here's the l2mfix log...
L2Mfix 1.02
Running From:
C:\Documents and Settings\cpetty\Desktop\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C access for really "Everyone"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- Everyone
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting up for Reboot
Starting Reboot!
C:\Documents and Settings\cpetty\Desktop\l2mfix
System Rebooted!
Running From:
C:\Documents and Settings\cpetty\Desktop\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Killing PID 1428 'explorer.exe'
Killing PID 1428 'explorer.exe'
Error 0x5 : Access is denied.
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Error, Cannot find a process with an image name of rundll32.exe
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: C:\WINNT\system32\dwrgres.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\h40qled51h0.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\iNsads.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\iprnonce.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\izfgnt5.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\kjdfr.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\MOIMRT32.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\mv28l9fu1.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\mypmsp.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\o8ns0i57e8.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\sccurity.dll
1 file(s) copied.
deleting: C:\WINNT\system32\dwrgres.dll
Successfully Deleted: C:\WINNT\system32\dwrgres.dll
deleting: C:\WINNT\system32\h40qled51h0.dll
Successfully Deleted: C:\WINNT\system32\h40qled51h0.dll
deleting: C:\WINNT\system32\iNsads.dll
Successfully Deleted: C:\WINNT\system32\iNsads.dll
deleting: C:\WINNT\system32\iprnonce.dll
Successfully Deleted: C:\WINNT\system32\iprnonce.dll
deleting: C:\WINNT\system32\izfgnt5.dll
Successfully Deleted: C:\WINNT\system32\izfgnt5.dll
deleting: C:\WINNT\system32\kjdfr.dll
Successfully Deleted: C:\WINNT\system32\kjdfr.dll
deleting: C:\WINNT\system32\MOIMRT32.DLL
Successfully Deleted: C:\WINNT\system32\MOIMRT32.DLL
deleting: C:\WINNT\system32\mv28l9fu1.dll
Successfully Deleted: C:\WINNT\system32\mv28l9fu1.dll
deleting: C:\WINNT\system32\mypmsp.dll
Successfully Deleted: C:\WINNT\system32\mypmsp.dll
deleting: C:\WINNT\system32\o8ns0i57e8.dll
Successfully Deleted: C:\WINNT\system32\o8ns0i57e8.dll
deleting: C:\WINNT\system32\sccurity.dll
Successfully Deleted: C:\WINNT\system32\sccurity.dll
Desktop.ini sucessfully removed
Zipping up files for submission:
adding: dwrgres.dll (152 bytes security) (deflated 4%)
adding: h40qled51h0.dll (152 bytes security) (deflated 4%)
adding: iNsads.dll (152 bytes security) (deflated 4%)
adding: iprnonce.dll (152 bytes security) (deflated 4%)
adding: izfgnt5.dll (152 bytes security) (deflated 4%)
adding: kjdfr.dll (152 bytes security) (deflated 3%)
adding: MOIMRT32.DLL (152 bytes security) (deflated 4%)
adding: mv28l9fu1.dll (152 bytes security) (deflated 4%)
adding: mypmsp.dll (152 bytes security) (deflated 4%)
adding: o8ns0i57e8.dll (152 bytes security) (deflated 3%)
adding: sccurity.dll (152 bytes security) (deflated 4%)
adding: cecho.reg (152 bytes security) (deflated 2%)
adding: clear.reg (152 bytes security) (deflated 56%)
adding: echo.reg (152 bytes security) (deflated 8%)
adding: desktop.ini (152 bytes security) (deflated 15%)
adding: direct.txt (152 bytes security) (stored 0%)
adding: lo2.txt (152 bytes security) (deflated 79%)
adding: readme.txt (152 bytes security) (deflated 49%)
adding: report.txt (152 bytes security) (deflated 64%)
adding: test.txt (152 bytes security) (deflated 70%)
adding: test2.txt (152 bytes security) (deflated 38%)
adding: xfind.txt (152 bytes security) (deflated 61%)
adding: backregs/4F7537C0-5038-48CE-96D1-BA76F3BEB442.reg (152 bytes security) (deflated 70%)
adding: backregs/547F1E78-F2C6-4913-B876-7EF412F20512.reg (152 bytes security) (deflated 70%)
adding: backregs/8D4BB44F-E0C1-421A-80C7-1A1BD917880C.reg (152 bytes security) (deflated 70%)
adding: backregs/B4BC69F8-D649-46D6-8DF1-D6AAE9462F42.reg (152 bytes security) (deflated 70%)
adding: backregs/CEE52088-5E86-409B-A446-E3D5A4109584.reg (152 bytes security) (deflated 71%)
adding: backregs/shell.reg (152 bytes security) (deflated 74%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for really "Everyone"
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful
deleting local copy: dwrgres.dll
deleting local copy: h40qled51h0.dll
deleting local copy: iNsads.dll
deleting local copy: iprnonce.dll
deleting local copy: izfgnt5.dll
deleting local copy: kjdfr.dll
deleting local copy: MOIMRT32.DLL
deleting local copy: mv28l9fu1.dll
deleting local copy: mypmsp.dll
deleting local copy: o8ns0i57e8.dll
deleting local copy: sccurity.dll
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
"Logoff"="NavLogoffEvent"
"DllName"="C:\\WINNT\\system32\\NavLogon.dll"
"StartShell"="NavStartShellEvent"
The following are the files found:
****************************************************************************
C:\WINNT\system32\dwrgres.dll
C:\WINNT\system32\h40qled51h0.dll
C:\WINNT\system32\iNsads.dll
C:\WINNT\system32\iprnonce.dll
C:\WINNT\system32\izfgnt5.dll
C:\WINNT\system32\kjdfr.dll
C:\WINNT\system32\MOIMRT32.DLL
C:\WINNT\system32\mv28l9fu1.dll
C:\WINNT\system32\mypmsp.dll
C:\WINNT\system32\o8ns0i57e8.dll
C:\WINNT\system32\sccurity.dll
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{4F7537C0-5038-48CE-96D1-BA76F3BEB442}"=-
"{547F1E78-F2C6-4913-B876-7EF412F20512}"=-
"{CEE52088-5E86-409B-A446-E3D5A4109584}"=-
"{8D4BB44F-E0C1-421A-80C7-1A1BD917880C}"=-
"{B4BC69F8-D649-46D6-8DF1-D6AAE9462F42}"=-
[-HKEY_CLASSES_ROOT\CLSID\{4F7537C0-5038-48CE-96D1-BA76F3BEB442}]
[-HKEY_CLASSES_ROOT\CLSID\{547F1E78-F2C6-4913-B876-7EF412F20512}]
[-HKEY_CLASSES_ROOT\CLSID\{CEE52088-5E86-409B-A446-E3D5A4109584}]
[-HKEY_CLASSES_ROOT\CLSID\{8D4BB44F-E0C1-421A-80C7-1A1BD917880C}]
[-HKEY_CLASSES_ROOT\CLSID\{B4BC69F8-D649-46D6-8DF1-D6AAE9462F42}]
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{F35A4199-3A3F-46F0-A3D6-61F87AFD6BFF}"=-
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
<IDone>{F35A4199-3A3F-46F0-A3D6-61F87AFD6BFF}</IDone>
<IDtwo>VT09</IDtwo>
<VERSION>200</VERSION>
****************************************************************************
Classid's found from regsearch:
****************************************************************************
here's the hijackthis log...
Logfile of HijackThis v1.99.0
Scan saved at 8:17:58 AM, on 1/26/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\kuqoqu.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\carpserv.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\Logi_MwX.Exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\CommonTime\mNotes\CdzSvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
C:\Program Files\CommonTime\mNotes\cadenza.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\cpetty\My Documents\Misc Files\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.insidenci...spHome?OpenFormR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lotus Sametime Connect] C:\Program Files\lotus\Sametime Client\Connect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Cadenza] C:\Program Files\CommonTime\mNotes\CdzSvc.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: TurboNote.lnk = C:\Program Files\TurboNote\tbnote.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\winnt\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\dolsp.dll
O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\NPssView.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
https://components.v...unknownO16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) -
http://nciqp01.insidenci.com/qp2.cabO16 - DPF: {38135E75-34A9-49EC-B83D-9F9A31877CA0} (DLITools.Uploader) -
http://www.insidenci...IUploaderV2.CABO16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) -
http://ncimail01.ins...com/iNotes6.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by22fd.bay22....es/MsnPUpld.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.r...ip/RdxIE601.cabO16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
http://www.nick.com/.../GrooveAX27.cabO16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) -
http://das.microsoft...tail/DASAct.cabO16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
https://tep.navigant...sxml/msxml4.cabO16 - DPF: {8A9AE4F4-7651-4484-A877-B126009B8C7B} (DLITools.ThingFactory) -
http://www.insidenci...hingFactory.CABO16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -
https://h17000.www1....loadManager.ocxO16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
http://us.dl1.yimg.c...utocomplete.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
https://themeetingso...bex/ieatgpc.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nciwin.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nciwin.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = nciwin.local
O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe
thanks,
Chris