0

I am using a Dell Latitude CPx Laptop with Windows 2000. Access to the internet has stopped working a couple of days ago. However, in "Safe" mode, I can access the internet OK. I suspect that there may be an unwanted guest in my computer.

For convenience this message is being sent from a working desktop machine.

Here is the log of the HijackThis scan of the sick Laptop:

Logfile of HijackThis v1.99.1
Scan saved at 10:22:01 AM, on 7/17/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINNT\system32\am772cfg.exe
C:\WINNT\System32\USBMonit.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINNT\system32\RUNDLL32.exe
C:\Program Files\WinFixer 2005\wfx5.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Wireless LAN\WLAN CardBus Utility\WLAN_UI.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAV.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAV.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PestPatrol5.exe
C:\Documents and Settings\cbagent\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.windowsdownloads.com/success.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [AMD Wireless Network Configuration] "C:\WINNT\system32\am772cfg.exe"
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\System32\USBMonit.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WLAN CardBus Utility.lnk = C:\Program Files\Wireless LAN\WLAN CardBus Utility\WLAN_UI.EXE
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_Detective_v43_Non_Member.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: Extensions - C:\WINNT\system32\cMbinet.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

I would be most grateful for any help you can give me.

2
Contributors
11
Replies
12
Views
12 Years
Discussion Span
Last Post by James Marsden
0

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

0

Done that. Here is the report:

L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\policies]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINNT\\system32\\cMbinet.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{9ACF1094-ED3B-18F6-B8F9-D0A31F5BBD91}"=""


**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network and Dial-up Connections"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{1A9BA3A0-143A-11CF-8350-444553540000}"="Shell Favorite Folder"
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="My Computer"
"{86747AC0-42A0-1069-A2E6-08002B30309D}"="Briefcase Folder"
"{0AFACED1-E828-11D1-9187-B532F1E9575D}"="Folder Shortcut"
"{12518493-00B2-11d2-9FA5-9E3420524153}"="Mounted Volume"
"{21B22460-3AEA-1069-A2DC-08002B30309D}"="File Property Page Extension"
"{B091E540-83E3-11CF-A713-0020AFD79762}"="File Types Page"
"{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="MIME File Types Hook"
"{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Microsoft CopyTo Service"
"{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Microsoft MoveTo Service"
"{13709620-C279-11CE-A49E-444553540000}"="Shell Automation Service"
"{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View"
"{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Start Menu"
"{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Microsoft SendTo Service"
"{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Microsoft New Object Service"
"{09799AFB-AD67-11d1-ABCD-00C04FC30936}"="Open With Context Menu Handler"
"{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Display Control Panel HTML Extensions"
"{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop"
"{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Folder Options Property Page Extension"
"{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon"
"{4657278A-411B-11d2-839A-00C04FD918D0}"="Shell Drag and Drop helper"
"{A470F8CF-A1E8-4f65-8335-227475AA5C46}"="Add encryption item to context menus in explorer"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Shell Folder"
"{5b4dae26-b807-11d0-9815-00c04fd91972}"="Menu Band"
"{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Tracking Shell Menu"
"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site"
"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Desk Bar"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Links"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7487cd30-f71a-11d0-9ea7-00805f714772}"="Thumbnail Image"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Thumbnails"
"{EAB841A0-9550-11CF-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{1AEB1360-5AFC-11D0-B806-00C04FD706EC}"="Office Graphics Filters Thumbnail Extractor"
"{9DBD2C50-62AD-11D0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{500202A0-731E-11D0-B829-00C04FD706EC}"="LNK file thumbnail interface delegator"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8C-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{fe1290f0-cfbd-11cf-a330-00aa00c16e65}"="Directory Namespace"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="MyDocs Folder"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{5E44E225-A408-11CF-B581-008029601108}"="Roxio DragToDisc Shell Extension"
"{A44D5ACC-3411-40DE-9AD3-214FFB2ED7AC}"="My Media"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{B6DE09ED-4F06-408B-818E-669D1A249FE2}"=""
"{0D18ABD5-C0D4-46BF-9DE9-41E22669D542}"=""
"{E9933737-ACBE-40E0-B614-617B838EEE24}"=""
"{151E8D3A-7D2D-40A6-BFD6-0683D1F57E59}"=""
"{350DBE13-34D9-4ECB-A32E-323D00D9E7FD}"=""
"{1CE2AA40-1317-11D3-9922-00104B0AD431}"="CA_AntiVirus"


**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00


[HKEY_CLASSES_ROOT\CLSID\{B6DE09ED-4F06-408B-818E-669D1A249FE2}]
@=""


[HKEY_CLASSES_ROOT\CLSID\{B6DE09ED-4F06-408B-818E-669D1A249FE2}\Implemented Categories]
@=""


[HKEY_CLASSES_ROOT\CLSID\{B6DE09ED-4F06-408B-818E-669D1A249FE2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""


[HKEY_CLASSES_ROOT\CLSID\{B6DE09ED-4F06-408B-818E-669D1A249FE2}\InprocServer32]
@="C:\\WINNT\\system32\\guard.tmp"
"ThreadingModel"="Apartment"


Windows Registry Editor Version 5.00


[HKEY_CLASSES_ROOT\CLSID\{0D18ABD5-C0D4-46BF-9DE9-41E22669D542}]
@=""
"IDEx"="ST007"


[HKEY_CLASSES_ROOT\CLSID\{0D18ABD5-C0D4-46BF-9DE9-41E22669D542}\Implemented Categories]
@=""


[HKEY_CLASSES_ROOT\CLSID\{0D18ABD5-C0D4-46BF-9DE9-41E22669D542}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""


[HKEY_CLASSES_ROOT\CLSID\{0D18ABD5-C0D4-46BF-9DE9-41E22669D542}\InprocServer32]
@="C:\\WINNT\\system32\\mvl_qic.dll"
"ThreadingModel"="Apartment"


Windows Registry Editor Version 5.00


[HKEY_CLASSES_ROOT\CLSID\{E9933737-ACBE-40E0-B614-617B838EEE24}]
@=""
"IDEx"="ST007"


[HKEY_CLASSES_ROOT\CLSID\{E9933737-ACBE-40E0-B614-617B838EEE24}\Implemented Categories]
@=""


[HKEY_CLASSES_ROOT\CLSID\{E9933737-ACBE-40E0-B614-617B838EEE24}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""


[HKEY_CLASSES_ROOT\CLSID\{E9933737-ACBE-40E0-B614-617B838EEE24}\InprocServer32]
@="C:\\WINNT\\system32\\mscndmgr.dll"
"ThreadingModel"="Apartment"


Windows Registry Editor Version 5.00


[HKEY_CLASSES_ROOT\CLSID\{151E8D3A-7D2D-40A6-BFD6-0683D1F57E59}]
@=""


[HKEY_CLASSES_ROOT\CLSID\{151E8D3A-7D2D-40A6-BFD6-0683D1F57E59}\Implemented Categories]
@=""


[HKEY_CLASSES_ROOT\CLSID\{151E8D3A-7D2D-40A6-BFD6-0683D1F57E59}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""


[HKEY_CLASSES_ROOT\CLSID\{151E8D3A-7D2D-40A6-BFD6-0683D1F57E59}\InprocServer32]
@="C:\\WINNT\\system32\\muhtmler.dll"
"ThreadingModel"="Apartment"


Windows Registry Editor Version 5.00


[HKEY_CLASSES_ROOT\CLSID\{350DBE13-34D9-4ECB-A32E-323D00D9E7FD}]
@=""


[HKEY_CLASSES_ROOT\CLSID\{350DBE13-34D9-4ECB-A32E-323D00D9E7FD}\Implemented Categories]
@=""


[HKEY_CLASSES_ROOT\CLSID\{350DBE13-34D9-4ECB-A32E-323D00D9E7FD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""


[HKEY_CLASSES_ROOT\CLSID\{350DBE13-34D9-4ECB-A32E-323D00D9E7FD}\InprocServer32]
@="C:\\WINNT\\system32\\ddvenum.dll"
"ThreadingModel"="Apartment"


**********************************************************************************
Files Found are not all bad files:


C:\WINNT\SYSTEM32\
asctres.dll    Sun Jul 10 2005   8:03:46p  ..S.R        417,792   408.00 K
atl71.dll      Wed Jul  6 2005   5:17:28p  A....         89,088    87.00 K
aunps2.dll     Sun Jul 17 2005   3:34:04a  A....         24,576    24.00 K
aysldpc.dll    Sun Jul 17 2005   4:27:50a  ..S.R        417,792   408.00 K
chm.dll        Sun Jul 17 2005   9:42:24a  ..S.R        417,792   408.00 K
cmbinet.dll    Sun Jul 17 2005   3:28:30a  ..S.R        417,792   408.00 K
cqmsnap.dll    Sun Jul 10 2005   9:13:08p  ..S.R        417,792   408.00 K
ctdbco~1.dll   Sun Jul 17 2005   3:28:38a  ..S.R        417,792   408.00 K
ddsynth.dll    Tue Jul 12 2005   1:48:36a  ..S.R        417,792   408.00 K
ddvenum.dll    Sun Jun 19 2005   8:46:20p  ..S.R        417,792   408.00 K
dnmsspxn.dll   Mon Jul 11 2005   8:43:16p  ..S.R        417,792   408.00 K
dxdskres.dll   Tue Jul 12 2005   2:04:40a  ..S.R        417,792   408.00 K
ehs.dll        Sun Jul 10 2005   7:33:18p  ..S.R        417,792   408.00 K
fantext.dll    Tue Jul 12 2005   3:00:56a  ..S.R        417,792   408.00 K
gccoll~1.dll   Fri Jun 24 2005   3:24:22p  A....        126,680   123.71 K
gcunco~1.dll   Fri Jun 24 2005   3:24:20p  A....         95,448    93.21 K
gsi32.dll      Sun Jul 10 2005   7:24:12p  ..S.R        417,792   408.00 K
hashlib.dll    Fri Jun 24 2005   3:24:22p  A....        117,976   115.21 K
hhsetup.dll    Thu Apr 21 2005   7:16:56a  A....         38,912    38.00 K
iiaksie.dll    Sun Jun 19 2005   5:58:56a  .....        417,792   408.00 K
inetcomm.dll   Tue May  3 2005   4:26:50p  A....        596,480   582.50 K
itircl.dll     Thu Apr 21 2005   7:16:56a  A....        143,872   140.50 K
itss.dll       Thu Apr 21 2005   7:16:56a  A....        128,000   125.00 K
kodsp.dll      Fri Jun 17 2005   8:21:44p  ..S.R        417,792   408.00 K
mdr2cenu.dll   Sun Jul 17 2005   4:58:38a  ..S.R        417,792   408.00 K
mfc71.dll      Wed Jul  6 2005   5:17:28p  A....      1,060,864     1.01 M
mpwdat10.dll   Fri Jul  8 2005   9:20:32p  ..S.R        417,792   408.00 K
mscndmgr.dll   Fri Jun 17 2005   8:22:08p  ..S.R        417,792   408.00 K
mshtml.dll     Wed Apr 27 2005  10:52:56a  A....      2,698,752     2.57 M
msi.dll        Wed May  4 2005   2:45:32p  A....      2,890,240     2.75 M
msihnd.dll     Wed May  4 2005   2:45:36p  A....        271,360   265.00 K
msimsg.dll     Wed May  4 2005   2:45:36p  A....        884,736   864.00 K
msisip.dll     Wed May  4 2005   2:45:36p  A....         15,360    15.00 K
msvcp71.dll    Wed Jul  6 2005   5:17:28p  A....        499,712   488.00 K
msvcr71.dll    Wed Jul  6 2005   5:17:28p  A....        348,160   340.00 K
muhtmler.dll   Sun Jul 17 2005   9:47:24p  ..S.R        417,792   408.00 K
multus40.dll   Mon Jul 11 2005   6:24:36p  ..S.R        417,792   408.00 K
mvl_qic.dll    Fri Jun 17 2005   8:22:06p  ..S.R        417,792   408.00 K
myhtmled.dll   Sun Jul 17 2005   4:14:56a  ..S.R        417,792   408.00 K
nadsbcli.dll   Sun Jul 17 2005   4:53:44a  ..S.R        417,792   408.00 K
nllsapi.dll    Mon Jul  4 2005  12:26:38a  ..S.R        417,792   408.00 K
pngfilt.dll    Wed Apr 27 2005  10:53:06a  A....         34,816    34.00 K
pvtorec.dll    Mon Jul 11 2005   7:34:32p  ..S.R        417,792   408.00 K
pxrfproc.dll   Thu Jul  7 2005   7:49:34p  ..S.R        417,792   408.00 K
riuteext.dll   Sun Jul 17 2005   8:03:16a  ..S.R        417,792   408.00 K
rtclib.dll     Mon Apr 25 2005  11:52:42p  A....      1,011,928   988.21 K
rtcrtp.dll     Mon Apr 25 2005  11:52:42p  A....        430,296   420.21 K
sdcpack.dll    Sun Jul 17 2005   6:56:38p  ..S.R        417,792   408.00 K
shdocvw.dll    Wed Apr 27 2005   2:50:48p  A....      1,338,368     1.27 M
skim.dll       Fri Jun 17 2005  10:07:30p  ..S.R        417,792   408.00 K
sp3res.dll     Thu Apr 21 2005   3:07:06a  A....      6,309,376     6.02 M
stim.dll       Fri Jun 17 2005  10:07:20p  ..S.R        417,792   408.00 K
sucur32.dll    Sun Jul 10 2005  10:50:02p  ..S.R        417,792   408.00 K
supdate.dll    Fri Jul  8 2005   8:34:42a  A....         29,184    28.50 K
svscrap.dll    Mon Jun 20 2005   5:16:36a  ..S.R        417,792   408.00 K
vetredir.dll   Thu Jun 23 2005   4:55:10a  A....         74,864    73.11 K
wanetmgr.dll   Sun Jul 17 2005   3:28:02a  ..S.R        417,792   408.00 K
webvw.dll      Fri Apr 29 2005  12:16:10a  A....      1,119,504     1.07 M
wininet.dll    Wed Apr 27 2005  10:54:24a  A....        574,976   561.50 K
wobhits.dll    Sun Jul 17 2005   5:16:52a  ..S.R        417,792   408.00 K
wsntrust.dll   Sun Jul 17 2005   4:01:04a  ..S.R        417,792   408.00 K
wswfaxui.dll   Mon Jun 20 2005   5:37:48a  ..S.R        417,792   408.00 K
wxvdmoe2.dll   Mon Jun 20 2005   5:37:56a  ..S.R        417,792   408.00 K


63 items found:  63 files (36 H/S), 0 directories.
Total of file sizes:  36,411,832 bytes     34.72 M
Locate .tmp files:


C:\WINNT\SYSTEM32\
guard.tmp      Fri Jun 17 2005  10:11:16p  ..S.R        417,792   408.00 K


1 item found:  1 file (1 H/S), 0 directories.
Total of file sizes:  417,792 bytes    408.00 K
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 0C0A-4DE4


Directory of C:\WINNT\System32


07/17/2005  09:47p             417,792 muhtmler.dll
07/17/2005  06:56p             417,792 sdcpack.dll
07/17/2005  09:42a             417,792 chm.dll
07/17/2005  08:03a             417,792 riuteext.dll
07/17/2005  05:16a             417,792 wobhits.dll
07/17/2005  04:58a             417,792 mdr2cenu.dll
07/17/2005  04:53a             417,792 nadsbcli.dll
07/17/2005  04:27a             417,792 aysldpc.dll
07/17/2005  04:14a             417,792 myhtmled.dll
07/17/2005  04:01a             417,792 WSNTRUST.DLL
07/17/2005  03:46a              82,432 uecp.exe
07/17/2005  03:28a             417,792 CTDBControlRoxio.dll
07/17/2005  03:28a             417,792 cMbinet.dll
07/17/2005  03:28a             417,792 wanetmgr.dll
07/12/2005  03:00a             417,792 fantext.dll
07/12/2005  02:04a             417,792 dxdskres.dll
07/12/2005  01:48a             417,792 ddsynth.dll
07/11/2005  08:43p             417,792 dnmsspxn.dll
07/11/2005  07:34p             417,792 pvtorec.dll
07/11/2005  06:24p             417,792 multus40.dll
07/10/2005  10:50p             417,792 sucur32.dll
07/10/2005  09:13p             417,792 cqmsnap.dll
07/10/2005  08:03p             417,792 asctres.dll
07/10/2005  07:33p             417,792 ehs.dll
07/10/2005  07:24p             417,792 GSI32.DLL
07/08/2005  09:20p             417,792 mpwdat10.dll
07/07/2005  07:49p             417,792 pxrfproc.dll
07/04/2005  12:26a             417,792 nllsapi.dll
06/20/2005  05:37a             417,792 wxvdmoe2.dll
06/20/2005  05:37a             417,792 wswfaxui.dll
06/20/2005  05:16a             417,792 svscrap.dll
06/19/2005  08:46p             417,792 ddvenum.dll
06/19/2005  06:21a      <DIR>          dllcache
06/17/2005  10:11p             417,792 guard.tmp
06/17/2005  10:07p             417,792 skim.dll
06/17/2005  10:07p             417,792 stim.dll
06/17/2005  08:22p             417,792 mscndmgr.dll
06/17/2005  08:22p             417,792 mvl_qic.dll
06/17/2005  08:21p             417,792 kodsp.dll
38 File(s)     15,540,736 bytes
1 Dir(s)   9,579,913,216 bytes free

Edited by pritaeas: Fixed formatting

0

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!

0

I followed your instructions. Here are the results:

L2Mfix 1.03a

Running From:
C:\Documents and Settings\cbagent\Desktop\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software ([url]http://www.heysoft.de[/url])
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI)    ALLOW  Full access  NT AUTHORITY\SYSTEM
(IO)    ALLOW  Full access  NT AUTHORITY\SYSTEM
(NI)    ALLOW  Full access  NT AUTHORITY\SYSTEM
(IO)    ALLOW  Full access  NT AUTHORITY\SYSTEM
(ID-NI) ALLOW  Read         BUILTIN\Users
(ID-IO) ALLOW  Read         BUILTIN\Users
(ID-NI) ALLOW  Read         BUILTIN\Power Users
(ID-IO) ALLOW  Read         BUILTIN\Power Users
(ID-NI) ALLOW  Full access  BUILTIN\Administrators
(ID-IO) ALLOW  Full access  BUILTIN\Administrators
(ID-NI) ALLOW  Full access  NT AUTHORITY\SYSTEM
(ID-IO) ALLOW  Full access  NT AUTHORITY\SYSTEM
(ID-IO) ALLOW  Full access  CREATOR OWNER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software ([url]http://www.heysoft.de[/url])
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
 - adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software ([url]http://www.heysoft.de[/url])
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI)    DENY   --C-------       BUILTIN\Administrators
(NI)    ALLOW  Full access  NT AUTHORITY\SYSTEM
(IO)    ALLOW  Full access  NT AUTHORITY\SYSTEM
(NI)    ALLOW  Full access  NT AUTHORITY\SYSTEM
(IO)    ALLOW  Full access  NT AUTHORITY\SYSTEM
(ID-NI) ALLOW  Read         BUILTIN\Users
(ID-IO) ALLOW  Read         BUILTIN\Users
(ID-NI) ALLOW  Read         BUILTIN\Power Users
(ID-IO) ALLOW  Read         BUILTIN\Power Users
(ID-NI) ALLOW  Full access  BUILTIN\Administrators
(ID-IO) ALLOW  Full access  BUILTIN\Administrators
(ID-NI) ALLOW  Full access  NT AUTHORITY\SYSTEM
(ID-IO) ALLOW  Full access  NT AUTHORITY\SYSTEM
(ID-IO) ALLOW  Full access  CREATOR OWNER



Setting up for Reboot


Starting Reboot!

C:\Documents and Settings\cbagent\Desktop\l2mfix 
System Rebooted! 

Running From:
C:\Documents and Settings\cbagent\Desktop\l2mfix

killing explorer and rundll32.exe 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 [email]Craig.Peacock@beyondlogic.org[/email]
Killing PID 932 'explorer.exe'
Killing PID 932 'explorer.exe'
Error 0x5 : Access is denied.


Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 [email]Craig.Peacock@beyondlogic.org[/email]
Killing PID 1036 'rundll32.exe'
Killing PID 1428 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed 

Second Pass Scanning 

Second pass Completed!
Backing Up: C:\WINNT\system32\asctres.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\asctres.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\aysldpc.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\aysldpc.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\chm.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\chm.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\cMbinet.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\cMbinet.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\cqmsnap.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\cqmsnap.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\CTDBControlRoxio.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\CTDBControlRoxio.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\ddsynth.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\ddsynth.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\ddvenum.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\ddvenum.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\dnmsspxn.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\dnmsspxn.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\dxdskres.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\dxdskres.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\ehs.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\ehs.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\fantext.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\fantext.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\GSI32.DLL
        1 file(s) copied.
Backing Up: C:\WINNT\system32\GSI32.DLL
        1 file(s) copied.
Backing Up: C:\WINNT\system32\iiaksie.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\iiaksie.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\kodsp.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\kodsp.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\mdr2cenu.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\mdr2cenu.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\mpwdat10.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\mpwdat10.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\mscndmgr.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\mscndmgr.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\muhtmler.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\muhtmler.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\multus40.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\multus40.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\mvl_qic.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\mvl_qic.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\myhtmled.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\myhtmled.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\nadsbcli.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\nadsbcli.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\nllsapi.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\nllsapi.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\nxmarta.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\nxmarta.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\pvtorec.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\pvtorec.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\pxrfproc.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\pxrfproc.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\riuteext.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\riuteext.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\sdcpack.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\sdcpack.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\skim.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\skim.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\stim.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\stim.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\sucur32.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\sucur32.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\svscrap.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\svscrap.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\svxcoins.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\svxcoins.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\wanetmgr.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\wanetmgr.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\wobhits.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\wobhits.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\WSNTRUST.DLL
        1 file(s) copied.
Backing Up: C:\WINNT\system32\WSNTRUST.DLL
        1 file(s) copied.
Backing Up: C:\WINNT\system32\wswfaxui.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\wswfaxui.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\wxvdmoe2.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\wxvdmoe2.dll
        1 file(s) copied.
Backing Up: C:\WINNT\system32\guard.tmp
        1 file(s) copied.
Backing Up: C:\WINNT\system32\guard.tmp
        1 file(s) copied.
deleting: C:\WINNT\system32\asctres.dll  
Successfully Deleted: C:\WINNT\system32\asctres.dll
deleting: C:\WINNT\system32\asctres.dll  
Successfully Deleted: C:\WINNT\system32\asctres.dll
deleting: C:\WINNT\system32\aysldpc.dll  
Successfully Deleted: C:\WINNT\system32\aysldpc.dll
deleting: C:\WINNT\system32\aysldpc.dll  
Successfully Deleted: C:\WINNT\system32\aysldpc.dll
deleting: C:\WINNT\system32\chm.dll  
Successfully Deleted: C:\WINNT\system32\chm.dll
deleting: C:\WINNT\system32\chm.dll  
Successfully Deleted: C:\WINNT\system32\chm.dll
deleting: C:\WINNT\system32\cMbinet.dll  
Successfully Deleted: C:\WINNT\system32\cMbinet.dll
deleting: C:\WINNT\system32\cMbinet.dll  
Successfully Deleted: C:\WINNT\system32\cMbinet.dll
deleting: C:\WINNT\system32\cqmsnap.dll  
Successfully Deleted: C:\WINNT\system32\cqmsnap.dll
deleting: C:\WINNT\system32\cqmsnap.dll  
Successfully Deleted: C:\WINNT\system32\cqmsnap.dll
deleting: C:\WINNT\system32\CTDBControlRoxio.dll  
Successfully Deleted: C:\WINNT\system32\CTDBControlRoxio.dll
deleting: C:\WINNT\system32\CTDBControlRoxio.dll  
Successfully Deleted: C:\WINNT\system32\CTDBControlRoxio.dll
deleting: C:\WINNT\system32\ddsynth.dll  
Successfully Deleted: C:\WINNT\system32\ddsynth.dll
deleting: C:\WINNT\system32\ddsynth.dll  
Successfully Deleted: C:\WINNT\system32\ddsynth.dll
deleting: C:\WINNT\system32\ddvenum.dll  
Successfully Deleted: C:\WINNT\system32\ddvenum.dll
deleting: C:\WINNT\system32\ddvenum.dll  
Successfully Deleted: C:\WINNT\system32\ddvenum.dll
deleting: C:\WINNT\system32\dnmsspxn.dll  
Successfully Deleted: C:\WINNT\system32\dnmsspxn.dll
deleting: C:\WINNT\system32\dnmsspxn.dll  
Successfully Deleted: C:\WINNT\system32\dnmsspxn.dll
deleting: C:\WINNT\system32\dxdskres.dll  
Successfully Deleted: C:\WINNT\system32\dxdskres.dll
deleting: C:\WINNT\system32\dxdskres.dll  
Successfully Deleted: C:\WINNT\system32\dxdskres.dll
deleting: C:\WINNT\system32\ehs.dll  
Successfully Deleted: C:\WINNT\system32\ehs.dll
deleting: C:\WINNT\system32\ehs.dll  
Successfully Deleted: C:\WINNT\system32\ehs.dll
deleting: C:\WINNT\system32\fantext.dll  
Successfully Deleted: C:\WINNT\system32\fantext.dll
deleting: C:\WINNT\system32\fantext.dll  
Successfully Deleted: C:\WINNT\system32\fantext.dll
deleting: C:\WINNT\system32\GSI32.DLL  
Successfully Deleted: C:\WINNT\system32\GSI32.DLL
deleting: C:\WINNT\system32\GSI32.DLL  
Successfully Deleted: C:\WINNT\system32\GSI32.DLL
deleting: C:\WINNT\system32\iiaksie.dll  
Successfully Deleted: C:\WINNT\system32\iiaksie.dll
deleting: C:\WINNT\system32\iiaksie.dll  
Successfully Deleted: C:\WINNT\system32\iiaksie.dll
deleting: C:\WINNT\system32\kodsp.dll  
Successfully Deleted: C:\WINNT\system32\kodsp.dll
deleting: C:\WINNT\system32\kodsp.dll  
Successfully Deleted: C:\WINNT\system32\kodsp.dll
deleting: C:\WINNT\system32\mdr2cenu.dll  
Successfully Deleted: C:\WINNT\system32\mdr2cenu.dll
deleting: C:\WINNT\system32\mdr2cenu.dll  
Successfully Deleted: C:\WINNT\system32\mdr2cenu.dll
deleting: C:\WINNT\system32\mpwdat10.dll  
Successfully Deleted: C:\WINNT\system32\mpwdat10.dll
deleting: C:\WINNT\system32\mpwdat10.dll  
Successfully Deleted: C:\WINNT\system32\mpwdat10.dll
deleting: C:\WINNT\system32\mscndmgr.dll  
Successfully Deleted: C:\WINNT\system32\mscndmgr.dll
deleting: C:\WINNT\system32\mscndmgr.dll  
Successfully Deleted: C:\WINNT\system32\mscndmgr.dll
deleting: C:\WINNT\system32\muhtmler.dll  
Successfully Deleted: C:\WINNT\system32\muhtmler.dll
deleting: C:\WINNT\system32\muhtmler.dll  
Successfully Deleted: C:\WINNT\system32\muhtmler.dll
deleting: C:\WINNT\system32\multus40.dll  
Successfully Deleted: C:\WINNT\system32\multus40.dll
deleting: C:\WINNT\system32\multus40.dll  
Successfully Deleted: C:\WINNT\system32\multus40.dll
deleting: C:\WINNT\system32\mvl_qic.dll  
Successfully Deleted: C:\WINNT\system32\mvl_qic.dll
deleting: C:\WINNT\system32\mvl_qic.dll  
Successfully Deleted: C:\WINNT\system32\mvl_qic.dll
deleting: C:\WINNT\system32\myhtmled.dll  
Successfully Deleted: C:\WINNT\system32\myhtmled.dll
deleting: C:\WINNT\system32\myhtmled.dll  
Successfully Deleted: C:\WINNT\system32\myhtmled.dll
deleting: C:\WINNT\system32\nadsbcli.dll  
Successfully Deleted: C:\WINNT\system32\nadsbcli.dll
deleting: C:\WINNT\system32\nadsbcli.dll  
Successfully Deleted: C:\WINNT\system32\nadsbcli.dll
deleting: C:\WINNT\system32\nllsapi.dll  
Successfully Deleted: C:\WINNT\system32\nllsapi.dll
deleting: C:\WINNT\system32\nllsapi.dll  
Successfully Deleted: C:\WINNT\system32\nllsapi.dll
deleting: C:\WINNT\system32\nxmarta.dll  
Successfully Deleted: C:\WINNT\system32\nxmarta.dll
deleting: C:\WINNT\system32\nxmarta.dll  
Successfully Deleted: C:\WINNT\system32\nxmarta.dll
deleting: C:\WINNT\system32\pvtorec.dll  
Successfully Deleted: C:\WINNT\system32\pvtorec.dll
deleting: C:\WINNT\system32\pvtorec.dll  
Successfully Deleted: C:\WINNT\system32\pvtorec.dll
deleting: C:\WINNT\system32\pxrfproc.dll  
Successfully Deleted: C:\WINNT\system32\pxrfproc.dll
deleting: C:\WINNT\system32\pxrfproc.dll  
Successfully Deleted: C:\WINNT\system32\pxrfproc.dll
deleting: C:\WINNT\system32\riuteext.dll  
Successfully Deleted: C:\WINNT\system32\riuteext.dll
deleting: C:\WINNT\system32\riuteext.dll  
Successfully Deleted: C:\WINNT\system32\riuteext.dll
deleting: C:\WINNT\system32\sdcpack.dll  
Successfully Deleted: C:\WINNT\system32\sdcpack.dll
deleting: C:\WINNT\system32\sdcpack.dll  
Successfully Deleted: C:\WINNT\system32\sdcpack.dll
deleting: C:\WINNT\system32\skim.dll  
Successfully Deleted: C:\WINNT\system32\skim.dll
deleting: C:\WINNT\system32\skim.dll  
Successfully Deleted: C:\WINNT\system32\skim.dll
deleting: C:\WINNT\system32\stim.dll  
Successfully Deleted: C:\WINNT\system32\stim.dll
deleting: C:\WINNT\system32\stim.dll  
Successfully Deleted: C:\WINNT\system32\stim.dll
deleting: C:\WINNT\system32\sucur32.dll  
Successfully Deleted: C:\WINNT\system32\sucur32.dll
deleting: C:\WINNT\system32\sucur32.dll  
Successfully Deleted: C:\WINNT\system32\sucur32.dll
deleting: C:\WINNT\system32\svscrap.dll  
Successfully Deleted: C:\WINNT\system32\svscrap.dll
deleting: C:\WINNT\system32\svscrap.dll  
Successfully Deleted: C:\WINNT\system32\svscrap.dll
deleting: C:\WINNT\system32\svxcoins.dll  
Successfully Deleted: C:\WINNT\system32\svxcoins.dll
deleting: C:\WINNT\system32\svxcoins.dll  
Successfully Deleted: C:\WINNT\system32\svxcoins.dll
deleting: C:\WINNT\system32\wanetmgr.dll  
Successfully Deleted: C:\WINNT\system32\wanetmgr.dll
deleting: C:\WINNT\system32\wanetmgr.dll  
Successfully Deleted: C:\WINNT\system32\wanetmgr.dll
deleting: C:\WINNT\system32\wobhits.dll  
Successfully Deleted: C:\WINNT\system32\wobhits.dll
deleting: C:\WINNT\system32\wobhits.dll  
Successfully Deleted: C:\WINNT\system32\wobhits.dll
deleting: C:\WINNT\system32\WSNTRUST.DLL  
Successfully Deleted: C:\WINNT\system32\WSNTRUST.DLL
deleting: C:\WINNT\system32\WSNTRUST.DLL  
Successfully Deleted: C:\WINNT\system32\WSNTRUST.DLL
deleting: C:\WINNT\system32\wswfaxui.dll  
Successfully Deleted: C:\WINNT\system32\wswfaxui.dll
deleting: C:\WINNT\system32\wswfaxui.dll  
Successfully Deleted: C:\WINNT\system32\wswfaxui.dll
deleting: C:\WINNT\system32\wxvdmoe2.dll  
Successfully Deleted: C:\WINNT\system32\wxvdmoe2.dll
deleting: C:\WINNT\system32\wxvdmoe2.dll  
Successfully Deleted: C:\WINNT\system32\wxvdmoe2.dll
deleting: C:\WINNT\system32\guard.tmp  
Successfully Deleted: C:\WINNT\system32\guard.tmp
deleting: C:\WINNT\system32\guard.tmp  
Successfully Deleted: C:\WINNT\system32\guard.tmp


Zipping up files for submission:
  adding: asctres.dll (152 bytes security) (deflated 48%)
  adding: aysldpc.dll (152 bytes security) (deflated 48%)
  adding: chm.dll (152 bytes security) (deflated 48%)
  adding: cMbinet.dll (152 bytes security) (deflated 48%)
  adding: cqmsnap.dll (152 bytes security) (deflated 48%)
  adding: CTDBControlRoxio.dll (152 bytes security) (deflated 48%)
  adding: ddsynth.dll (152 bytes security) (deflated 48%)
  adding: ddvenum.dll (152 bytes security) (deflated 48%)
  adding: dnmsspxn.dll (152 bytes security) (deflated 48%)
  adding: dxdskres.dll (152 bytes security) (deflated 48%)
  adding: ehs.dll (152 bytes security) (deflated 48%)
  adding: fantext.dll (152 bytes security) (deflated 48%)
  adding: GSI32.DLL (152 bytes security) (deflated 48%)
  adding: iiaksie.dll (152 bytes security) (deflated 48%)
  adding: kodsp.dll (152 bytes security) (deflated 48%)
  adding: mdr2cenu.dll (152 bytes security) (deflated 48%)
  adding: mpwdat10.dll (152 bytes security) (deflated 48%)
  adding: mscndmgr.dll (152 bytes security) (deflated 48%)
  adding: muhtmler.dll (152 bytes security) (deflated 48%)
  adding: multus40.dll (152 bytes security) (deflated 48%)
  adding: mvl_qic.dll (152 bytes security) (deflated 48%)
  adding: myhtmled.dll (152 bytes security) (deflated 48%)
  adding: nadsbcli.dll (152 bytes security) (deflated 48%)
  adding: nllsapi.dll (152 bytes security) (deflated 48%)
  adding: nxmarta.dll (152 bytes security) (deflated 48%)
  adding: pvtorec.dll (152 bytes security) (deflated 48%)
  adding: pxrfproc.dll (152 bytes security) (deflated 48%)
  adding: riuteext.dll (152 bytes security) (deflated 48%)
  adding: sdcpack.dll (152 bytes security) (deflated 48%)
  adding: skim.dll (152 bytes security) (deflated 48%)
  adding: stim.dll (152 bytes security) (deflated 48%)
  adding: sucur32.dll (152 bytes security) (deflated 48%)
  adding: svscrap.dll (152 bytes security) (deflated 48%)
  adding: svxcoins.dll (152 bytes security) (deflated 48%)
  adding: wanetmgr.dll (152 bytes security) (deflated 48%)
  adding: wobhits.dll (152 bytes security) (deflated 48%)
  adding: WSNTRUST.DLL (152 bytes security) (deflated 48%)
  adding: wswfaxui.dll (152 bytes security) (deflated 48%)
  adding: wxvdmoe2.dll (152 bytes security) (deflated 48%)
  adding: guard.tmp (152 bytes security) (deflated 48%)
  adding: clear.reg (152 bytes security) (deflated 56%)
  adding: echo.reg (152 bytes security) (deflated 9%)
  adding: direct.txt (152 bytes security) (stored 0%)
  adding: lo2.txt (152 bytes security) (deflated 90%)
  adding: readme.txt (152 bytes security) (deflated 49%)
  adding: report.txt (152 bytes security) (deflated 70%)
  adding: test.txt (152 bytes security) (deflated 90%)
  adding: test2.txt (152 bytes security) (deflated 36%)
  adding: test3.txt (152 bytes security) (deflated 36%)
  adding: test5.txt (152 bytes security) (deflated 36%)
  adding: xfind.txt (152 bytes security) (deflated 87%)
  adding: backregs/0D18ABD5-C0D4-46BF-9DE9-41E22669D542.reg (152 bytes security) (deflated 69%)
  adding: backregs/151E8D3A-7D2D-40A6-BFD6-0683D1F57E59.reg (152 bytes security) (deflated 70%)
  adding: backregs/350DBE13-34D9-4ECB-A32E-323D00D9E7FD.reg (152 bytes security) (deflated 70%)
  adding: backregs/B6DE09ED-4F06-408B-818E-669D1A249FE2.reg (152 bytes security) (deflated 70%)
  adding: backregs/E9933737-ACBE-40E0-B614-617B838EEE24.reg (152 bytes security) (deflated 69%)
  adding: backregs/shell.reg (152 bytes security) (deflated 74%)

Restoring Registry Permissions: 


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software ([url]http://www.heysoft.de[/url])
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software ([url]http://www.heysoft.de[/url])
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI)    ALLOW  Full access  NT AUTHORITY\SYSTEM
(IO)    ALLOW  Full access  NT AUTHORITY\SYSTEM
(NI)    ALLOW  Full access  NT AUTHORITY\SYSTEM
(IO)    ALLOW  Full access  NT AUTHORITY\SYSTEM
(ID-NI) ALLOW  Read         BUILTIN\Users
(ID-IO) ALLOW  Read         BUILTIN\Users
(ID-NI) ALLOW  Read         BUILTIN\Power Users
(ID-IO) ALLOW  Read         BUILTIN\Power Users
(ID-NI) ALLOW  Full access  BUILTIN\Administrators
(ID-IO) ALLOW  Full access  BUILTIN\Administrators
(ID-NI) ALLOW  Full access  NT AUTHORITY\SYSTEM
(ID-IO) ALLOW  Full access  NT AUTHORITY\SYSTEM
(ID-IO) ALLOW  Full access  CREATOR OWNER


Restoring Sedebugprivilege:

 Granting SeDebugPrivilege to Administrators   ... successful

deleting local copy: asctres.dll   
deleting local copy: asctres.dll   
deleting local copy: aysldpc.dll   
deleting local copy: aysldpc.dll   
deleting local copy: chm.dll   
deleting local copy: chm.dll   
deleting local copy: cMbinet.dll   
deleting local copy: cMbinet.dll   
deleting local copy: cqmsnap.dll   
deleting local copy: cqmsnap.dll   
deleting local copy: CTDBControlRoxio.dll   
deleting local copy: CTDBControlRoxio.dll   
deleting local copy: ddsynth.dll   
deleting local copy: ddsynth.dll   
deleting local copy: ddvenum.dll   
deleting local copy: ddvenum.dll   
deleting local copy: dnmsspxn.dll   
deleting local copy: dnmsspxn.dll   
deleting local copy: dxdskres.dll   
deleting local copy: dxdskres.dll   
deleting local copy: ehs.dll   
deleting local copy: ehs.dll   
deleting local copy: fantext.dll   
deleting local copy: fantext.dll   
deleting local copy: GSI32.DLL   
deleting local copy: GSI32.DLL   
deleting local copy: iiaksie.dll   
deleting local copy: iiaksie.dll   
deleting local copy: kodsp.dll   
deleting local copy: kodsp.dll   
deleting local copy: mdr2cenu.dll   
deleting local copy: mdr2cenu.dll   
deleting local copy: mpwdat10.dll   
deleting local copy: mpwdat10.dll   
deleting local copy: mscndmgr.dll   
deleting local copy: mscndmgr.dll   
deleting local copy: muhtmler.dll   
deleting local copy: muhtmler.dll   
deleting local copy: multus40.dll   
deleting local copy: multus40.dll   
deleting local copy: mvl_qic.dll   
deleting local copy: mvl_qic.dll   
deleting local copy: myhtmled.dll   
deleting local copy: myhtmled.dll   
deleting local copy: nadsbcli.dll   
deleting local copy: nadsbcli.dll   
deleting local copy: nllsapi.dll   
deleting local copy: nllsapi.dll   
deleting local copy: nxmarta.dll   
deleting local copy: nxmarta.dll   
deleting local copy: pvtorec.dll   
deleting local copy: pvtorec.dll   
deleting local copy: pxrfproc.dll   
deleting local copy: pxrfproc.dll   
deleting local copy: riuteext.dll   
deleting local copy: riuteext.dll   
deleting local copy: sdcpack.dll   
deleting local copy: sdcpack.dll   
deleting local copy: skim.dll   
deleting local copy: skim.dll   
deleting local copy: stim.dll   
deleting local copy: stim.dll   
deleting local copy: sucur32.dll   
deleting local copy: sucur32.dll   
deleting local copy: svscrap.dll   
deleting local copy: svscrap.dll   
deleting local copy: svxcoins.dll   
deleting local copy: svxcoins.dll   
deleting local copy: wanetmgr.dll   
deleting local copy: wanetmgr.dll   
deleting local copy: wobhits.dll   
deleting local copy: wobhits.dll   
deleting local copy: WSNTRUST.DLL   
deleting local copy: WSNTRUST.DLL   
deleting local copy: wswfaxui.dll   
deleting local copy: wswfaxui.dll   
deleting local copy: wxvdmoe2.dll   
deleting local copy: wxvdmoe2.dll   
deleting local copy: guard.tmp   
deleting local copy: guard.tmp   

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found: 
****************************************************************************
C:\WINNT\system32\asctres.dll 
C:\WINNT\system32\asctres.dll 
C:\WINNT\system32\aysldpc.dll 
C:\WINNT\system32\aysldpc.dll 
C:\WINNT\system32\chm.dll 
C:\WINNT\system32\chm.dll 
C:\WINNT\system32\cMbinet.dll 
C:\WINNT\system32\cMbinet.dll 
C:\WINNT\system32\cqmsnap.dll 
C:\WINNT\system32\cqmsnap.dll 
C:\WINNT\system32\CTDBControlRoxio.dll 
C:\WINNT\system32\CTDBControlRoxio.dll 
C:\WINNT\system32\ddsynth.dll 
C:\WINNT\system32\ddsynth.dll 
C:\WINNT\system32\ddvenum.dll 
C:\WINNT\system32\ddvenum.dll 
C:\WINNT\system32\dnmsspxn.dll 
C:\WINNT\system32\dnmsspxn.dll 
C:\WINNT\system32\dxdskres.dll 
C:\WINNT\system32\dxdskres.dll 
C:\WINNT\system32\ehs.dll 
C:\WINNT\system32\ehs.dll 
C:\WINNT\system32\fantext.dll 
C:\WINNT\system32\fantext.dll 
C:\WINNT\system32\GSI32.DLL 
C:\WINNT\system32\GSI32.DLL 
C:\WINNT\system32\iiaksie.dll 
C:\WINNT\system32\iiaksie.dll 
C:\WINNT\system32\kodsp.dll 
C:\WINNT\system32\kodsp.dll 
C:\WINNT\system32\mdr2cenu.dll 
C:\WINNT\system32\mdr2cenu.dll 
C:\WINNT\system32\mpwdat10.dll 
C:\WINNT\system32\mpwdat10.dll 
C:\WINNT\system32\mscndmgr.dll 
C:\WINNT\system32\mscndmgr.dll 
C:\WINNT\system32\muhtmler.dll 
C:\WINNT\system32\muhtmler.dll 
C:\WINNT\system32\multus40.dll 
C:\WINNT\system32\multus40.dll 
C:\WINNT\system32\mvl_qic.dll 
C:\WINNT\system32\mvl_qic.dll 
C:\WINNT\system32\myhtmled.dll 
C:\WINNT\system32\myhtmled.dll 
C:\WINNT\system32\nadsbcli.dll 
C:\WINNT\system32\nadsbcli.dll 
C:\WINNT\system32\nllsapi.dll 
C:\WINNT\system32\nllsapi.dll 
C:\WINNT\system32\nxmarta.dll 
C:\WINNT\system32\nxmarta.dll 
C:\WINNT\system32\pvtorec.dll 
C:\WINNT\system32\pvtorec.dll 
C:\WINNT\system32\pxrfproc.dll 
C:\WINNT\system32\pxrfproc.dll 
C:\WINNT\system32\riuteext.dll 
C:\WINNT\system32\riuteext.dll 
C:\WINNT\system32\sdcpack.dll 
C:\WINNT\system32\sdcpack.dll 
C:\WINNT\system32\skim.dll 
C:\WINNT\system32\skim.dll 
C:\WINNT\system32\stim.dll 
C:\WINNT\system32\stim.dll 
C:\WINNT\system32\sucur32.dll 
C:\WINNT\system32\sucur32.dll 
C:\WINNT\system32\svscrap.dll 
C:\WINNT\system32\svscrap.dll 
C:\WINNT\system32\svxcoins.dll 
C:\WINNT\system32\svxcoins.dll 
C:\WINNT\system32\wanetmgr.dll 
C:\WINNT\system32\wanetmgr.dll 
C:\WINNT\system32\wobhits.dll 
C:\WINNT\system32\wobhits.dll 
C:\WINNT\system32\WSNTRUST.DLL 
C:\WINNT\system32\WSNTRUST.DLL 
C:\WINNT\system32\wswfaxui.dll 
C:\WINNT\system32\wswfaxui.dll 
C:\WINNT\system32\wxvdmoe2.dll 
C:\WINNT\system32\wxvdmoe2.dll 
C:\WINNT\system32\guard.tmp 
C:\WINNT\system32\guard.tmp 

Registry Entries that were Deleted: 
Please verify that the listing looks ok.  
If there was something deleted wrongly there are backups in the backreg folder. 
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{B6DE09ED-4F06-408B-818E-669D1A249FE2}"=-
"{0D18ABD5-C0D4-46BF-9DE9-41E22669D542}"=-
"{E9933737-ACBE-40E0-B614-617B838EEE24}"=-
"{151E8D3A-7D2D-40A6-BFD6-0683D1F57E59}"=-
"{350DBE13-34D9-4ECB-A32E-323D00D9E7FD}"=-
[-HKEY_CLASSES_ROOT\CLSID\{B6DE09ED-4F06-408B-818E-669D1A249FE2}]
[-HKEY_CLASSES_ROOT\CLSID\{0D18ABD5-C0D4-46BF-9DE9-41E22669D542}]
[-HKEY_CLASSES_ROOT\CLSID\{E9933737-ACBE-40E0-B614-617B838EEE24}]
[-HKEY_CLASSES_ROOT\CLSID\{151E8D3A-7D2D-40A6-BFD6-0683D1F57E59}]
[-HKEY_CLASSES_ROOT\CLSID\{350DBE13-34D9-4ECB-A32E-323D00D9E7FD}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents: 
****************************************************************************
****************************************************************************


Logfile of HijackThis v1.99.1
Scan saved at 9:31:56 AM, on 7/18/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINNT\system32\am772cfg.exe
C:\WINNT\System32\USBMonit.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Wireless LAN\WLAN CardBus Utility\WLAN_UI.EXE
C:\WINNT\explorer.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\cbagent\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.cnn.com/[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.cnn.com/[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://www.exactsearch.net/sidesearch[/url]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url]http://www.windowsdownloads.com/success.htm[/url]
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\cfgmgr52.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [AMD Wireless Network Configuration] "C:\WINNT\system32\am772cfg.exe"
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\System32\USBMonit.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WLAN CardBus Utility.lnk = C:\Program Files\Wireless LAN\WLAN CardBus Utility\WLAN_UI.EXE
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - [url]http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab[/url]
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - [url]http://support.dell.com/systemprofiler/SysPro.CAB[/url]
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - [url]http://www.drivershq.com/cab/prod/Driver_Detective_v43_Non_Member.CAB[/url]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - 
[url]http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/url]
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

Edited by mike_2000_17: Fixed formatting

0

That's sorted out L2M. Now for the rest :).

===============

Now, let's open a command prompt by going to the start menu and then select 'Run'.

In the box that pops up type in 'cmd'. The command prompt will open.

OR

You can go to Start -> Programs -> Accessories -> Command Prompt. Unregister the dll(s) we're going to remove, by entering the following:

regsvr32 /u cfgmgr52.dll

It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save typing them in.

===============

Run HiJackThis, click "Scan", then check(tick) the following, if present:


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch

O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\cfgmgr52.dll

O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

files...

C:\WINNT\cfgmgr52.dll

Search for...

AUNPS2.DLL

...using "Start | Search...".

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

0

I followed your instructions. All went well but still no internet access. Here is the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 7:58:16 PM, on 7/18/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINNT\system32\am772cfg.exe
C:\WINNT\System32\USBMonit.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Wireless LAN\WLAN CardBus Utility\WLAN_UI.EXE
C:\Documents and Settings\cbagent\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.windowsdownloads.com/success.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [AMD Wireless Network Configuration] "C:\WINNT\system32\am772cfg.exe"
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\System32\USBMonit.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WLAN CardBus Utility.lnk = C:\Program Files\Wireless LAN\WLAN CardBus Utility\WLAN_UI.EXE
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_Detective_v43_Non_Member.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

0

Ran SockFix but still could not access internet. Still capable of internet access in "safe" mode.

0

I ran LSP-Fix. The repair summary that it produced said that nothing was removed or renumbered.

Stop Press;

I uninstalled the suite of EZ protection software, i.e. EZ Firewall, Anti Spam and Anti Virus and was then able to access the internet OK. I will reload the EZ protection software and try again. I will post the result later.

0

I reloaded the EZ Armor protection software. All appears to be operating normally now.

A thousand thanks for your expert help

Best Wishes

James

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.