

I downloaded Spyware Blaster and spyware just bypasses it. I am a tough case!!!

posted March 22, 2005 07:32 AM         

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch

They are located in the Hosts file which is located here,

C:\WINDOWS\system32\drivers\etc

posted March 21, 2005 09:38 PM         

Also open up Internet Explorer then go to tools-internet options, then go to security, and make sure that the internet zone is set to medium, set it to low, and anything, and everything you do not want will be installed on your computer. Also make sure that under trusted sites, nothing should be in that zone delete any sites in that zone, restricted sites leave anything in there. Another line of defense is Spyware blaster, what this does will prevent any bad changes to your system and block bad websites from installing any bad software. You can get spyware blaster by opening up Spybot then going to immunize then you will see a blue link that says you don’t have Java cools spyware blaster, click this link to download click the link and download Spyware blaster, make sure you do an update of that also. Also while in Spybot make sure you immunize your system, Spybot will ask you to immunize the system for you, just make sure you do it. Be very careful as to what you download, and even be careful when, and if you transfer files via Instant Messaging. Delete the two entries reboot your computer then run another scan.

------------------
Powered by Intelligent Computing Solutions.
------------------------
www.footslog.com

www.compsol.8k.com

For every problem, there is a solution.

posted March 21, 2005 08:14 PM         

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\HJT\HijackThis.exe

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\irlol5331.dll (file missing)
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\fp4m03h1e.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

posted March 21, 2005 06:15 PM         

Check to make sure the following three Services are set to Automatic

Remote Access Connection Manager
Remote Access Auto Connection Manager
Telephony

If you get an error 10047 when trying to start the Windows Firewall/Internet Connection Sharing (ICS) Service, open a Command Prompt (Start | Run | Type cmd, and click OK) and type Netsh winsock reset, you will need to reboot the computer to see if it works, let us know if it does or not.

------------------
Powered by Intelligent Computing Solutions.
------------------------
www.footslog.com

www.compsol.8k.com

For every problem, there is a solution.

posted March 21, 2005 06:11 PM         

------------------
Powered by Intelligent Computing Solutions.
------------------------
www.footslog.com

www.compsol.8k.com

For every problem, there is a solution.

posted March 21, 2005 04:27 PM         

Could not start Windows Firewall/ICS service on local computer.

Error 10047. An address incompatible with the requested portocol was used.

posted March 21, 2005 01:04 PM         

------------------
Powered by Intelligent Computing Solutions.
------------------------
www.footslog.com

www.compsol.8k.com

For every problem, there is a solution.

posted March 21, 2005 08:21 AM         

This particular computer is my laptop which I use wireless. When going through the steps as suggested, I get these messages:

Windows cannot start the Windows Firewall/Internet Connection Sharing (ICS) service.

posted March 20, 2005 11:05 PM         

------------------
Powered by Intelligent Computing Solutions.
------------------------
www.footslog.com

www.compsol.8k.com

For every problem, there is a solution.

posted March 20, 2005 02:17 PM         

------------------
Powered by Intelligent Computing Solutions.
------------------------
www.footslog.com

www.compsol.8k.com

For every problem, there is a solution.