here are the two logs:
L2MFIX find log 1.02b
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\jtl6073se.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{AD26821D-7E32-D26A-56C7-41F320848D99}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{1E2CDF40-419B-11D2-A5A1-002018648BA7}"="AVG Shell Extension"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{82DC66E8-00DB-4603-8A31-A12C19A88C37}"=""
"{EDBBD898-EAF6-4EFB-B9F7-062C897A4656}"=""
"{B8529531-E2D0-4394-A554-8B1E00563859}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{82DC66E8-00DB-4603-8A31-A12C19A88C37}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{82DC66E8-00DB-4603-8A31-A12C19A88C37}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{82DC66E8-00DB-4603-8A31-A12C19A88C37}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{82DC66E8-00DB-4603-8A31-A12C19A88C37}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{EDBBD898-EAF6-4EFB-B9F7-062C897A4656}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{EDBBD898-EAF6-4EFB-B9F7-062C897A4656}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{EDBBD898-EAF6-4EFB-B9F7-062C897A4656}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{EDBBD898-EAF6-4EFB-B9F7-062C897A4656}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{B8529531-E2D0-4394-A554-8B1E00563859}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B8529531-E2D0-4394-A554-8B1E00563859}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B8529531-E2D0-4394-A554-8B1E00563859}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B8529531-E2D0-4394-A554-8B1E00563859}\InprocServer32]
@="C:\\WINDOWS\\system32\\nemsdba.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
aui2cqag.dll Sat 12 Mar 2005 11:39:04 ..S.R 234,931 229.42 K
browseui.dll Thu 27 Jan 2005 17:13:16 A.... 1,016,832 993.00 K
cdfview.dll Thu 27 Jan 2005 17:13:16 A.... 151,040 147.50 K
cdgmgr32.dll Thu 10 Mar 2005 19:46:26 ..S.R 235,107 229.59 K
cgbcatex.dll Tue 15 Mar 2005 20:13:42 ..S.R 233,248 227.78 K
cogmgr32.dll Thu 10 Mar 2005 19:53:44 ..S.R 232,918 227.46 K
dwgest.dll Mon 14 Mar 2005 21:27:08 ..S.R 233,668 228.19 K
gccoll~1.dll Thu 10 Feb 2005 22:32:20 A.... 119,520 116.72 K
gcmd5q~1.dll Thu 3 Mar 2005 13:33:42 A.... 10,752 10.50 K
gcunco~1.dll Thu 10 Feb 2005 22:32:20 A.... 130,272 127.22 K
gwfspi~1.dll Fri 28 Jan 2005 15:37:58 A.... 23,304 22.76 K
h8j4li~1.dll Sat 12 Mar 2005 13:47:38 ..S.R 234,429 228.93 K
hashlib.dll Thu 10 Feb 2005 22:32:18 A.... 81,120 79.22 K
i260lc~1.dll Sat 12 Mar 2005 20:26:50 ..S.R 235,606 230.08 K
ibssam.dll Tue 15 Mar 2005 19:09:04 ..S.R 233,248 227.78 K
iepeers.dll Thu 27 Jan 2005 17:13:16 A.... 249,856 244.00 K
inseng.dll Thu 27 Jan 2005 17:13:16 A.... 96,256 94.00 K
ir28l5~1.dll Mon 14 Mar 2005 21:27:08 ..S.R 235,493 229.97 K
jtl607~1.dll Tue 15 Mar 2005 20:35:42 ..S.R 232,542 227.09 K
jtn007~1.dll Mon 14 Mar 2005 18:50:48 ..S.R 233,668 228.19 K
kldpl1.dll Sun 13 Mar 2005 20:54:12 ..S.R 232,765 227.31 K
kodbene.dll Thu 10 Mar 2005 11:33:54 ..S.R 232,736 227.28 K
lcpng12n.dll Mon 14 Mar 2005 14:45:16 ..S.R 233,598 228.12 K
ldkrn10n.dll Wed 9 Mar 2005 19:06:04 ..S.R 232,736 227.28 K
legitc~1.dll Fri 28 Jan 2005 15:38:00 A.... 421,128 411.26 K
lmfpx7.dll Sat 12 Mar 2005 14:51:40 ..S.R 233,011 227.55 K
lv6m09~1.dll Mon 14 Mar 2005 18:51:48 ..S.R 233,611 228.13 K
lvnq09~1.dll Tue 15 Mar 2005 20:54:24 ..S.R 233,101 227.64 K
mipi.dll Mon 14 Mar 2005 18:50:48 ..S.R 233,611 228.13 K
mixex.dll Sat 12 Mar 2005 16:26:28 ..S.R 234,621 229.12 K
mng4dmod.dll Sat 12 Mar 2005 16:33:10 ..S.R 235,484 229.96 K
mqvfw32.dll Thu 10 Mar 2005 19:43:00 ..S.R 235,107 229.59 K
mshtml.dll Thu 27 Jan 2005 17:13:18 A.... 3,006,976 2.87 M
msvcp71.dll Fri 17 Dec 2004 19:38:14 A.... 499,712 488.00 K
msvcr71.dll Fri 17 Dec 2004 19:38:14 A.... 348,160 340.00 K
nemsdba.dll Tue 15 Mar 2005 20:54:24 ..S.R 232,542 227.09 K
o8840i~1.dll Sun 13 Mar 2005 20:58:06 ..S.R 233,253 227.79 K
ole32.dll Fri 14 Jan 2005 8:55:50 A.... 1,285,120 1.22 M
olecli32.dll Fri 14 Jan 2005 8:55:50 A.... 74,752 73.00 K
olecnv32.dll Fri 14 Jan 2005 8:55:50 A.... 37,888 37.00 K
pfnmap.dll Tue 15 Mar 2005 20:25:34 ..S.R 233,164 227.70 K
rdschap.dll Fri 11 Mar 2005 21:40:50 ..S.R 234,931 229.42 K
realbap1.dll Fri 4 Mar 2005 18:46:38 A.... 69,632 68.00 K
realbsf1.dll Fri 4 Mar 2005 18:46:38 A.... 45,568 44.50 K
rhsadhlp.dll Tue 15 Mar 2005 20:11:12 ..S.R 234,495 228.99 K
rkcns4.dll Sat 12 Mar 2005 13:47:38 ..S.R 233,011 227.55 K
rpcss.dll Fri 14 Jan 2005 8:55:50 A.... 395,776 386.50 K
shdocvw.dll Thu 27 Jan 2005 17:13:18 A.... 1,483,264 1.41 M
shell32.dll Tue 21 Dec 2004 20:49:36 A.... 8,450,048 8.06 M
shlwapi.dll Thu 27 Jan 2005 17:13:18 A.... 473,600 462.50 K
sqmpsnap.dll Thu 10 Mar 2005 17:41:26 ..S.R 234,437 228.94 K
srfolder.dll Sun 13 Mar 2005 18:02:46 ..S.R 232,765 227.31 K
sudpapi.dll Sat 12 Mar 2005 13:33:20 ..S.R 233,011 227.55 K
ugrcoina.dll Sat 12 Mar 2005 16:35:50 ..S.R 235,606 230.08 K
urlmon.dll Thu 27 Jan 2005 17:13:18 A.... 607,744 593.50 K
wininet.dll Thu 27 Jan 2005 17:13:18 A.... 656,896 641.50 K
wistream.dll Tue 15 Mar 2005 19:51:00 ..S.R 234,495 228.99 K
57 items found: 57 files (33 H/S), 0 directories.
Total of file sizes: 27,452,165 bytes 26.18 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 88C5-1ECE
Directory of C:\WINDOWS\System32
03/15/2005 20:54 232,542 nemsdba.dll
03/15/2005 20:54 233,101 lvnq0955e.dll
03/15/2005 20:35 232,542 jtl6073se.dll
03/15/2005 20:25 233,164 pFnmap.dll
03/15/2005 20:13 233,248 cgbcatex.dll
03/15/2005 20:11 234,495 rHsadhlp.dll
03/15/2005 19:50 234,495 wistream.dll
03/15/2005 19:09 233,248 iBssam.dll
03/14/2005 21:27 233,668 dwgest.dll
03/14/2005 21:27 235,493 ir28l5fu1.dll
03/14/2005 18:51 233,611 lv6m09j1e.dll
03/14/2005 18:50 233,611 MIPI.DLL
03/14/2005 18:50 233,668 jtn0075me.dll
03/14/2005 14:45 233,598 Lcpng12n.dll
03/13/2005 20:58 233,253 o8840ilqe8qe0.dll
03/13/2005 20:54 232,765 kldpl1.dll
03/13/2005 18:02 232,765 srfolder.dll
03/12/2005 20:26 235,606 i260lcjm1foa.dll
03/12/2005 16:35 235,606 ugrcoina.dll
03/12/2005 16:33 235,484 mng4dmod.dll
03/12/2005 16:26 234,621 mixex.dll
03/12/2005 14:51 233,011 lmfpx7.dll
03/12/2005 13:47 233,011 rkcns4.dll
03/12/2005 13:47 234,429 h8j4li1q18.dll
03/12/2005 13:33 233,011 sudpapi.dll
03/12/2005 11:39 234,931 aui2cqag.dll
03/11/2005 21:40 234,931 rDschap.dll
03/10/2005 19:53 232,918 cogmgr32.dll
03/10/2005 19:46 235,107 cdgmgr32.dll
03/10/2005 19:42 235,107 mqvfw32.dll
03/10/2005 17:41 234,437 sqmpsnap.dll
03/10/2005 11:33 232,736 kodbene.dll
03/09/2005 19:06 232,736 Ldkrn10n.dll
03/08/2005 20:42 <DIR> dllcache
06/03/2003 21:57 <DIR> Microsoft
33 File(s) 7,716,949 bytes
2 Dir(s) 7,463,329,792 bytes free
L2Mfix 1.02b
Running From:
C:\DOCUME~1\MARKBI~1\Desktop\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C access for really "Everyone"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- Everyone
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting up for Reboot
Starting Reboot!
C:\Documents and Settings\Mark Bird\Desktop\l2mfix
System Rebooted!
Running From:
C:\Documents and Settings\Mark Bird\Desktop\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]
Killing PID 1472 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]
Killing PID 1260 'rundll32.exe'
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Zipping up files for submission:
updating: clear.reg (164 bytes security) (deflated 46%)
updating: echo.reg (164 bytes security) (deflated 9%)
updating: direct.txt (164 bytes security) (stored 0%)
updating: lo2.txt (164 bytes security) (deflated 72%)
updating: readme.txt (164 bytes security) (deflated 49%)
updating: report.txt (164 bytes security) (deflated 65%)
updating: test.txt (164 bytes security) (deflated 81%)
updating: test2.txt (164 bytes security) (deflated 26%)
updating: test3.txt (164 bytes security) (deflated 26%)
updating: test5.txt (164 bytes security) (deflated 26%)
adding: log.txt (164 bytes security) (deflated 85%)
updating: backregs/0E0CDE8A-B458-4E15-B9A0-B3E6EC7608B7.reg (164 bytes security) (deflated 70%)
updating: backregs/1AFBA0D0-E790-4341-B96F-94B659A76E28.reg (164 bytes security) (deflated 70%)
updating: backregs/2D6B5763-44C1-4319-878E-45EB6BC020FA.reg (164 bytes security) (deflated 70%)
updating: backregs/51046DE0-6991-4541-A688-03CD923A9E14.reg (164 bytes security) (deflated 70%)
updating: backregs/shell.reg (164 bytes security) (deflated 74%)
adding: backregs/82DC66E8-00DB-4603-8A31-A12C19A88C37.reg (164 bytes security) (deflated 70%)
adding: backregs/B8529531-E2D0-4394-A554-8B1E00563859.reg (164 bytes security) (deflated 70%)
adding: backregs/EDBBD898-EAF6-4EFB-B9F7-062C897A4656.reg (164 bytes security) (deflated 70%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for really "Everyone"
Warning (option /rge) - There is no ACE to remove!
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\lvnq0955e.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
The following are the files found:
****************************************************************************
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{82DC66E8-00DB-4603-8A31-A12C19A88C37}"=-
"{EDBBD898-EAF6-4EFB-B9F7-062C897A4656}"=-
"{B8529531-E2D0-4394-A554-8B1E00563859}"=-
[-HKEY_CLASSES_ROOT\CLSID\{82DC66E8-00DB-4603-8A31-A12C19A88C37}]
[-HKEY_CLASSES_ROOT\CLSID\{EDBBD898-EAF6-4EFB-B9F7-062C897A4656}]
[-HKEY_CLASSES_ROOT\CLSID\{B8529531-E2D0-4394-A554-8B1E00563859}]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
cheers JR
ps an adware just popped up
let's see how it goes