After running l2mfix and rebooting I got a pop-up window about "Windows File Protection" asking me the following:
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files.
Insert your Windows 2000 Professional CD.
What shall I do???
here is the log from l2mfix:
L2Mfix 1.03
Running From:
D:\Documents and Settings\Administrator\Desktop\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting up for Reboot
Starting Reboot!
D:\Documents and Settings\Administrator\Desktop\l2mfix
System Rebooted!
Running From:
D:\Documents and Settings\Administrator\Desktop\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Killing PID 1144 'explorer.exe'
Killing PID 1144 'explorer.exe'
Error 0x5 : Access is denied.
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Killing PID 1516 'rundll32.exe'
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: D:\WINNT\system32\bx549.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\cjcui.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\ckral.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\cprtmgr.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\ctmsnap.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\dDd9.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\dgghelp.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\DhvXc32f.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\dodiagn.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\dsrgres.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\dusenh.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\dyusic.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\fCxshell.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\gaedit.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\ibqsock.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\igl_gif.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\iGsperf.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\iml_png.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\ipqcprt.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\iteshare.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\ius.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\izetcplc.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\jkproxy.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\joeg1x32.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\khdbr.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\lccalui.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\mbvcp60.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\mdidlpm.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\mlxoci.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\mpvcp50.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\mtxbde40.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\mvencode.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\MXT2FW95.DLL
1 file(s) copied.
Backing Up: D:\WINNT\system32\nmtid.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\npwrssv.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\ocslb400.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\ooesvr32.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\oxbcjt32.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\qMsf.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\QYJavaNative.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\sacpack.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\slclient.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\sxclient.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\tffflt.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\uhandlg.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\wxnhttp.dll
1 file(s) copied.
Backing Up: D:\WINNT\system32\guard.tmp
1 file(s) copied.
deleting: D:\WINNT\system32\bx549.dll
Successfully Deleted: D:\WINNT\system32\bx549.dll
deleting: D:\WINNT\system32\cjcui.dll
Successfully Deleted: D:\WINNT\system32\cjcui.dll
deleting: D:\WINNT\system32\ckral.dll
Successfully Deleted: D:\WINNT\system32\ckral.dll
deleting: D:\WINNT\system32\cprtmgr.dll
Successfully Deleted: D:\WINNT\system32\cprtmgr.dll
deleting: D:\WINNT\system32\ctmsnap.dll
Successfully Deleted: D:\WINNT\system32\ctmsnap.dll
deleting: D:\WINNT\system32\dDd9.dll
Successfully Deleted: D:\WINNT\system32\dDd9.dll
deleting: D:\WINNT\system32\dgghelp.dll
Successfully Deleted: D:\WINNT\system32\dgghelp.dll
deleting: D:\WINNT\system32\DhvXc32f.dll
Successfully Deleted: D:\WINNT\system32\DhvXc32f.dll
deleting: D:\WINNT\system32\dodiagn.dll
Successfully Deleted: D:\WINNT\system32\dodiagn.dll
deleting: D:\WINNT\system32\dsrgres.dll
Successfully Deleted: D:\WINNT\system32\dsrgres.dll
deleting: D:\WINNT\system32\dusenh.dll
Successfully Deleted: D:\WINNT\system32\dusenh.dll
deleting: D:\WINNT\system32\dyusic.dll
Successfully Deleted: D:\WINNT\system32\dyusic.dll
deleting: D:\WINNT\system32\fCxshell.dll
Successfully Deleted: D:\WINNT\system32\fCxshell.dll
deleting: D:\WINNT\system32\gaedit.dll
Successfully Deleted: D:\WINNT\system32\gaedit.dll
deleting: D:\WINNT\system32\ibqsock.dll
Successfully Deleted: D:\WINNT\system32\ibqsock.dll
deleting: D:\WINNT\system32\igl_gif.dll
Successfully Deleted: D:\WINNT\system32\igl_gif.dll
deleting: D:\WINNT\system32\iGsperf.dll
Successfully Deleted: D:\WINNT\system32\iGsperf.dll
deleting: D:\WINNT\system32\iml_png.dll
Successfully Deleted: D:\WINNT\system32\iml_png.dll
deleting: D:\WINNT\system32\ipqcprt.dll
Successfully Deleted: D:\WINNT\system32\ipqcprt.dll
deleting: D:\WINNT\system32\iteshare.dll
Successfully Deleted: D:\WINNT\system32\iteshare.dll
deleting: D:\WINNT\system32\ius.dll
Successfully Deleted: D:\WINNT\system32\ius.dll
deleting: D:\WINNT\system32\izetcplc.dll
Successfully Deleted: D:\WINNT\system32\izetcplc.dll
deleting: D:\WINNT\system32\jkproxy.dll
Successfully Deleted: D:\WINNT\system32\jkproxy.dll
deleting: D:\WINNT\system32\joeg1x32.dll
Successfully Deleted: D:\WINNT\system32\joeg1x32.dll
deleting: D:\WINNT\system32\khdbr.dll
Successfully Deleted: D:\WINNT\system32\khdbr.dll
deleting: D:\WINNT\system32\lccalui.dll
Successfully Deleted: D:\WINNT\system32\lccalui.dll
deleting: D:\WINNT\system32\mbvcp60.dll
Successfully Deleted: D:\WINNT\system32\mbvcp60.dll
deleting: D:\WINNT\system32\mdidlpm.dll
Successfully Deleted: D:\WINNT\system32\mdidlpm.dll
deleting: D:\WINNT\system32\mlxoci.dll
Successfully Deleted: D:\WINNT\system32\mlxoci.dll
deleting: D:\WINNT\system32\mpvcp50.dll
Successfully Deleted: D:\WINNT\system32\mpvcp50.dll
deleting: D:\WINNT\system32\mtxbde40.dll
Successfully Deleted: D:\WINNT\system32\mtxbde40.dll
deleting: D:\WINNT\system32\mvencode.dll
Successfully Deleted: D:\WINNT\system32\mvencode.dll
deleting: D:\WINNT\system32\MXT2FW95.DLL
Successfully Deleted: D:\WINNT\system32\MXT2FW95.DLL
deleting: D:\WINNT\system32\nmtid.dll
Successfully Deleted: D:\WINNT\system32\nmtid.dll
deleting: D:\WINNT\system32\npwrssv.dll
Successfully Deleted: D:\WINNT\system32\npwrssv.dll
deleting: D:\WINNT\system32\ocslb400.dll
Successfully Deleted: D:\WINNT\system32\ocslb400.dll
deleting: D:\WINNT\system32\ooesvr32.dll
Successfully Deleted: D:\WINNT\system32\ooesvr32.dll
deleting: D:\WINNT\system32\oxbcjt32.dll
Successfully Deleted: D:\WINNT\system32\oxbcjt32.dll
deleting: D:\WINNT\system32\qMsf.dll
Successfully Deleted: D:\WINNT\system32\qMsf.dll
deleting: D:\WINNT\system32\QYJavaNative.dll
Successfully Deleted: D:\WINNT\system32\QYJavaNative.dll
deleting: D:\WINNT\system32\sacpack.dll
Successfully Deleted: D:\WINNT\system32\sacpack.dll
deleting: D:\WINNT\system32\slclient.dll
Successfully Deleted: D:\WINNT\system32\slclient.dll
deleting: D:\WINNT\system32\sxclient.dll
Successfully Deleted: D:\WINNT\system32\sxclient.dll
deleting: D:\WINNT\system32\tffflt.dll
Successfully Deleted: D:\WINNT\system32\tffflt.dll
deleting: D:\WINNT\system32\uhandlg.dll
Successfully Deleted: D:\WINNT\system32\uhandlg.dll
deleting: D:\WINNT\system32\wxnhttp.dll
Successfully Deleted: D:\WINNT\system32\wxnhttp.dll
deleting: D:\WINNT\system32\guard.tmp
Successfully Deleted: D:\WINNT\system32\guard.tmp
Zipping up files for submission:
adding: bx549.dll (152 bytes security) (deflated 4%)
adding: cjcui.dll (152 bytes security) (deflated 4%)
adding: ckral.dll (152 bytes security) (deflated 4%)
adding: cprtmgr.dll (152 bytes security) (deflated 4%)
adding: ctmsnap.dll (152 bytes security) (deflated 4%)
adding: dDd9.dll (152 bytes security) (deflated 4%)
adding: dgghelp.dll (152 bytes security) (deflated 4%)
adding: DhvXc32f.dll (152 bytes security) (deflated 4%)
adding: dodiagn.dll (152 bytes security) (deflated 4%)
adding: dsrgres.dll (152 bytes security) (deflated 4%)
adding: dusenh.dll (152 bytes security) (deflated 4%)
adding: dyusic.dll (152 bytes security) (deflated 4%)
adding: fCxshell.dll (152 bytes security) (deflated 4%)
adding: gaedit.dll (152 bytes security) (deflated 4%)
adding: ibqsock.dll (152 bytes security) (deflated 4%)
adding: igl_gif.dll (152 bytes security) (deflated 4%)
adding: iGsperf.dll (152 bytes security) (deflated 4%)
adding: iml_png.dll (152 bytes security) (deflated 4%)
adding: ipqcprt.dll (152 bytes security) (deflated 4%)
adding: iteshare.dll (152 bytes security) (deflated 4%)
adding: ius.dll (152 bytes security) (deflated 4%)
adding: izetcplc.dll (152 bytes security) (deflated 4%)
adding: jkproxy.dll (152 bytes security) (deflated 4%)
adding: joeg1x32.dll (152 bytes security) (deflated 4%)
adding: khdbr.dll (152 bytes security) (deflated 4%)
adding: lccalui.dll (152 bytes security) (deflated 4%)
adding: mbvcp60.dll (152 bytes security) (deflated 4%)
adding: mdidlpm.dll (152 bytes security) (deflated 4%)
adding: mlxoci.dll (152 bytes security) (deflated 4%)
adding: mpvcp50.dll (152 bytes security) (deflated 4%)
adding: mtxbde40.dll (152 bytes security) (deflated 4%)
adding: mvencode.dll (152 bytes security) (deflated 4%)
adding: MXT2FW95.DLL (152 bytes security) (deflated 4%)
adding: nmtid.dll (152 bytes security) (deflated 4%)
adding: npwrssv.dll (152 bytes security) (deflated 4%)
adding: ocslb400.dll (152 bytes security) (deflated 4%)
adding: ooesvr32.dll (152 bytes security) (deflated 4%)
adding: oxbcjt32.dll (152 bytes security) (deflated 4%)
adding: qMsf.dll (152 bytes security) (deflated 4%)
adding: QYJavaNative.dll (152 bytes security) (deflated 4%)
adding: sacpack.dll (152 bytes security) (deflated 4%)
adding: slclient.dll (152 bytes security) (deflated 4%)
adding: sxclient.dll (152 bytes security) (deflated 4%)
adding: tffflt.dll (152 bytes security) (deflated 4%)
adding: uhandlg.dll (152 bytes security) (deflated 4%)
adding: wxnhttp.dll (152 bytes security) (deflated 4%)
adding: guard.tmp (152 bytes security) (deflated 4%)
adding: clear.reg (152 bytes security) (deflated 22%)
adding: echo.reg (152 bytes security) (deflated 10%)
adding: direct.txt (152 bytes security) (stored 0%)
adding: lo2.txt (152 bytes security) (deflated 86%)
adding: readme.txt (152 bytes security) (deflated 49%)
adding: report.txt (152 bytes security) (deflated 69%)
adding: test.txt (152 bytes security) (deflated 83%)
adding: test2.txt (152 bytes security) (stored 0%)
adding: test3.txt (152 bytes security) (stored 0%)
adding: test5.txt (152 bytes security) (stored 0%)
adding: xfind.txt (152 bytes security) (deflated 77%)
adding: backregs/0A205B4C-E796-4C64-8CD2-AFBA4D412EE5.reg (152 bytes security) (deflated 70%)
adding: backregs/shell.reg (152 bytes security) (deflated 74%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful
deleting local copy: bx549.dll
deleting local copy: cjcui.dll
deleting local copy: ckral.dll
deleting local copy: cprtmgr.dll
deleting local copy: ctmsnap.dll
deleting local copy: dDd9.dll
deleting local copy: dgghelp.dll
deleting local copy: DhvXc32f.dll
deleting local copy: dodiagn.dll
deleting local copy: dsrgres.dll
deleting local copy: dusenh.dll
deleting local copy: dyusic.dll
deleting local copy: fCxshell.dll
deleting local copy: gaedit.dll
deleting local copy: ibqsock.dll
deleting local copy: igl_gif.dll
deleting local copy: iGsperf.dll
deleting local copy: iml_png.dll
deleting local copy: ipqcprt.dll
deleting local copy: iteshare.dll
deleting local copy: ius.dll
deleting local copy: izetcplc.dll
deleting local copy: jkproxy.dll
deleting local copy: joeg1x32.dll
deleting local copy: khdbr.dll
deleting local copy: lccalui.dll
deleting local copy: mbvcp60.dll
deleting local copy: mdidlpm.dll
deleting local copy: mlxoci.dll
deleting local copy: mpvcp50.dll
deleting local copy: mtxbde40.dll
deleting local copy: mvencode.dll
deleting local copy: MXT2FW95.DLL
deleting local copy: nmtid.dll
deleting local copy: npwrssv.dll
deleting local copy: ocslb400.dll
deleting local copy: ooesvr32.dll
deleting local copy: oxbcjt32.dll
deleting local copy: qMsf.dll
deleting local copy: QYJavaNative.dll
deleting local copy: sacpack.dll
deleting local copy: slclient.dll
deleting local copy: sxclient.dll
deleting local copy: tffflt.dll
deleting local copy: uhandlg.dll
deleting local copy: wxnhttp.dll
deleting local copy: guard.tmp
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000
The following are the files found:
****************************************************************************
D:\WINNT\system32\bx549.dll
D:\WINNT\system32\cjcui.dll
D:\WINNT\system32\ckral.dll
D:\WINNT\system32\cprtmgr.dll
D:\WINNT\system32\ctmsnap.dll
D:\WINNT\system32\dDd9.dll
D:\WINNT\system32\dgghelp.dll
D:\WINNT\system32\DhvXc32f.dll
D:\WINNT\system32\dodiagn.dll
D:\WINNT\system32\dsrgres.dll
D:\WINNT\system32\dusenh.dll
D:\WINNT\system32\dyusic.dll
D:\WINNT\system32\fCxshell.dll
D:\WINNT\system32\gaedit.dll
D:\WINNT\system32\ibqsock.dll
D:\WINNT\system32\igl_gif.dll
D:\WINNT\system32\iGsperf.dll
D:\WINNT\system32\iml_png.dll
D:\WINNT\system32\ipqcprt.dll
D:\WINNT\system32\iteshare.dll
D:\WINNT\system32\ius.dll
D:\WINNT\system32\izetcplc.dll
D:\WINNT\system32\jkproxy.dll
D:\WINNT\system32\joeg1x32.dll
D:\WINNT\system32\khdbr.dll
D:\WINNT\system32\lccalui.dll
D:\WINNT\system32\mbvcp60.dll
D:\WINNT\system32\mdidlpm.dll
D:\WINNT\system32\mlxoci.dll
D:\WINNT\system32\mpvcp50.dll
D:\WINNT\system32\mtxbde40.dll
D:\WINNT\system32\mvencode.dll
D:\WINNT\system32\MXT2FW95.DLL
D:\WINNT\system32\nmtid.dll
D:\WINNT\system32\npwrssv.dll
D:\WINNT\system32\ocslb400.dll
D:\WINNT\system32\ooesvr32.dll
D:\WINNT\system32\oxbcjt32.dll
D:\WINNT\system32\qMsf.dll
D:\WINNT\system32\QYJavaNative.dll
D:\WINNT\system32\sacpack.dll
D:\WINNT\system32\slclient.dll
D:\WINNT\system32\sxclient.dll
D:\WINNT\system32\tffflt.dll
D:\WINNT\system32\uhandlg.dll
D:\WINNT\system32\wxnhttp.dll
D:\WINNT\system32\guard.tmp
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0A205B4C-E796-4C64-8CD2-AFBA4D412EE5}"=-
[-HKEY_CLASSES_ROOT\CLSID\{0A205B4C-E796-4C64-8CD2-AFBA4D412EE5}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
here is the log from HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 8:21:29 AM, on 04/21/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\sesinetd.exe
D:\WINNT\System32\hserver.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
D:\WINNT\system32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\tcpsvcs.exe
D:\WINNT\System32\snmp.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\Microsoft Hardware\Mouse\point32.exe
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
J:\quicktime_win2000\qttask.exe
J:\iTunes\iTunesHelper.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
J:\iPod\bin\iPodService.exe
d:\program files\mcafee.com\agent\mcagent.exe
D:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
D:\Documents and Settings\burki\n20050308.EXE
D:\WINNT\system32\internat.exe
D:\Program Files\Messenger\msmsgs.exe
J:\SierraImaging\Image Expert\IXApplet.exe
D:\Program Files\Iomega\Tools\IMGICON.EXE
D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
d:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\WINNT\explorer.exe
D:\WINNT\system32\wuauclt.exe
D:\WINNT\system32\NOTEPAD.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINNT\explorer.exe
D:\Program Files\Hijack This\HijackThis.exe
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\WINNT\Downloaded Program Files\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - D:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\winnt\downloaded program files\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [DeluxeCD] D:\WINNT\System32\cdplayer.exe -tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "J:\quicktime_win2000\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] J:\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [tsvcin] D:\Documents and Settings\burki\n20050308.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MSMSGS] D:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer.lnk = J:\SierraImaging\Image Expert\IXApplet.exe
O4 - Global Startup: Iomega Backup Scheduler.lnk = D:\Program Files\Iomega\Iomega Backup\dtiom98.exe
O4 - Global Startup: Iomega Icons.lnk = D:\Program Files\Iomega\Tools\IMGICON.EXE
O4 - Global Startup: Iomega Startup Options.lnk = D:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Global Startup: IomegaWare.lnk = D:\Program Files\Iomega\Iomegaware\COMMANDER.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuikSync.lnk = D:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - H:\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - H:\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .asx: H:\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .wmv: H:\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/viewers/ipixx.cabO16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) -
http://zone.msn.com/...pcaploader1.cabO16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) -
http://zone.msn.com/...t/atomaders.cabO16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) -
http://www.ofoto.com..._1/axofupld.cabO16 - DPF: {8433A16D-1B78-11D4-8006-00D0B725EB0B} (Yahoo! FinanceVision (History)) -
http://dl1.yahoo.com/dl/fv/fv.cabO16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) -
http://autos.msn.com...id/MSSurVid.cabO16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) -
http://zone.msn.com/...me/ZAxRcMgr.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/...ro.cab34246.cabO16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) -
http://carpoint.msn....ior/Outside.cabO16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) -
http://zone.msn.com/...outLauncher.cabO16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) -
http://zone.msn.com/...fault/shapo.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://zone.msn.com/...aploader_v5.cabO16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
http://us.dl1.yimg.c...ebio5_1_6_0.cabO16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) -
http://www.zoomify.c.../zoomify305.cabO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: Houdini License Server (HoudiniLicenseServer) - Side Effects Software Inc. - D:\WINNT\System32\sesinetd.exe
O23 - Service: Houdini License Client (HoudiniServer) - Side Effects Software Inc. - D:\WINNT\System32\hserver.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - J:\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINNT\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: ZipToA - Iomega Corporation - D:\WINNT\System32\ZipToA.exe