Here is the lsmfix log:
L2Mfix 1.03
Running From:
C:\Documents and Settings\Mike C. Mack\Desktop\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting up for Reboot
Starting Reboot!
C:\Documents and Settings\Mike C. Mack\Desktop\l2mfix
System Rebooted!
Running From:
C:\Documents and Settings\Mike C. Mack\Desktop\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Killing PID 288 'explorer.exe'
Killing PID 288 'explorer.exe'
Killing PID 288 'explorer.exe'
Killing PID 288 'explorer.exe'
Killing PID 288 'explorer.exe'
Killing PID 288 'explorer.exe'
Killing PID 288 'explorer.exe'
Killing PID 288 'explorer.exe'
Killing PID 288 'explorer.exe'
Killing PID 288 'explorer.exe'
Killing PID 288 'explorer.exe'
Killing PID 288 'explorer.exe'
Killing PID 288 'explorer.exe'
Killing PID 288 'explorer.exe'
Killing PID 288 'explorer.exe'
Killing PID 288 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Error, Cannot find a process with an image name of rundll32.exe
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Zipping up files for submission:
adding: clear.reg (164 bytes security) (deflated 2%)
adding: echo.reg (164 bytes security) (deflated 10%)
adding: direct.txt (164 bytes security) (stored 0%)
adding: l2fixlog.txt (164 bytes security) (deflated 69%)
adding: lo2.txt (164 bytes security) (deflated 74%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: report.txt (164 bytes security) (deflated 69%)
adding: test.txt (164 bytes security) (stored 0%)
adding: test2.txt (164 bytes security) (stored 0%)
adding: test3.txt (164 bytes security) (stored 0%)
adding: test5.txt (164 bytes security) (stored 0%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Here is the new hijack this log;
Logfile of HijackThis v1.99.1
Scan saved at 9:23:36 AM, on 5/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\atlan.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\eM\Bay Reader\Shwicon2k.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Optimum Online\Netsurf.exe
C:\PROGRA~1\INTERN~1\iexplore.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ucgtr.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ucgtr.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ucgtr.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ucgtr.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ucgtr.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ucgtr.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ucgtr.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {06039B55-DB4E-4D9C-8E0E-05C2FBF1DF99} - C:\WINDOWS\system32\d3jr32.dll
O2 - BHO: Class - {09E2E16F-44FB-B809-85FD-6FA8F19E5D1D} - C:\WINDOWS\system32\ipae32.dll
O2 - BHO: Class - {20FBF908-0E40-FE23-831C-A7091EC44CAE} - C:\WINDOWS\system32\addre.dll
O2 - BHO: Class - {27CEADBF-8802-1454-DF9C-24D6A13A1552} - C:\WINDOWS\ipco32.dll
O2 - BHO: Class - {33894CDF-39DC-A5B5-7657-E16A8CBB005D} - C:\WINDOWS\appfy.dll
O2 - BHO: Class - {389793A1-16BF-5CDB-995A-72BC57DA44B5} - C:\WINDOWS\creg32.dll
O2 - BHO: Class - {3AF7AF61-E9EC-FF85-4730-D2B5711A9B30} - C:\WINDOWS\ipqv32.dll
O2 - BHO: Class - {3B9E29FC-B55C-4B07-C8C7-05C371517100} - C:\WINDOWS\system32\mfctr.dll
O2 - BHO: Class - {43DB29D4-B055-B011-24C0-044F81AC210D} - C:\WINDOWS\addbn.dll
O2 - BHO: Class - {50D9F2AB-8EC8-43E6-7C24-956820685690} - C:\WINDOWS\system32\d3nc.dll
O2 - BHO: Class - {54255AC2-2B7F-9119-713D-1BFBB01E8BCD} - C:\WINDOWS\netka.dll
O2 - BHO: Class - {61D7C233-1C3C-2344-8212-77DF99E12940} - C:\WINDOWS\apphi32.dll
O2 - BHO: Class - {65E38C5A-C2E5-319D-507E-7617213EEC42} - C:\WINDOWS\netot32.dll
O2 - BHO: Class - {8461D228-678D-F4BF-6A52-E718252DA67B} - C:\WINDOWS\d3lb.dll
O2 - BHO: Class - {95ABB26D-0589-E8EC-C50A-38E6173427BB} - C:\WINDOWS\system32\netmk32.dll
O2 - BHO: Class - {A2C966BB-815B-DCAD-24A6-3F7A19912F9B} - C:\WINDOWS\msxl.dll
O2 - BHO: Class - {A69B7D98-9DAC-21C6-7ADB-7FF21D28CEC1} - C:\WINDOWS\system32\adddx.dll
O2 - BHO: Class - {A6B40426-CF3F-2B35-A955-E0B5DEB9EE41} - C:\WINDOWS\d3gq32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {FFCF604D-210A-9317-A8C5-80208D4AD348} - C:\WINDOWS\atlit.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [showicon2k] C:\Program Files\\eM\Bay Reader\Shwicon2k.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [winyi32.exe] C:\WINDOWS\winyi32.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [atlan.exe] C:\WINDOWS\atlan.exe
O4 - HKLM\..\RunOnce: [msyd32.exe] C:\WINDOWS\msyd32.exe
O4 - HKLM\..\RunOnce: [syscx.exe] C:\WINDOWS\system32\syscx.exe
O4 - HKLM\..\RunOnce: [netfl32.exe] C:\WINDOWS\system32\netfl32.exe
O4 - HKLM\..\RunOnce: [winkf32.exe] C:\WINDOWS\system32\winkf32.exe
O4 - HKLM\..\RunOnce: [appap32.exe] C:\WINDOWS\appap32.exe
O4 - HKLM\..\RunOnce: [mfcug32.exe] C:\WINDOWS\system32\mfcug32.exe
O4 - HKLM\..\RunOnce: [ieib.exe] C:\WINDOWS\system32\ieib.exe
O4 - HKLM\..\RunOnce: [ipto.exe] C:\WINDOWS\system32\ipto.exe
O4 - HKLM\..\RunOnce: [atljb.exe] C:\WINDOWS\atljb.exe
O4 - HKLM\..\RunOnce: [winzi.exe] C:\WINDOWS\winzi.exe
O4 - HKLM\..\RunOnce: [crmk32.exe] C:\WINDOWS\system32\crmk32.exe
O4 - HKLM\..\RunOnce: [msdu.exe] C:\WINDOWS\msdu.exe
O4 - HKLM\..\RunOnce: [sdkbi.exe] C:\WINDOWS\system32\sdkbi.exe
O4 - HKLM\..\RunOnce: [mfcgu.exe] C:\WINDOWS\system32\mfcgu.exe
O4 - HKLM\..\RunOnce: [netty.exe] C:\WINDOWS\netty.exe
O4 - HKLM\..\RunOnce: [ipva32.exe] C:\WINDOWS\ipva32.exe
O4 - HKLM\..\RunOnce: [javaae.exe] C:\WINDOWS\javaae.exe
O4 - HKLM\..\RunOnce: [apinz32.exe] C:\WINDOWS\apinz32.exe
O4 - HKLM\..\RunOnce: [netmy32.exe] C:\WINDOWS\system32\netmy32.exe
O4 - HKLM\..\RunOnce: [crqk.exe] C:\WINDOWS\system32\crqk.exe
O4 - HKLM\..\RunOnce: [mfceh.exe] C:\WINDOWS\mfceh.exe
O4 - HKLM\..\RunOnce: [ntal32.exe] C:\WINDOWS\system32\ntal32.exe
O4 - HKLM\..\RunOnce: [netxi32.exe] C:\WINDOWS\system32\netxi32.exe
O4 - HKLM\..\RunOnce: [netln32.exe] C:\WINDOWS\system32\netln32.exe
O4 - HKLM\..\RunOnce: [ipfo32.exe] C:\WINDOWS\system32\ipfo32.exe
O4 - HKLM\..\RunOnce: [netxd32.exe] C:\WINDOWS\netxd32.exe
O4 - HKLM\..\RunOnce: [ntlp32.exe] C:\WINDOWS\ntlp32.exe
O4 - HKLM\..\RunOnce: [addhc32.exe] C:\WINDOWS\addhc32.exe
O4 - HKLM\..\RunOnce: [javapr32.exe] C:\WINDOWS\system32\javapr32.exe
O4 - HKLM\..\RunOnce: [apitb32.exe] C:\WINDOWS\apitb32.exe
O4 - HKLM\..\RunOnce: [ntsr.exe] C:\WINDOWS\system32\ntsr.exe
O4 - HKLM\..\RunOnce: [mfcoi32.exe] C:\WINDOWS\mfcoi32.exe
O4 - HKLM\..\RunOnce: [atllv.exe] C:\WINDOWS\system32\atllv.exe
O4 - HKLM\..\RunOnce: [ieew.exe] C:\WINDOWS\system32\ieew.exe
O4 - HKLM\..\RunOnce: [d3py.exe] C:\WINDOWS\d3py.exe
O4 - HKLM\..\RunOnce: [netvl32.exe] C:\WINDOWS\system32\netvl32.exe
O4 - HKLM\..\RunOnce: [appwa32.exe] C:\WINDOWS\appwa32.exe
O4 - HKLM\..\RunOnce: [ievp32.exe] C:\WINDOWS\system32\ievp32.exe
O4 - HKLM\..\RunOnce: [msdf.exe] C:\WINDOWS\system32\msdf.exe
O4 - HKLM\..\RunOnce: [netjc32.exe] C:\WINDOWS\system32\netjc32.exe
O4 - HKLM\..\RunOnce: [sysdv32.exe] C:\WINDOWS\system32\sysdv32.exe
O4 - HKLM\..\RunOnce: [crbl32.exe] C:\WINDOWS\crbl32.exe
O4 - HKLM\..\RunOnce: [d3ce32.exe] C:\WINDOWS\d3ce32.exe
O4 - HKLM\..\RunOnce: [sdkpw.exe] C:\WINDOWS\sdkpw.exe
O4 - HKLM\..\RunOnce: [javaxi32.exe] C:\WINDOWS\system32\javaxi32.exe
O4 - HKLM\..\RunOnce: [iecu32.exe] C:\WINDOWS\system32\iecu32.exe
O4 - HKLM\..\RunOnce: [javabi.exe] C:\WINDOWS\javabi.exe
O4 - HKLM\..\RunOnce: [ntqf32.exe] C:\WINDOWS\ntqf32.exe
O4 - HKLM\..\RunOnce: [atljw32.exe] C:\WINDOWS\atljw32.exe
O4 - HKLM\..\RunOnce: [msye32.exe] C:\WINDOWS\system32\msye32.exe
O4 - HKLM\..\RunOnce: [ntlg.exe] C:\WINDOWS\system32\ntlg.exe
O4 - HKLM\..\RunOnce: [atlqf32.exe] C:\WINDOWS\system32\atlqf32.exe
O4 - HKLM\..\RunOnce: [nttz.exe] C:\WINDOWS\system32\nttz.exe
O4 - HKLM\..\RunOnce: [msjo32.exe] C:\WINDOWS\system32\msjo32.exe
O4 - HKLM\..\RunOnce: [javaqx32.exe] C:\WINDOWS\javaqx32.exe
O4 - HKLM\..\RunOnce: [mfcws32.exe] C:\WINDOWS\mfcws32.exe
O4 - HKLM\..\RunOnce: [crye.exe] C:\WINDOWS\system32\crye.exe
O4 - HKLM\..\RunOnce: [sdkwc.exe] C:\WINDOWS\system32\sdkwc.exe
O4 - HKLM\..\RunOnce: [javayz.exe] C:\WINDOWS\system32\javayz.exe
O4 - HKLM\..\RunOnce: [mfcmt.exe] C:\WINDOWS\system32\mfcmt.exe
O4 - HKLM\..\RunOnce: [winij32.exe] C:\WINDOWS\system32\winij32.exe
O4 - HKLM\..\RunOnce: [ntgm32.exe] C:\WINDOWS\system32\ntgm32.exe
O4 - HKLM\..\RunOnce: [addtd.exe] C:\WINDOWS\system32\addtd.exe
O4 - HKLM\..\RunOnce: [d3yx32.exe] C:\WINDOWS\d3yx32.exe
O4 - HKLM\..\RunOnce: [atlhf.exe] C:\WINDOWS\system32\atlhf.exe
O4 - HKLM\..\RunOnce: [iemh.exe] C:\WINDOWS\iemh.exe
O4 - HKLM\..\RunOnce: [sdkzm.exe] C:\WINDOWS\sdkzm.exe
O4 - HKLM\..\RunOnce: [mfceo32.exe] C:\WINDOWS\mfceo32.exe
O4 - HKLM\..\RunOnce: [netdy.exe] C:\WINDOWS\system32\netdy.exe
O4 - HKLM\..\RunOnce: [addon32.exe] C:\WINDOWS\addon32.exe
O4 - HKLM\..\RunOnce: [mfctr.exe] C:\WINDOWS\system32\mfctr.exe
O4 - HKLM\..\RunOnce: [msht.exe] C:\WINDOWS\system32\msht.exe
O4 - HKLM\..\RunOnce: [javalx32.exe] C:\WINDOWS\javalx32.exe
O4 - HKLM\..\RunOnce: [winam.exe] C:\WINDOWS\system32\winam.exe
O4 - HKLM\..\RunOnce: [atlrc.exe] C:\WINDOWS\system32\atlrc.exe
O4 - HKLM\..\RunOnce: [wingj.exe] C:\WINDOWS\system32\wingj.exe
O4 - HKLM\..\RunOnce: [atlqw.exe] C:\WINDOWS\system32\atlqw.exe
O4 - HKLM\..\RunOnce: [ntjs32.exe] C:\WINDOWS\ntjs32.exe
O4 - HKLM\..\RunOnce: [crov32.exe] C:\WINDOWS\system32\crov32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: LimeWire 4.2.6.lnk = C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.../kavwebscan.cabO16 - DPF: {5A447319-0EA2-447B-A063-A5F849B097D0} (ScanZillaLE Class) -
https://www.stopzill...es/SZScanLE.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) -
http://www.linksysfi...ll/gtdownls.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
http://www.symantec....sa/SymAData.cabO16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\msyd32.exe" /s (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Thanks again for sharing your seemingly unending knowledge!