L2mfix 032106
Creating Account.
The command completed successfully.
Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINNT\system32
Killing Processes!
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003
Craig.Peacock@beyondlogic.org
Killing PID 164 'smss.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003
Craig.Peacock@beyondlogic.org
Killing PID 212 'winlogon.exe'
Killing PID 212 'winlogon.exe'
Error 0x5 : Access is denied.
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003
Craig.Peacock@beyondlogic.org
Killing PID 1508 'explorer.exe'
Killing PID 1508 'explorer.exe'
Error 0x6 : The handle is invalid.
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003
Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
Deleting: C:\WINNT\system32\dwcprop.dll
Successfully Deleted: C:\WINNT\system32\dwcprop.dll
Deleting: C:\WINNT\system32\hrn4055qe.dll
Successfully Deleted: C:\WINNT\system32\hrn4055qe.dll
Deleting: C:\WINNT\system32\ir44l5hq1.dll
Successfully Deleted: C:\WINNT\system32\ir44l5hq1.dll
Deleting: C:\WINNT\system32\lbgdrive.dll
Successfully Deleted: C:\WINNT\system32\lbgdrive.dll
msg11?.dll
0 file(s) copied.
Restoring Windows Update Certificates.:
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Uninstall]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINNT\\system32\\ir44l5hq1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000
The following are the files found:
****************************************************************************
C:\WINNT\system32\dwcprop.dll
C:\WINNT\system32\hrn4055qe.dll
C:\WINNT\system32\ir44l5hq1.dll
C:\WINNT\system32\lbgdrive.dll
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{DEDC2942-D943-428B-8E1B-3F66CB910913}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DEDC2942-D943-428B-8E1B-3F66CB910913}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DEDC2942-D943-428B-8E1B-3F66CB910913}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DEDC2942-D943-428B-8E1B-3F66CB910913}\InprocServer32]
@="C:\\WINNT\\system32\\hmoipt07.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{4C77675C-754D-4BC8-B1D7-A2D01BD260C8}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4C77675C-754D-4BC8-B1D7-A2D01BD260C8}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4C77675C-754D-4BC8-B1D7-A2D01BD260C8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4C77675C-754D-4BC8-B1D7-A2D01BD260C8}\InprocServer32]
@="C:\\WINNT\\system32\\wypdinfo.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{573A665E-FE89-48DE-B2CD-10FED8334EDC}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{573A665E-FE89-48DE-B2CD-10FED8334EDC}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{573A665E-FE89-48DE-B2CD-10FED8334EDC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{573A665E-FE89-48DE-B2CD-10FED8334EDC}\InprocServer32]
@="C:\\WINNT\\system32\\SPMedia.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{FFEEC716-260C-4CCF-B2FE-561F3A616377}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{FFEEC716-260C-4CCF-B2FE-561F3A616377}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{FFEEC716-260C-4CCF-B2FE-561F3A616377}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{FFEEC716-260C-4CCF-B2FE-561F3A616377}\InprocServer32]
@="C:\\WINNT\\system32\\cputil.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{6252E623-5254-4E46-B93D-A750253CBA34}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{6252E623-5254-4E46-B93D-A750253CBA34}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{6252E623-5254-4E46-B93D-A750253CBA34}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{6252E623-5254-4E46-B93D-A750253CBA34}\InprocServer32]
@="C:\\WINNT\\system32\\ngmsdba.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{511C624C-9DB1-4AF7-9212-90A7004AF53B}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{511C624C-9DB1-4AF7-9212-90A7004AF53B}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{511C624C-9DB1-4AF7-9212-90A7004AF53B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{511C624C-9DB1-4AF7-9212-90A7004AF53B}\InprocServer32]
@="C:\\WINNT\\system32\\wwhext.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{12CC9FCB-2B25-4ECD-9C84-02AA776645D0}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{12CC9FCB-2B25-4ECD-9C84-02AA776645D0}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{12CC9FCB-2B25-4ECD-9C84-02AA776645D0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{12CC9FCB-2B25-4ECD-9C84-02AA776645D0}\InprocServer32]
@="C:\\WINNT\\system32\\UXIB.DLL"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{FD117A0F-5F8E-42FD-ACAE-95F9EA07CEE9}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{FD117A0F-5F8E-42FD-ACAE-95F9EA07CEE9}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{FD117A0F-5F8E-42FD-ACAE-95F9EA07CEE9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{FD117A0F-5F8E-42FD-ACAE-95F9EA07CEE9}\InprocServer32]
@="C:\\WINNT\\system32\\kpdusx.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{47ADB389-6C75-4FEE-A9BF-EA35F4A5E81A}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{47ADB389-6C75-4FEE-A9BF-EA35F4A5E81A}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{47ADB389-6C75-4FEE-A9BF-EA35F4A5E81A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{47ADB389-6C75-4FEE-A9BF-EA35F4A5E81A}\InprocServer32]
@="C:\\WINNT\\system32\\rtfsaps.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{B7FE39AE-C61F-4011-A4A4-EDBD998FECDE}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B7FE39AE-C61F-4011-A4A4-EDBD998FECDE}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B7FE39AE-C61F-4011-A4A4-EDBD998FECDE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B7FE39AE-C61F-4011-A4A4-EDBD998FECDE}\InprocServer32]
@="C:\\WINNT\\system32\\EX00str.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{8B5E1DC9-9878-4073-AD31-9389404C4CF6}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8B5E1DC9-9878-4073-AD31-9389404C4CF6}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8B5E1DC9-9878-4073-AD31-9389404C4CF6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8B5E1DC9-9878-4073-AD31-9389404C4CF6}\InprocServer32]
@="C:\\WINNT\\system32\\kgduk.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{73E75D28-DF4E-439E-89D4-34E2E117C285}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{73E75D28-DF4E-439E-89D4-34E2E117C285}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{73E75D28-DF4E-439E-89D4-34E2E117C285}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{73E75D28-DF4E-439E-89D4-34E2E117C285}\InprocServer32]
@="C:\\WINNT\\system32\\rihx32.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{361A4008-6397-4E69-93A4-0107EBC57E52}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{361A4008-6397-4E69-93A4-0107EBC57E52}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{361A4008-6397-4E69-93A4-0107EBC57E52}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{361A4008-6397-4E69-93A4-0107EBC57E52}\InprocServer32]
@="C:\\WINNT\\system32\\muhcp.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{106371F8-A250-4C92-9D68-4C02826892A5}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{106371F8-A250-4C92-9D68-4C02826892A5}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{106371F8-A250-4C92-9D68-4C02826892A5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{106371F8-A250-4C92-9D68-4C02826892A5}\InprocServer32]
@="C:\\WINNT\\system32\\pyxdll.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{501E6BC9-925A-4A62-A60D-F5BBA62C0849}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{501E6BC9-925A-4A62-A60D-F5BBA62C0849}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{501E6BC9-925A-4A62-A60D-F5BBA62C0849}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{501E6BC9-925A-4A62-A60D-F5BBA62C0849}\InprocServer32]
@="C:\\WINNT\\system32\\skesrv.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{B1D9CF81-CA84-47F0-BA6A-C1794F493B60}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B1D9CF81-CA84-47F0-BA6A-C1794F493B60}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B1D9CF81-CA84-47F0-BA6A-C1794F493B60}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B1D9CF81-CA84-47F0-BA6A-C1794F493B60}\InprocServer32]
@="C:\\WINNT\\system32\\lbgdrive.dll"
"ThreadingModel"="Apartment"
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{DEDC2942-D943-428B-8E1B-3F66CB910913}"=-
"{31E3AA92-9744-4127-8CCA-7E74726B3DC6}"=-
"{4C77675C-754D-4BC8-B1D7-A2D01BD260C8}"=-
"{5A042B57-D1AB-4745-A02A-676A61D3B71E}"=-
"{573A665E-FE89-48DE-B2CD-10FED8334EDC}"=-
"{FFEEC716-260C-4CCF-B2FE-561F3A616377}"=-
"{BCB7D9A8-5F91-4C7B-9F1E-3C4C0B89F8B1}"=-
"{8AC2E294-ADCA-46EC-8956-95EEB4841B67}"=-
"{6252E623-5254-4E46-B93D-A750253CBA34}"=-
"{45840508-46D1-4031-A21D-151C5EBEFF39}"=-
"{511C624C-9DB1-4AF7-9212-90A7004AF53B}"=-
"{12CC9FCB-2B25-4ECD-9C84-02AA776645D0}"=-
"{DA8598CA-E605-429A-82EB-007752AE287C}"=-
"{FD117A0F-5F8E-42FD-ACAE-95F9EA07CEE9}"=-
"{47ADB389-6C75-4FEE-A9BF-EA35F4A5E81A}"=-
"{B7FE39AE-C61F-4011-A4A4-EDBD998FECDE}"=-
"{8B5E1DC9-9878-4073-AD31-9389404C4CF6}"=-
"{73E75D28-DF4E-439E-89D4-34E2E117C285}"=-
"{361A4008-6397-4E69-93A4-0107EBC57E52}"=-
"{106371F8-A250-4C92-9D68-4C02826892A5}"=-
"{501E6BC9-925A-4A62-A60D-F5BBA62C0849}"=-
"{B1D9CF81-CA84-47F0-BA6A-C1794F493B60}"=-
[-HKEY_CLASSES_ROOT\CLSID\{DEDC2942-D943-428B-8E1B-3F66CB910913}]
[-HKEY_CLASSES_ROOT\CLSID\{31E3AA92-9744-4127-8CCA-7E74726B3DC6}]
[-HKEY_CLASSES_ROOT\CLSID\{4C77675C-754D-4BC8-B1D7-A2D01BD260C8}]
[-HKEY_CLASSES_ROOT\CLSID\{5A042B57-D1AB-4745-A02A-676A61D3B71E}]
[-HKEY_CLASSES_ROOT\CLSID\{573A665E-FE89-48DE-B2CD-10FED8334EDC}]
[-HKEY_CLASSES_ROOT\CLSID\{FFEEC716-260C-4CCF-B2FE-561F3A616377}]
[-HKEY_CLASSES_ROOT\CLSID\{BCB7D9A8-5F91-4C7B-9F1E-3C4C0B89F8B1}]
[-HKEY_CLASSES_ROOT\CLSID\{8AC2E294-ADCA-46EC-8956-95EEB4841B67}]
[-HKEY_CLASSES_ROOT\CLSID\{6252E623-5254-4E46-B93D-A750253CBA34}]
[-HKEY_CLASSES_ROOT\CLSID\{45840508-46D1-4031-A21D-151C5EBEFF39}]
[-HKEY_CLASSES_ROOT\CLSID\{511C624C-9DB1-4AF7-9212-90A7004AF53B}]
[-HKEY_CLASSES_ROOT\CLSID\{12CC9FCB-2B25-4ECD-9C84-02AA776645D0}]
[-HKEY_CLASSES_ROOT\CLSID\{DA8598CA-E605-429A-82EB-007752AE287C}]
[-HKEY_CLASSES_ROOT\CLSID\{FD117A0F-5F8E-42FD-ACAE-95F9EA07CEE9}]
[-HKEY_CLASSES_ROOT\CLSID\{47ADB389-6C75-4FEE-A9BF-EA35F4A5E81A}]
[-HKEY_CLASSES_ROOT\CLSID\{B7FE39AE-C61F-4011-A4A4-EDBD998FECDE}]
[-HKEY_CLASSES_ROOT\CLSID\{8B5E1DC9-9878-4073-AD31-9389404C4CF6}]
[-HKEY_CLASSES_ROOT\CLSID\{73E75D28-DF4E-439E-89D4-34E2E117C285}]
[-HKEY_CLASSES_ROOT\CLSID\{361A4008-6397-4E69-93A4-0107EBC57E52}]
[-HKEY_CLASSES_ROOT\CLSID\{106371F8-A250-4C92-9D68-4C02826892A5}]
[-HKEY_CLASSES_ROOT\CLSID\{501E6BC9-925A-4A62-A60D-F5BBA62C0849}]
[-HKEY_CLASSES_ROOT\CLSID\{B1D9CF81-CA84-47F0-BA6A-C1794F493B60}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/dwcprop.dll (152 bytes security) (deflated 5%)
adding: dlls/hrn4055qe.dll (152 bytes security) (deflated 5%)
adding: dlls/ir44l5hq1.dll (152 bytes security) (deflated 4%)
adding: dlls/lbgdrive.dll (152 bytes security) (deflated 4%)
adding: backregs/106371F8-A250-4C92-9D68-4C02826892A5.reg (164 bytes security) (deflated 70%)
adding: backregs/12CC9FCB-2B25-4ECD-9C84-02AA776645D0.reg (164 bytes security) (deflated 70%)
adding: backregs/361A4008-6397-4E69-93A4-0107EBC57E52.reg (164 bytes security) (deflated 70%)
adding: backregs/47ADB389-6C75-4FEE-A9BF-EA35F4A5E81A.reg (164 bytes security) (deflated 70%)
adding: backregs/4C77675C-754D-4BC8-B1D7-A2D01BD260C8.reg (164 bytes security) (deflated 70%)
adding: backregs/501E6BC9-925A-4A62-A60D-F5BBA62C0849.reg (164 bytes security) (deflated 70%)
adding: backregs/511C624C-9DB1-4AF7-9212-90A7004AF53B.reg (164 bytes security) (deflated 70%)
adding: backregs/573A665E-FE89-48DE-B2CD-10FED8334EDC.reg (164 bytes security) (deflated 70%)
adding: backregs/6252E623-5254-4E46-B93D-A750253CBA34.reg (164 bytes security) (deflated 70%)
adding: backregs/73E75D28-DF4E-439E-89D4-34E2E117C285.reg (164 bytes security) (deflated 70%)
adding: backregs/8B5E1DC9-9878-4073-AD31-9389404C4CF6.reg (164 bytes security) (deflated 70%)
adding: backregs/B1D9CF81-CA84-47F0-BA6A-C1794F493B60.reg (164 bytes security) (deflated 70%)
adding: backregs/B7FE39AE-C61F-4011-A4A4-EDBD998FECDE.reg (164 bytes security) (deflated 70%)
adding: backregs/DEDC2942-D943-428B-8E1B-3F66CB910913.reg (164 bytes security) (deflated 70%)
adding: backregs/FD117A0F-5F8E-42FD-ACAE-95F9EA07CEE9.reg (164 bytes security) (deflated 70%)
adding: backregs/FFEEC716-260C-4CCF-B2FE-561F3A616377.reg (164 bytes security) (deflated 70%)
adding: backregs/notibac.reg (152 bytes security) (deflated 86%)
adding: backregs/shell.reg (152 bytes security) (deflated 74%)
--------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:12:59 PM, on 10/04/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\notepad.exe
C:\WINNT\essspk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\hphmon03.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Eraser\eraser.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Maxthon\maxthon.exe
C:\Program Files\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.ca
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINNT\system32\hphmon03.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
https://download.macromedia.com/pub/sho ... wflash.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) -
http://service.internic.ca/rnt/rnl/java/RntX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2EA18CF1-87B8-4EB0-B97A-C793AFAE8A7E}: NameServer = 209.171.52.133 66.38.173.67
O20 - Winlogon Notify: Uninstall - C:\WINNT\system32\ir44l5hq1.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver - HP - C:\WINNT\system32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe