Thank you SOOOO much! I really really appreciate your help.
Bytorok
lm2Fix log
=======
L2Mfix 1.02a
Running From:
C:\DOCUME~1\BYTORO~1.MAI\Desktop\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C access for really "Everyone"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- Everyone
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting up for Reboot
Starting Reboot!
C:\Documents and Settings\Bytorok.MAINMACHINE\Desktop\l2mfix
System Rebooted!
Running From:
C:\Documents and Settings\Bytorok.MAINMACHINE\Desktop\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Killing PID 204 'explorer.exe'
Killing PID 204 'explorer.exe'
Killing PID 204 'explorer.exe'
Killing PID 204 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Error, Cannot find a process with an image name of rundll32.exe
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: C:\WINDOWS\system32\aVudio.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\d40mled11h0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fp8403lqe.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\gp02l3do1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hrrs0597e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hRspvdd.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iketppui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kqdusl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\LXAVI80N.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mjndex.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mkobjs.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mnctf.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mudex.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nnmsevt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\o0lu0a39ed.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\oje2nls.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\plh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\pqh.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\pTpgraph.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\roxp5.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rppwsx.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sbhannel.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\uhrsdpia.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\utpnpmgr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wpn32spl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINDOWS\system32\aVudio.dll
Successfully Deleted: C:\WINDOWS\system32\aVudio.dll
deleting: C:\WINDOWS\system32\d40mled11h0.dll
Successfully Deleted: C:\WINDOWS\system32\d40mled11h0.dll
deleting: C:\WINDOWS\system32\fp8403lqe.dll
Successfully Deleted: C:\WINDOWS\system32\fp8403lqe.dll
deleting: C:\WINDOWS\system32\gp02l3do1.dll
Successfully Deleted: C:\WINDOWS\system32\gp02l3do1.dll
deleting: C:\WINDOWS\system32\hrrs0597e.dll
Successfully Deleted: C:\WINDOWS\system32\hrrs0597e.dll
deleting: C:\WINDOWS\system32\hRspvdd.dll
Successfully Deleted: C:\WINDOWS\system32\hRspvdd.dll
deleting: C:\WINDOWS\system32\iketppui.dll
Successfully Deleted: C:\WINDOWS\system32\iketppui.dll
deleting: C:\WINDOWS\system32\kqdusl.dll
Successfully Deleted: C:\WINDOWS\system32\kqdusl.dll
deleting: C:\WINDOWS\system32\LXAVI80N.DLL
Successfully Deleted: C:\WINDOWS\system32\LXAVI80N.DLL
deleting: C:\WINDOWS\system32\mjndex.dll
Successfully Deleted: C:\WINDOWS\system32\mjndex.dll
deleting: C:\WINDOWS\system32\mkobjs.dll
Successfully Deleted: C:\WINDOWS\system32\mkobjs.dll
deleting: C:\WINDOWS\system32\mnctf.dll
Successfully Deleted: C:\WINDOWS\system32\mnctf.dll
deleting: C:\WINDOWS\system32\mudex.dll
Successfully Deleted: C:\WINDOWS\system32\mudex.dll
deleting: C:\WINDOWS\system32\nnmsevt.dll
Successfully Deleted: C:\WINDOWS\system32\nnmsevt.dll
deleting: C:\WINDOWS\system32\o0lu0a39ed.dll
Successfully Deleted: C:\WINDOWS\system32\o0lu0a39ed.dll
deleting: C:\WINDOWS\system32\oje2nls.dll
Successfully Deleted: C:\WINDOWS\system32\oje2nls.dll
deleting: C:\WINDOWS\system32\plh.dll
Successfully Deleted: C:\WINDOWS\system32\plh.dll
deleting: C:\WINDOWS\system32\pqh.dll
Successfully Deleted: C:\WINDOWS\system32\pqh.dll
deleting: C:\WINDOWS\system32\pTpgraph.dll
Successfully Deleted: C:\WINDOWS\system32\pTpgraph.dll
deleting: C:\WINDOWS\system32\roxp5.dll
Successfully Deleted: C:\WINDOWS\system32\roxp5.dll
deleting: C:\WINDOWS\system32\rppwsx.dll
Successfully Deleted: C:\WINDOWS\system32\rppwsx.dll
deleting: C:\WINDOWS\system32\sbhannel.dll
Successfully Deleted: C:\WINDOWS\system32\sbhannel.dll
deleting: C:\WINDOWS\system32\uhrsdpia.dll
Successfully Deleted: C:\WINDOWS\system32\uhrsdpia.dll
deleting: C:\WINDOWS\system32\utpnpmgr.dll
Successfully Deleted: C:\WINDOWS\system32\utpnpmgr.dll
deleting: C:\WINDOWS\system32\wpn32spl.dll
Successfully Deleted: C:\WINDOWS\system32\wpn32spl.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp
Desktop.ini sucessfully removed
Zipping up files for submission:
adding: aVudio.dll (140 bytes security) (deflated 4%)
adding: d40mled11h0.dll (140 bytes security) (deflated 4%)
adding: fp8403lqe.dll (140 bytes security) (deflated 6%)
adding: gp02l3do1.dll (140 bytes security) (deflated 5%)
adding: hrrs0597e.dll (140 bytes security) (deflated 6%)
adding: hRspvdd.dll (140 bytes security) (deflated 5%)
adding: iketppui.dll (140 bytes security) (deflated 5%)
adding: kqdusl.dll (140 bytes security) (deflated 5%)
adding: LXAVI80N.DLL (140 bytes security) (deflated 6%)
adding: mjndex.dll (140 bytes security) (deflated 5%)
adding: mkobjs.dll (140 bytes security) (deflated 5%)
adding: mnctf.dll (140 bytes security) (deflated 6%)
adding: mudex.dll (140 bytes security) (deflated 5%)
adding: nnmsevt.dll (140 bytes security) (deflated 6%)
adding: o0lu0a39ed.dll (140 bytes security) (deflated 5%)
adding: oje2nls.dll (140 bytes security) (deflated 5%)
adding: plh.dll (140 bytes security) (deflated 6%)
adding: pqh.dll (140 bytes security) (deflated 5%)
adding: pTpgraph.dll (140 bytes security) (deflated 5%)
adding: roxp5.dll (140 bytes security) (deflated 5%)
adding: rppwsx.dll (140 bytes security) (deflated 4%)
adding: sbhannel.dll (140 bytes security) (deflated 6%)
adding: uhrsdpia.dll (140 bytes security) (deflated 5%)
adding: utpnpmgr.dll (140 bytes security) (deflated 5%)
adding: wpn32spl.dll (140 bytes security) (deflated 5%)
adding: guard.tmp (140 bytes security) (deflated 4%)
adding: clear.reg (140 bytes security) (deflated 37%)
adding: echo.reg (140 bytes security) (deflated 11%)
adding: desktop.ini (140 bytes security) (deflated 14%)
adding: direct.txt (140 bytes security) (stored 0%)
adding: lo2.txt (140 bytes security) (deflated 83%)
adding: readme.txt (140 bytes security) (deflated 49%)
adding: report-01.txt (140 bytes security) (deflated 64%)
adding: report.txt (140 bytes security) (deflated 64%)
adding: test.txt (140 bytes security) (deflated 80%)
adding: test2.txt (140 bytes security) (deflated 20%)
adding: test3.txt (140 bytes security) (deflated 20%)
adding: test5.txt (140 bytes security) (deflated 20%)
adding: xfind.txt (140 bytes security) (deflated 74%)
adding: backregs/BF7A4A8B-85E0-4FC4-A242-7C0D0B0AA13C.reg (140 bytes security) (deflated 70%)
adding: backregs/F4D35D15-A835-46D4-ACBB-96D1559B04FD.reg (140 bytes security) (deflated 70%)
adding: backregs/shell.reg (140 bytes security) (deflated 74%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for really "Everyone"
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful
deleting local copy: aVudio.dll
deleting local copy: d40mled11h0.dll
deleting local copy: fp8403lqe.dll
deleting local copy: gp02l3do1.dll
deleting local copy: hrrs0597e.dll
deleting local copy: hRspvdd.dll
deleting local copy: iketppui.dll
deleting local copy: kqdusl.dll
deleting local copy: LXAVI80N.DLL
deleting local copy: mjndex.dll
deleting local copy: mkobjs.dll
deleting local copy: mnctf.dll
deleting local copy: mudex.dll
deleting local copy: nnmsevt.dll
deleting local copy: o0lu0a39ed.dll
deleting local copy: oje2nls.dll
deleting local copy: plh.dll
deleting local copy: pqh.dll
deleting local copy: pTpgraph.dll
deleting local copy: roxp5.dll
deleting local copy: rppwsx.dll
deleting local copy: sbhannel.dll
deleting local copy: uhrsdpia.dll
deleting local copy: utpnpmgr.dll
deleting local copy: wpn32spl.dll
deleting local copy: guard.tmp
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\aVudio.dll
C:\WINDOWS\system32\d40mled11h0.dll
C:\WINDOWS\system32\fp8403lqe.dll
C:\WINDOWS\system32\gp02l3do1.dll
C:\WINDOWS\system32\hrrs0597e.dll
C:\WINDOWS\system32\hRspvdd.dll
C:\WINDOWS\system32\iketppui.dll
C:\WINDOWS\system32\kqdusl.dll
C:\WINDOWS\system32\LXAVI80N.DLL
C:\WINDOWS\system32\mjndex.dll
C:\WINDOWS\system32\mkobjs.dll
C:\WINDOWS\system32\mnctf.dll
C:\WINDOWS\system32\mudex.dll
C:\WINDOWS\system32\nnmsevt.dll
C:\WINDOWS\system32\o0lu0a39ed.dll
C:\WINDOWS\system32\oje2nls.dll
C:\WINDOWS\system32\plh.dll
C:\WINDOWS\system32\pqh.dll
C:\WINDOWS\system32\pTpgraph.dll
C:\WINDOWS\system32\roxp5.dll
C:\WINDOWS\system32\rppwsx.dll
C:\WINDOWS\system32\sbhannel.dll
C:\WINDOWS\system32\uhrsdpia.dll
C:\WINDOWS\system32\utpnpmgr.dll
C:\WINDOWS\system32\wpn32spl.dll
C:\WINDOWS\system32\guard.tmp
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{BF7A4A8B-85E0-4FC4-A242-7C0D0B0AA13C}"=-
"{F4D35D15-A835-46D4-ACBB-96D1559B04FD}"=-
[-HKEY_CLASSES_ROOT\CLSID\{BF7A4A8B-85E0-4FC4-A242-7C0D0B0AA13C}]
[-HKEY_CLASSES_ROOT\CLSID\{F4D35D15-A835-46D4-ACBB-96D1559B04FD}]
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{A48A3E38-3D43-4F8A-9109-EAFB85AAD24C}"=-
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
<IDone>{A48A3E38-3D43-4F8A-9109-EAFB85AAD24C}</IDone>
<IDtwo>DS3</IDtwo>
<VERSION>200</VERSION>
****************************************************************************
====================
Hijack This log
Logfile of HijackThis v1.99.0
Scan saved at 5:23:22 PM, on 2/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hpb2ksrv.exe
C:\WINDOWS\System32\hpbhksrv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ywyikq.exe
C:\Program Files\Common Files\Intuit\DatabaseServer\QBPOSDBService.exe
C:\Program Files\Common Files\Intuit\DatabaseServer\QBDBMgrN.exe
C:\Program Files\Common Files\Intuit\DatabaseServer\QBDBMgrN.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\hpnra.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\Imapi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Bytorok.MAINMACHINE\Desktop\Virus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.cnn.com/O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINDOWS\System32\hpnra.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\CLJ2500\SetConfig.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\ScanSoft\PDF Converter 2.0\\RegistryController.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Startup: Launch Internet Explorer Browser.lnk = C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open PDF in Word (PDF Converter 2.0) - res://C:\Program Files\ScanSoft\PDF Converter 2.0\IEShellExt.dll /100
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A1337CC4-FF8E-11D1-9C48-00A0CC20E0D2} -
http://www.therealye...live/ezinit.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{43D118AD-1B1F-443E-973D-6D8BE95E931A}: Domain = attbi.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{43D118AD-1B1F-443E-973D-6D8BE95E931A}: NameServer = 204.127.202.19,216.148.227.79
O17 - HKLM\System\CS1\Services\Tcpip\..\{43D118AD-1B1F-443E-973D-6D8BE95E931A}: Domain = attbi.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{43D118AD-1B1F-443E-973D-6D8BE95E931A}: NameServer = 204.127.202.19,216.148.227.79
O18 - Protocol: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\system32\QBPOSProtocol.dll
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Status - Hewlett-Packard Company - C:\WINDOWS\System32\hpb2ksrv.exe
O23 - Service: HP Status Print - Unknown - C:\WINDOWS\System32\hpbhksrv.exe
O23 - Service: Sony SPTI Service for DVE - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QBPOS Database Manager - Intuit Inc. - C:\Program Files\Common Files\Intuit\DatabaseServer\QBPOSDBService.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Thanks!