 |  |  |  |  |  |  |  |
Internet Access Stopped Working
 |
I am using a Dell Latitude CPx Laptop with Windows 2000. Access to the internet has stopped working a couple of days ago. However, in "Safe" mode, I can access the internet OK. I suspect that there may be an unwanted guest in my computer.
For convenience this message is being sent from a working desktop machine.
Here is the log of the HijackThis scan of the sick Laptop:
Logfile of HijackThis v1.99.1
Scan saved at 10:22:01 AM, on 7/17/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINNT\system32\am772cfg.exe
C:\WINNT\System32\USBMonit.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINNT\system32\RUNDLL32.exe
C:\Program Files\WinFixer 2005\wfx5.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Wireless LAN\WLAN CardBus Utility\WLAN_UI.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAV.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAV.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PestPatrol5.exe
C:\Documents and Settings\cbagent\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.windowsdownloads.com/success.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [AMD Wireless Network Configuration] "C:\WINNT\system32\am772cfg.exe"
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\System32\USBMonit.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WLAN CardBus Utility.lnk = C:\Program Files\Wireless LAN\WLAN CardBus Utility\WLAN_UI.EXE
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Dr...Non_Member.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O20 - Winlogon Notify: Extensions - C:\WINNT\system32\cMbinet.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
I would be most grateful for any help you can give me.
For convenience this message is being sent from a working desktop machine.
Here is the log of the HijackThis scan of the sick Laptop:
Logfile of HijackThis v1.99.1
Scan saved at 10:22:01 AM, on 7/17/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINNT\system32\am772cfg.exe
C:\WINNT\System32\USBMonit.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINNT\system32\RUNDLL32.exe
C:\Program Files\WinFixer 2005\wfx5.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Wireless LAN\WLAN CardBus Utility\WLAN_UI.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAV.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAV.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PestPatrol5.exe
C:\Documents and Settings\cbagent\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.windowsdownloads.com/success.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [AMD Wireless Network Configuration] "C:\WINNT\system32\am772cfg.exe"
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\System32\USBMonit.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WLAN CardBus Utility.lnk = C:\Program Files\Wireless LAN\WLAN CardBus Utility\WLAN_UI.EXE
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Dr...Non_Member.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O20 - Winlogon Notify: Extensions - C:\WINNT\system32\cMbinet.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
I would be most grateful for any help you can give me.
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation: 
Solved Threads: 753
Download L2mfix from one of these two locations:
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.
IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.
IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Done that. Here is the report:
L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\policies]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINNT\\system32\\cMbinet.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{9ACF1094-ED3B-18F6-B8F9-D0A31F5BBD91}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network and Dial-up Connections"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{1A9BA3A0-143A-11CF-8350-444553540000}"="Shell Favorite Folder"
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="My Computer"
"{86747AC0-42A0-1069-A2E6-08002B30309D}"="Briefcase Folder"
"{0AFACED1-E828-11D1-9187-B532F1E9575D}"="Folder Shortcut"
"{12518493-00B2-11d2-9FA5-9E3420524153}"="Mounted Volume"
"{21B22460-3AEA-1069-A2DC-08002B30309D}"="File Property Page Extension"
"{B091E540-83E3-11CF-A713-0020AFD79762}"="File Types Page"
"{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="MIME File Types Hook"
"{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Microsoft CopyTo Service"
"{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Microsoft MoveTo Service"
"{13709620-C279-11CE-A49E-444553540000}"="Shell Automation Service"
"{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View"
"{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Start Menu"
"{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Microsoft SendTo Service"
"{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Microsoft New Object Service"
"{09799AFB-AD67-11d1-ABCD-00C04FC30936}"="Open With Context Menu Handler"
"{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Display Control Panel HTML Extensions"
"{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop"
"{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Folder Options Property Page Extension"
"{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon"
"{4657278A-411B-11d2-839A-00C04FD918D0}"="Shell Drag and Drop helper"
"{A470F8CF-A1E8-4f65-8335-227475AA5C46}"="Add encryption item to context menus in explorer"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Shell Folder"
"{5b4dae26-b807-11d0-9815-00c04fd91972}"="Menu Band"
"{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Tracking Shell Menu"
"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site"
"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Desk Bar"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Links"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7487cd30-f71a-11d0-9ea7-00805f714772}"="Thumbnail Image"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Thumbnails"
"{EAB841A0-9550-11CF-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{1AEB1360-5AFC-11D0-B806-00C04FD706EC}"="Office Graphics Filters Thumbnail Extractor"
"{9DBD2C50-62AD-11D0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{500202A0-731E-11D0-B829-00C04FD706EC}"="LNK file thumbnail interface delegator"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8C-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{fe1290f0-cfbd-11cf-a330-00aa00c16e65}"="Directory Namespace"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="MyDocs Folder"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{5E44E225-A408-11CF-B581-008029601108}"="Roxio DragToDisc Shell Extension"
"{A44D5ACC-3411-40DE-9AD3-214FFB2ED7AC}"="My Media"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{B6DE09ED-4F06-408B-818E-669D1A249FE2}"=""
"{0D18ABD5-C0D4-46BF-9DE9-41E22669D542}"=""
"{E9933737-ACBE-40E0-B614-617B838EEE24}"=""
"{151E8D3A-7D2D-40A6-BFD6-0683D1F57E59}"=""
"{350DBE13-34D9-4ECB-A32E-323D00D9E7FD}"=""
"{1CE2AA40-1317-11D3-9922-00104B0AD431}"="CA_AntiVirus"
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{B6DE09ED-4F06-408B-818E-669D1A249FE2}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B6DE09ED-4F06-408B-818E-669D1A249FE2}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B6DE09ED-4F06-408B-818E-669D1A249FE2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B6DE09ED-4F06-408B-818E-669D1A249FE2}\InprocServer32]
@="C:\\WINNT\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{0D18ABD5-C0D4-46BF-9DE9-41E22669D542}]
@=""
"IDEx"="ST007"
[HKEY_CLASSES_ROOT\CLSID\{0D18ABD5-C0D4-46BF-9DE9-41E22669D542}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0D18ABD5-C0D4-46BF-9DE9-41E22669D542}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0D18ABD5-C0D4-46BF-9DE9-41E22669D542}\InprocServer32]
@="C:\\WINNT\\system32\\mvl_qic.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{E9933737-ACBE-40E0-B614-617B838EEE24}]
@=""
"IDEx"="ST007"
[HKEY_CLASSES_ROOT\CLSID\{E9933737-ACBE-40E0-B614-617B838EEE24}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E9933737-ACBE-40E0-B614-617B838EEE24}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E9933737-ACBE-40E0-B614-617B838EEE24}\InprocServer32]
@="C:\\WINNT\\system32\\mscndmgr.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{151E8D3A-7D2D-40A6-BFD6-0683D1F57E59}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{151E8D3A-7D2D-40A6-BFD6-0683D1F57E59}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{151E8D3A-7D2D-40A6-BFD6-0683D1F57E59}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{151E8D3A-7D2D-40A6-BFD6-0683D1F57E59}\InprocServer32]
@="C:\\WINNT\\system32\\muhtmler.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{350DBE13-34D9-4ECB-A32E-323D00D9E7FD}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{350DBE13-34D9-4ECB-A32E-323D00D9E7FD}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{350DBE13-34D9-4ECB-A32E-323D00D9E7FD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{350DBE13-34D9-4ECB-A32E-323D00D9E7FD}\InprocServer32]
@="C:\\WINNT\\system32\\ddvenum.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINNT\SYSTEM32\
asctres.dll Sun Jul 10 2005 8:03:46p ..S.R 417,792 408.00 K
atl71.dll Wed Jul 6 2005 5:17:28p A.... 89,088 87.00 K
aunps2.dll Sun Jul 17 2005 3:34:04a A.... 24,576 24.00 K
aysldpc.dll Sun Jul 17 2005 4:27:50a ..S.R 417,792 408.00 K
chm.dll Sun Jul 17 2005 9:42:24a ..S.R 417,792 408.00 K
cmbinet.dll Sun Jul 17 2005 3:28:30a ..S.R 417,792 408.00 K
cqmsnap.dll Sun Jul 10 2005 9:13:08p ..S.R 417,792 408.00 K
ctdbco~1.dll Sun Jul 17 2005 3:28:38a ..S.R 417,792 408.00 K
ddsynth.dll Tue Jul 12 2005 1:48:36a ..S.R 417,792 408.00 K
ddvenum.dll Sun Jun 19 2005 8:46:20p ..S.R 417,792 408.00 K
dnmsspxn.dll Mon Jul 11 2005 8:43:16p ..S.R 417,792 408.00 K
dxdskres.dll Tue Jul 12 2005 2:04:40a ..S.R 417,792 408.00 K
ehs.dll Sun Jul 10 2005 7:33:18p ..S.R 417,792 408.00 K
fantext.dll Tue Jul 12 2005 3:00:56a ..S.R 417,792 408.00 K
gccoll~1.dll Fri Jun 24 2005 3:24:22p A.... 126,680 123.71 K
gcunco~1.dll Fri Jun 24 2005 3:24:20p A.... 95,448 93.21 K
gsi32.dll Sun Jul 10 2005 7:24:12p ..S.R 417,792 408.00 K
hashlib.dll Fri Jun 24 2005 3:24:22p A.... 117,976 115.21 K
hhsetup.dll Thu Apr 21 2005 7:16:56a A.... 38,912 38.00 K
iiaksie.dll Sun Jun 19 2005 5:58:56a ..... 417,792 408.00 K
inetcomm.dll Tue May 3 2005 4:26:50p A.... 596,480 582.50 K
itircl.dll Thu Apr 21 2005 7:16:56a A.... 143,872 140.50 K
itss.dll Thu Apr 21 2005 7:16:56a A.... 128,000 125.00 K
kodsp.dll Fri Jun 17 2005 8:21:44p ..S.R 417,792 408.00 K
mdr2cenu.dll Sun Jul 17 2005 4:58:38a ..S.R 417,792 408.00 K
mfc71.dll Wed Jul 6 2005 5:17:28p A.... 1,060,864 1.01 M
mpwdat10.dll Fri Jul 8 2005 9:20:32p ..S.R 417,792 408.00 K
mscndmgr.dll Fri Jun 17 2005 8:22:08p ..S.R 417,792 408.00 K
mshtml.dll Wed Apr 27 2005 10:52:56a A.... 2,698,752 2.57 M
msi.dll Wed May 4 2005 2:45:32p A.... 2,890,240 2.75 M
msihnd.dll Wed May 4 2005 2:45:36p A.... 271,360 265.00 K
msimsg.dll Wed May 4 2005 2:45:36p A.... 884,736 864.00 K
msisip.dll Wed May 4 2005 2:45:36p A.... 15,360 15.00 K
msvcp71.dll Wed Jul 6 2005 5:17:28p A.... 499,712 488.00 K
msvcr71.dll Wed Jul 6 2005 5:17:28p A.... 348,160 340.00 K
muhtmler.dll Sun Jul 17 2005 9:47:24p ..S.R 417,792 408.00 K
multus40.dll Mon Jul 11 2005 6:24:36p ..S.R 417,792 408.00 K
mvl_qic.dll Fri Jun 17 2005 8:22:06p ..S.R 417,792 408.00 K
myhtmled.dll Sun Jul 17 2005 4:14:56a ..S.R 417,792 408.00 K
nadsbcli.dll Sun Jul 17 2005 4:53:44a ..S.R 417,792 408.00 K
nllsapi.dll Mon Jul 4 2005 12:26:38a ..S.R 417,792 408.00 K
pngfilt.dll Wed Apr 27 2005 10:53:06a A.... 34,816 34.00 K
pvtorec.dll Mon Jul 11 2005 7:34:32p ..S.R 417,792 408.00 K
pxrfproc.dll Thu Jul 7 2005 7:49:34p ..S.R 417,792 408.00 K
riuteext.dll Sun Jul 17 2005 8:03:16a ..S.R 417,792 408.00 K
rtclib.dll Mon Apr 25 2005 11:52:42p A.... 1,011,928 988.21 K
rtcrtp.dll Mon Apr 25 2005 11:52:42p A.... 430,296 420.21 K
sdcpack.dll Sun Jul 17 2005 6:56:38p ..S.R 417,792 408.00 K
shdocvw.dll Wed Apr 27 2005 2:50:48p A.... 1,338,368 1.27 M
skim.dll Fri Jun 17 2005 10:07:30p ..S.R 417,792 408.00 K
sp3res.dll Thu Apr 21 2005 3:07:06a A.... 6,309,376 6.02 M
stim.dll Fri Jun 17 2005 10:07:20p ..S.R 417,792 408.00 K
sucur32.dll Sun Jul 10 2005 10:50:02p ..S.R 417,792 408.00 K
supdate.dll Fri Jul 8 2005 8:34:42a A.... 29,184 28.50 K
svscrap.dll Mon Jun 20 2005 5:16:36a ..S.R 417,792 408.00 K
vetredir.dll Thu Jun 23 2005 4:55:10a A.... 74,864 73.11 K
wanetmgr.dll Sun Jul 17 2005 3:28:02a ..S.R 417,792 408.00 K
webvw.dll Fri Apr 29 2005 12:16:10a A.... 1,119,504 1.07 M
wininet.dll Wed Apr 27 2005 10:54:24a A.... 574,976 561.50 K
wobhits.dll Sun Jul 17 2005 5:16:52a ..S.R 417,792 408.00 K
wsntrust.dll Sun Jul 17 2005 4:01:04a ..S.R 417,792 408.00 K
wswfaxui.dll Mon Jun 20 2005 5:37:48a ..S.R 417,792 408.00 K
wxvdmoe2.dll Mon Jun 20 2005 5:37:56a ..S.R 417,792 408.00 K
63 items found: 63 files (36 H/S), 0 directories.
Total of file sizes: 36,411,832 bytes 34.72 M
Locate .tmp files:
C:\WINNT\SYSTEM32\
guard.tmp Fri Jun 17 2005 10:11:16p ..S.R 417,792 408.00 K
1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 417,792 bytes 408.00 K
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 0C0A-4DE4
Directory of C:\WINNT\System32
07/17/2005 09:47p 417,792 muhtmler.dll
07/17/2005 06:56p 417,792 sdcpack.dll
07/17/2005 09:42a 417,792 chm.dll
07/17/2005 08:03a 417,792 riuteext.dll
07/17/2005 05:16a 417,792 wobhits.dll
07/17/2005 04:58a 417,792 mdr2cenu.dll
07/17/2005 04:53a 417,792 nadsbcli.dll
07/17/2005 04:27a 417,792 aysldpc.dll
07/17/2005 04:14a 417,792 myhtmled.dll
07/17/2005 04:01a 417,792 WSNTRUST.DLL
07/17/2005 03:46a 82,432 uecp.exe
07/17/2005 03:28a 417,792 CTDBControlRoxio.dll
07/17/2005 03:28a 417,792 cMbinet.dll
07/17/2005 03:28a 417,792 wanetmgr.dll
07/12/2005 03:00a 417,792 fantext.dll
07/12/2005 02:04a 417,792 dxdskres.dll
07/12/2005 01:48a 417,792 ddsynth.dll
07/11/2005 08:43p 417,792 dnmsspxn.dll
07/11/2005 07:34p 417,792 pvtorec.dll
07/11/2005 06:24p 417,792 multus40.dll
07/10/2005 10:50p 417,792 sucur32.dll
07/10/2005 09:13p 417,792 cqmsnap.dll
07/10/2005 08:03p 417,792 asctres.dll
07/10/2005 07:33p 417,792 ehs.dll
07/10/2005 07:24p 417,792 GSI32.DLL
07/08/2005 09:20p 417,792 mpwdat10.dll
07/07/2005 07:49p 417,792 pxrfproc.dll
07/04/2005 12:26a 417,792 nllsapi.dll
06/20/2005 05:37a 417,792 wxvdmoe2.dll
06/20/2005 05:37a 417,792 wswfaxui.dll
06/20/2005 05:16a 417,792 svscrap.dll
06/19/2005 08:46p 417,792 ddvenum.dll
06/19/2005 06:21a <DIR> dllcache
06/17/2005 10:11p 417,792 guard.tmp
06/17/2005 10:07p 417,792 skim.dll
06/17/2005 10:07p 417,792 stim.dll
06/17/2005 08:22p 417,792 mscndmgr.dll
06/17/2005 08:22p 417,792 mvl_qic.dll
06/17/2005 08:21p 417,792 kodsp.dll
38 File(s) 15,540,736 bytes
1 Dir(s) 9,579,913,216 bytes free
L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\policies]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINNT\\system32\\cMbinet.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{9ACF1094-ED3B-18F6-B8F9-D0A31F5BBD91}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network and Dial-up Connections"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{1A9BA3A0-143A-11CF-8350-444553540000}"="Shell Favorite Folder"
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="My Computer"
"{86747AC0-42A0-1069-A2E6-08002B30309D}"="Briefcase Folder"
"{0AFACED1-E828-11D1-9187-B532F1E9575D}"="Folder Shortcut"
"{12518493-00B2-11d2-9FA5-9E3420524153}"="Mounted Volume"
"{21B22460-3AEA-1069-A2DC-08002B30309D}"="File Property Page Extension"
"{B091E540-83E3-11CF-A713-0020AFD79762}"="File Types Page"
"{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="MIME File Types Hook"
"{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Microsoft CopyTo Service"
"{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Microsoft MoveTo Service"
"{13709620-C279-11CE-A49E-444553540000}"="Shell Automation Service"
"{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View"
"{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Start Menu"
"{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Microsoft SendTo Service"
"{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Microsoft New Object Service"
"{09799AFB-AD67-11d1-ABCD-00C04FC30936}"="Open With Context Menu Handler"
"{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Display Control Panel HTML Extensions"
"{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop"
"{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Folder Options Property Page Extension"
"{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon"
"{4657278A-411B-11d2-839A-00C04FD918D0}"="Shell Drag and Drop helper"
"{A470F8CF-A1E8-4f65-8335-227475AA5C46}"="Add encryption item to context menus in explorer"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Shell Folder"
"{5b4dae26-b807-11d0-9815-00c04fd91972}"="Menu Band"
"{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Tracking Shell Menu"
"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site"
"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Desk Bar"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Links"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7487cd30-f71a-11d0-9ea7-00805f714772}"="Thumbnail Image"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Thumbnails"
"{EAB841A0-9550-11CF-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{1AEB1360-5AFC-11D0-B806-00C04FD706EC}"="Office Graphics Filters Thumbnail Extractor"
"{9DBD2C50-62AD-11D0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{500202A0-731E-11D0-B829-00C04FD706EC}"="LNK file thumbnail interface delegator"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8C-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{fe1290f0-cfbd-11cf-a330-00aa00c16e65}"="Directory Namespace"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="MyDocs Folder"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{5E44E225-A408-11CF-B581-008029601108}"="Roxio DragToDisc Shell Extension"
"{A44D5ACC-3411-40DE-9AD3-214FFB2ED7AC}"="My Media"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{B6DE09ED-4F06-408B-818E-669D1A249FE2}"=""
"{0D18ABD5-C0D4-46BF-9DE9-41E22669D542}"=""
"{E9933737-ACBE-40E0-B614-617B838EEE24}"=""
"{151E8D3A-7D2D-40A6-BFD6-0683D1F57E59}"=""
"{350DBE13-34D9-4ECB-A32E-323D00D9E7FD}"=""
"{1CE2AA40-1317-11D3-9922-00104B0AD431}"="CA_AntiVirus"
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{B6DE09ED-4F06-408B-818E-669D1A249FE2}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B6DE09ED-4F06-408B-818E-669D1A249FE2}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B6DE09ED-4F06-408B-818E-669D1A249FE2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B6DE09ED-4F06-408B-818E-669D1A249FE2}\InprocServer32]
@="C:\\WINNT\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{0D18ABD5-C0D4-46BF-9DE9-41E22669D542}]
@=""
"IDEx"="ST007"
[HKEY_CLASSES_ROOT\CLSID\{0D18ABD5-C0D4-46BF-9DE9-41E22669D542}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0D18ABD5-C0D4-46BF-9DE9-41E22669D542}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0D18ABD5-C0D4-46BF-9DE9-41E22669D542}\InprocServer32]
@="C:\\WINNT\\system32\\mvl_qic.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{E9933737-ACBE-40E0-B614-617B838EEE24}]
@=""
"IDEx"="ST007"
[HKEY_CLASSES_ROOT\CLSID\{E9933737-ACBE-40E0-B614-617B838EEE24}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E9933737-ACBE-40E0-B614-617B838EEE24}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E9933737-ACBE-40E0-B614-617B838EEE24}\InprocServer32]
@="C:\\WINNT\\system32\\mscndmgr.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{151E8D3A-7D2D-40A6-BFD6-0683D1F57E59}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{151E8D3A-7D2D-40A6-BFD6-0683D1F57E59}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{151E8D3A-7D2D-40A6-BFD6-0683D1F57E59}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{151E8D3A-7D2D-40A6-BFD6-0683D1F57E59}\InprocServer32]
@="C:\\WINNT\\system32\\muhtmler.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{350DBE13-34D9-4ECB-A32E-323D00D9E7FD}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{350DBE13-34D9-4ECB-A32E-323D00D9E7FD}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{350DBE13-34D9-4ECB-A32E-323D00D9E7FD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{350DBE13-34D9-4ECB-A32E-323D00D9E7FD}\InprocServer32]
@="C:\\WINNT\\system32\\ddvenum.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINNT\SYSTEM32\
asctres.dll Sun Jul 10 2005 8:03:46p ..S.R 417,792 408.00 K
atl71.dll Wed Jul 6 2005 5:17:28p A.... 89,088 87.00 K
aunps2.dll Sun Jul 17 2005 3:34:04a A.... 24,576 24.00 K
aysldpc.dll Sun Jul 17 2005 4:27:50a ..S.R 417,792 408.00 K
chm.dll Sun Jul 17 2005 9:42:24a ..S.R 417,792 408.00 K
cmbinet.dll Sun Jul 17 2005 3:28:30a ..S.R 417,792 408.00 K
cqmsnap.dll Sun Jul 10 2005 9:13:08p ..S.R 417,792 408.00 K
ctdbco~1.dll Sun Jul 17 2005 3:28:38a ..S.R 417,792 408.00 K
ddsynth.dll Tue Jul 12 2005 1:48:36a ..S.R 417,792 408.00 K
ddvenum.dll Sun Jun 19 2005 8:46:20p ..S.R 417,792 408.00 K
dnmsspxn.dll Mon Jul 11 2005 8:43:16p ..S.R 417,792 408.00 K
dxdskres.dll Tue Jul 12 2005 2:04:40a ..S.R 417,792 408.00 K
ehs.dll Sun Jul 10 2005 7:33:18p ..S.R 417,792 408.00 K
fantext.dll Tue Jul 12 2005 3:00:56a ..S.R 417,792 408.00 K
gccoll~1.dll Fri Jun 24 2005 3:24:22p A.... 126,680 123.71 K
gcunco~1.dll Fri Jun 24 2005 3:24:20p A.... 95,448 93.21 K
gsi32.dll Sun Jul 10 2005 7:24:12p ..S.R 417,792 408.00 K
hashlib.dll Fri Jun 24 2005 3:24:22p A.... 117,976 115.21 K
hhsetup.dll Thu Apr 21 2005 7:16:56a A.... 38,912 38.00 K
iiaksie.dll Sun Jun 19 2005 5:58:56a ..... 417,792 408.00 K
inetcomm.dll Tue May 3 2005 4:26:50p A.... 596,480 582.50 K
itircl.dll Thu Apr 21 2005 7:16:56a A.... 143,872 140.50 K
itss.dll Thu Apr 21 2005 7:16:56a A.... 128,000 125.00 K
kodsp.dll Fri Jun 17 2005 8:21:44p ..S.R 417,792 408.00 K
mdr2cenu.dll Sun Jul 17 2005 4:58:38a ..S.R 417,792 408.00 K
mfc71.dll Wed Jul 6 2005 5:17:28p A.... 1,060,864 1.01 M
mpwdat10.dll Fri Jul 8 2005 9:20:32p ..S.R 417,792 408.00 K
mscndmgr.dll Fri Jun 17 2005 8:22:08p ..S.R 417,792 408.00 K
mshtml.dll Wed Apr 27 2005 10:52:56a A.... 2,698,752 2.57 M
msi.dll Wed May 4 2005 2:45:32p A.... 2,890,240 2.75 M
msihnd.dll Wed May 4 2005 2:45:36p A.... 271,360 265.00 K
msimsg.dll Wed May 4 2005 2:45:36p A.... 884,736 864.00 K
msisip.dll Wed May 4 2005 2:45:36p A.... 15,360 15.00 K
msvcp71.dll Wed Jul 6 2005 5:17:28p A.... 499,712 488.00 K
msvcr71.dll Wed Jul 6 2005 5:17:28p A.... 348,160 340.00 K
muhtmler.dll Sun Jul 17 2005 9:47:24p ..S.R 417,792 408.00 K
multus40.dll Mon Jul 11 2005 6:24:36p ..S.R 417,792 408.00 K
mvl_qic.dll Fri Jun 17 2005 8:22:06p ..S.R 417,792 408.00 K
myhtmled.dll Sun Jul 17 2005 4:14:56a ..S.R 417,792 408.00 K
nadsbcli.dll Sun Jul 17 2005 4:53:44a ..S.R 417,792 408.00 K
nllsapi.dll Mon Jul 4 2005 12:26:38a ..S.R 417,792 408.00 K
pngfilt.dll Wed Apr 27 2005 10:53:06a A.... 34,816 34.00 K
pvtorec.dll Mon Jul 11 2005 7:34:32p ..S.R 417,792 408.00 K
pxrfproc.dll Thu Jul 7 2005 7:49:34p ..S.R 417,792 408.00 K
riuteext.dll Sun Jul 17 2005 8:03:16a ..S.R 417,792 408.00 K
rtclib.dll Mon Apr 25 2005 11:52:42p A.... 1,011,928 988.21 K
rtcrtp.dll Mon Apr 25 2005 11:52:42p A.... 430,296 420.21 K
sdcpack.dll Sun Jul 17 2005 6:56:38p ..S.R 417,792 408.00 K
shdocvw.dll Wed Apr 27 2005 2:50:48p A.... 1,338,368 1.27 M
skim.dll Fri Jun 17 2005 10:07:30p ..S.R 417,792 408.00 K
sp3res.dll Thu Apr 21 2005 3:07:06a A.... 6,309,376 6.02 M
stim.dll Fri Jun 17 2005 10:07:20p ..S.R 417,792 408.00 K
sucur32.dll Sun Jul 10 2005 10:50:02p ..S.R 417,792 408.00 K
supdate.dll Fri Jul 8 2005 8:34:42a A.... 29,184 28.50 K
svscrap.dll Mon Jun 20 2005 5:16:36a ..S.R 417,792 408.00 K
vetredir.dll Thu Jun 23 2005 4:55:10a A.... 74,864 73.11 K
wanetmgr.dll Sun Jul 17 2005 3:28:02a ..S.R 417,792 408.00 K
webvw.dll Fri Apr 29 2005 12:16:10a A.... 1,119,504 1.07 M
wininet.dll Wed Apr 27 2005 10:54:24a A.... 574,976 561.50 K
wobhits.dll Sun Jul 17 2005 5:16:52a ..S.R 417,792 408.00 K
wsntrust.dll Sun Jul 17 2005 4:01:04a ..S.R 417,792 408.00 K
wswfaxui.dll Mon Jun 20 2005 5:37:48a ..S.R 417,792 408.00 K
wxvdmoe2.dll Mon Jun 20 2005 5:37:56a ..S.R 417,792 408.00 K
63 items found: 63 files (36 H/S), 0 directories.
Total of file sizes: 36,411,832 bytes 34.72 M
Locate .tmp files:
C:\WINNT\SYSTEM32\
guard.tmp Fri Jun 17 2005 10:11:16p ..S.R 417,792 408.00 K
1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 417,792 bytes 408.00 K
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 0C0A-4DE4
Directory of C:\WINNT\System32
07/17/2005 09:47p 417,792 muhtmler.dll
07/17/2005 06:56p 417,792 sdcpack.dll
07/17/2005 09:42a 417,792 chm.dll
07/17/2005 08:03a 417,792 riuteext.dll
07/17/2005 05:16a 417,792 wobhits.dll
07/17/2005 04:58a 417,792 mdr2cenu.dll
07/17/2005 04:53a 417,792 nadsbcli.dll
07/17/2005 04:27a 417,792 aysldpc.dll
07/17/2005 04:14a 417,792 myhtmled.dll
07/17/2005 04:01a 417,792 WSNTRUST.DLL
07/17/2005 03:46a 82,432 uecp.exe
07/17/2005 03:28a 417,792 CTDBControlRoxio.dll
07/17/2005 03:28a 417,792 cMbinet.dll
07/17/2005 03:28a 417,792 wanetmgr.dll
07/12/2005 03:00a 417,792 fantext.dll
07/12/2005 02:04a 417,792 dxdskres.dll
07/12/2005 01:48a 417,792 ddsynth.dll
07/11/2005 08:43p 417,792 dnmsspxn.dll
07/11/2005 07:34p 417,792 pvtorec.dll
07/11/2005 06:24p 417,792 multus40.dll
07/10/2005 10:50p 417,792 sucur32.dll
07/10/2005 09:13p 417,792 cqmsnap.dll
07/10/2005 08:03p 417,792 asctres.dll
07/10/2005 07:33p 417,792 ehs.dll
07/10/2005 07:24p 417,792 GSI32.DLL
07/08/2005 09:20p 417,792 mpwdat10.dll
07/07/2005 07:49p 417,792 pxrfproc.dll
07/04/2005 12:26a 417,792 nllsapi.dll
06/20/2005 05:37a 417,792 wxvdmoe2.dll
06/20/2005 05:37a 417,792 wswfaxui.dll
06/20/2005 05:16a 417,792 svscrap.dll
06/19/2005 08:46p 417,792 ddvenum.dll
06/19/2005 06:21a <DIR> dllcache
06/17/2005 10:11p 417,792 guard.tmp
06/17/2005 10:07p 417,792 skim.dll
06/17/2005 10:07p 417,792 stim.dll
06/17/2005 08:22p 417,792 mscndmgr.dll
06/17/2005 08:22p 417,792 mvl_qic.dll
06/17/2005 08:21p 417,792 kodsp.dll
38 File(s) 15,540,736 bytes
1 Dir(s) 9,579,913,216 bytes free
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation:
Solved Threads: 753
Close any programs you have open since this step requires a reboot.
From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.
IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!
From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.
IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
I followed your instructions. Here are the results:
L2Mfix 1.03a
Running From:
C:\Documents and Settings\cbagent\Desktop\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting up for Reboot
Starting Reboot!
C:\Documents and Settings\cbagent\Desktop\l2mfix
System Rebooted!
Running From:
C:\Documents and Settings\cbagent\Desktop\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 932 'explorer.exe'
Killing PID 932 'explorer.exe'
Error 0x5 : Access is denied.
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1036 'rundll32.exe'
Killing PID 1428 'rundll32.exe'
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: C:\WINNT\system32\asctres.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\asctres.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\aysldpc.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\aysldpc.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\chm.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\chm.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\cMbinet.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\cMbinet.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\cqmsnap.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\cqmsnap.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\CTDBControlRoxio.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\CTDBControlRoxio.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\ddsynth.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\ddsynth.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\ddvenum.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\ddvenum.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\dnmsspxn.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\dnmsspxn.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\dxdskres.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\dxdskres.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\ehs.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\ehs.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\fantext.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\fantext.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\GSI32.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\GSI32.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\iiaksie.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\iiaksie.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\kodsp.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\kodsp.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\mdr2cenu.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\mdr2cenu.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\mpwdat10.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\mpwdat10.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\mscndmgr.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\mscndmgr.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\muhtmler.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\muhtmler.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\multus40.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\multus40.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\mvl_qic.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\mvl_qic.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\myhtmled.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\myhtmled.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\nadsbcli.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\nadsbcli.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\nllsapi.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\nllsapi.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\nxmarta.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\nxmarta.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\pvtorec.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\pvtorec.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\pxrfproc.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\pxrfproc.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\riuteext.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\riuteext.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\sdcpack.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\sdcpack.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\skim.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\skim.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\stim.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\stim.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\sucur32.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\sucur32.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\svscrap.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\svscrap.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\svxcoins.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\svxcoins.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\wanetmgr.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\wanetmgr.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\wobhits.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\wobhits.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\WSNTRUST.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\WSNTRUST.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\wswfaxui.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\wswfaxui.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\wxvdmoe2.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\wxvdmoe2.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\guard.tmp
1 file(s) copied.
Backing Up: C:\WINNT\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINNT\system32\asctres.dll
Successfully Deleted: C:\WINNT\system32\asctres.dll
deleting: C:\WINNT\system32\asctres.dll
Successfully Deleted: C:\WINNT\system32\asctres.dll
deleting: C:\WINNT\system32\aysldpc.dll
Successfully Deleted: C:\WINNT\system32\aysldpc.dll
deleting: C:\WINNT\system32\aysldpc.dll
Successfully Deleted: C:\WINNT\system32\aysldpc.dll
deleting: C:\WINNT\system32\chm.dll
Successfully Deleted: C:\WINNT\system32\chm.dll
deleting: C:\WINNT\system32\chm.dll
Successfully Deleted: C:\WINNT\system32\chm.dll
deleting: C:\WINNT\system32\cMbinet.dll
Successfully Deleted: C:\WINNT\system32\cMbinet.dll
deleting: C:\WINNT\system32\cMbinet.dll
Successfully Deleted: C:\WINNT\system32\cMbinet.dll
deleting: C:\WINNT\system32\cqmsnap.dll
Successfully Deleted: C:\WINNT\system32\cqmsnap.dll
deleting: C:\WINNT\system32\cqmsnap.dll
Successfully Deleted: C:\WINNT\system32\cqmsnap.dll
deleting: C:\WINNT\system32\CTDBControlRoxio.dll
Successfully Deleted: C:\WINNT\system32\CTDBControlRoxio.dll
deleting: C:\WINNT\system32\CTDBControlRoxio.dll
Successfully Deleted: C:\WINNT\system32\CTDBControlRoxio.dll
deleting: C:\WINNT\system32\ddsynth.dll
Successfully Deleted: C:\WINNT\system32\ddsynth.dll
deleting: C:\WINNT\system32\ddsynth.dll
Successfully Deleted: C:\WINNT\system32\ddsynth.dll
deleting: C:\WINNT\system32\ddvenum.dll
Successfully Deleted: C:\WINNT\system32\ddvenum.dll
deleting: C:\WINNT\system32\ddvenum.dll
Successfully Deleted: C:\WINNT\system32\ddvenum.dll
deleting: C:\WINNT\system32\dnmsspxn.dll
Successfully Deleted: C:\WINNT\system32\dnmsspxn.dll
deleting: C:\WINNT\system32\dnmsspxn.dll
Successfully Deleted: C:\WINNT\system32\dnmsspxn.dll
deleting: C:\WINNT\system32\dxdskres.dll
Successfully Deleted: C:\WINNT\system32\dxdskres.dll
deleting: C:\WINNT\system32\dxdskres.dll
Successfully Deleted: C:\WINNT\system32\dxdskres.dll
deleting: C:\WINNT\system32\ehs.dll
Successfully Deleted: C:\WINNT\system32\ehs.dll
deleting: C:\WINNT\system32\ehs.dll
Successfully Deleted: C:\WINNT\system32\ehs.dll
deleting: C:\WINNT\system32\fantext.dll
Successfully Deleted: C:\WINNT\system32\fantext.dll
deleting: C:\WINNT\system32\fantext.dll
Successfully Deleted: C:\WINNT\system32\fantext.dll
deleting: C:\WINNT\system32\GSI32.DLL
Successfully Deleted: C:\WINNT\system32\GSI32.DLL
deleting: C:\WINNT\system32\GSI32.DLL
Successfully Deleted: C:\WINNT\system32\GSI32.DLL
deleting: C:\WINNT\system32\iiaksie.dll
Successfully Deleted: C:\WINNT\system32\iiaksie.dll
deleting: C:\WINNT\system32\iiaksie.dll
Successfully Deleted: C:\WINNT\system32\iiaksie.dll
deleting: C:\WINNT\system32\kodsp.dll
Successfully Deleted: C:\WINNT\system32\kodsp.dll
deleting: C:\WINNT\system32\kodsp.dll
Successfully Deleted: C:\WINNT\system32\kodsp.dll
deleting: C:\WINNT\system32\mdr2cenu.dll
Successfully Deleted: C:\WINNT\system32\mdr2cenu.dll
deleting: C:\WINNT\system32\mdr2cenu.dll
Successfully Deleted: C:\WINNT\system32\mdr2cenu.dll
deleting: C:\WINNT\system32\mpwdat10.dll
Successfully Deleted: C:\WINNT\system32\mpwdat10.dll
deleting: C:\WINNT\system32\mpwdat10.dll
Successfully Deleted: C:\WINNT\system32\mpwdat10.dll
deleting: C:\WINNT\system32\mscndmgr.dll
Successfully Deleted: C:\WINNT\system32\mscndmgr.dll
deleting: C:\WINNT\system32\mscndmgr.dll
Successfully Deleted: C:\WINNT\system32\mscndmgr.dll
deleting: C:\WINNT\system32\muhtmler.dll
Successfully Deleted: C:\WINNT\system32\muhtmler.dll
deleting: C:\WINNT\system32\muhtmler.dll
Successfully Deleted: C:\WINNT\system32\muhtmler.dll
deleting: C:\WINNT\system32\multus40.dll
Successfully Deleted: C:\WINNT\system32\multus40.dll
deleting: C:\WINNT\system32\multus40.dll
Successfully Deleted: C:\WINNT\system32\multus40.dll
deleting: C:\WINNT\system32\mvl_qic.dll
Successfully Deleted: C:\WINNT\system32\mvl_qic.dll
deleting: C:\WINNT\system32\mvl_qic.dll
Successfully Deleted: C:\WINNT\system32\mvl_qic.dll
deleting: C:\WINNT\system32\myhtmled.dll
Successfully Deleted: C:\WINNT\system32\myhtmled.dll
deleting: C:\WINNT\system32\myhtmled.dll
Successfully Deleted: C:\WINNT\system32\myhtmled.dll
deleting: C:\WINNT\system32\nadsbcli.dll
Successfully Deleted: C:\WINNT\system32\nadsbcli.dll
deleting: C:\WINNT\system32\nadsbcli.dll
Successfully Deleted: C:\WINNT\system32\nadsbcli.dll
deleting: C:\WINNT\system32\nllsapi.dll
Successfully Deleted: C:\WINNT\system32\nllsapi.dll
deleting: C:\WINNT\system32\nllsapi.dll
Successfully Deleted: C:\WINNT\system32\nllsapi.dll
deleting: C:\WINNT\system32\nxmarta.dll
Successfully Deleted: C:\WINNT\system32\nxmarta.dll
deleting: C:\WINNT\system32\nxmarta.dll
Successfully Deleted: C:\WINNT\system32\nxmarta.dll
deleting: C:\WINNT\system32\pvtorec.dll
Successfully Deleted: C:\WINNT\system32\pvtorec.dll
deleting: C:\WINNT\system32\pvtorec.dll
Successfully Deleted: C:\WINNT\system32\pvtorec.dll
deleting: C:\WINNT\system32\pxrfproc.dll
Successfully Deleted: C:\WINNT\system32\pxrfproc.dll
deleting: C:\WINNT\system32\pxrfproc.dll
Successfully Deleted: C:\WINNT\system32\pxrfproc.dll
deleting: C:\WINNT\system32\riuteext.dll
Successfully Deleted: C:\WINNT\system32\riuteext.dll
deleting: C:\WINNT\system32\riuteext.dll
Successfully Deleted: C:\WINNT\system32\riuteext.dll
deleting: C:\WINNT\system32\sdcpack.dll
Successfully Deleted: C:\WINNT\system32\sdcpack.dll
deleting: C:\WINNT\system32\sdcpack.dll
Successfully Deleted: C:\WINNT\system32\sdcpack.dll
deleting: C:\WINNT\system32\skim.dll
Successfully Deleted: C:\WINNT\system32\skim.dll
deleting: C:\WINNT\system32\skim.dll
Successfully Deleted: C:\WINNT\system32\skim.dll
deleting: C:\WINNT\system32\stim.dll
Successfully Deleted: C:\WINNT\system32\stim.dll
deleting: C:\WINNT\system32\stim.dll
Successfully Deleted: C:\WINNT\system32\stim.dll
deleting: C:\WINNT\system32\sucur32.dll
Successfully Deleted: C:\WINNT\system32\sucur32.dll
deleting: C:\WINNT\system32\sucur32.dll
Successfully Deleted: C:\WINNT\system32\sucur32.dll
deleting: C:\WINNT\system32\svscrap.dll
Successfully Deleted: C:\WINNT\system32\svscrap.dll
deleting: C:\WINNT\system32\svscrap.dll
Successfully Deleted: C:\WINNT\system32\svscrap.dll
deleting: C:\WINNT\system32\svxcoins.dll
Successfully Deleted: C:\WINNT\system32\svxcoins.dll
deleting: C:\WINNT\system32\svxcoins.dll
Successfully Deleted: C:\WINNT\system32\svxcoins.dll
deleting: C:\WINNT\system32\wanetmgr.dll
Successfully Deleted: C:\WINNT\system32\wanetmgr.dll
deleting: C:\WINNT\system32\wanetmgr.dll
Successfully Deleted: C:\WINNT\system32\wanetmgr.dll
deleting: C:\WINNT\system32\wobhits.dll
Successfully Deleted: C:\WINNT\system32\wobhits.dll
deleting: C:\WINNT\system32\wobhits.dll
Successfully Deleted: C:\WINNT\system32\wobhits.dll
deleting: C:\WINNT\system32\WSNTRUST.DLL
Successfully Deleted: C:\WINNT\system32\WSNTRUST.DLL
deleting: C:\WINNT\system32\WSNTRUST.DLL
Successfully Deleted: C:\WINNT\system32\WSNTRUST.DLL
deleting: C:\WINNT\system32\wswfaxui.dll
Successfully Deleted: C:\WINNT\system32\wswfaxui.dll
deleting: C:\WINNT\system32\wswfaxui.dll
Successfully Deleted: C:\WINNT\system32\wswfaxui.dll
deleting: C:\WINNT\system32\wxvdmoe2.dll
Successfully Deleted: C:\WINNT\system32\wxvdmoe2.dll
deleting: C:\WINNT\system32\wxvdmoe2.dll
Successfully Deleted: C:\WINNT\system32\wxvdmoe2.dll
deleting: C:\WINNT\system32\guard.tmp
Successfully Deleted: C:\WINNT\system32\guard.tmp
deleting: C:\WINNT\system32\guard.tmp
Successfully Deleted: C:\WINNT\system32\guard.tmp
Zipping up files for submission:
adding: asctres.dll (152 bytes security) (deflated 48%)
adding: aysldpc.dll (152 bytes security) (deflated 48%)
adding: chm.dll (152 bytes security) (deflated 48%)
adding: cMbinet.dll (152 bytes security) (deflated 48%)
adding: cqmsnap.dll (152 bytes security) (deflated 48%)
adding: CTDBControlRoxio.dll (152 bytes security) (deflated 48%)
adding: ddsynth.dll (152 bytes security) (deflated 48%)
adding: ddvenum.dll (152 bytes security) (deflated 48%)
adding: dnmsspxn.dll (152 bytes security) (deflated 48%)
adding: dxdskres.dll (152 bytes security) (deflated 48%)
adding: ehs.dll (152 bytes security) (deflated 48%)
adding: fantext.dll (152 bytes security) (deflated 48%)
adding: GSI32.DLL (152 bytes security) (deflated 48%)
adding: iiaksie.dll (152 bytes security) (deflated 48%)
adding: kodsp.dll (152 bytes security) (deflated 48%)
adding: mdr2cenu.dll (152 bytes security) (deflated 48%)
adding: mpwdat10.dll (152 bytes security) (deflated 48%)
adding: mscndmgr.dll (152 bytes security) (deflated 48%)
adding: muhtmler.dll (152 bytes security) (deflated 48%)
adding: multus40.dll (152 bytes security) (deflated 48%)
adding: mvl_qic.dll (152 bytes security) (deflated 48%)
adding: myhtmled.dll (152 bytes security) (deflated 48%)
adding: nadsbcli.dll (152 bytes security) (deflated 48%)
adding: nllsapi.dll (152 bytes security) (deflated 48%)
adding: nxmarta.dll (152 bytes security) (deflated 48%)
adding: pvtorec.dll (152 bytes security) (deflated 48%)
adding: pxrfproc.dll (152 bytes security) (deflated 48%)
adding: riuteext.dll (152 bytes security) (deflated 48%)
adding: sdcpack.dll (152 bytes security) (deflated 48%)
adding: skim.dll (152 bytes security) (deflated 48%)
adding: stim.dll (152 bytes security) (deflated 48%)
adding: sucur32.dll (152 bytes security) (deflated 48%)
adding: svscrap.dll (152 bytes security) (deflated 48%)
adding: svxcoins.dll (152 bytes security) (deflated 48%)
adding: wanetmgr.dll (152 bytes security) (deflated 48%)
adding: wobhits.dll (152 bytes security) (deflated 48%)
adding: WSNTRUST.DLL (152 bytes security) (deflated 48%)
adding: wswfaxui.dll (152 bytes security) (deflated 48%)
adding: wxvdmoe2.dll (152 bytes security) (deflated 48%)
adding: guard.tmp (152 bytes security) (deflated 48%)
adding: clear.reg (152 bytes security) (deflated 56%)
adding: echo.reg (152 bytes security) (deflated 9%)
adding: direct.txt (152 bytes security) (stored 0%)
adding: lo2.txt (152 bytes security) (deflated 90%)
adding: readme.txt (152 bytes security) (deflated 49%)
adding: report.txt (152 bytes security) (deflated 70%)
adding: test.txt (152 bytes security) (deflated 90%)
adding: test2.txt (152 bytes security) (deflated 36%)
adding: test3.txt (152 bytes security) (deflated 36%)
adding: test5.txt (152 bytes security) (deflated 36%)
adding: xfind.txt (152 bytes security) (deflated 87%)
adding: backregs/0D18ABD5-C0D4-46BF-9DE9-41E22669D542.reg (152 bytes security) (deflated 69%)
adding: backregs/151E8D3A-7D2D-40A6-BFD6-0683D1F57E59.reg (152 bytes security) (deflated 70%)
adding: backregs/350DBE13-34D9-4ECB-A32E-323D00D9E7FD.reg (152 bytes security) (deflated 70%)
adding: backregs/B6DE09ED-4F06-408B-818E-669D1A249FE2.reg (152 bytes security) (deflated 70%)
adding: backregs/E9933737-ACBE-40E0-B614-617B838EEE24.reg (152 bytes security) (deflated 69%)
adding: backregs/shell.reg (152 bytes security) (deflated 74%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful
deleting local copy: asctres.dll
deleting local copy: asctres.dll
deleting local copy: aysldpc.dll
deleting local copy: aysldpc.dll
deleting local copy: chm.dll
deleting local copy: chm.dll
deleting local copy: cMbinet.dll
deleting local copy: cMbinet.dll
deleting local copy: cqmsnap.dll
deleting local copy: cqmsnap.dll
deleting local copy: CTDBControlRoxio.dll
deleting local copy: CTDBControlRoxio.dll
deleting local copy: ddsynth.dll
deleting local copy: ddsynth.dll
deleting local copy: ddvenum.dll
deleting local copy: ddvenum.dll
deleting local copy: dnmsspxn.dll
deleting local copy: dnmsspxn.dll
deleting local copy: dxdskres.dll
deleting local copy: dxdskres.dll
deleting local copy: ehs.dll
deleting local copy: ehs.dll
deleting local copy: fantext.dll
deleting local copy: fantext.dll
deleting local copy: GSI32.DLL
deleting local copy: GSI32.DLL
deleting local copy: iiaksie.dll
deleting local copy: iiaksie.dll
deleting local copy: kodsp.dll
deleting local copy: kodsp.dll
deleting local copy: mdr2cenu.dll
deleting local copy: mdr2cenu.dll
deleting local copy: mpwdat10.dll
deleting local copy: mpwdat10.dll
deleting local copy: mscndmgr.dll
deleting local copy: mscndmgr.dll
deleting local copy: muhtmler.dll
deleting local copy: muhtmler.dll
deleting local copy: multus40.dll
deleting local copy: multus40.dll
deleting local copy: mvl_qic.dll
deleting local copy: mvl_qic.dll
deleting local copy: myhtmled.dll
deleting local copy: myhtmled.dll
deleting local copy: nadsbcli.dll
deleting local copy: nadsbcli.dll
deleting local copy: nllsapi.dll
deleting local copy: nllsapi.dll
deleting local copy: nxmarta.dll
deleting local copy: nxmarta.dll
deleting local copy: pvtorec.dll
deleting local copy: pvtorec.dll
deleting local copy: pxrfproc.dll
deleting local copy: pxrfproc.dll
deleting local copy: riuteext.dll
deleting local copy: riuteext.dll
deleting local copy: sdcpack.dll
deleting local copy: sdcpack.dll
deleting local copy: skim.dll
deleting local copy: skim.dll
deleting local copy: stim.dll
deleting local copy: stim.dll
deleting local copy: sucur32.dll
deleting local copy: sucur32.dll
deleting local copy: svscrap.dll
deleting local copy: svscrap.dll
deleting local copy: svxcoins.dll
deleting local copy: svxcoins.dll
deleting local copy: wanetmgr.dll
deleting local copy: wanetmgr.dll
deleting local copy: wobhits.dll
deleting local copy: wobhits.dll
deleting local copy: WSNTRUST.DLL
deleting local copy: WSNTRUST.DLL
deleting local copy: wswfaxui.dll
deleting local copy: wswfaxui.dll
deleting local copy: wxvdmoe2.dll
deleting local copy: wxvdmoe2.dll
deleting local copy: guard.tmp
deleting local copy: guard.tmp
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
C:\WINNT\system32\asctres.dll
C:\WINNT\system32\asctres.dll
C:\WINNT\system32\aysldpc.dll
C:\WINNT\system32\aysldpc.dll
C:\WINNT\system32\chm.dll
C:\WINNT\system32\chm.dll
C:\WINNT\system32\cMbinet.dll
C:\WINNT\system32\cMbinet.dll
C:\WINNT\system32\cqmsnap.dll
C:\WINNT\system32\cqmsnap.dll
C:\WINNT\system32\CTDBControlRoxio.dll
C:\WINNT\system32\CTDBControlRoxio.dll
C:\WINNT\system32\ddsynth.dll
C:\WINNT\system32\ddsynth.dll
C:\WINNT\system32\ddvenum.dll
C:\WINNT\system32\ddvenum.dll
C:\WINNT\system32\dnmsspxn.dll
C:\WINNT\system32\dnmsspxn.dll
C:\WINNT\system32\dxdskres.dll
C:\WINNT\system32\dxdskres.dll
C:\WINNT\system32\ehs.dll
C:\WINNT\system32\ehs.dll
C:\WINNT\system32\fantext.dll
C:\WINNT\system32\fantext.dll
C:\WINNT\system32\GSI32.DLL
C:\WINNT\system32\GSI32.DLL
C:\WINNT\system32\iiaksie.dll
C:\WINNT\system32\iiaksie.dll
C:\WINNT\system32\kodsp.dll
C:\WINNT\system32\kodsp.dll
C:\WINNT\system32\mdr2cenu.dll
C:\WINNT\system32\mdr2cenu.dll
C:\WINNT\system32\mpwdat10.dll
C:\WINNT\system32\mpwdat10.dll
C:\WINNT\system32\mscndmgr.dll
C:\WINNT\system32\mscndmgr.dll
C:\WINNT\system32\muhtmler.dll
C:\WINNT\system32\muhtmler.dll
C:\WINNT\system32\multus40.dll
C:\WINNT\system32\multus40.dll
C:\WINNT\system32\mvl_qic.dll
C:\WINNT\system32\mvl_qic.dll
C:\WINNT\system32\myhtmled.dll
C:\WINNT\system32\myhtmled.dll
C:\WINNT\system32\nadsbcli.dll
C:\WINNT\system32\nadsbcli.dll
C:\WINNT\system32\nllsapi.dll
C:\WINNT\system32\nllsapi.dll
C:\WINNT\system32\nxmarta.dll
C:\WINNT\system32\nxmarta.dll
C:\WINNT\system32\pvtorec.dll
C:\WINNT\system32\pvtorec.dll
C:\WINNT\system32\pxrfproc.dll
C:\WINNT\system32\pxrfproc.dll
C:\WINNT\system32\riuteext.dll
C:\WINNT\system32\riuteext.dll
C:\WINNT\system32\sdcpack.dll
C:\WINNT\system32\sdcpack.dll
C:\WINNT\system32\skim.dll
C:\WINNT\system32\skim.dll
C:\WINNT\system32\stim.dll
C:\WINNT\system32\stim.dll
C:\WINNT\system32\sucur32.dll
C:\WINNT\system32\sucur32.dll
C:\WINNT\system32\svscrap.dll
C:\WINNT\system32\svscrap.dll
C:\WINNT\system32\svxcoins.dll
C:\WINNT\system32\svxcoins.dll
C:\WINNT\system32\wanetmgr.dll
C:\WINNT\system32\wanetmgr.dll
C:\WINNT\system32\wobhits.dll
C:\WINNT\system32\wobhits.dll
C:\WINNT\system32\WSNTRUST.DLL
C:\WINNT\system32\WSNTRUST.DLL
C:\WINNT\system32\wswfaxui.dll
C:\WINNT\system32\wswfaxui.dll
C:\WINNT\system32\wxvdmoe2.dll
C:\WINNT\system32\wxvdmoe2.dll
C:\WINNT\system32\guard.tmp
C:\WINNT\system32\guard.tmp
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{B6DE09ED-4F06-408B-818E-669D1A249FE2}"=-
"{0D18ABD5-C0D4-46BF-9DE9-41E22669D542}"=-
"{E9933737-ACBE-40E0-B614-617B838EEE24}"=-
"{151E8D3A-7D2D-40A6-BFD6-0683D1F57E59}"=-
"{350DBE13-34D9-4ECB-A32E-323D00D9E7FD}"=-
[-HKEY_CLASSES_ROOT\CLSID\{B6DE09ED-4F06-408B-818E-669D1A249FE2}]
[-HKEY_CLASSES_ROOT\CLSID\{0D18ABD5-C0D4-46BF-9DE9-41E22669D542}]
[-HKEY_CLASSES_ROOT\CLSID\{E9933737-ACBE-40E0-B614-617B838EEE24}]
[-HKEY_CLASSES_ROOT\CLSID\{151E8D3A-7D2D-40A6-BFD6-0683D1F57E59}]
[-HKEY_CLASSES_ROOT\CLSID\{350DBE13-34D9-4ECB-A32E-323D00D9E7FD}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Logfile of HijackThis v1.99.1
Scan saved at 9:31:56 AM, on 7/18/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINNT\system32\am772cfg.exe
C:\WINNT\System32\USBMonit.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Wireless LAN\WLAN CardBus Utility\WLAN_UI.EXE
C:\WINNT\explorer.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\cbagent\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.windowsdownloads.com/success.htm
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\cfgmgr52.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [AMD Wireless Network Configuration] "C:\WINNT\system32\am772cfg.exe"
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\System32\USBMonit.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WLAN CardBus Utility.lnk = C:\Program Files\Wireless LAN\WLAN CardBus Utility\WLAN_UI.EXE
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Dr...Non_Member.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/Ms...Downloader.cab
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
L2Mfix 1.03a
Running From:
C:\Documents and Settings\cbagent\Desktop\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting up for Reboot
Starting Reboot!
C:\Documents and Settings\cbagent\Desktop\l2mfix
System Rebooted!
Running From:
C:\Documents and Settings\cbagent\Desktop\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 932 'explorer.exe'
Killing PID 932 'explorer.exe'
Error 0x5 : Access is denied.
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1036 'rundll32.exe'
Killing PID 1428 'rundll32.exe'
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: C:\WINNT\system32\asctres.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\asctres.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\aysldpc.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\aysldpc.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\chm.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\chm.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\cMbinet.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\cMbinet.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\cqmsnap.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\cqmsnap.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\CTDBControlRoxio.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\CTDBControlRoxio.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\ddsynth.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\ddsynth.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\ddvenum.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\ddvenum.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\dnmsspxn.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\dnmsspxn.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\dxdskres.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\dxdskres.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\ehs.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\ehs.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\fantext.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\fantext.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\GSI32.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\GSI32.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\iiaksie.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\iiaksie.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\kodsp.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\kodsp.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\mdr2cenu.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\mdr2cenu.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\mpwdat10.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\mpwdat10.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\mscndmgr.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\mscndmgr.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\muhtmler.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\muhtmler.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\multus40.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\multus40.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\mvl_qic.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\mvl_qic.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\myhtmled.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\myhtmled.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\nadsbcli.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\nadsbcli.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\nllsapi.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\nllsapi.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\nxmarta.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\nxmarta.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\pvtorec.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\pvtorec.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\pxrfproc.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\pxrfproc.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\riuteext.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\riuteext.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\sdcpack.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\sdcpack.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\skim.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\skim.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\stim.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\stim.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\sucur32.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\sucur32.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\svscrap.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\svscrap.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\svxcoins.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\svxcoins.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\wanetmgr.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\wanetmgr.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\wobhits.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\wobhits.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\WSNTRUST.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\WSNTRUST.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\wswfaxui.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\wswfaxui.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\wxvdmoe2.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\wxvdmoe2.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\guard.tmp
1 file(s) copied.
Backing Up: C:\WINNT\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINNT\system32\asctres.dll
Successfully Deleted: C:\WINNT\system32\asctres.dll
deleting: C:\WINNT\system32\asctres.dll
Successfully Deleted: C:\WINNT\system32\asctres.dll
deleting: C:\WINNT\system32\aysldpc.dll
Successfully Deleted: C:\WINNT\system32\aysldpc.dll
deleting: C:\WINNT\system32\aysldpc.dll
Successfully Deleted: C:\WINNT\system32\aysldpc.dll
deleting: C:\WINNT\system32\chm.dll
Successfully Deleted: C:\WINNT\system32\chm.dll
deleting: C:\WINNT\system32\chm.dll
Successfully Deleted: C:\WINNT\system32\chm.dll
deleting: C:\WINNT\system32\cMbinet.dll
Successfully Deleted: C:\WINNT\system32\cMbinet.dll
deleting: C:\WINNT\system32\cMbinet.dll
Successfully Deleted: C:\WINNT\system32\cMbinet.dll
deleting: C:\WINNT\system32\cqmsnap.dll
Successfully Deleted: C:\WINNT\system32\cqmsnap.dll
deleting: C:\WINNT\system32\cqmsnap.dll
Successfully Deleted: C:\WINNT\system32\cqmsnap.dll
deleting: C:\WINNT\system32\CTDBControlRoxio.dll
Successfully Deleted: C:\WINNT\system32\CTDBControlRoxio.dll
deleting: C:\WINNT\system32\CTDBControlRoxio.dll
Successfully Deleted: C:\WINNT\system32\CTDBControlRoxio.dll
deleting: C:\WINNT\system32\ddsynth.dll
Successfully Deleted: C:\WINNT\system32\ddsynth.dll
deleting: C:\WINNT\system32\ddsynth.dll
Successfully Deleted: C:\WINNT\system32\ddsynth.dll
deleting: C:\WINNT\system32\ddvenum.dll
Successfully Deleted: C:\WINNT\system32\ddvenum.dll
deleting: C:\WINNT\system32\ddvenum.dll
Successfully Deleted: C:\WINNT\system32\ddvenum.dll
deleting: C:\WINNT\system32\dnmsspxn.dll
Successfully Deleted: C:\WINNT\system32\dnmsspxn.dll
deleting: C:\WINNT\system32\dnmsspxn.dll
Successfully Deleted: C:\WINNT\system32\dnmsspxn.dll
deleting: C:\WINNT\system32\dxdskres.dll
Successfully Deleted: C:\WINNT\system32\dxdskres.dll
deleting: C:\WINNT\system32\dxdskres.dll
Successfully Deleted: C:\WINNT\system32\dxdskres.dll
deleting: C:\WINNT\system32\ehs.dll
Successfully Deleted: C:\WINNT\system32\ehs.dll
deleting: C:\WINNT\system32\ehs.dll
Successfully Deleted: C:\WINNT\system32\ehs.dll
deleting: C:\WINNT\system32\fantext.dll
Successfully Deleted: C:\WINNT\system32\fantext.dll
deleting: C:\WINNT\system32\fantext.dll
Successfully Deleted: C:\WINNT\system32\fantext.dll
deleting: C:\WINNT\system32\GSI32.DLL
Successfully Deleted: C:\WINNT\system32\GSI32.DLL
deleting: C:\WINNT\system32\GSI32.DLL
Successfully Deleted: C:\WINNT\system32\GSI32.DLL
deleting: C:\WINNT\system32\iiaksie.dll
Successfully Deleted: C:\WINNT\system32\iiaksie.dll
deleting: C:\WINNT\system32\iiaksie.dll
Successfully Deleted: C:\WINNT\system32\iiaksie.dll
deleting: C:\WINNT\system32\kodsp.dll
Successfully Deleted: C:\WINNT\system32\kodsp.dll
deleting: C:\WINNT\system32\kodsp.dll
Successfully Deleted: C:\WINNT\system32\kodsp.dll
deleting: C:\WINNT\system32\mdr2cenu.dll
Successfully Deleted: C:\WINNT\system32\mdr2cenu.dll
deleting: C:\WINNT\system32\mdr2cenu.dll
Successfully Deleted: C:\WINNT\system32\mdr2cenu.dll
deleting: C:\WINNT\system32\mpwdat10.dll
Successfully Deleted: C:\WINNT\system32\mpwdat10.dll
deleting: C:\WINNT\system32\mpwdat10.dll
Successfully Deleted: C:\WINNT\system32\mpwdat10.dll
deleting: C:\WINNT\system32\mscndmgr.dll
Successfully Deleted: C:\WINNT\system32\mscndmgr.dll
deleting: C:\WINNT\system32\mscndmgr.dll
Successfully Deleted: C:\WINNT\system32\mscndmgr.dll
deleting: C:\WINNT\system32\muhtmler.dll
Successfully Deleted: C:\WINNT\system32\muhtmler.dll
deleting: C:\WINNT\system32\muhtmler.dll
Successfully Deleted: C:\WINNT\system32\muhtmler.dll
deleting: C:\WINNT\system32\multus40.dll
Successfully Deleted: C:\WINNT\system32\multus40.dll
deleting: C:\WINNT\system32\multus40.dll
Successfully Deleted: C:\WINNT\system32\multus40.dll
deleting: C:\WINNT\system32\mvl_qic.dll
Successfully Deleted: C:\WINNT\system32\mvl_qic.dll
deleting: C:\WINNT\system32\mvl_qic.dll
Successfully Deleted: C:\WINNT\system32\mvl_qic.dll
deleting: C:\WINNT\system32\myhtmled.dll
Successfully Deleted: C:\WINNT\system32\myhtmled.dll
deleting: C:\WINNT\system32\myhtmled.dll
Successfully Deleted: C:\WINNT\system32\myhtmled.dll
deleting: C:\WINNT\system32\nadsbcli.dll
Successfully Deleted: C:\WINNT\system32\nadsbcli.dll
deleting: C:\WINNT\system32\nadsbcli.dll
Successfully Deleted: C:\WINNT\system32\nadsbcli.dll
deleting: C:\WINNT\system32\nllsapi.dll
Successfully Deleted: C:\WINNT\system32\nllsapi.dll
deleting: C:\WINNT\system32\nllsapi.dll
Successfully Deleted: C:\WINNT\system32\nllsapi.dll
deleting: C:\WINNT\system32\nxmarta.dll
Successfully Deleted: C:\WINNT\system32\nxmarta.dll
deleting: C:\WINNT\system32\nxmarta.dll
Successfully Deleted: C:\WINNT\system32\nxmarta.dll
deleting: C:\WINNT\system32\pvtorec.dll
Successfully Deleted: C:\WINNT\system32\pvtorec.dll
deleting: C:\WINNT\system32\pvtorec.dll
Successfully Deleted: C:\WINNT\system32\pvtorec.dll
deleting: C:\WINNT\system32\pxrfproc.dll
Successfully Deleted: C:\WINNT\system32\pxrfproc.dll
deleting: C:\WINNT\system32\pxrfproc.dll
Successfully Deleted: C:\WINNT\system32\pxrfproc.dll
deleting: C:\WINNT\system32\riuteext.dll
Successfully Deleted: C:\WINNT\system32\riuteext.dll
deleting: C:\WINNT\system32\riuteext.dll
Successfully Deleted: C:\WINNT\system32\riuteext.dll
deleting: C:\WINNT\system32\sdcpack.dll
Successfully Deleted: C:\WINNT\system32\sdcpack.dll
deleting: C:\WINNT\system32\sdcpack.dll
Successfully Deleted: C:\WINNT\system32\sdcpack.dll
deleting: C:\WINNT\system32\skim.dll
Successfully Deleted: C:\WINNT\system32\skim.dll
deleting: C:\WINNT\system32\skim.dll
Successfully Deleted: C:\WINNT\system32\skim.dll
deleting: C:\WINNT\system32\stim.dll
Successfully Deleted: C:\WINNT\system32\stim.dll
deleting: C:\WINNT\system32\stim.dll
Successfully Deleted: C:\WINNT\system32\stim.dll
deleting: C:\WINNT\system32\sucur32.dll
Successfully Deleted: C:\WINNT\system32\sucur32.dll
deleting: C:\WINNT\system32\sucur32.dll
Successfully Deleted: C:\WINNT\system32\sucur32.dll
deleting: C:\WINNT\system32\svscrap.dll
Successfully Deleted: C:\WINNT\system32\svscrap.dll
deleting: C:\WINNT\system32\svscrap.dll
Successfully Deleted: C:\WINNT\system32\svscrap.dll
deleting: C:\WINNT\system32\svxcoins.dll
Successfully Deleted: C:\WINNT\system32\svxcoins.dll
deleting: C:\WINNT\system32\svxcoins.dll
Successfully Deleted: C:\WINNT\system32\svxcoins.dll
deleting: C:\WINNT\system32\wanetmgr.dll
Successfully Deleted: C:\WINNT\system32\wanetmgr.dll
deleting: C:\WINNT\system32\wanetmgr.dll
Successfully Deleted: C:\WINNT\system32\wanetmgr.dll
deleting: C:\WINNT\system32\wobhits.dll
Successfully Deleted: C:\WINNT\system32\wobhits.dll
deleting: C:\WINNT\system32\wobhits.dll
Successfully Deleted: C:\WINNT\system32\wobhits.dll
deleting: C:\WINNT\system32\WSNTRUST.DLL
Successfully Deleted: C:\WINNT\system32\WSNTRUST.DLL
deleting: C:\WINNT\system32\WSNTRUST.DLL
Successfully Deleted: C:\WINNT\system32\WSNTRUST.DLL
deleting: C:\WINNT\system32\wswfaxui.dll
Successfully Deleted: C:\WINNT\system32\wswfaxui.dll
deleting: C:\WINNT\system32\wswfaxui.dll
Successfully Deleted: C:\WINNT\system32\wswfaxui.dll
deleting: C:\WINNT\system32\wxvdmoe2.dll
Successfully Deleted: C:\WINNT\system32\wxvdmoe2.dll
deleting: C:\WINNT\system32\wxvdmoe2.dll
Successfully Deleted: C:\WINNT\system32\wxvdmoe2.dll
deleting: C:\WINNT\system32\guard.tmp
Successfully Deleted: C:\WINNT\system32\guard.tmp
deleting: C:\WINNT\system32\guard.tmp
Successfully Deleted: C:\WINNT\system32\guard.tmp
Zipping up files for submission:
adding: asctres.dll (152 bytes security) (deflated 48%)
adding: aysldpc.dll (152 bytes security) (deflated 48%)
adding: chm.dll (152 bytes security) (deflated 48%)
adding: cMbinet.dll (152 bytes security) (deflated 48%)
adding: cqmsnap.dll (152 bytes security) (deflated 48%)
adding: CTDBControlRoxio.dll (152 bytes security) (deflated 48%)
adding: ddsynth.dll (152 bytes security) (deflated 48%)
adding: ddvenum.dll (152 bytes security) (deflated 48%)
adding: dnmsspxn.dll (152 bytes security) (deflated 48%)
adding: dxdskres.dll (152 bytes security) (deflated 48%)
adding: ehs.dll (152 bytes security) (deflated 48%)
adding: fantext.dll (152 bytes security) (deflated 48%)
adding: GSI32.DLL (152 bytes security) (deflated 48%)
adding: iiaksie.dll (152 bytes security) (deflated 48%)
adding: kodsp.dll (152 bytes security) (deflated 48%)
adding: mdr2cenu.dll (152 bytes security) (deflated 48%)
adding: mpwdat10.dll (152 bytes security) (deflated 48%)
adding: mscndmgr.dll (152 bytes security) (deflated 48%)
adding: muhtmler.dll (152 bytes security) (deflated 48%)
adding: multus40.dll (152 bytes security) (deflated 48%)
adding: mvl_qic.dll (152 bytes security) (deflated 48%)
adding: myhtmled.dll (152 bytes security) (deflated 48%)
adding: nadsbcli.dll (152 bytes security) (deflated 48%)
adding: nllsapi.dll (152 bytes security) (deflated 48%)
adding: nxmarta.dll (152 bytes security) (deflated 48%)
adding: pvtorec.dll (152 bytes security) (deflated 48%)
adding: pxrfproc.dll (152 bytes security) (deflated 48%)
adding: riuteext.dll (152 bytes security) (deflated 48%)
adding: sdcpack.dll (152 bytes security) (deflated 48%)
adding: skim.dll (152 bytes security) (deflated 48%)
adding: stim.dll (152 bytes security) (deflated 48%)
adding: sucur32.dll (152 bytes security) (deflated 48%)
adding: svscrap.dll (152 bytes security) (deflated 48%)
adding: svxcoins.dll (152 bytes security) (deflated 48%)
adding: wanetmgr.dll (152 bytes security) (deflated 48%)
adding: wobhits.dll (152 bytes security) (deflated 48%)
adding: WSNTRUST.DLL (152 bytes security) (deflated 48%)
adding: wswfaxui.dll (152 bytes security) (deflated 48%)
adding: wxvdmoe2.dll (152 bytes security) (deflated 48%)
adding: guard.tmp (152 bytes security) (deflated 48%)
adding: clear.reg (152 bytes security) (deflated 56%)
adding: echo.reg (152 bytes security) (deflated 9%)
adding: direct.txt (152 bytes security) (stored 0%)
adding: lo2.txt (152 bytes security) (deflated 90%)
adding: readme.txt (152 bytes security) (deflated 49%)
adding: report.txt (152 bytes security) (deflated 70%)
adding: test.txt (152 bytes security) (deflated 90%)
adding: test2.txt (152 bytes security) (deflated 36%)
adding: test3.txt (152 bytes security) (deflated 36%)
adding: test5.txt (152 bytes security) (deflated 36%)
adding: xfind.txt (152 bytes security) (deflated 87%)
adding: backregs/0D18ABD5-C0D4-46BF-9DE9-41E22669D542.reg (152 bytes security) (deflated 69%)
adding: backregs/151E8D3A-7D2D-40A6-BFD6-0683D1F57E59.reg (152 bytes security) (deflated 70%)
adding: backregs/350DBE13-34D9-4ECB-A32E-323D00D9E7FD.reg (152 bytes security) (deflated 70%)
adding: backregs/B6DE09ED-4F06-408B-818E-669D1A249FE2.reg (152 bytes security) (deflated 70%)
adding: backregs/E9933737-ACBE-40E0-B614-617B838EEE24.reg (152 bytes security) (deflated 69%)
adding: backregs/shell.reg (152 bytes security) (deflated 74%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful
deleting local copy: asctres.dll
deleting local copy: asctres.dll
deleting local copy: aysldpc.dll
deleting local copy: aysldpc.dll
deleting local copy: chm.dll
deleting local copy: chm.dll
deleting local copy: cMbinet.dll
deleting local copy: cMbinet.dll
deleting local copy: cqmsnap.dll
deleting local copy: cqmsnap.dll
deleting local copy: CTDBControlRoxio.dll
deleting local copy: CTDBControlRoxio.dll
deleting local copy: ddsynth.dll
deleting local copy: ddsynth.dll
deleting local copy: ddvenum.dll
deleting local copy: ddvenum.dll
deleting local copy: dnmsspxn.dll
deleting local copy: dnmsspxn.dll
deleting local copy: dxdskres.dll
deleting local copy: dxdskres.dll
deleting local copy: ehs.dll
deleting local copy: ehs.dll
deleting local copy: fantext.dll
deleting local copy: fantext.dll
deleting local copy: GSI32.DLL
deleting local copy: GSI32.DLL
deleting local copy: iiaksie.dll
deleting local copy: iiaksie.dll
deleting local copy: kodsp.dll
deleting local copy: kodsp.dll
deleting local copy: mdr2cenu.dll
deleting local copy: mdr2cenu.dll
deleting local copy: mpwdat10.dll
deleting local copy: mpwdat10.dll
deleting local copy: mscndmgr.dll
deleting local copy: mscndmgr.dll
deleting local copy: muhtmler.dll
deleting local copy: muhtmler.dll
deleting local copy: multus40.dll
deleting local copy: multus40.dll
deleting local copy: mvl_qic.dll
deleting local copy: mvl_qic.dll
deleting local copy: myhtmled.dll
deleting local copy: myhtmled.dll
deleting local copy: nadsbcli.dll
deleting local copy: nadsbcli.dll
deleting local copy: nllsapi.dll
deleting local copy: nllsapi.dll
deleting local copy: nxmarta.dll
deleting local copy: nxmarta.dll
deleting local copy: pvtorec.dll
deleting local copy: pvtorec.dll
deleting local copy: pxrfproc.dll
deleting local copy: pxrfproc.dll
deleting local copy: riuteext.dll
deleting local copy: riuteext.dll
deleting local copy: sdcpack.dll
deleting local copy: sdcpack.dll
deleting local copy: skim.dll
deleting local copy: skim.dll
deleting local copy: stim.dll
deleting local copy: stim.dll
deleting local copy: sucur32.dll
deleting local copy: sucur32.dll
deleting local copy: svscrap.dll
deleting local copy: svscrap.dll
deleting local copy: svxcoins.dll
deleting local copy: svxcoins.dll
deleting local copy: wanetmgr.dll
deleting local copy: wanetmgr.dll
deleting local copy: wobhits.dll
deleting local copy: wobhits.dll
deleting local copy: WSNTRUST.DLL
deleting local copy: WSNTRUST.DLL
deleting local copy: wswfaxui.dll
deleting local copy: wswfaxui.dll
deleting local copy: wxvdmoe2.dll
deleting local copy: wxvdmoe2.dll
deleting local copy: guard.tmp
deleting local copy: guard.tmp
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
C:\WINNT\system32\asctres.dll
C:\WINNT\system32\asctres.dll
C:\WINNT\system32\aysldpc.dll
C:\WINNT\system32\aysldpc.dll
C:\WINNT\system32\chm.dll
C:\WINNT\system32\chm.dll
C:\WINNT\system32\cMbinet.dll
C:\WINNT\system32\cMbinet.dll
C:\WINNT\system32\cqmsnap.dll
C:\WINNT\system32\cqmsnap.dll
C:\WINNT\system32\CTDBControlRoxio.dll
C:\WINNT\system32\CTDBControlRoxio.dll
C:\WINNT\system32\ddsynth.dll
C:\WINNT\system32\ddsynth.dll
C:\WINNT\system32\ddvenum.dll
C:\WINNT\system32\ddvenum.dll
C:\WINNT\system32\dnmsspxn.dll
C:\WINNT\system32\dnmsspxn.dll
C:\WINNT\system32\dxdskres.dll
C:\WINNT\system32\dxdskres.dll
C:\WINNT\system32\ehs.dll
C:\WINNT\system32\ehs.dll
C:\WINNT\system32\fantext.dll
C:\WINNT\system32\fantext.dll
C:\WINNT\system32\GSI32.DLL
C:\WINNT\system32\GSI32.DLL
C:\WINNT\system32\iiaksie.dll
C:\WINNT\system32\iiaksie.dll
C:\WINNT\system32\kodsp.dll
C:\WINNT\system32\kodsp.dll
C:\WINNT\system32\mdr2cenu.dll
C:\WINNT\system32\mdr2cenu.dll
C:\WINNT\system32\mpwdat10.dll
C:\WINNT\system32\mpwdat10.dll
C:\WINNT\system32\mscndmgr.dll
C:\WINNT\system32\mscndmgr.dll
C:\WINNT\system32\muhtmler.dll
C:\WINNT\system32\muhtmler.dll
C:\WINNT\system32\multus40.dll
C:\WINNT\system32\multus40.dll
C:\WINNT\system32\mvl_qic.dll
C:\WINNT\system32\mvl_qic.dll
C:\WINNT\system32\myhtmled.dll
C:\WINNT\system32\myhtmled.dll
C:\WINNT\system32\nadsbcli.dll
C:\WINNT\system32\nadsbcli.dll
C:\WINNT\system32\nllsapi.dll
C:\WINNT\system32\nllsapi.dll
C:\WINNT\system32\nxmarta.dll
C:\WINNT\system32\nxmarta.dll
C:\WINNT\system32\pvtorec.dll
C:\WINNT\system32\pvtorec.dll
C:\WINNT\system32\pxrfproc.dll
C:\WINNT\system32\pxrfproc.dll
C:\WINNT\system32\riuteext.dll
C:\WINNT\system32\riuteext.dll
C:\WINNT\system32\sdcpack.dll
C:\WINNT\system32\sdcpack.dll
C:\WINNT\system32\skim.dll
C:\WINNT\system32\skim.dll
C:\WINNT\system32\stim.dll
C:\WINNT\system32\stim.dll
C:\WINNT\system32\sucur32.dll
C:\WINNT\system32\sucur32.dll
C:\WINNT\system32\svscrap.dll
C:\WINNT\system32\svscrap.dll
C:\WINNT\system32\svxcoins.dll
C:\WINNT\system32\svxcoins.dll
C:\WINNT\system32\wanetmgr.dll
C:\WINNT\system32\wanetmgr.dll
C:\WINNT\system32\wobhits.dll
C:\WINNT\system32\wobhits.dll
C:\WINNT\system32\WSNTRUST.DLL
C:\WINNT\system32\WSNTRUST.DLL
C:\WINNT\system32\wswfaxui.dll
C:\WINNT\system32\wswfaxui.dll
C:\WINNT\system32\wxvdmoe2.dll
C:\WINNT\system32\wxvdmoe2.dll
C:\WINNT\system32\guard.tmp
C:\WINNT\system32\guard.tmp
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{B6DE09ED-4F06-408B-818E-669D1A249FE2}"=-
"{0D18ABD5-C0D4-46BF-9DE9-41E22669D542}"=-
"{E9933737-ACBE-40E0-B614-617B838EEE24}"=-
"{151E8D3A-7D2D-40A6-BFD6-0683D1F57E59}"=-
"{350DBE13-34D9-4ECB-A32E-323D00D9E7FD}"=-
[-HKEY_CLASSES_ROOT\CLSID\{B6DE09ED-4F06-408B-818E-669D1A249FE2}]
[-HKEY_CLASSES_ROOT\CLSID\{0D18ABD5-C0D4-46BF-9DE9-41E22669D542}]
[-HKEY_CLASSES_ROOT\CLSID\{E9933737-ACBE-40E0-B614-617B838EEE24}]
[-HKEY_CLASSES_ROOT\CLSID\{151E8D3A-7D2D-40A6-BFD6-0683D1F57E59}]
[-HKEY_CLASSES_ROOT\CLSID\{350DBE13-34D9-4ECB-A32E-323D00D9E7FD}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Logfile of HijackThis v1.99.1
Scan saved at 9:31:56 AM, on 7/18/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINNT\system32\am772cfg.exe
C:\WINNT\System32\USBMonit.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Wireless LAN\WLAN CardBus Utility\WLAN_UI.EXE
C:\WINNT\explorer.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\cbagent\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.windowsdownloads.com/success.htm
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\cfgmgr52.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [AMD Wireless Network Configuration] "C:\WINNT\system32\am772cfg.exe"
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\System32\USBMonit.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WLAN CardBus Utility.lnk = C:\Program Files\Wireless LAN\WLAN CardBus Utility\WLAN_UI.EXE
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Dr...Non_Member.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/Ms...Downloader.cab
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation:
Solved Threads: 753
That's sorted out L2M. Now for the rest 
.
===============
Now, let's open a command prompt by going to the start menu and then select 'Run'.
In the box that pops up type in 'cmd'. The command prompt will open.
OR
You can go to Start -> Programs -> Accessories -> Command Prompt. Unregister the dll(s) we're going to remove, by entering the following:
regsvr32 /u cfgmgr52.dll
It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save typing them in.
===============
Run HiJackThis, click "Scan", then check(tick) the following, if present:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\cfgmgr52.dll
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:
files...
C:\WINNT\cfgmgr52.dll
Search for...
AUNPS2.DLL
...using "Start | Search...".
-
Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".
-
Reboot.
===============
After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
.===============
Now, let's open a command prompt by going to the start menu and then select 'Run'.
In the box that pops up type in 'cmd'. The command prompt will open.
OR
You can go to Start -> Programs -> Accessories -> Command Prompt. Unregister the dll(s) we're going to remove, by entering the following:
regsvr32 /u cfgmgr52.dll
It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save typing them in.
===============
Run HiJackThis, click "Scan", then check(tick) the following, if present:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\cfgmgr52.dll
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:
files...
C:\WINNT\cfgmgr52.dll
Search for...
AUNPS2.DLL
...using "Start | Search...".
-
Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".
-
Reboot.
===============
After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
I followed your instructions. All went well but still no internet access. Here is the HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 7:58:16 PM, on 7/18/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINNT\system32\am772cfg.exe
C:\WINNT\System32\USBMonit.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Wireless LAN\WLAN CardBus Utility\WLAN_UI.EXE
C:\Documents and Settings\cbagent\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.windowsdownloads.com/success.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [AMD Wireless Network Configuration] "C:\WINNT\system32\am772cfg.exe"
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\System32\USBMonit.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WLAN CardBus Utility.lnk = C:\Program Files\Wireless LAN\WLAN CardBus Utility\WLAN_UI.EXE
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Dr...Non_Member.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 7:58:16 PM, on 7/18/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINNT\system32\am772cfg.exe
C:\WINNT\System32\USBMonit.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Wireless LAN\WLAN CardBus Utility\WLAN_UI.EXE
C:\Documents and Settings\cbagent\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.windowsdownloads.com/success.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [AMD Wireless Network Configuration] "C:\WINNT\system32\am772cfg.exe"
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\System32\USBMonit.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WLAN CardBus Utility.lnk = C:\Program Files\Wireless LAN\WLAN CardBus Utility\WLAN_UI.EXE
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Dr...Non_Member.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation:
Solved Threads: 753
Download and run Winsockfix from here http://www.softpedia.com/get/Tweak/N...nSockFix.shtml
See if that helps your connection problems.
See if that helps your connection problems.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation:
Solved Threads: 753
Download LSPfix from here
On the opening screen, click the "I know what I'm doing" checkbox. Then click Finish.
On the opening screen, click the "I know what I'm doing" checkbox. Then click Finish.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
|
Similar Threads
- internet explorer has stopped working (Web Browsers)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: MSplg7.dll Trojan. How to delete?
- Next Thread: Punkbuster kicks me from every server-Insufficient o/s privilages
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio backtoschoolspeech bar blackhat botnet botnets china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia email europe exam facebook fake fancheckvirus gaming gtaiv gumblar halloween hijack internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm zeroday
