Pieter,
That looks good - appears to have removed the 020 line. logs attached.
L2mfix Log:
L2Mfix 1.03
Running From:
C:\Documents and Settings\admin\Desktop\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting up for Reboot
Starting Reboot!
C:\Documents and Settings\admin\Desktop\l2mfix
System Rebooted!
Running From:
C:\Documents and Settings\admin\Desktop\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Killing PID 1720 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Killing PID 2020 'rundll32.exe'
Killing PID 512 'rundll32.exe'
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: C:\WINDOWS\system32\bohserv.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\BqWiaNCp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ciseqchk.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cnyptui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\d00mlad11d0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\DhllSys.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dsvmgr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ftclient.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gpn2l35o1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hisetup.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ilfxexps.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j4j6le1s1h.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\j84o0ih3e84.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kgdgr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\krdcr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ktjql7151.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kwymgr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\LBXCFI.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m482lelo1hqc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\maratelc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mcmdd.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mctime.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\metask.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\moxex.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mtdrv.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\olcache.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\purfdisk.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\qwgrprxy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\Sboeng60.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sdrmdll.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\SNAPISAP.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\stc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\swgen.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\t6r8lg9u16.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\TCLDM32A.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wjbhits.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\WOVADVE.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINDOWS\system32\bohserv.dll
Successfully Deleted: C:\WINDOWS\system32\bohserv.dll
deleting: C:\WINDOWS\system32\BqWiaNCp.dll
Successfully Deleted: C:\WINDOWS\system32\BqWiaNCp.dll
deleting: C:\WINDOWS\system32\ciseqchk.dll
Successfully Deleted: C:\WINDOWS\system32\ciseqchk.dll
deleting: C:\WINDOWS\system32\cnyptui.dll
Successfully Deleted: C:\WINDOWS\system32\cnyptui.dll
deleting: C:\WINDOWS\system32\d00mlad11d0.dll
Successfully Deleted: C:\WINDOWS\system32\d00mlad11d0.dll
deleting: C:\WINDOWS\system32\DhllSys.dll
Successfully Deleted: C:\WINDOWS\system32\DhllSys.dll
deleting: C:\WINDOWS\system32\dsvmgr.dll
Successfully Deleted: C:\WINDOWS\system32\dsvmgr.dll
deleting: C:\WINDOWS\system32\ftclient.dll
Successfully Deleted: C:\WINDOWS\system32\ftclient.dll
deleting: C:\WINDOWS\system32\gpn2l35o1.dll
Successfully Deleted: C:\WINDOWS\system32\gpn2l35o1.dll
deleting: C:\WINDOWS\system32\hisetup.dll
Successfully Deleted: C:\WINDOWS\system32\hisetup.dll
deleting: C:\WINDOWS\system32\ilfxexps.dll
Successfully Deleted: C:\WINDOWS\system32\ilfxexps.dll
deleting: C:\WINDOWS\system32\j4j6le1s1h.dll
Successfully Deleted: C:\WINDOWS\system32\j4j6le1s1h.dll
deleting: C:\WINDOWS\system32\j84o0ih3e84.dll
Successfully Deleted: C:\WINDOWS\system32\j84o0ih3e84.dll
deleting: C:\WINDOWS\system32\kgdgr.dll
Successfully Deleted: C:\WINDOWS\system32\kgdgr.dll
deleting: C:\WINDOWS\system32\krdcr.dll
Successfully Deleted: C:\WINDOWS\system32\krdcr.dll
deleting: C:\WINDOWS\system32\ktjql7151.dll
Successfully Deleted: C:\WINDOWS\system32\ktjql7151.dll
deleting: C:\WINDOWS\system32\kwymgr.dll
Successfully Deleted: C:\WINDOWS\system32\kwymgr.dll
deleting: C:\WINDOWS\system32\LBXCFI.DLL
Successfully Deleted: C:\WINDOWS\system32\LBXCFI.DLL
deleting: C:\WINDOWS\system32\m482lelo1hqc.dll
Successfully Deleted: C:\WINDOWS\system32\m482lelo1hqc.dll
deleting: C:\WINDOWS\system32\maratelc.dll
Successfully Deleted: C:\WINDOWS\system32\maratelc.dll
deleting: C:\WINDOWS\system32\mcmdd.dll
Successfully Deleted: C:\WINDOWS\system32\mcmdd.dll
deleting: C:\WINDOWS\system32\mctime.dll
Successfully Deleted: C:\WINDOWS\system32\mctime.dll
deleting: C:\WINDOWS\system32\metask.dll
Successfully Deleted: C:\WINDOWS\system32\metask.dll
deleting: C:\WINDOWS\system32\moxex.dll
Successfully Deleted: C:\WINDOWS\system32\moxex.dll
deleting: C:\WINDOWS\system32\mtdrv.dll
Successfully Deleted: C:\WINDOWS\system32\mtdrv.dll
deleting: C:\WINDOWS\system32\olcache.dll
Successfully Deleted: C:\WINDOWS\system32\olcache.dll
deleting: C:\WINDOWS\system32\purfdisk.dll
Successfully Deleted: C:\WINDOWS\system32\purfdisk.dll
deleting: C:\WINDOWS\system32\qwgrprxy.dll
Successfully Deleted: C:\WINDOWS\system32\qwgrprxy.dll
deleting: C:\WINDOWS\system32\Sboeng60.dll
Successfully Deleted: C:\WINDOWS\system32\Sboeng60.dll
deleting: C:\WINDOWS\system32\sdrmdll.dll
Successfully Deleted: C:\WINDOWS\system32\sdrmdll.dll
deleting: C:\WINDOWS\system32\SNAPISAP.DLL
Successfully Deleted: C:\WINDOWS\system32\SNAPISAP.DLL
deleting: C:\WINDOWS\system32\stc.dll
Successfully Deleted: C:\WINDOWS\system32\stc.dll
deleting: C:\WINDOWS\system32\swgen.dll
Successfully Deleted: C:\WINDOWS\system32\swgen.dll
deleting: C:\WINDOWS\system32\t6r8lg9u16.dll
Successfully Deleted: C:\WINDOWS\system32\t6r8lg9u16.dll
deleting: C:\WINDOWS\system32\TCLDM32A.dll
Successfully Deleted: C:\WINDOWS\system32\TCLDM32A.dll
deleting: C:\WINDOWS\system32\wjbhits.dll
Successfully Deleted: C:\WINDOWS\system32\wjbhits.dll
deleting: C:\WINDOWS\system32\WOVADVE.DLL
Successfully Deleted: C:\WINDOWS\system32\WOVADVE.DLL
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp
Desktop.ini sucessfully removed
Zipping up files for submission:
adding: bohserv.dll (140 bytes security) (deflated 5%)
adding: BqWiaNCp.dll (140 bytes security) (deflated 4%)
adding: ciseqchk.dll (140 bytes security) (deflated 4%)
adding: cnyptui.dll (140 bytes security) (deflated 5%)
adding: d00mlad11d0.dll (140 bytes security) (deflated 5%)
adding: DhllSys.dll (140 bytes security) (deflated 5%)
adding: dsvmgr.dll (140 bytes security) (deflated 5%)
adding: ftclient.dll (140 bytes security) (deflated 4%)
adding: gpn2l35o1.dll (140 bytes security) (deflated 6%)
adding: hisetup.dll (140 bytes security) (deflated 5%)
adding: ilfxexps.dll (140 bytes security) (deflated 4%)
adding: j4j6le1s1h.dll (140 bytes security) (deflated 5%)
adding: j84o0ih3e84.dll (140 bytes security) (deflated 5%)
adding: kgdgr.dll (140 bytes security) (deflated 4%)
adding: krdcr.dll (140 bytes security) (deflated 5%)
adding: ktjql7151.dll (140 bytes security) (deflated 5%)
adding: kwymgr.dll (140 bytes security) (deflated 5%)
adding: LBXCFI.DLL (140 bytes security) (deflated 5%)
adding: m482lelo1hqc.dll (140 bytes security) (deflated 5%)
adding: maratelc.dll (140 bytes security) (deflated 5%)
adding: mcmdd.dll (140 bytes security) (deflated 5%)
adding: mctime.dll (140 bytes security) (deflated 5%)
adding: metask.dll (140 bytes security) (deflated 5%)
adding: moxex.dll (140 bytes security) (deflated 4%)
adding: mtdrv.dll (140 bytes security) (deflated 4%)
adding: olcache.dll (140 bytes security) (deflated 4%)
adding: purfdisk.dll (140 bytes security) (deflated 5%)
adding: qwgrprxy.dll (140 bytes security) (deflated 5%)
adding: Sboeng60.dll (140 bytes security) (deflated 4%)
adding: sdrmdll.dll (140 bytes security) (deflated 4%)
adding: SNAPISAP.DLL (140 bytes security) (deflated 4%)
adding: stc.dll (140 bytes security) (deflated 4%)
adding: swgen.dll (140 bytes security) (deflated 5%)
adding: t6r8lg9u16.dll (140 bytes security) (deflated 5%)
adding: TCLDM32A.dll (140 bytes security) (deflated 4%)
adding: wjbhits.dll (140 bytes security) (deflated 5%)
adding: WOVADVE.DLL (140 bytes security) (deflated 4%)
adding: guard.tmp (140 bytes security) (deflated 5%)
adding: clear.reg (140 bytes security) (deflated 22%)
adding: echo.reg (140 bytes security) (deflated 9%)
adding: desktop.ini (140 bytes security) (deflated 15%)
adding: direct.txt (140 bytes security) (stored 0%)
adding: lo2.txt (140 bytes security) (deflated 85%)
adding: readme.txt (140 bytes security) (deflated 49%)
adding: test.txt (140 bytes security) (deflated 81%)
adding: test2.txt (140 bytes security) (stored 0%)
adding: test3.txt (140 bytes security) (stored 0%)
adding: test5.txt (140 bytes security) (stored 0%)
adding: xfind.txt (140 bytes security) (deflated 76%)
adding: backregs/9656F732-BC4E-4BD4-B620-AA5FC6BD2E2A.reg (140 bytes security) (deflated 70%)
adding: backregs/shell.reg (140 bytes security) (deflated 74%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful
deleting local copy: bohserv.dll
deleting local copy: BqWiaNCp.dll
deleting local copy: ciseqchk.dll
deleting local copy: cnyptui.dll
deleting local copy: d00mlad11d0.dll
deleting local copy: DhllSys.dll
deleting local copy: dsvmgr.dll
deleting local copy: ftclient.dll
deleting local copy: gpn2l35o1.dll
deleting local copy: hisetup.dll
deleting local copy: ilfxexps.dll
deleting local copy: j4j6le1s1h.dll
deleting local copy: j84o0ih3e84.dll
deleting local copy: kgdgr.dll
deleting local copy: krdcr.dll
deleting local copy: ktjql7151.dll
deleting local copy: kwymgr.dll
deleting local copy: LBXCFI.DLL
deleting local copy: m482lelo1hqc.dll
deleting local copy: maratelc.dll
deleting local copy: mcmdd.dll
deleting local copy: mctime.dll
deleting local copy: metask.dll
deleting local copy: moxex.dll
deleting local copy: mtdrv.dll
deleting local copy: olcache.dll
deleting local copy: purfdisk.dll
deleting local copy: qwgrprxy.dll
deleting local copy: Sboeng60.dll
deleting local copy: sdrmdll.dll
deleting local copy: SNAPISAP.DLL
deleting local copy: stc.dll
deleting local copy: swgen.dll
deleting local copy: t6r8lg9u16.dll
deleting local copy: TCLDM32A.dll
deleting local copy: wjbhits.dll
deleting local copy: WOVADVE.DLL
deleting local copy: guard.tmp
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\bohserv.dll
C:\WINDOWS\system32\BqWiaNCp.dll
C:\WINDOWS\system32\ciseqchk.dll
C:\WINDOWS\system32\cnyptui.dll
C:\WINDOWS\system32\d00mlad11d0.dll
C:\WINDOWS\system32\DhllSys.dll
C:\WINDOWS\system32\dsvmgr.dll
C:\WINDOWS\system32\ftclient.dll
C:\WINDOWS\system32\gpn2l35o1.dll
C:\WINDOWS\system32\hisetup.dll
C:\WINDOWS\system32\ilfxexps.dll
C:\WINDOWS\system32\j4j6le1s1h.dll
C:\WINDOWS\system32\j84o0ih3e84.dll
C:\WINDOWS\system32\kgdgr.dll
C:\WINDOWS\system32\krdcr.dll
C:\WINDOWS\system32\ktjql7151.dll
C:\WINDOWS\system32\kwymgr.dll
C:\WINDOWS\system32\LBXCFI.DLL
C:\WINDOWS\system32\m482lelo1hqc.dll
C:\WINDOWS\system32\maratelc.dll
C:\WINDOWS\system32\mcmdd.dll
C:\WINDOWS\system32\mctime.dll
C:\WINDOWS\system32\metask.dll
C:\WINDOWS\system32\moxex.dll
C:\WINDOWS\system32\mtdrv.dll
C:\WINDOWS\system32\olcache.dll
C:\WINDOWS\system32\purfdisk.dll
C:\WINDOWS\system32\qwgrprxy.dll
C:\WINDOWS\system32\Sboeng60.dll
C:\WINDOWS\system32\sdrmdll.dll
C:\WINDOWS\system32\SNAPISAP.DLL
C:\WINDOWS\system32\stc.dll
C:\WINDOWS\system32\swgen.dll
C:\WINDOWS\system32\t6r8lg9u16.dll
C:\WINDOWS\system32\TCLDM32A.dll
C:\WINDOWS\system32\wjbhits.dll
C:\WINDOWS\system32\WOVADVE.DLL
C:\WINDOWS\system32\guard.tmp
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{9656F732-BC4E-4BD4-B620-AA5FC6BD2E2A}"=-
[-HKEY_CLASSES_ROOT\CLSID\{9656F732-BC4E-4BD4-B620-AA5FC6BD2E2A}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
<IDone>{58D71312-6E08-4121-B607-F4B2E966946B}</IDone>
<IDtwo>VT00</IDtwo>
<VERSION>200</VERSION>
****************************************************************************
and the HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 15:57:42, on 26/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\windows\system32\Brmfrmps.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
c:\windows\system32\upoudmw.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\admin\My Documents\Hijack This\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.co.ukR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [izklslo] c:\windows\system32\upoudmw.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) -
http://www.windowsec...an/TDECntrl.CABO16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) -
http://support.euro....er/PROFILER.CABO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabO16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) -
http://www.ravantivi...n/ravonline.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{4DCDC388-0329-46EE-A106-4C8070A8926C}: NameServer = 195.112.4.4
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\windows\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Is that job done ?
Graham