hi kc..
here is what you wanted.. please kill' em all budy..
L2Mfix 1.02a
Running From:
C:\Documents and Settings\sales team\Desktop\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C access for really "Everyone"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- Everyone
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting up for Reboot
Starting Reboot!
C:\Documents and Settings\sales team\Desktop\l2mfix
System Rebooted!
Running From:
C:\Documents and Settings\sales team\Desktop\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]
Killing PID 3260 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]
Killing PID 3728 'rundll32.exe'
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: C:\WINDOWS\system32\BrlJIT.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cmbcatq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dgskcopy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ejentlog.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\HQIMON.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jt2s07f7e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kndlv.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kydgae.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\msg27978.cpy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n6n6lg5s16.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nntapi32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nv2029fmg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rfnd.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINDOWS\system32\BrlJIT.dll
Successfully Deleted: C:\WINDOWS\system32\BrlJIT.dll
deleting: C:\WINDOWS\system32\cmbcatq.dll
Successfully Deleted: C:\WINDOWS\system32\cmbcatq.dll
deleting: C:\WINDOWS\system32\dgskcopy.dll
Successfully Deleted: C:\WINDOWS\system32\dgskcopy.dll
deleting: C:\WINDOWS\system32\ejentlog.dll
Successfully Deleted: C:\WINDOWS\system32\ejentlog.dll
deleting: C:\WINDOWS\system32\HQIMON.DLL
Successfully Deleted: C:\WINDOWS\system32\HQIMON.DLL
deleting: C:\WINDOWS\system32\jt2s07f7e.dll
Successfully Deleted: C:\WINDOWS\system32\jt2s07f7e.dll
deleting: C:\WINDOWS\system32\kndlv.dll
Successfully Deleted: C:\WINDOWS\system32\kndlv.dll
deleting: C:\WINDOWS\system32\kydgae.dll
Successfully Deleted: C:\WINDOWS\system32\kydgae.dll
deleting: C:\WINDOWS\system32\msg27978.cpy.dll
Successfully Deleted: C:\WINDOWS\system32\msg27978.cpy.dll
deleting: C:\WINDOWS\system32\n6n6lg5s16.dll
Successfully Deleted: C:\WINDOWS\system32\n6n6lg5s16.dll
deleting: C:\WINDOWS\system32\nntapi32.dll
Successfully Deleted: C:\WINDOWS\system32\nntapi32.dll
deleting: C:\WINDOWS\system32\nv2029fmg.dll
Successfully Deleted: C:\WINDOWS\system32\nv2029fmg.dll
deleting: C:\WINDOWS\system32\rfnd.dll
Successfully Deleted: C:\WINDOWS\system32\rfnd.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp
Desktop.ini sucessfully removed
Zipping up files for submission:
adding: BrlJIT.dll (164 bytes security) (deflated 4%)
adding: cmbcatq.dll (164 bytes security) (deflated 5%)
adding: dgskcopy.dll (164 bytes security) (deflated 4%)
adding: ejentlog.dll (164 bytes security) (deflated 5%)
adding: HQIMON.DLL (164 bytes security) (deflated 4%)
adding: jt2s07f7e.dll (164 bytes security) (deflated 4%)
adding: kndlv.dll (164 bytes security) (deflated 4%)
adding: kydgae.dll (164 bytes security) (deflated 4%)
adding: msg27978.cpy.dll (164 bytes security) (deflated 4%)
adding: n6n6lg5s16.dll (164 bytes security) (deflated 4%)
adding: nntapi32.dll (164 bytes security) (deflated 4%)
adding: nv2029fmg.dll (164 bytes security) (deflated 5%)
adding: rfnd.dll (164 bytes security) (deflated 3%)
adding: guard.tmp (164 bytes security) (deflated 3%)
adding: clear.reg (164 bytes security) (deflated 60%)
adding: echo.reg (164 bytes security) (deflated 10%)
adding: desktop.ini (164 bytes security) (deflated 13%)
adding: direct.txt (164 bytes security) (stored 0%)
adding: lo2.txt (164 bytes security) (deflated 80%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: report.txt (164 bytes security) (deflated 65%)
adding: test.txt (164 bytes security) (deflated 74%)
adding: test2.txt (164 bytes security) (deflated 42%)
adding: test3.txt (164 bytes security) (deflated 42%)
adding: test5.txt (164 bytes security) (deflated 42%)
adding: xfind.txt (164 bytes security) (deflated 67%)
adding: backregs/1A8D2C15-244B-411B-9062-DECFD0ABBA9E.reg (164 bytes security) (deflated 70%)
adding: backregs/48EBE78D-AA07-4B29-ADC1-24CFAFB41B2E.reg (164 bytes security) (deflated 70%)
adding: backregs/569DA3E1-8425-4956-97B5-30BBDB807A3A.reg (164 bytes security) (deflated 70%)
adding: backregs/8B546F8F-74ED-4FBA-8FF0-BE4C8602F6F2.reg (164 bytes security) (deflated 70%)
adding: backregs/A56C48F2-AD3B-487B-A71B-A1102A2C4773.reg (164 bytes security) (deflated 70%)
adding: backregs/BD4F2F10-5E3B-4689-ABB2-E26E9FFFBF8E.reg (164 bytes security) (deflated 70%)
adding: backregs/D2E50891-FBE7-41D5-83AE-8EFBA32A80DA.reg (164 bytes security) (deflated 70%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for really "Everyone"
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful
deleting local copy: BrlJIT.dll
deleting local copy: cmbcatq.dll
deleting local copy: dgskcopy.dll
deleting local copy: ejentlog.dll
deleting local copy: HQIMON.DLL
deleting local copy: jt2s07f7e.dll
deleting local copy: kndlv.dll
deleting local copy: kydgae.dll
deleting local copy: msg27978.cpy.dll
deleting local copy: n6n6lg5s16.dll
deleting local copy: nntapi32.dll
deleting local copy: nv2029fmg.dll
deleting local copy: rfnd.dll
deleting local copy: guard.tmp
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\BrlJIT.dll
C:\WINDOWS\system32\cmbcatq.dll
C:\WINDOWS\system32\dgskcopy.dll
C:\WINDOWS\system32\ejentlog.dll
C:\WINDOWS\system32\HQIMON.DLL
C:\WINDOWS\system32\jt2s07f7e.dll
C:\WINDOWS\system32\kndlv.dll
C:\WINDOWS\system32\kydgae.dll
C:\WINDOWS\system32\msg27978.cpy.dll
C:\WINDOWS\system32\n6n6lg5s16.dll
C:\WINDOWS\system32\nntapi32.dll
C:\WINDOWS\system32\nv2029fmg.dll
C:\WINDOWS\system32\rfnd.dll
C:\WINDOWS\system32\guard.tmp
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{1A8D2C15-244B-411B-9062-DECFD0ABBA9E}"=-
"{D2E50891-FBE7-41D5-83AE-8EFBA32A80DA}"=-
"{569DA3E1-8425-4956-97B5-30BBDB807A3A}"=-
"{A56C48F2-AD3B-487B-A71B-A1102A2C4773}"=-
"{48EBE78D-AA07-4B29-ADC1-24CFAFB41B2E}"=-
"{8B546F8F-74ED-4FBA-8FF0-BE4C8602F6F2}"=-
"{BD4F2F10-5E3B-4689-ABB2-E26E9FFFBF8E}"=-
[-HKEY_CLASSES_ROOT\CLSID\{1A8D2C15-244B-411B-9062-DECFD0ABBA9E}]
[-HKEY_CLASSES_ROOT\CLSID\{D2E50891-FBE7-41D5-83AE-8EFBA32A80DA}]
[-HKEY_CLASSES_ROOT\CLSID\{569DA3E1-8425-4956-97B5-30BBDB807A3A}]
[-HKEY_CLASSES_ROOT\CLSID\{A56C48F2-AD3B-487B-A71B-A1102A2C4773}]
[-HKEY_CLASSES_ROOT\CLSID\{48EBE78D-AA07-4B29-ADC1-24CFAFB41B2E}]
[-HKEY_CLASSES_ROOT\CLSID\{8B546F8F-74ED-4FBA-8FF0-BE4C8602F6F2}]
[-HKEY_CLASSES_ROOT\CLSID\{BD4F2F10-5E3B-4689-ABB2-E26E9FFFBF8E}]
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{183BC4E8-8242-43B4-B0CD-FD0DD22BE27B}"=-
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
<IDone>{183BC4E8-8242-43B4-B0CD-FD0DD22BE27B}</IDone>
<IDtwo>AD</IDtwo>
<VERSION>200</VERSION>
***********************