Ok just did what you instructed me and here are my results.
L2mfix 010406
Creating Account.
The command completed successfully.
Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\system32
Killing Processes!
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003
Craig.Peacock@beyondlogic.org
Killing PID 512 'smss.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003
Craig.Peacock@beyondlogic.org
Killing PID 596 'winlogon.exe'
Killing PID 596 'winlogon.exe'
Killing PID 596 'winlogon.exe'
Killing PID 596 'winlogon.exe'
Killing PID 596 'winlogon.exe'
Killing PID 596 'winlogon.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003
Craig.Peacock@beyondlogic.org
Killing PID 3740 'explorer.exe'
Killing PID 3740 'explorer.exe'
Killing PID 3740 'explorer.exe'
Killing PID 3740 'explorer.exe'
Killing PID 3740 'explorer.exe'
Killing PID 3740 'explorer.exe'
Killing PID 3740 'explorer.exe'
Killing PID 3740 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003
Craig.Peacock@beyondlogic.org
Killing PID 3524 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
Deleting: C:\WINDOWS\system32\avsnt.dll
Successfully Deleted: C:\WINDOWS\system32\avsnt.dll
Deleting: C:\WINDOWS\system32\d6j0lg1m16.dll
Successfully Deleted: C:\WINDOWS\system32\d6j0lg1m16.dll
Deleting: C:\WINDOWS\system32\ddquery.dll
Successfully Deleted: C:\WINDOWS\system32\ddquery.dll
Deleting: C:\WINDOWS\system32\dpmstor.dll
Successfully Deleted: C:\WINDOWS\system32\dpmstor.dll
Deleting: C:\WINDOWS\system32\dy16gt.dLL
Successfully Deleted: C:\WINDOWS\system32\dy16gt.dLL
Deleting: C:\WINDOWS\system32\en64l1jq1.dll
Successfully Deleted: C:\WINDOWS\system32\en64l1jq1.dll
Deleting: C:\WINDOWS\system32\en8ul1l91.dll
Successfully Deleted: C:\WINDOWS\system32\en8ul1l91.dll
Deleting: C:\WINDOWS\system32\enjol1131.dll
Successfully Deleted: C:\WINDOWS\system32\enjol1131.dll
Deleting: C:\WINDOWS\system32\f0l00a3med.dll
Successfully Deleted: C:\WINDOWS\system32\f0l00a3med.dll
Deleting: C:\WINDOWS\system32\gjkrsrc.dll
Successfully Deleted: C:\WINDOWS\system32\gjkrsrc.dll
Deleting: C:\WINDOWS\system32\gp84l3lq1.dll
Successfully Deleted: C:\WINDOWS\system32\gp84l3lq1.dll
Deleting: C:\WINDOWS\system32\gpp6l37s1.dll
Successfully Deleted: C:\WINDOWS\system32\gpp6l37s1.dll
Deleting: C:\WINDOWS\system32\h0n00a5med.dll
Successfully Deleted: C:\WINDOWS\system32\h0n00a5med.dll
Deleting: C:\WINDOWS\system32\h24mlch11f4.dll
Successfully Deleted: C:\WINDOWS\system32\h24mlch11f4.dll
Deleting: C:\WINDOWS\system32\hrnm0551e.dll
Successfully Deleted: C:\WINDOWS\system32\hrnm0551e.dll
Deleting: C:\WINDOWS\system32\hrp0057me.dll
Successfully Deleted: C:\WINDOWS\system32\hrp0057me.dll
Deleting: C:\WINDOWS\system32\i4060edseh060.dll
Successfully Deleted: C:\WINDOWS\system32\i4060edseh060.dll
Deleting: C:\WINDOWS\system32\i460lejm1hoa.dll
Successfully Deleted: C:\WINDOWS\system32\i460lejm1hoa.dll
Deleting: C:\WINDOWS\system32\i4jq0e15eh.dll
Successfully Deleted: C:\WINDOWS\system32\i4jq0e15eh.dll
Deleting: C:\WINDOWS\system32\ir04l5dq1.dll
Successfully Deleted: C:\WINDOWS\system32\ir04l5dq1.dll
Deleting: C:\WINDOWS\system32\irlul5391.dll
Successfully Deleted: C:\WINDOWS\system32\irlul5391.dll
Deleting: C:\WINDOWS\system32\jt6807jue.dll
Successfully Deleted: C:\WINDOWS\system32\jt6807jue.dll
Deleting: C:\WINDOWS\system32\jt8407lqe.dll
Successfully Deleted: C:\WINDOWS\system32\jt8407lqe.dll
Deleting: C:\WINDOWS\system32\k6080gdue6080.dll
Successfully Deleted: C:\WINDOWS\system32\k6080gdue6080.dll
Deleting: C:\WINDOWS\system32\krdcr.dll
Successfully Deleted: C:\WINDOWS\system32\krdcr.dll
Deleting: C:\WINDOWS\system32\ktn6l75s1.dll
Successfully Deleted: C:\WINDOWS\system32\ktn6l75s1.dll
Deleting: C:\WINDOWS\system32\l60ulgd9160.dll
Successfully Deleted: C:\WINDOWS\system32\l60ulgd9160.dll
Deleting: C:\WINDOWS\system32\lpcalsec.dll
Successfully Deleted: C:\WINDOWS\system32\lpcalsec.dll
Deleting: C:\WINDOWS\system32\lvr8099ue.dll
Successfully Deleted: C:\WINDOWS\system32\lvr8099ue.dll
Deleting: C:\WINDOWS\system32\m6ju0g19e6.dll
Successfully Deleted: C:\WINDOWS\system32\m6ju0g19e6.dll
Deleting: C:\WINDOWS\system32\mhexcl40.dll
Successfully Deleted: C:\WINDOWS\system32\mhexcl40.dll
Deleting: C:\WINDOWS\system32\mjcorier.dll
Successfully Deleted: C:\WINDOWS\system32\mjcorier.dll
Deleting: C:\WINDOWS\system32\mv0ol9d31.dll
Successfully Deleted: C:\WINDOWS\system32\mv0ol9d31.dll
Deleting: C:\WINDOWS\system32\mxrd3x40.dll
Successfully Deleted: C:\WINDOWS\system32\mxrd3x40.dll
Deleting: C:\WINDOWS\system32\nelanman.dll
Successfully Deleted: C:\WINDOWS\system32\nelanman.dll
Deleting: C:\WINDOWS\system32\o0pqla751d.dll
Successfully Deleted: C:\WINDOWS\system32\o0pqla751d.dll
Deleting: C:\WINDOWS\system32\p0p60a7sed.dll
Successfully Deleted: C:\WINDOWS\system32\p0p60a7sed.dll
Deleting: C:\WINDOWS\system32\p24ulch91f4.dll
Successfully Deleted: C:\WINDOWS\system32\p24ulch91f4.dll
Deleting: C:\WINDOWS\system32\pHpgraph.dll
Successfully Deleted: C:\WINDOWS\system32\pHpgraph.dll
Deleting: C:\WINDOWS\system32\r08slal71dq.dll
Successfully Deleted: C:\WINDOWS\system32\r08slal71dq.dll
Deleting: C:\WINDOWS\system32\rGsppp.dll
Successfully Deleted: C:\WINDOWS\system32\rGsppp.dll
Deleting: C:\WINDOWS\system32\rnvpmsg.dll
Successfully Deleted: C:\WINDOWS\system32\rnvpmsg.dll
Deleting: C:\WINDOWS\system32\t08u0al9edq.dll
Successfully Deleted: C:\WINDOWS\system32\t08u0al9edq.dll
Deleting: C:\WINDOWS\system32\ugl.dll
Successfully Deleted: C:\WINDOWS\system32\ugl.dll
msg11?.dll
0 file(s) copied.
Restoring Windows Update Certificates.:
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\jt6807jue.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\avsnt.dll
C:\WINDOWS\system32\d6j0lg1m16.dll
C:\WINDOWS\system32\ddquery.dll
C:\WINDOWS\system32\dpmstor.dll
C:\WINDOWS\system32\dy16gt.dLL
C:\WINDOWS\system32\en64l1jq1.dll
C:\WINDOWS\system32\en8ul1l91.dll
C:\WINDOWS\system32\enjol1131.dll
C:\WINDOWS\system32\f0l00a3med.dll
C:\WINDOWS\system32\gjkrsrc.dll
C:\WINDOWS\system32\gp84l3lq1.dll
C:\WINDOWS\system32\gpp6l37s1.dll
C:\WINDOWS\system32\h0n00a5med.dll
C:\WINDOWS\system32\h24mlch11f4.dll
C:\WINDOWS\system32\hrnm0551e.dll
C:\WINDOWS\system32\hrp0057me.dll
C:\WINDOWS\system32\i4060edseh060.dll
C:\WINDOWS\system32\i460lejm1hoa.dll
C:\WINDOWS\system32\i4jq0e15eh.dll
C:\WINDOWS\system32\ir04l5dq1.dll
C:\WINDOWS\system32\irlul5391.dll
C:\WINDOWS\system32\jt6807jue.dll
C:\WINDOWS\system32\jt8407lqe.dll
C:\WINDOWS\system32\k6080gdue6080.dll
C:\WINDOWS\system32\krdcr.dll
C:\WINDOWS\system32\ktn6l75s1.dll
C:\WINDOWS\system32\l60ulgd9160.dll
C:\WINDOWS\system32\lpcalsec.dll
C:\WINDOWS\system32\lvr8099ue.dll
C:\WINDOWS\system32\m6ju0g19e6.dll
C:\WINDOWS\system32\mhexcl40.dll
C:\WINDOWS\system32\mjcorier.dll
C:\WINDOWS\system32\mv0ol9d31.dll
C:\WINDOWS\system32\mxrd3x40.dll
C:\WINDOWS\system32\nelanman.dll
C:\WINDOWS\system32\o0pqla751d.dll
C:\WINDOWS\system32\p0p60a7sed.dll
C:\WINDOWS\system32\p24ulch91f4.dll
C:\WINDOWS\system32\pHpgraph.dll
C:\WINDOWS\system32\r08slal71dq.dll
C:\WINDOWS\system32\rGsppp.dll
C:\WINDOWS\system32\rnvpmsg.dll
C:\WINDOWS\system32\t08u0al9edq.dll
C:\WINDOWS\system32\ugl.dll
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{8D3AF1D7-986C-4B8B-B21B-CBD32FC659B3}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8D3AF1D7-986C-4B8B-B21B-CBD32FC659B3}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8D3AF1D7-986C-4B8B-B21B-CBD32FC659B3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8D3AF1D7-986C-4B8B-B21B-CBD32FC659B3}\InprocServer32]
@="C:\\WINDOWS\\system32\\whwfaxui.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{6B172929-E998-4E8D-B038-904543FA36A9}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{6B172929-E998-4E8D-B038-904543FA36A9}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{6B172929-E998-4E8D-B038-904543FA36A9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{6B172929-E998-4E8D-B038-904543FA36A9}\InprocServer32]
@="C:\\WINDOWS\\system32\\cobjmon.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{542F7EB2-F84F-4E3C-8356-7C9ED3B24135}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{542F7EB2-F84F-4E3C-8356-7C9ED3B24135}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{542F7EB2-F84F-4E3C-8356-7C9ED3B24135}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{542F7EB2-F84F-4E3C-8356-7C9ED3B24135}\InprocServer32]
@="C:\\WINDOWS\\system32\\dQd9.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{94180108-BDB9-4C1A-A519-90ADAE0B8DF6}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{94180108-BDB9-4C1A-A519-90ADAE0B8DF6}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{94180108-BDB9-4C1A-A519-90ADAE0B8DF6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{94180108-BDB9-4C1A-A519-90ADAE0B8DF6}\InprocServer32]
@="C:\\WINDOWS\\system32\\mxapsspc.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{2B7AEB8F-E6C5-46FA-9A94-9DD491EA9189}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2B7AEB8F-E6C5-46FA-9A94-9DD491EA9189}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2B7AEB8F-E6C5-46FA-9A94-9DD491EA9189}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2B7AEB8F-E6C5-46FA-9A94-9DD491EA9189}\InprocServer32]
@="C:\\WINDOWS\\system32\\rnvpmsg.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{E708D47B-17F1-4751-8A0F-799C1754B3B9}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E708D47B-17F1-4751-8A0F-799C1754B3B9}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E708D47B-17F1-4751-8A0F-799C1754B3B9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E708D47B-17F1-4751-8A0F-799C1754B3B9}\InprocServer32]
@="C:\\WINDOWS\\system32\\lpcalsec.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{76DF4805-E5DC-40F1-BE65-3A2800E585F2}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{76DF4805-E5DC-40F1-BE65-3A2800E585F2}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{76DF4805-E5DC-40F1-BE65-3A2800E585F2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{76DF4805-E5DC-40F1-BE65-3A2800E585F2}\InprocServer32]
@="C:\\WINDOWS\\system32\\nelanman.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{B7CFD13D-3164-4A7F-B52E-7271E250B792}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B7CFD13D-3164-4A7F-B52E-7271E250B792}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B7CFD13D-3164-4A7F-B52E-7271E250B792}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B7CFD13D-3164-4A7F-B52E-7271E250B792}\InprocServer32]
@="C:\\WINDOWS\\system32\\mhexcl40.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{3C40EEF2-7075-460E-83A0-FBAA2DEF4774}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3C40EEF2-7075-460E-83A0-FBAA2DEF4774}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3C40EEF2-7075-460E-83A0-FBAA2DEF4774}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3C40EEF2-7075-460E-83A0-FBAA2DEF4774}\InprocServer32]
@="C:\\WINDOWS\\system32\\cimsnap.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{227B50D6-80B1-4A51-89A8-BF7D515B3BDF}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{227B50D6-80B1-4A51-89A8-BF7D515B3BDF}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{227B50D6-80B1-4A51-89A8-BF7D515B3BDF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{227B50D6-80B1-4A51-89A8-BF7D515B3BDF}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{52B3FBD9-13B6-4489-9341-B32DC61C2620}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{52B3FBD9-13B6-4489-9341-B32DC61C2620}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{52B3FBD9-13B6-4489-9341-B32DC61C2620}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{52B3FBD9-13B6-4489-9341-B32DC61C2620}\InprocServer32]
@="C:\\WINDOWS\\system32\\ugl.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{16D7F218-5FC8-43E4-B53E-17229F849963}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{16D7F218-5FC8-43E4-B53E-17229F849963}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{16D7F218-5FC8-43E4-B53E-17229F849963}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{16D7F218-5FC8-43E4-B53E-17229F849963}\InprocServer32]
@="C:\\WINDOWS\\system32\\dpmstor.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{77399226-C1EC-4D99-98D3-47FCDB7F9470}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{77399226-C1EC-4D99-98D3-47FCDB7F9470}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{77399226-C1EC-4D99-98D3-47FCDB7F9470}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{77399226-C1EC-4D99-98D3-47FCDB7F9470}\InprocServer32]
@="C:\\WINDOWS\\system32\\gjkrsrc.dll"
"ThreadingModel"="Apartment"
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{8D3AF1D7-986C-4B8B-B21B-CBD32FC659B3}"=-
"{6B172929-E998-4E8D-B038-904543FA36A9}"=-
"{542F7EB2-F84F-4E3C-8356-7C9ED3B24135}"=-
"{94180108-BDB9-4C1A-A519-90ADAE0B8DF6}"=-
"{2B7AEB8F-E6C5-46FA-9A94-9DD491EA9189}"=-
"{E708D47B-17F1-4751-8A0F-799C1754B3B9}"=-
"{76DF4805-E5DC-40F1-BE65-3A2800E585F2}"=-
"{B7CFD13D-3164-4A7F-B52E-7271E250B792}"=-
"{3C40EEF2-7075-460E-83A0-FBAA2DEF4774}"=-
"{227B50D6-80B1-4A51-89A8-BF7D515B3BDF}"=-
"{52B3FBD9-13B6-4489-9341-B32DC61C2620}"=-
"{16D7F218-5FC8-43E4-B53E-17229F849963}"=-
"{77399226-C1EC-4D99-98D3-47FCDB7F9470}"=-
[-HKEY_CLASSES_ROOT\CLSID\{8D3AF1D7-986C-4B8B-B21B-CBD32FC659B3}]
[-HKEY_CLASSES_ROOT\CLSID\{6B172929-E998-4E8D-B038-904543FA36A9}]
[-HKEY_CLASSES_ROOT\CLSID\{542F7EB2-F84F-4E3C-8356-7C9ED3B24135}]
[-HKEY_CLASSES_ROOT\CLSID\{94180108-BDB9-4C1A-A519-90ADAE0B8DF6}]
[-HKEY_CLASSES_ROOT\CLSID\{2B7AEB8F-E6C5-46FA-9A94-9DD491EA9189}]
[-HKEY_CLASSES_ROOT\CLSID\{E708D47B-17F1-4751-8A0F-799C1754B3B9}]
[-HKEY_CLASSES_ROOT\CLSID\{76DF4805-E5DC-40F1-BE65-3A2800E585F2}]
[-HKEY_CLASSES_ROOT\CLSID\{B7CFD13D-3164-4A7F-B52E-7271E250B792}]
[-HKEY_CLASSES_ROOT\CLSID\{3C40EEF2-7075-460E-83A0-FBAA2DEF4774}]
[-HKEY_CLASSES_ROOT\CLSID\{227B50D6-80B1-4A51-89A8-BF7D515B3BDF}]
[-HKEY_CLASSES_ROOT\CLSID\{52B3FBD9-13B6-4489-9341-B32DC61C2620}]
[-HKEY_CLASSES_ROOT\CLSID\{16D7F218-5FC8-43E4-B53E-17229F849963}]
[-HKEY_CLASSES_ROOT\CLSID\{77399226-C1EC-4D99-98D3-47FCDB7F9470}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/avsnt.dll (188 bytes security) (deflated 5%)
adding: dlls/d6j0lg1m16.dll (188 bytes security) (deflated 5%)
adding: dlls/ddquery.dll (188 bytes security) (deflated 5%)
adding: dlls/dpmstor.dll (188 bytes security) (deflated 5%)
adding: dlls/dy16gt.dLL (188 bytes security) (deflated 5%)
adding: dlls/en64l1jq1.dll (188 bytes security) (deflated 5%)
adding: dlls/en8ul1l91.dll (188 bytes security) (deflated 4%)
adding: dlls/enjol1131.dll (188 bytes security) (deflated 5%)
adding: dlls/f0l00a3med.dll (188 bytes security) (deflated 4%)
adding: dlls/gjkrsrc.dll (188 bytes security) (deflated 5%)
adding: dlls/gp84l3lq1.dll (188 bytes security) (deflated 5%)
adding: dlls/gpp6l37s1.dll (188 bytes security) (deflated 6%)
adding: dlls/h0n00a5med.dll (188 bytes security) (deflated 5%)
adding: dlls/h24mlch11f4.dll (188 bytes security) (deflated 5%)
adding: dlls/hrnm0551e.dll (188 bytes security) (deflated 5%)
adding: dlls/hrp0057me.dll (188 bytes security) (deflated 4%)
adding: dlls/i4060edseh060.dll (188 bytes security) (deflated 5%)
adding: dlls/i460lejm1hoa.dll (188 bytes security) (deflated 5%)
adding: dlls/i4jq0e15eh.dll (188 bytes security) (deflated 5%)
adding: dlls/ir04l5dq1.dll (188 bytes security) (deflated 5%)
adding: dlls/irlul5391.dll (188 bytes security) (deflated 4%)
adding: dlls/jt6807jue.dll (188 bytes security) (deflated 5%)
adding: dlls/jt8407lqe.dll (188 bytes security) (deflated 5%)
adding: dlls/k6080gdue6080.dll (188 bytes security) (deflated 5%)
adding: dlls/krdcr.dll (188 bytes security) (deflated 5%)
adding: dlls/ktn6l75s1.dll (188 bytes security) (deflated 5%)
adding: dlls/l60ulgd9160.dll (188 bytes security) (deflated 5%)
adding: dlls/lpcalsec.dll (188 bytes security) (deflated 5%)
adding: dlls/lvr8099ue.dll (188 bytes security) (deflated 6%)
adding: dlls/m6ju0g19e6.dll (188 bytes security) (deflated 5%)
adding: dlls/mhexcl40.dll (188 bytes security) (deflated 5%)
adding: dlls/mjcorier.dll (188 bytes security) (deflated 5%)
adding: dlls/mv0ol9d31.dll (188 bytes security) (deflated 5%)
adding: dlls/mxrd3x40.dll (188 bytes security) (deflated 5%)
adding: dlls/nelanman.dll (188 bytes security) (deflated 5%)
adding: dlls/o0pqla751d.dll (188 bytes security) (deflated 4%)
adding: dlls/p0p60a7sed.dll (188 bytes security) (deflated 5%)
adding: dlls/p24ulch91f4.dll (188 bytes security) (deflated 6%)
adding: dlls/pHpgraph.dll (188 bytes security) (deflated 5%)
adding: dlls/r08slal71dq.dll (188 bytes security) (deflated 4%)
adding: dlls/rGsppp.dll (188 bytes security) (deflated 5%)
adding: dlls/rnvpmsg.dll (188 bytes security) (deflated 5%)
adding: dlls/t08u0al9edq.dll (188 bytes security) (deflated 5%)
adding: dlls/ugl.dll (188 bytes security) (deflated 5%)
adding: backregs/16D7F218-5FC8-43E4-B53E-17229F849963.reg (188 bytes security) (deflated 70%)
adding: backregs/227B50D6-80B1-4A51-89A8-BF7D515B3BDF.reg (188 bytes security) (deflated 70%)
adding: backregs/2B7AEB8F-E6C5-46FA-9A94-9DD491EA9189.reg (188 bytes security) (deflated 70%)
adding: backregs/3C40EEF2-7075-460E-83A0-FBAA2DEF4774.reg (188 bytes security) (deflated 70%)
adding: backregs/52B3FBD9-13B6-4489-9341-B32DC61C2620.reg (188 bytes security) (deflated 70%)
adding: backregs/542F7EB2-F84F-4E3C-8356-7C9ED3B24135.reg (188 bytes security) (deflated 70%)
adding: backregs/6B172929-E998-4E8D-B038-904543FA36A9.reg (188 bytes security) (deflated 70%)
adding: backregs/76DF4805-E5DC-40F1-BE65-3A2800E585F2.reg (188 bytes security) (deflated 70%)
adding: backregs/77399226-C1EC-4D99-98D3-47FCDB7F9470.reg (188 bytes security) (deflated 70%)
adding: backregs/8D3AF1D7-986C-4B8B-B21B-CBD32FC659B3.reg (188 bytes security) (deflated 70%)
adding: backregs/94180108-BDB9-4C1A-A519-90ADAE0B8DF6.reg (188 bytes security) (deflated 70%)
adding: backregs/B7CFD13D-3164-4A7F-B52E-7271E250B792.reg (188 bytes security) (deflated 70%)
adding: backregs/E708D47B-17F1-4751-8A0F-799C1754B3B9.reg (188 bytes security) (deflated 70%)
adding: backregs/notibac.reg (188 bytes security) (deflated 87%)
adding: backregs/shell.reg (188 bytes security) (deflated 73%)
And my new HJT
Logfile of HijackThis v1.99.1
Scan saved at 6:08:45 PM, on 2/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\asuskbservice.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HijackThis\HijackThis.exe
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [KAVPersonal50] "d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ad-Aware] "D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMe ... loader.cab
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\jt6807jue.dll (file missing)
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: kavsvc - Kaspersky Lab - d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe