Tech Support Forum - View Single Post

acidxburn · 02-21-2006, 04:24 PM

Thank you for replying sir

L2mfix 010406
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 392 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 468 'winlogon.exe'
Killing PID 468 'winlogon.exe'
Killing PID 468 'winlogon.exe'
Killing PID 468 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 3588 'explorer.exe'
Killing PID 3588 'explorer.exe'
Killing PID 3588 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 2904 'rundll32.exe'
Killing PID 2904 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 file(s) copied.
1 file(s) copied.
Deleting: C:\WINDOWS\system32\mdc42.dll
Successfully Deleted: C:\WINDOWS\system32\mdc42.dll
Deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp

msg11?.dll
0 file(s) copied.

Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\j8n20i5oe8.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\lvpq0975e.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
"Asynchronous"=dword:00000000
"DllName"="C:\\PROGRA~1\\Stardock\\OBJECT~1\\WINDOW~1\\fastload.dll"
"Startup"="StartSys"
"Logon"="StartWB"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

The following are the files found:
****************************************************************************
C:\WINDOWS\system32\mdc42.dll
C:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{204A4A92-3563-4A2D-AC19-218BBC7CF757}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{204A4A92-3563-4A2D-AC19-218BBC7CF757}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{204A4A92-3563-4A2D-AC19-218BBC7CF757}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{204A4A92-3563-4A2D-AC19-218BBC7CF757}\InprocServer32]
@="C:\\WINDOWS\\system32\\mdc42.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{995B427C-33FF-452A-B8F8-B2FDB9F92FD4}"=-
"{E7E2A1B9-71D4-4C85-8231-898B4669144F}"=-
"{C24BF3E3-67AB-4A51-91A0-ED1354FB0D7F}"=-
"{07C7C277-E5E7-478F-8C97-49690E379265}"=-
"{37AF21FD-0436-436E-B5F8-E448ADB91899}"=-
"{1D546F57-EE76-448E-A7FD-A796114C3A09}"=-
"{2CAF2B51-4810-4792-AC91-AD9A67656A7F}"=-
"{449450CF-1701-46C4-993C-90B8BCD3A604}"=-
"{D6A9A191-B4E2-4B0A-A08C-2383DE962E65}"=-
"{F5F8855E-B042-44ED-A8D2-41643179DE03}"=-
"{204A4A92-3563-4A2D-AC19-218BBC7CF757}"=-
[-HKEY_CLASSES_ROOT\CLSID\{995B427C-33FF-452A-B8F8-B2FDB9F92FD4}]
[-HKEY_CLASSES_ROOT\CLSID\{E7E2A1B9-71D4-4C85-8231-898B4669144F}]
[-HKEY_CLASSES_ROOT\CLSID\{C24BF3E3-67AB-4A51-91A0-ED1354FB0D7F}]
[-HKEY_CLASSES_ROOT\CLSID\{07C7C277-E5E7-478F-8C97-49690E379265}]
[-HKEY_CLASSES_ROOT\CLSID\{37AF21FD-0436-436E-B5F8-E448ADB91899}]
[-HKEY_CLASSES_ROOT\CLSID\{1D546F57-EE76-448E-A7FD-A796114C3A09}]
[-HKEY_CLASSES_ROOT\CLSID\{2CAF2B51-4810-4792-AC91-AD9A67656A7F}]
[-HKEY_CLASSES_ROOT\CLSID\{449450CF-1701-46C4-993C-90B8BCD3A604}]
[-HKEY_CLASSES_ROOT\CLSID\{D6A9A191-B4E2-4B0A-A08C-2383DE962E65}]
[-HKEY_CLASSES_ROOT\CLSID\{F5F8855E-B042-44ED-A8D2-41643179DE03}]
[-HKEY_CLASSES_ROOT\CLSID\{204A4A92-3563-4A2D-AC19-218BBC7CF757}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/guard.tmp (164 bytes security) (deflated 6%)
adding: dlls/mdc42.dll (164 bytes security) (deflated 6%)
adding: backregs/204A4A92-3563-4A2D-AC19-218BBC7CF757.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 88%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)

Logfile of HijackThis v1.99.1
Scan saved at 6:22:07 AM, on 2/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Stardock\Object

Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common

Files\AOL\1136929607\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Linera Uninstall

Manager\Agent.exe
C:\Program Files\McAfee\McAfee

QuickClean\Plguni.exe
C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
C:\Program

Files\SolidDocuments\SolidConverterPDF\SCPDF\Soli

dPdfService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page = http://www.yahoo.com/
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\In

ternet Settings,ProxyServer =

proxy.abs-cbn.com:80
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\In

ternet Settings,ProxyOverride = *.abs-cbn.com
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google -

{2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan -

{BA52B914-B692-46c4-B683-905236F6F655} -

c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Solid Converter PDF -

{259F616C-A300-44F5-B04A-ED001A26C85C} -

C:\Program

Files\SolidDocuments\SolidConverterPDF\SCPDF\Expl

oreExtPDF.dll
O4 - HKLM\..\Run: [IgfxTray]

C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]

C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program

Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MCAgentExe]

c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe]

C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [HostManager] C:\Program

Files\Common

Files\AOL\1136929607\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [_AntiSpyware]

c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [VSOCheckTask]

"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe"

/checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program

Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program

Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe]

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe]

c:\PROGRA~1\mcafee.com\mps\mscifapp.exe

/embedding
O4 - HKLM\..\Run: [MSKAGENTEXE]

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe]

C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKCU\..\Run: [Linera Agent] C:\Program

Files\Linera Uninstall Manager\Agent.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor]

C:\Program Files\McAfee\McAfee

QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program

Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Dragonshard Registration.lnk =

C:\Program Files\Atari\Dragonshard\ATR1.exe
O4 - Global Startup: Adobe Gamma Loader.lnk =

C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed

Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: TabUserW.exe.lnk =

C:\WINDOWS\system32\Wtablet\TabUserW.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk

= C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &Google Search -

res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English

Word - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links -

res://C:\Program

Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of

Page - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to

Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/300

0
O8 - Extra context menu item: Similar Pages -

res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into

English - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program

Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program

Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) -

{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} -

c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing

Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} -

c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}

(Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1}

(ewidoOnlineScan Control) -

http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8}

(Cult3D ActiveX Player) -

http://www.cult3d.com/download/cult.cab
O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488}

-

http://tmss.trendmicro.com/Dashboard/controls/act

ivex_10/TMSSReportW.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}

(McAfee.com Operating System Class) -

http://download.mcafee.com/molbin/shared/mcinsctl

/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Co

ntrols/en/x86/client/wuweb_site.cab?1126432903344
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525}

(IWinAmpActiveX Class) -

http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.1

1_en_dl.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C}

- http://www.azebar.com/install/azesearch.cab
O20 - Winlogon Notify: Applets -

C:\WINDOWS\system32\j8n20i5oe8.dll
O20 - Winlogon Notify: igfxcui -

C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IPConfTSP -

C:\WINDOWS\system32\lvpq0975e.dll (file missing)
O20 - Winlogon Notify: WB -

C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.d

ll
O20 - Winlogon Notify: WRNotifier -

WRLogonNTF.dll (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd -

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager

(IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc.

- C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service -

McAfee, Inc. - c:\progra~1\mcafee\mcafee

antispyware\massrv.exe
O23 - Service: McAfee WSC Integration

(McDetect.exe) - McAfee, Inc - c:\program

files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) -

McAfee Inc. -

c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler

(McTskshd.exe) - McAfee, Inc -

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update

Manager (mcupdmgr.exe) - McAfee, Inc -

C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service

(MpfService) - McAfee Corporation -

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server

(MskService) - McAfee Inc. -

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: SolidPDFConverterReadSpool

(ScReadSpool) - VoyagerSoft, LLC - C:\Program

Files\SolidDocuments\SolidConverterPDF\SCPDF\Soli

dPdfService.exe
O23 - Service: SmartLinkService (SLService) - -

C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TabletService - Wacom Technology,

Corp. - C:\WINDOWS\system32\Tablet.exe

02-21-2006, 04:24 PM	#3 (permalink)
acidxburn Registered User Join Date: Feb 2006 Posts: 51 OS: XP	Thank you for replying sir L2mfix 010406 Creating Account. The command completed successfully. Adding Administrative privleges. The command completed successfully. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 392 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 468 'winlogon.exe' Killing PID 468 'winlogon.exe' Killing PID 468 'winlogon.exe' Killing PID 468 'winlogon.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 3588 'explorer.exe' Killing PID 3588 'explorer.exe' Killing PID 3588 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 2904 'rundll32.exe' Killing PID 2904 'rundll32.exe' Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrators ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! 1 file(s) copied. 1 file(s) copied. Deleting: C:\WINDOWS\system32\mdc42.dll Successfully Deleted: C:\WINDOWS\system32\mdc42.dll Deleting: C:\WINDOWS\system32\guard.tmp Successfully Deleted: C:\WINDOWS\system32\guard.tmp msg11?.dll 0 file(s) copied. Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: ************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] @="" "DLLName"="igfxsrvc.dll" "Asynchronous"=dword:00000001 "Impersonate"=dword:00000001 "Unlock"="WinlogonUnlockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\j8n20i5oe8.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\lvpq0975e.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB] "Asynchronous"=dword:00000000 "DllName"="C:\\PROGRA~1\\Stardock\\OBJECT~1\\WINDOW~1\\fastload.dll" "Startup"="StartSys" "Logon"="StartWB" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] "Asynchronous"=dword:00000000 "DllName"="WRLogonNTF.dll" "Impersonate"=dword:00000001 "Lock"="WRLock" "StartScreenSaver"="WRStartScreenSaver" "StartShell"="WRStartShell" "Startup"="WRStartup" "StopScreenSaver"="WRStopScreenSaver" "Unlock"="WRUnlock" "Shutdown"="WRShutdown" "Logoff"="WRLogoff" "Logon"="WRLogon" The following are the files found: ************************************************************************ C:\WINDOWS\system32\mdc42.dll C:\WINDOWS\system32\guard.tmp Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. ************************************************************************ Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{204A4A92-3563-4A2D-AC19-218BBC7CF757}] @="" [HKEY_CLASSES_ROOT\CLSID\{204A4A92-3563-4A2D-AC19-218BBC7CF757}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{204A4A92-3563-4A2D-AC19-218BBC7CF757}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{204A4A92-3563-4A2D-AC19-218BBC7CF757}\InprocServer32] @="C:\\WINDOWS\\system32\\mdc42.dll" "ThreadingModel"="Apartment" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{995B427C-33FF-452A-B8F8-B2FDB9F92FD4}"=- "{E7E2A1B9-71D4-4C85-8231-898B4669144F}"=- "{C24BF3E3-67AB-4A51-91A0-ED1354FB0D7F}"=- "{07C7C277-E5E7-478F-8C97-49690E379265}"=- "{37AF21FD-0436-436E-B5F8-E448ADB91899}"=- "{1D546F57-EE76-448E-A7FD-A796114C3A09}"=- "{2CAF2B51-4810-4792-AC91-AD9A67656A7F}"=- "{449450CF-1701-46C4-993C-90B8BCD3A604}"=- "{D6A9A191-B4E2-4B0A-A08C-2383DE962E65}"=- "{F5F8855E-B042-44ED-A8D2-41643179DE03}"=- "{204A4A92-3563-4A2D-AC19-218BBC7CF757}"=- [-HKEY_CLASSES_ROOT\CLSID\{995B427C-33FF-452A-B8F8-B2FDB9F92FD4}] [-HKEY_CLASSES_ROOT\CLSID\{E7E2A1B9-71D4-4C85-8231-898B4669144F}] [-HKEY_CLASSES_ROOT\CLSID\{C24BF3E3-67AB-4A51-91A0-ED1354FB0D7F}] [-HKEY_CLASSES_ROOT\CLSID\{07C7C277-E5E7-478F-8C97-49690E379265}] [-HKEY_CLASSES_ROOT\CLSID\{37AF21FD-0436-436E-B5F8-E448ADB91899}] [-HKEY_CLASSES_ROOT\CLSID\{1D546F57-EE76-448E-A7FD-A796114C3A09}] [-HKEY_CLASSES_ROOT\CLSID\{2CAF2B51-4810-4792-AC91-AD9A67656A7F}] [-HKEY_CLASSES_ROOT\CLSID\{449450CF-1701-46C4-993C-90B8BCD3A604}] [-HKEY_CLASSES_ROOT\CLSID\{D6A9A191-B4E2-4B0A-A08C-2383DE962E65}] [-HKEY_CLASSES_ROOT\CLSID\{F5F8855E-B042-44ED-A8D2-41643179DE03}] [-HKEY_CLASSES_ROOT\CLSID\{204A4A92-3563-4A2D-AC19-218BBC7CF757}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" ************************************************************************ Desktop.ini Contents: ************************************************************************ ************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: adding: dlls/guard.tmp (164 bytes security) (deflated 6%) adding: dlls/mdc42.dll (164 bytes security) (deflated 6%) adding: backregs/204A4A92-3563-4A2D-AC19-218BBC7CF757.reg (212 bytes security) (deflated 70%) adding: backregs/notibac.reg (164 bytes security) (deflated 88%) adding: backregs/shell.reg (164 bytes security) (deflated 73%) Logfile of HijackThis v1.99.1 Scan saved at 6:22:07 AM, on 2/22/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE c:\progra~1\mcafee\mcafee antispyware\massrv.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Common Files\AOL\1136929607\ee\AOLSoftware.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\progra~1\mcafee\MCAFEE~1\masalert.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\mcafee.com\mps\mscifapp.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\Linera Uninstall Manager\Agent.exe C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Soli dPdfService.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Wtablet\TabUserW.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\Tmas\Tmas.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\In ternet Settings,ProxyServer = proxy.abs-cbn.com:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\In ternet Settings,ProxyOverride = *.abs-cbn.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Expl oreExtPDF.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136929607\ee\AOLSoftware.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKCU\..\Run: [Linera Agent] C:\Program Files\Linera Uninstall Manager\Agent.exe O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Dragonshard Registration.lnk = C:\Program Files\Atari\Dragonshard\ATR1.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/300 0 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} - http://tmss.trendmicro.com/Dashboard/controls/act ivex_10/TMSSReportW.CAB O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl /4,0,0,101/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Co ntrols/en/x86/client/wuweb_site.cab?1126432903344 O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.1 1_en_dl.cab O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\j8n20i5oe8.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\lvpq0975e.dll (file missing) O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.d ll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Soli dPdfService.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe