Thanks for the prompt reply.
Have done the L2MFIX and here is the new log.
The HJT log is underneath it.
(Desktop setup is completely different)
L2Mfix 1.02a
Running From:
C:\d***'s Stuff\computer stuff\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C access for really "Everyone"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- Everyone
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting up for Reboot
Starting Reboot!
C:\d***'s Stuff\computer stuff\l2mfix
System Rebooted!
Running From:
C:\d***'s Stuff\computer stuff\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Killing PID 1304 'explorer.exe'
Killing PID 1304 'explorer.exe'
Error 0x5 : Access is denied.
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Killing PID 1380 'rundll32.exe'
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: C:\WINNT\system32\cplbact.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\fp0u03d9e.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\fTxdrv.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\gpp2l37o1.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\ikgcmn.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\iufxdev.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\j2l40c3qef.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\jtp2077oe.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\jyp2077oe.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\k6lq0g35e6.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\kjdbene.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\ktr2l79o1.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\kvdaze.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\l4n40e5qeh.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\lvl2093oe.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\m4jule191h.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\mv84l9lq1.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\n2r2lc9o1f.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\pih.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\q8nuli5918.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\wgpui.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINNT\system32\cplbact.dll
Successfully Deleted: C:\WINNT\system32\cplbact.dll
deleting: C:\WINNT\system32\fp0u03d9e.dll
Successfully Deleted: C:\WINNT\system32\fp0u03d9e.dll
deleting: C:\WINNT\system32\fTxdrv.dll
Successfully Deleted: C:\WINNT\system32\fTxdrv.dll
deleting: C:\WINNT\system32\gpp2l37o1.dll
Successfully Deleted: C:\WINNT\system32\gpp2l37o1.dll
deleting: C:\WINNT\system32\ikgcmn.dll
Successfully Deleted: C:\WINNT\system32\ikgcmn.dll
deleting: C:\WINNT\system32\iufxdev.dll
Successfully Deleted: C:\WINNT\system32\iufxdev.dll
deleting: C:\WINNT\system32\j2l40c3qef.dll
Successfully Deleted: C:\WINNT\system32\j2l40c3qef.dll
deleting: C:\WINNT\system32\jtp2077oe.dll
Successfully Deleted: C:\WINNT\system32\jtp2077oe.dll
deleting: C:\WINNT\system32\jyp2077oe.dll
Successfully Deleted: C:\WINNT\system32\jyp2077oe.dll
deleting: C:\WINNT\system32\k6lq0g35e6.dll
Successfully Deleted: C:\WINNT\system32\k6lq0g35e6.dll
deleting: C:\WINNT\system32\kjdbene.dll
Successfully Deleted: C:\WINNT\system32\kjdbene.dll
deleting: C:\WINNT\system32\ktr2l79o1.dll
Successfully Deleted: C:\WINNT\system32\ktr2l79o1.dll
deleting: C:\WINNT\system32\kvdaze.dll
Successfully Deleted: C:\WINNT\system32\kvdaze.dll
deleting: C:\WINNT\system32\l4n40e5qeh.dll
Successfully Deleted: C:\WINNT\system32\l4n40e5qeh.dll
deleting: C:\WINNT\system32\lvl2093oe.dll
Successfully Deleted: C:\WINNT\system32\lvl2093oe.dll
deleting: C:\WINNT\system32\m4jule191h.dll
Successfully Deleted: C:\WINNT\system32\m4jule191h.dll
deleting: C:\WINNT\system32\mv84l9lq1.dll
Successfully Deleted: C:\WINNT\system32\mv84l9lq1.dll
deleting: C:\WINNT\system32\n2r2lc9o1f.dll
Successfully Deleted: C:\WINNT\system32\n2r2lc9o1f.dll
deleting: C:\WINNT\system32\pih.dll
Successfully Deleted: C:\WINNT\system32\pih.dll
deleting: C:\WINNT\system32\q8nuli5918.dll
Successfully Deleted: C:\WINNT\system32\q8nuli5918.dll
deleting: C:\WINNT\system32\wgpui.dll
Successfully Deleted: C:\WINNT\system32\wgpui.dll
deleting: C:\WINNT\system32\guard.tmp
Successfully Deleted: C:\WINNT\system32\guard.tmp
Desktop.ini sucessfully removed
Zipping up files for submission:
adding: cplbact.dll (92 bytes security) (deflated 3%)
adding: fp0u03d9e.dll (92 bytes security) (deflated 4%)
adding: fTxdrv.dll (92 bytes security) (deflated 3%)
adding: gpp2l37o1.dll (92 bytes security) (deflated 3%)
adding: ikgcmn.dll (92 bytes security) (deflated 3%)
adding: iufxdev.dll (92 bytes security) (deflated 3%)
adding: j2l40c3qef.dll (92 bytes security) (deflated 3%)
adding: jtp2077oe.dll (92 bytes security) (deflated 3%)
adding: jyp2077oe.dll (92 bytes security) (deflated 4%)
adding: k6lq0g35e6.dll (92 bytes security) (deflated 4%)
adding: kjdbene.dll (92 bytes security) (deflated 3%)
adding: ktr2l79o1.dll (92 bytes security) (deflated 4%)
adding: kvdaze.dll (92 bytes security) (deflated 3%)
adding: l4n40e5qeh.dll (92 bytes security) (deflated 3%)
adding: lvl2093oe.dll (92 bytes security) (deflated 3%)
adding: m4jule191h.dll (92 bytes security) (deflated 4%)
adding: mv84l9lq1.dll (92 bytes security) (deflated 4%)
adding: n2r2lc9o1f.dll (92 bytes security) (deflated 3%)
adding: pih.dll (92 bytes security) (deflated 3%)
adding: q8nuli5918.dll (92 bytes security) (deflated 4%)
adding: wgpui.dll (92 bytes security) (deflated 3%)
adding: guard.tmp (92 bytes security) (deflated 3%)
adding: clear.reg (92 bytes security) (deflated 37%)
adding: echo.reg (92 bytes security) (deflated 8%)
adding: desktop.ini (92 bytes security) (deflated 14%)
adding: direct.txt (92 bytes security) (deflated 5%)
adding: lo2.txt (92 bytes security) (deflated 82%)
adding: readme.txt (92 bytes security) (deflated 49%)
adding: report.txt (92 bytes security) (deflated 66%)
adding: test.txt (92 bytes security) (deflated 78%)
adding: test2.txt (92 bytes security) (deflated 17%)
adding: test3.txt (92 bytes security) (deflated 17%)
adding: test5.txt (92 bytes security) (deflated 17%)
adding: xfind.txt (92 bytes security) (deflated 72%)
adding: backregs/6DA4D2C7-E785-4195-90ED-AEF4DAB613D5.reg (92 bytes security) (deflated 70%)
adding: backregs/822C5796-C1D3-4A37-8A0E-8D1943C23DD4.reg (92 bytes security) (deflated 70%)
adding: backregs/shell.reg (92 bytes security) (deflated 74%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for really "Everyone"
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful
deleting local copy: cplbact.dll
deleting local copy: fp0u03d9e.dll
deleting local copy: fTxdrv.dll
deleting local copy: gpp2l37o1.dll
deleting local copy: ikgcmn.dll
deleting local copy: iufxdev.dll
deleting local copy: j2l40c3qef.dll
deleting local copy: jtp2077oe.dll
deleting local copy: jyp2077oe.dll
deleting local copy: k6lq0g35e6.dll
deleting local copy: kjdbene.dll
deleting local copy: ktr2l79o1.dll
deleting local copy: kvdaze.dll
deleting local copy: l4n40e5qeh.dll
deleting local copy: lvl2093oe.dll
deleting local copy: m4jule191h.dll
deleting local copy: mv84l9lq1.dll
deleting local copy: n2r2lc9o1f.dll
deleting local copy: pih.dll
deleting local copy: q8nuli5918.dll
deleting local copy: wgpui.dll
deleting local copy: guard.tmp
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
"DllName"="C:\\WINNT\\System32\\NavLogon.dll"
"Logoff"="NavLogoffEvent"
"StartShell"="NavStartShellEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
C:\WINNT\system32\cplbact.dll
C:\WINNT\system32\fp0u03d9e.dll
C:\WINNT\system32\fTxdrv.dll
C:\WINNT\system32\gpp2l37o1.dll
C:\WINNT\system32\ikgcmn.dll
C:\WINNT\system32\iufxdev.dll
C:\WINNT\system32\j2l40c3qef.dll
C:\WINNT\system32\jtp2077oe.dll
C:\WINNT\system32\jyp2077oe.dll
C:\WINNT\system32\k6lq0g35e6.dll
C:\WINNT\system32\kjdbene.dll
C:\WINNT\system32\ktr2l79o1.dll
C:\WINNT\system32\kvdaze.dll
C:\WINNT\system32\l4n40e5qeh.dll
C:\WINNT\system32\lvl2093oe.dll
C:\WINNT\system32\m4jule191h.dll
C:\WINNT\system32\mv84l9lq1.dll
C:\WINNT\system32\n2r2lc9o1f.dll
C:\WINNT\system32\pih.dll
C:\WINNT\system32\q8nuli5918.dll
C:\WINNT\system32\wgpui.dll
C:\WINNT\system32\guard.tmp
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{6DA4D2C7-E785-4195-90ED-AEF4DAB613D5}"=-
"{822C5796-C1D3-4A37-8A0E-8D1943C23DD4}"=-
[-HKEY_CLASSES_ROOT\CLSID\{6DA4D2C7-E785-4195-90ED-AEF4DAB613D5}]
[-HKEY_CLASSES_ROOT\CLSID\{822C5796-C1D3-4A37-8A0E-8D1943C23DD4}]
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{8E025923-1991-46B8-8DF0-AD6B9F1EE1F1}"=-
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
<IDone>{8E025923-1991-46B8-8DF0-AD6B9F1EE1F1}</IDone>
<IDtwo>DS4</IDtwo>
<VERSION>200</VERSION>
****************************************************************************
Logfile of HijackThis v1.99.0
Scan saved at 10:40:16 AM, on 02/02/05
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\Program Files\Aventail\Connect\as32svc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\drivers\trcboot.exe
C:\Program Files\Personal Communications\PCS_AGNT.EXE
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\system32\hidserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\c4ebreg\isamsmt.exe
c:\sdwork\issimsvc.exe
C:\WINNT\System32\drivers\ldlcserv.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ScsiAccess.EXE
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\LTSMMSG.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\tp4serv.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINNT\system32\PRPCUI.exe
C:\progra~1\c4ebreg\c4ebreg.exe
C:\WINNT\system32\ICO.EXE
C:\WINNT\system32\Sktempdm.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\WINNT\system32\dla\tfswctrl.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\XCPCSync\Translators\LtNts4\NtsAgent.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\d***'s Stuff\computer stuff\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.au.ibm.com:8080;socks=socks.au.ibm.com:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = w3.ibm.com;d02ntcl02.sby.ibm.com;w3-7.ibm.com;w3-1.ibm.com;w3-6.ibm.com;w3.itso.ibm.com;bluepages.ibm.com;d03wascl101.boulder.ibm.com;9.244.0.95;autoproxy.au.ibm.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [C4EBReg] "C:\progra~1\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP.EXE
O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX.EXE -CHECK
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\c4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [Detect Kbd Daemon] SK2000DM.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [EasySync Pro - LtNts4] C:\Program Files\Common Files\XCPCSync\Translators\LtNts4\NtsAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKCU\..\Run: [Sametime Connect] C:\Program Files\Lotus\SameTime Client\Connect.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O10 - Unknown file in Winsock LSP: c:\program files\aventail\connect\asdns.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) -
http://das.microsoft...tail/DASAct.cabO16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) -
http://w3.ibm.com/bl...lnwebassist.cabO16 - DPF: {C96E4911-9087-44F2-908B-5AD05155560D} (WDSConfiguration Control) -
http://optus.wds.net...nfiguration.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = au.ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{35DCCAC0-E39A-4F5E-986D-E7F5E1A40253}: Domain = au.ibm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = au.ibm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = au.ibm.com,ibm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = au.ibm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = au.ibm.com,ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = au.ibm.com,ibm.com
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Aventail Connect - Aventail Corporation - C:\Program Files\Aventail\Connect\as32svc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IBM PM Service - Unknown - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: ISAM SMT Service - IBM Global Services - C:\Program Files\c4ebreg\isamsmt.exe
O23 - Service: ISSI EZUpdate - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: LocalSystem - Unknown - C:\WINNT\System32\drivers\ldlcserv.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: ScsiAccess - Unknown - C:\WINNT\system32\ScsiAccess.EXE
O23 - Service: TrcBoot - Unknown - C:\WINNT\System32\drivers\trcboot.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe