L2Mfix 1.02a
Running From:
C:\Documents and Settings\Kourtney\Desktop\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C access for really "Everyone"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- Everyone
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting up for Reboot
Starting Reboot!
C:\Documents and Settings\Kourtney\Desktop\l2mfix
System Rebooted!
Running From:
C:\Documents and Settings\Kourtney\Desktop\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Killing PID 304 'explorer.exe'
Killing PID 304 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Killing PID 2668 'rundll32.exe'
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: C:\WINDOWS\system32\AWMPVCNO.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\azaql1f51.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dkprop.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enjul1191.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\enn8l15u1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\f0j2la1o1d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\g4400ehmeh4a0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\IDXPROMN.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ir0ol5d31.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\irpml5711.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lv4s09h7e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lv6609jse.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m646lghs1646.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mlvidctl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\p0r4la9q1d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\veajet32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\WDIPROP.DLL
1 file(s) copied.
deleting: C:\WINDOWS\system32\AWMPVCNO.DLL
Successfully Deleted: C:\WINDOWS\system32\AWMPVCNO.DLL
deleting: C:\WINDOWS\system32\azaql1f51.dll
Successfully Deleted: C:\WINDOWS\system32\azaql1f51.dll
deleting: C:\WINDOWS\system32\dkprop.dll
Successfully Deleted: C:\WINDOWS\system32\dkprop.dll
deleting: C:\WINDOWS\system32\enjul1191.dll
Successfully Deleted: C:\WINDOWS\system32\enjul1191.dll
deleting: C:\WINDOWS\system32\enn8l15u1.dll
Successfully Deleted: C:\WINDOWS\system32\enn8l15u1.dll
deleting: C:\WINDOWS\system32\f0j2la1o1d.dll
Successfully Deleted: C:\WINDOWS\system32\f0j2la1o1d.dll
deleting: C:\WINDOWS\system32\g4400ehmeh4a0.dll
Successfully Deleted: C:\WINDOWS\system32\g4400ehmeh4a0.dll
deleting: C:\WINDOWS\system32\IDXPROMN.DLL
Successfully Deleted: C:\WINDOWS\system32\IDXPROMN.DLL
deleting: C:\WINDOWS\system32\ir0ol5d31.dll
Successfully Deleted: C:\WINDOWS\system32\ir0ol5d31.dll
deleting: C:\WINDOWS\system32\irpml5711.dll
Successfully Deleted: C:\WINDOWS\system32\irpml5711.dll
deleting: C:\WINDOWS\system32\lv4s09h7e.dll
Successfully Deleted: C:\WINDOWS\system32\lv4s09h7e.dll
deleting: C:\WINDOWS\system32\lv6609jse.dll
Successfully Deleted: C:\WINDOWS\system32\lv6609jse.dll
deleting: C:\WINDOWS\system32\m646lghs1646.dll
Successfully Deleted: C:\WINDOWS\system32\m646lghs1646.dll
deleting: C:\WINDOWS\system32\mlvidctl.dll
Successfully Deleted: C:\WINDOWS\system32\mlvidctl.dll
deleting: C:\WINDOWS\system32\p0r4la9q1d.dll
Successfully Deleted: C:\WINDOWS\system32\p0r4la9q1d.dll
deleting: C:\WINDOWS\system32\veajet32.dll
Successfully Deleted: C:\WINDOWS\system32\veajet32.dll
deleting: C:\WINDOWS\system32\WDIPROP.DLL
Successfully Deleted: C:\WINDOWS\system32\WDIPROP.DLL
Desktop.ini sucessfully removed
Zipping up files for submission:
adding: AWMPVCNO.DLL (140 bytes security) (deflated 5%)
adding: azaql1f51.dll (140 bytes security) (deflated 5%)
adding: dkprop.dll (140 bytes security) (deflated 5%)
adding: enjul1191.dll (140 bytes security) (deflated 4%)
adding: enn8l15u1.dll (140 bytes security) (deflated 6%)
adding: f0j2la1o1d.dll (140 bytes security) (deflated 6%)
adding: g4400ehmeh4a0.dll (140 bytes security) (deflated 4%)
adding: IDXPROMN.DLL (140 bytes security) (deflated 5%)
adding: ir0ol5d31.dll (140 bytes security) (deflated 5%)
adding: irpml5711.dll (140 bytes security) (deflated 5%)
adding: lv4s09h7e.dll (140 bytes security) (deflated 4%)
adding: lv6609jse.dll (140 bytes security) (deflated 4%)
adding: m646lghs1646.dll (140 bytes security) (deflated 4%)
adding: mlvidctl.dll (140 bytes security) (deflated 5%)
adding: p0r4la9q1d.dll (140 bytes security) (deflated 4%)
adding: veajet32.dll (140 bytes security) (deflated 5%)
adding: WDIPROP.DLL (140 bytes security) (deflated 5%)
adding: clear.reg (140 bytes security) (deflated 46%)
adding: echo.reg (140 bytes security) (deflated 9%)
adding: desktop.ini (140 bytes security) (deflated 15%)
adding: direct.txt (140 bytes security) (stored 0%)
adding: lo2.txt (140 bytes security) (deflated 81%)
adding: readme.txt (140 bytes security) (deflated 49%)
adding: test.txt (140 bytes security) (deflated 75%)
adding: test2.txt (140 bytes security) (deflated 27%)
adding: test3.txt (140 bytes security) (deflated 27%)
adding: test5.txt (140 bytes security) (deflated 27%)
adding: xfind.txt (140 bytes security) (deflated 68%)
adding: backregs/366946EE-D6B1-4E2F-80FA-E794C7931363.reg (140 bytes security) (deflated 70%)
adding: backregs/8CBCEA4E-8964-4B79-82C1-236EEB27BE4B.reg (140 bytes security) (deflated 70%)
adding: backregs/D6AF6CDF-66A8-4EA9-9CCB-5B2A13CFF52E.reg (140 bytes security) (deflated 70%)
adding: backregs/shell.reg (140 bytes security) (deflated 73%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for really "Everyone"
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful
deleting local copy: AWMPVCNO.DLL
deleting local copy: azaql1f51.dll
deleting local copy: dkprop.dll
deleting local copy: enjul1191.dll
deleting local copy: enn8l15u1.dll
deleting local copy: f0j2la1o1d.dll
deleting local copy: g4400ehmeh4a0.dll
deleting local copy: IDXPROMN.DLL
deleting local copy: ir0ol5d31.dll
deleting local copy: irpml5711.dll
deleting local copy: lv4s09h7e.dll
deleting local copy: lv6609jse.dll
deleting local copy: m646lghs1646.dll
deleting local copy: mlvidctl.dll
deleting local copy: p0r4la9q1d.dll
deleting local copy: veajet32.dll
deleting local copy: WDIPROP.DLL
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\AWMPVCNO.DLL
C:\WINDOWS\system32\azaql1f51.dll
C:\WINDOWS\system32\dkprop.dll
C:\WINDOWS\system32\enjul1191.dll
C:\WINDOWS\system32\enn8l15u1.dll
C:\WINDOWS\system32\f0j2la1o1d.dll
C:\WINDOWS\system32\g4400ehmeh4a0.dll
C:\WINDOWS\system32\IDXPROMN.DLL
C:\WINDOWS\system32\ir0ol5d31.dll
C:\WINDOWS\system32\irpml5711.dll
C:\WINDOWS\system32\lv4s09h7e.dll
C:\WINDOWS\system32\lv6609jse.dll
C:\WINDOWS\system32\m646lghs1646.dll
C:\WINDOWS\system32\mlvidctl.dll
C:\WINDOWS\system32\p0r4la9q1d.dll
C:\WINDOWS\system32\veajet32.dll
C:\WINDOWS\system32\WDIPROP.DLL
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{366946EE-D6B1-4E2F-80FA-E794C7931363}"=-
"{8CBCEA4E-8964-4B79-82C1-236EEB27BE4B}"=-
"{D6AF6CDF-66A8-4EA9-9CCB-5B2A13CFF52E}"=-
[-HKEY_CLASSES_ROOT\CLSID\{366946EE-D6B1-4E2F-80FA-E794C7931363}]
[-HKEY_CLASSES_ROOT\CLSID\{8CBCEA4E-8964-4B79-82C1-236EEB27BE4B}]
[-HKEY_CLASSES_ROOT\CLSID\{D6AF6CDF-66A8-4EA9-9CCB-5B2A13CFF52E}]
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{F0FAF08B-FF54-4BD3-8800-815FACE4A6EA}"=-
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
<IDone>{F0FAF08B-FF54-4BD3-8800-815FACE4A6EA}</IDone>
<IDtwo>DS4</IDtwo>
<VERSION>200</VERSION>
****************************************************************************
and hijack this says:
Logfile of HijackThis v1.99.0
Scan saved at 11:38:26 AM, on 2/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\fxasl1.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\system32\fsumeng.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Kourtney\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.modernrocklyrics.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.modernrocklyrics.com/R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3200 on MOM] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P31 "Auto EPSON Stylus CX3200 on MOM" /O17 "\\MOM\OfficeEpson" /M "Stylus CX3200"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3200 on JLN2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "Auto EPSON Stylus CX3200 on JLN2" /O16 "\\JLN2\Dad Epson" /M "Stylus CX3200"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3200 on JLN] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P31 "Auto EPSON Stylus CX3200 on JLN" /O14 "\\JLN\Printer4" /M "Stylus CX3200"
O4 - HKLM\..\Run: [Auto Down Stairs Printer on JLN] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P31 "Auto Down Stairs Printer on JLN" /O16 "\\JLN\Downstairs" /M "Stylus CX3200"
O4 - HKLM\..\Run: [\\JLN\Down Stairs Printer] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P25 "\\JLN\Down Stairs Printer" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB003" /M "Stylus CX5400"
O4 - HKLM\..\Run: [EPSON Stylus CX3200 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P28 "EPSON Stylus CX3200 (Copy 1)" /O6 "USB002" /M "Stylus CX3200"
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [sFoh3pR] fxasl1.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /M "Stylus CX5400" /EF "HKCU"
O4 - HKCU\..\Run: [GoodAIM] C:\Program Files\GoodAIM\GoodAIM\GoodAIM.exe
O4 - HKCU\..\Run: [do7nRfdtS] fsumeng.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....738&clcid=0x409O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://download.mcaf...83/mcinsctl.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://download.mcaf...,20/mcgdmgr.cabO16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_03) -
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: EpsonBidirectionalService - Unknown - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NICSer_WPC54G - Unknown - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
thank you so much for your help.