Downloader.Onenet.E

**VetteBoy2002** · 28-07-2005

ooops...it was too long...here is part deux!

************************************************** ********************************
Files Found are not all bad files:
Directory Listing of system files:
Volume in drive C is Local Disk
Volume Serial Number is 602F-9FC9

Directory of C:\WINNT\System32

07/24/2005 08:45p 417,792 lccalmon.dll
07/24/2005 07:10p 417,792 UGERENV.DLL
07/24/2005 07:10p 417,792 UHLMON.DLL
07/24/2005 05:44p 417,792 MDOEACCT.DLL
07/24/2005 05:44p 417,792 MTOTHUNK.DLL
07/24/2005 04:35p 417,792 owdbse32.dll
07/24/2005 04:35p 417,792 oobcji32.dll
07/24/2005 03:28p 417,792 CLRSRV.DLL
07/24/2005 03:28p 417,792 admfd.dll
07/24/2005 02:08p 417,792 nyth.dll
07/24/2005 02:08p 417,792 NOPRINT.DLL
07/24/2005 12:51p 417,792 mwxml3.dll
07/24/2005 12:51p 417,792 mpvidctl.dll
07/24/2005 11:28a 417,792 ODENGL32.DLL
07/24/2005 11:28a 417,792 odslb400.dll
07/24/2005 10:06a 417,792 tdd32.dll
07/24/2005 10:06a 417,792 tgpmib.dll
07/24/2005 08:48a 417,792 roched32.dll
07/24/2005 08:48a 417,792 rugwizc.dll
07/24/2005 07:21a 417,792 dbdiagn.dll
07/24/2005 07:21a 417,792 dusenh.dll
07/24/2005 06:08a 417,792 senceng.dll
07/24/2005 06:08a 417,792 swsinv.dll
07/24/2005 04:53a 417,792 afptif.dll
07/24/2005 04:53a 417,792 axledit.dll
07/24/2005 03:33a 417,792 oieacc.dll
07/24/2005 03:33a 417,792 oaedlg.dll
07/24/2005 02:19a 417,792 wlnmm.dll
07/24/2005 02:19a 417,792 wmfeman.dll
07/24/2005 01:01a 417,792 wkdmlog.dll
07/24/2005 01:01a 417,792 wdpasf.dll
07/23/2005 11:59p 417,792 wkfeman.dll
07/23/2005 11:59p 417,792 wcpcd.dll
07/23/2005 10:51p 417,792 aumparse.dll
07/23/2005 10:51p 417,792 xulehlp.dll
07/23/2005 09:44p 417,792 ooslb400.dll
07/23/2005 09:44p 417,792 oge2.dll
07/23/2005 08:33p 417,792 ilxmontr.dll
07/23/2005 08:33p 417,792 ilakui.dll
07/23/2005 07:05p 417,792 wepui.dll
07/23/2005 07:05p 417,792 wfpcd.dll
07/23/2005 05:35p 417,792 pzofmap.dll
07/23/2005 05:35p 417,792 phspl.dll
07/23/2005 03:19p 417,792 iBsrecst.dll
07/23/2005 03:19p 417,792 icrtprio.dll
07/23/2005 02:04p 417,792 WKNSRV.DLL
07/23/2005 02:04p 417,792 wdadmod.dll
07/23/2005 01:02p 417,792 sxtupwbv.dll
07/23/2005 01:02p 417,792 sptupwbv.dll
07/23/2005 11:51a 417,792 irircl.dll
07/23/2005 11:51a 417,792 IK41_QCX.dll
07/23/2005 10:23a 417,792 CIMCAT.DLL
07/23/2005 10:23a 417,792 cammdlg.dll
07/23/2005 09:23a 417,792 dftrans.dll
07/23/2005 09:23a 417,792 dnvenum.dll
07/23/2005 07:57a 417,792 iewphbk.dll
07/23/2005 07:57a 417,792 IUEproperty.dll
07/23/2005 05:24a 417,792 mjxclu.dll
07/23/2005 05:24a 417,792 mcc40.dll
07/23/2005 04:12a 417,792 PFINTUI.DLL
07/23/2005 04:12a 417,792 pxlagent.dll
07/23/2005 03:01a 417,792 cdcui.dll
07/23/2005 03:01a 417,792 dTd8.dll
07/23/2005 01:50a 417,792 mvrd3x40.dll
07/23/2005 01:50a 417,792 mnrecr40.dll
07/23/2005 12:35a 417,792 iwpromon.dll
07/23/2005 12:35a 417,792 ipm32.dll
07/22/2005 11:33p 417,792 cjyptsvc.dll
07/22/2005 11:33p 417,792 CJRSRV.DLL
07/22/2005 10:05p 417,792 vza64k.dll
07/22/2005 10:05p 417,792 vrdex.dll
07/22/2005 08:35p 417,792 mmw3prt.dll
07/22/2005 08:35p 417,792 mmwsock.dll
07/22/2005 07:31p 417,792 vxa64k.dll
07/22/2005 07:31p 417,792 vya64k.dll
07/22/2005 06:02p 417,792 PCBASE.DLL
07/22/2005 06:02p 417,792 pknppagn.dll
07/22/2005 05:02p 417,792 oeeprn.dll
07/22/2005 05:02p 417,792 OXEAUT32.DLL
07/22/2005 03:38p 417,792 IoagXpr7.dll
07/22/2005 03:38p 417,792 igetcfg.dll
07/22/2005 02:16p 417,792 vza.dll
07/22/2005 02:16p 417,792 vrmredir.dll
07/22/2005 01:15p 417,792 ohbcbcp.dll
07/22/2005 01:15p 417,792 nicfg.dll
07/22/2005 09:33a 417,792 rQstapi.dll
07/22/2005 09:33a 417,792 RJFEDIT.DLL
07/22/2005 08:31a 417,792 kfdbe.dll
07/22/2005 08:31a 417,792 jvt.dll
07/22/2005 07:20a 417,792 bnaf.dll
07/22/2005 07:20a 417,792 cNpesnpn.dll
07/22/2005 06:09a 417,792 fqeploy.dll
07/22/2005 06:09a 417,792 ficlient.dll
07/22/2005 04:58a 417,792 lsexpand.dll
07/22/2005 04:58a 417,792 LKADPERF.DLL
07/22/2005 03:47a 417,792 ddmasf.dll
07/22/2005 03:47a 417,792 DVCPCSVC.DLL
07/22/2005 02:44a 417,792 mtjdbc10.dll
07/22/2005 02:44a 417,792 mlieftp.dll
07/22/2005 01:29a 417,792 OUENGL32.DLL
07/22/2005 01:29a 417,792 ome2disp.dll
07/22/2005 12:27a 417,792 dglay.dll
07/22/2005 12:27a 417,792 dzcprop2.dll
07/21/2005 11:02p 417,792 SWCPACK1.DLL
07/21/2005 11:02p 417,792 tPpi3.dll
07/21/2005 09:53p 417,792 fseploy.dll
07/21/2005 09:53p 417,792 fksrch.dll
07/21/2005 08:29p 417,792 iMssvcs.dll
07/21/2005 08:29p 417,792 hfpertrm.dll
07/21/2005 07:04p 417,792 apmfd.dll
07/21/2005 07:03p 417,792 AFVAPI32.DLL
07/21/2005 05:38p 417,792 nwshell.dll
07/21/2005 05:37p 417,792 nowrsfr.dll
07/21/2005 04:12p 417,792 izxrtmgr.dll
07/21/2005 04:12p 417,792 dpskmon.dll
07/20/2005 09:46p 417,792 larmonui.dll
07/20/2005 09:23p 417,792 wosdmod.dll
07/19/2005 12:03a 417,792 aqkctrs.dll
07/18/2005 11:34p 417,792 ntth.dll
07/18/2005 11:02p 417,792 mkieftp.dll
07/18/2005 10:54p 417,792 freploy.dll
07/18/2005 10:22p 417,792 kwdfo.dll
07/18/2005 08:01p 417,792 IWAGEHLP.DLL
07/18/2005 06:34p 417,792 SDSSETUP.DLL
07/18/2005 06:34p 417,792 Stncor11.dll
07/18/2005 05:33p 417,792 iZsrecst.dll
07/18/2005 05:33p 417,792 IZSENG.DLL
07/18/2005 04:25p 417,792 URAT.DLL
07/18/2005 04:24p 417,792 ujimdmat.dll
07/18/2005 03:22p 417,792 ahferror.dll
07/18/2005 03:21p 417,792 azcups.dll
07/18/2005 02:10p 417,792 afmfd.dll
07/18/2005 02:09p 417,792 aytapi.dll
07/18/2005 01:07p 417,792 dvvenum.dll
07/18/2005 01:06p 417,792 dnvmgr.dll
07/18/2005 11:51a 417,792 izgcmn.dll
07/18/2005 11:51a 417,792 ismpagnt.dll
07/18/2005 10:49a 417,792 wli.dll
07/18/2005 10:49a 417,792 wepcd.dll
07/18/2005 09:41a 417,792 edsadu.dll
07/18/2005 09:41a 417,792 detmsft3.dll
07/18/2005 08:18a 417,792 mfjter40.dll
07/18/2005 08:17a 417,792 MACANS32.DLL
07/18/2005 05:54a 417,792 IEITPKI.DLL
07/18/2005 05:54a 417,792 iexmontr.dll
07/18/2005 04:29a 417,792 srdoclc.dll
07/18/2005 04:29a 417,792 ssmmon.dll
07/18/2005 03:21a 417,792 armparse.dll
07/18/2005 03:21a 417,792 XKREC.DLL
07/18/2005 01:57a 417,792 IBAGEHLP.DLL
07/18/2005 01:57a 417,792 ItagX7.dll
07/18/2005 12:52a 417,792 wqnotify.dll
07/18/2005 12:52a 417,792 fgeploy.dll
07/17/2005 11:36p 417,792 mlxml3r.dll
07/17/2005 11:36p 417,792 mdxlegih.dll
07/17/2005 10:30p 417,792 wd2_32.dll
07/17/2005 10:30p 417,792 wwock32.dll
07/17/2005 09:11p 417,792 dlvoice.dll
07/17/2005 09:11p 417,792 ddauth.dll
07/17/2005 08:01p 417,792 wcadmoe.dll
07/17/2005 08:01p 417,792 wdnotify.dll
07/17/2005 06:50p 417,792 mfihnd.dll
07/17/2005 06:50p 417,792 mnjter40.dll
07/17/2005 05:22p 417,792 ilfosoft.dll
07/17/2005 05:22p 417,792 idfosoft.dll
07/17/2005 04:09p 417,792 mntext40.dll
07/17/2005 04:09p 417,792 mfrclr40.dll
07/17/2005 03:08p 417,792 qWsf.dll
07/17/2005 03:08p 417,792 qwv.dll
07/17/2005 01:43p 417,792 wjwfaxui.dll
07/17/2005 01:43p 417,792 wzpns.dll
07/17/2005 12:17p 417,792 daound3d.dll
07/17/2005 12:17p 417,792 di32gt.dll
07/17/2005 11:08a 417,792 wwhext.dll
07/17/2005 11:08a 417,792 wevdmod.dll
07/17/2005 08:19a 417,792 PARFCTRS.DLL
07/17/2005 08:19a 417,792 OIENGL32.DLL
07/17/2005 07:10a 417,792 rMpilib.dll
07/17/2005 07:10a 417,792 RUSAUTO.DLL
07/17/2005 05:46a 417,792 blaf.dll
07/17/2005 05:46a 417,792 bOtmeter.dll
07/17/2005 04:24a 417,792 awkctrs.dll
07/17/2005 04:24a 417,792 amtapi.dll
07/17/2005 03:06a 417,792 hcd.dll
07/17/2005 03:06a 417,792 gskrsrc.dll
07/17/2005 01:56a 417,792 homon.dll
07/17/2005 01:56a 417,792 iPsrecst.dll
07/17/2005 12:54a 417,792 cdnfmsp.dll
07/17/2005 12:54a 417,792 aersvc.dll
07/16/2005 11:29p 417,792 cetdll.dll
07/16/2005 11:29p 417,792 cumaddin.dll
07/16/2005 10:20p 417,792 inpromon.dll
07/16/2005 10:20p 417,792 ifxmontr.dll
07/16/2005 09:13p 417,792 hmmon.dll
07/16/2005 09:13p 417,792 hecoin.dll
07/16/2005 07:53p 417,792 pmwrprof.dll
07/16/2005 07:53p 417,792 pfnppagn.dll
07/16/2005 03:59p 417,792 ozfox32.dll
07/16/2005 03:59p 417,792 orbcjt32.dll
07/16/2005 02:49p 417,792 tLpiperf.dll
07/16/2005 02:49p 417,792 tGpiui.dll
07/16/2005 01:42p 417,792 qkvd.dll
07/16/2005 01:42p 417,792 qcdwipes.dll
07/16/2005 12:22p 417,792 MNCANS32.DLL
07/16/2005 12:22p 417,792 mgiwave.dll
07/16/2005 11:08a 417,792 avvpack.dll
07/16/2005 11:08a 417,792 alvpack.dll
07/16/2005 07:47a 417,792 ksdusx.dll
07/16/2005 07:47a 417,792 kldusl.dll
07/16/2005 06:32a 417,792 tRpisrv.dll
07/16/2005 06:32a 417,792 tjd32.dll
07/16/2005 05:13a 417,792 nbwrsda.dll
07/16/2005 05:13a 417,792 nuwrsda.dll
07/16/2005 03:59a 417,792 dzdiagn.dll
07/16/2005 03:59a 417,792 dround3d.dll
07/16/2005 02:58a 417,792 DPomExt.dll
07/16/2005 02:58a 417,792 diserver.dll
07/16/2005 01:33a 417,792 sVmlib.dll
07/16/2005 01:33a 417,792 rvvpmsg.dll
07/16/2005 12:07a 417,792 mcxclu.dll
07/16/2005 12:07a 417,792 mcdocs.dll
07/15/2005 10:41p 417,792 attiveds.dll
07/15/2005 10:41p 417,792 xllehlp.dll
07/15/2005 09:32p 417,792 ooe2.dll
07/15/2005 09:32p 417,792 ogecli32.dll
07/15/2005 08:22p 417,792 samapi.dll
07/15/2005 08:22p 417,792 SSTUPAPI.DLL
07/15/2005 07:11p 417,792 fieploy.dll
07/15/2005 07:11p 417,792 gadef.dll
07/15/2005 06:00p 417,792 ddscript.dll
07/15/2005 06:00p 417,792 ddserver.dll
07/15/2005 04:32p 417,792 ptwrprof.dll
07/15/2005 04:32p 417,792 pjlstore.dll
07/15/2005 03:10p 417,792 ptlstore.dll
07/15/2005 03:10p 417,792 pulagent.dll
07/15/2005 12:25p 417,792 dxvmgr.dll
07/15/2005 12:25p 417,792 dnskmon.dll
07/15/2005 11:09a 417,792 csnsole.dll
07/15/2005 11:09a 417,792 csmaddin.dll
07/15/2005 08:19a 417,792 mdacm32.dll
07/15/2005 08:19a 417,792 llcalmon.dll
07/15/2005 06:49a 417,792 vit3216.dll
07/15/2005 06:49a 417,792 vbt3216.dll
07/15/2005 05:40a 417,792 abtapi.dll
07/15/2005 05:40a 417,792 aukctrs.dll
07/15/2005 03:08a 417,792 njwrsno.dll
07/15/2005 03:08a 417,792 nbwrsesm.dll
07/15/2005 12:58a 417,792 dKdramp.dll
07/15/2005 12:58a 417,792 dDdim.dll
07/14/2005 11:33p 417,792 myls31.dll
07/14/2005 11:33p 417,792 mqiwave.dll
07/14/2005 10:24p 417,792 meacm32.dll
07/14/2005 10:24p 417,792 mmrmsg.dll
07/14/2005 09:00p 417,792 wdpui.dll
07/14/2005 09:00p 417,792 wv2_32.dll
07/14/2005 04:09p 417,792 mnc40.dll
07/14/2005 04:09p 417,792 mfiole32.dll
07/14/2005 02:49p 417,792 OQBC32GT.dll
07/14/2005 02:49p 417,792 oqbcji32.dll
07/14/2005 01:49p 417,792 eysadu.dll
07/14/2005 01:49p 417,792 dgmasf.dll
07/13/2005 10:19p 417,792 dodskres.dll
07/13/2005 04:03p 401,408 m?hta.exe
07/13/2005 04:02p 401,408 ?hkdsk.exe
07/12/2005 04:44p 417,792 dfwave.dll
07/11/2005 04:43p 417,792 kadusx.dll
07/11/2005 04:37p 417,792 mzls31.dll
07/11/2005 04:37p 417,792 msastmib.dll
07/11/2005 01:04p 417,792 IIETMIB1.DLL
07/11/2005 01:04p 417,792 ibm32.dll
07/06/2005 09:37p 417,792 rsched32.dll
07/06/2005 09:21p 417,792 guard.tmp
07/06/2005 09:18p 417,792 mLg_hook.dll
07/05/2005 10:34p 417,792 mbls31.dll
07/05/2005 09:17p 417,792 sspblb.dll
07/02/2005 10:18a <DIR> dllcache
06/29/2005 07:22p 417,792 lbrhelp.dll
276 File(s) 115,277,824 bytes
1 Dir(s) 1,230,934,016 bytes free

**HJThis** · 29-07-2005

Hey,VetteBoy2002

First do this here

http://www.ewido.net/en/onlinescan/

lit it try to clean what it finds make note of what it can't clean

Then run this here right after lit me know

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer.

After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log.

Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!

HGD

**VetteBoy2002** · 29-07-2005

Ok, here we go...

Logfile of HijackThis v1.99.1
Scan saved at 12:38:30 AM, on 7/29/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\United Devices\UD.EXE
C:\Program Files\United Devices\ud_7174683.exe
C:\Program Files\United Devices\ud_7174683_0.dir\ud_ligfit_Release.exe
C:\WINNT\explorer.exe
C:\Program Files\HiJack This\hijackthis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Search and Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: AVG Free Control Center (2).lnk = C:\Program Files\Grisoft\AVG Free\avgcc.exe
O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Me.../bridge-c8.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1053ab7c...p/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

**VetteBoy2002** · 29-07-2005

L2Mfix 1.03

Running From:
C:\Documents and Settings\Jim\Desktop\l2mfix

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

Setting registry permissions:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry

Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

Setting up for Reboot

Starting Reboot!

C:\Documents and Settings\Jim\Desktop\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\Jim\Desktop\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Pea****@beyondlogic.org
Killing PID 904 'explorer.exe'
Killing PID 904 'explorer.exe'
Error 0x5 : Access is denied.

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Pea****@beyondlogic.org
Killing PID 996 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINNT\system32\AFVAPI32.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\AFVAPI32.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\apmfd.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\apmfd.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\ddmasf.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\ddmasf.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\dglay.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\dglay.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\dpskmon.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\dpskmon.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\DVCPCSVC.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\DVCPCSVC.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\dzcprop2.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\dzcprop2.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\fksrch.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\fksrch.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\fseploy.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\fseploy.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\hfpertrm.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\hfpertrm.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\ibm32.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\ibm32.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\IIETMIB1.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\IIETMIB1.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\iMssvcs.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\iMssvcs.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\izxrtmgr.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\izxrtmgr.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\mlieftp.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\mlieftp.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\mtjdbc10.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\mtjdbc10.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\nkmctray.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\nkmctray.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\nowrsfr.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\nowrsfr.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\nwshell.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\nwshell.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\ome2disp.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\ome2disp.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\OUENGL32.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\OUENGL32.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\SWCPACK1.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\SWCPACK1.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\tPpi3.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\tPpi3.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\UHLMON.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\UHLMON.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\UIER32.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\UIER32.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\guard.tmp
1 file(s) copied.
Backing Up: C:\WINNT\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINNT\system32\AFVAPI32.DLL
Successfully Deleted: C:\WINNT\system32\AFVAPI32.DLL
deleting: C:\WINNT\system32\AFVAPI32.DLL
Successfully Deleted: C:\WINNT\system32\AFVAPI32.DLL
deleting: C:\WINNT\system32\apmfd.dll
Successfully Deleted: C:\WINNT\system32\apmfd.dll
deleting: C:\WINNT\system32\apmfd.dll
Successfully Deleted: C:\WINNT\system32\apmfd.dll
deleting: C:\WINNT\system32\ddmasf.dll
Successfully Deleted: C:\WINNT\system32\ddmasf.dll
deleting: C:\WINNT\system32\ddmasf.dll
Successfully Deleted: C:\WINNT\system32\ddmasf.dll
deleting: C:\WINNT\system32\dglay.dll
Successfully Deleted: C:\WINNT\system32\dglay.dll
deleting: C:\WINNT\system32\dglay.dll
Successfully Deleted: C:\WINNT\system32\dglay.dll
deleting: C:\WINNT\system32\dpskmon.dll
Successfully Deleted: C:\WINNT\system32\dpskmon.dll
deleting: C:\WINNT\system32\dpskmon.dll
Successfully Deleted: C:\WINNT\system32\dpskmon.dll
deleting: C:\WINNT\system32\DVCPCSVC.DLL
Successfully Deleted: C:\WINNT\system32\DVCPCSVC.DLL
deleting: C:\WINNT\system32\DVCPCSVC.DLL
Successfully Deleted: C:\WINNT\system32\DVCPCSVC.DLL
deleting: C:\WINNT\system32\dzcprop2.dll
Successfully Deleted: C:\WINNT\system32\dzcprop2.dll
deleting: C:\WINNT\system32\dzcprop2.dll
Successfully Deleted: C:\WINNT\system32\dzcprop2.dll
deleting: C:\WINNT\system32\fksrch.dll
Successfully Deleted: C:\WINNT\system32\fksrch.dll
deleting: C:\WINNT\system32\fksrch.dll
Successfully Deleted: C:\WINNT\system32\fksrch.dll
deleting: C:\WINNT\system32\fseploy.dll
Successfully Deleted: C:\WINNT\system32\fseploy.dll
deleting: C:\WINNT\system32\fseploy.dll
Successfully Deleted: C:\WINNT\system32\fseploy.dll
deleting: C:\WINNT\system32\hfpertrm.dll
Successfully Deleted: C:\WINNT\system32\hfpertrm.dll
deleting: C:\WINNT\system32\hfpertrm.dll
Successfully Deleted: C:\WINNT\system32\hfpertrm.dll
deleting: C:\WINNT\system32\ibm32.dll
Successfully Deleted: C:\WINNT\system32\ibm32.dll
deleting: C:\WINNT\system32\ibm32.dll
Successfully Deleted: C:\WINNT\system32\ibm32.dll
deleting: C:\WINNT\system32\IIETMIB1.DLL
Successfully Deleted: C:\WINNT\system32\IIETMIB1.DLL
deleting: C:\WINNT\system32\IIETMIB1.DLL
Successfully Deleted: C:\WINNT\system32\IIETMIB1.DLL
deleting: C:\WINNT\system32\iMssvcs.dll
Successfully Deleted: C:\WINNT\system32\iMssvcs.dll
deleting: C:\WINNT\system32\iMssvcs.dll
Successfully Deleted: C:\WINNT\system32\iMssvcs.dll
deleting: C:\WINNT\system32\izxrtmgr.dll
Successfully Deleted: C:\WINNT\system32\izxrtmgr.dll
deleting: C:\WINNT\system32\izxrtmgr.dll
Successfully Deleted: C:\WINNT\system32\izxrtmgr.dll
deleting: C:\WINNT\system32\mlieftp.dll
Successfully Deleted: C:\WINNT\system32\mlieftp.dll
deleting: C:\WINNT\system32\mlieftp.dll
Successfully Deleted: C:\WINNT\system32\mlieftp.dll
deleting: C:\WINNT\system32\mtjdbc10.dll
Successfully Deleted: C:\WINNT\system32\mtjdbc10.dll
deleting: C:\WINNT\system32\mtjdbc10.dll
Successfully Deleted: C:\WINNT\system32\mtjdbc10.dll
deleting: C:\WINNT\system32\nkmctray.dll
Successfully Deleted: C:\WINNT\system32\nkmctray.dll
deleting: C:\WINNT\system32\nkmctray.dll
Successfully Deleted: C:\WINNT\system32\nkmctray.dll
deleting: C:\WINNT\system32\nowrsfr.dll
Successfully Deleted: C:\WINNT\system32\nowrsfr.dll
deleting: C:\WINNT\system32\nowrsfr.dll
Successfully Deleted: C:\WINNT\system32\nowrsfr.dll
deleting: C:\WINNT\system32\nwshell.dll
Successfully Deleted: C:\WINNT\system32\nwshell.dll
deleting: C:\WINNT\system32\nwshell.dll
Successfully Deleted: C:\WINNT\system32\nwshell.dll
deleting: C:\WINNT\system32\ome2disp.dll
Successfully Deleted: C:\WINNT\system32\ome2disp.dll
deleting: C:\WINNT\system32\ome2disp.dll
Successfully Deleted: C:\WINNT\system32\ome2disp.dll
deleting: C:\WINNT\system32\OUENGL32.DLL
Successfully Deleted: C:\WINNT\system32\OUENGL32.DLL
deleting: C:\WINNT\system32\OUENGL32.DLL
Successfully Deleted: C:\WINNT\system32\OUENGL32.DLL
deleting: C:\WINNT\system32\SWCPACK1.DLL
Successfully Deleted: C:\WINNT\system32\SWCPACK1.DLL
deleting: C:\WINNT\system32\SWCPACK1.DLL
Successfully Deleted: C:\WINNT\system32\SWCPACK1.DLL
deleting: C:\WINNT\system32\tPpi3.dll
Successfully Deleted: C:\WINNT\system32\tPpi3.dll
deleting: C:\WINNT\system32\tPpi3.dll
Successfully Deleted: C:\WINNT\system32\tPpi3.dll
deleting: C:\WINNT\system32\UHLMON.DLL
Successfully Deleted: C:\WINNT\system32\UHLMON.DLL
deleting: C:\WINNT\system32\UHLMON.DLL
Successfully Deleted: C:\WINNT\system32\UHLMON.DLL
deleting: C:\WINNT\system32\UIER32.DLL
Successfully Deleted: C:\WINNT\system32\UIER32.DLL
deleting: C:\WINNT\system32\UIER32.DLL
Successfully Deleted: C:\WINNT\system32\UIER32.DLL
deleting: C:\WINNT\system32\guard.tmp
Successfully Deleted: C:\WINNT\system32\guard.tmp
deleting: C:\WINNT\system32\guard.tmp
Successfully Deleted: C:\WINNT\system32\guard.tmp

**VetteBoy2002** · 29-07-2005

Zipping up files for submission:
adding: AFVAPI32.DLL (152 bytes security) (deflated 48%)
adding: apmfd.dll (152 bytes security) (deflated 48%)
adding: ddmasf.dll (152 bytes security) (deflated 48%)
adding: dglay.dll (152 bytes security) (deflated 48%)
adding: dpskmon.dll (152 bytes security) (deflated 48%)
adding: DVCPCSVC.DLL (152 bytes security) (deflated 48%)
adding: dzcprop2.dll (152 bytes security) (deflated 48%)
adding: fksrch.dll (152 bytes security) (deflated 48%)
adding: fseploy.dll (152 bytes security) (deflated 48%)
adding: hfpertrm.dll (152 bytes security) (deflated 48%)
adding: ibm32.dll (152 bytes security) (deflated 48%)
adding: IIETMIB1.DLL (152 bytes security) (deflated 48%)
adding: iMssvcs.dll (152 bytes security) (deflated 48%)
adding: izxrtmgr.dll (152 bytes security) (deflated 48%)
adding: mlieftp.dll (152 bytes security) (deflated 48%)
adding: mtjdbc10.dll (152 bytes security) (deflated 48%)
adding: nkmctray.dll (152 bytes security) (deflated 48%)
adding: nowrsfr.dll (152 bytes security) (deflated 48%)
adding: nwshell.dll (152 bytes security) (deflated 48%)
adding: ome2disp.dll (152 bytes security) (deflated 48%)
adding: OUENGL32.DLL (152 bytes security) (deflated 48%)
adding: SWCPACK1.DLL (152 bytes security) (deflated 48%)
adding: tPpi3.dll (152 bytes security) (deflated 48%)
adding: UHLMON.DLL (152 bytes security) (deflated 48%)
adding: UIER32.DLL (152 bytes security) (deflated 48%)
adding: guard.tmp (152 bytes security) (deflated 48%)
adding: clear.reg (152 bytes security) (deflated 36%)
adding: echo.reg (152 bytes security) (deflated 8%)
adding: direct.txt (152 bytes security) (stored 0%)
adding: lo2.txt (152 bytes security) (deflated 89%)
adding: readme.txt (152 bytes security) (deflated 49%)
adding: report.txt (152 bytes security) (deflated 73%)
adding: test.txt (152 bytes security) (deflated 88%)
adding: test2.txt (152 bytes security) (deflated 17%)
adding: test3.txt (152 bytes security) (deflated 17%)
adding: test5.txt (152 bytes security) (deflated 17%)
adding: xfind.txt (152 bytes security) (deflated 84%)
adding: backregs/2CE3A543-C0FC-4213-A4A6-96B28E211E04.reg (152 bytes security) (deflated 70%)
adding: backregs/FDB2614C-95D6-4BA7-9825-5A9E2BB50024.reg (152 bytes security) (deflated 70%)
adding: backregs/shell.reg (152 bytes security) (deflated 75%)

Restoring Registry Permissions:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!

Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful

deleting local copy: AFVAPI32.DLL
deleting local copy: AFVAPI32.DLL
deleting local copy: apmfd.dll
deleting local copy: apmfd.dll
deleting local copy: ddmasf.dll
deleting local copy: ddmasf.dll
deleting local copy: dglay.dll
deleting local copy: dglay.dll
deleting local copy: dpskmon.dll
deleting local copy: dpskmon.dll
deleting local copy: DVCPCSVC.DLL
deleting local copy: DVCPCSVC.DLL
deleting local copy: dzcprop2.dll
deleting local copy: dzcprop2.dll
deleting local copy: fksrch.dll
deleting local copy: fksrch.dll
deleting local copy: fseploy.dll
deleting local copy: fseploy.dll
deleting local copy: hfpertrm.dll
deleting local copy: hfpertrm.dll
deleting local copy: ibm32.dll
deleting local copy: ibm32.dll
deleting local copy: IIETMIB1.DLL
deleting local copy: IIETMIB1.DLL
deleting local copy: iMssvcs.dll
deleting local copy: iMssvcs.dll
deleting local copy: izxrtmgr.dll
deleting local copy: izxrtmgr.dll
deleting local copy: mlieftp.dll
deleting local copy: mlieftp.dll
deleting local copy: mtjdbc10.dll
deleting local copy: mtjdbc10.dll
deleting local copy: nkmctray.dll
deleting local copy: nkmctray.dll
deleting local copy: nowrsfr.dll
deleting local copy: nowrsfr.dll
deleting local copy: nwshell.dll
deleting local copy: nwshell.dll
deleting local copy: ome2disp.dll
deleting local copy: ome2disp.dll
deleting local copy: OUENGL32.DLL
deleting local copy: OUENGL32.DLL
deleting local copy: SWCPACK1.DLL
deleting local copy: SWCPACK1.DLL
deleting local copy: tPpi3.dll
deleting local copy: tPpi3.dll
deleting local copy: UHLMON.DLL
deleting local copy: UHLMON.DLL
deleting local copy: UIER32.DLL
deleting local copy: UIER32.DLL
deleting local copy: guard.tmp
deleting local copy: guard.tmp

The following Is the Current Export of the Winlogon notify key:
************************************************** **************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33, 00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e, 00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74, 00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000

The following are the files found:
************************************************** **************************
C:\WINNT\system32\AFVAPI32.DLL
C:\WINNT\system32\AFVAPI32.DLL
C:\WINNT\system32\apmfd.dll
C:\WINNT\system32\apmfd.dll
C:\WINNT\system32\ddmasf.dll
C:\WINNT\system32\ddmasf.dll
C:\WINNT\system32\dglay.dll
C:\WINNT\system32\dglay.dll
C:\WINNT\system32\dpskmon.dll
C:\WINNT\system32\dpskmon.dll
C:\WINNT\system32\DVCPCSVC.DLL
C:\WINNT\system32\DVCPCSVC.DLL
C:\WINNT\system32\dzcprop2.dll
C:\WINNT\system32\dzcprop2.dll
C:\WINNT\system32\fksrch.dll
C:\WINNT\system32\fksrch.dll
C:\WINNT\system32\fseploy.dll
C:\WINNT\system32\fseploy.dll
C:\WINNT\system32\hfpertrm.dll
C:\WINNT\system32\hfpertrm.dll
C:\WINNT\system32\ibm32.dll
C:\WINNT\system32\ibm32.dll
C:\WINNT\system32\IIETMIB1.DLL
C:\WINNT\system32\IIETMIB1.DLL
C:\WINNT\system32\iMssvcs.dll
C:\WINNT\system32\iMssvcs.dll
C:\WINNT\system32\izxrtmgr.dll
C:\WINNT\system32\izxrtmgr.dll
C:\WINNT\system32\mlieftp.dll
C:\WINNT\system32\mlieftp.dll
C:\WINNT\system32\mtjdbc10.dll
C:\WINNT\system32\mtjdbc10.dll
C:\WINNT\system32\nkmctray.dll
C:\WINNT\system32\nkmctray.dll
C:\WINNT\system32\nowrsfr.dll
C:\WINNT\system32\nowrsfr.dll
C:\WINNT\system32\nwshell.dll
C:\WINNT\system32\nwshell.dll
C:\WINNT\system32\ome2disp.dll
C:\WINNT\system32\ome2disp.dll
C:\WINNT\system32\OUENGL32.DLL
C:\WINNT\system32\OUENGL32.DLL
C:\WINNT\system32\SWCPACK1.DLL
C:\WINNT\system32\SWCPACK1.DLL
C:\WINNT\system32\tPpi3.dll
C:\WINNT\system32\tPpi3.dll
C:\WINNT\system32\UHLMON.DLL
C:\WINNT\system32\UHLMON.DLL
C:\WINNT\system32\UIER32.DLL
C:\WINNT\system32\UIER32.DLL
C:\WINNT\system32\guard.tmp
C:\WINNT\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
************************************************** **************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved]
"{2CE3A543-C0FC-4213-A4A6-96B28E211E04}"=-
"{FDB2614C-95D6-4BA7-9825-5A9E2BB50024}"=-
[-HKEY_CLASSES_ROOT\CLSID\{2CE3A543-C0FC-4213-A4A6-96B28E211E04}]
[-HKEY_CLASSES_ROOT\CLSID\{FDB2614C-95D6-4BA7-9825-5A9E2BB50024}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]
************************************************** **************************
Desktop.ini Contents:
************************************************** **************************
************************************************** **************************

**HJThis** · 29-07-2005

Hi,VetteBoy2002

Wow it looks like it did some cleaning here so now
give me some feedback how are things now is the
PC any better to you.

also show me one more logfile.

HGD

**VetteBoy2002** · 29-07-2005

awww, man, its so sweet!

no more popups, its fast again, and no more virus warnings!! Thanks so much!!! Im going to try to download that Sygate Personal Firewall to help protect me.

What logfile do you wish to see? Another HJT?
Here it is:

Logfile of HijackThis v1.99.1
Scan saved at 5:20:24 PM, on 7/29/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\United Devices\UD.EXE
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\outlook.exe
C:\Program Files\AIM\aim.exe
C:\WINNT\System32\freecell.exe
C:\Program Files\United Devices\ud_7657531.exe
C:\Program Files\United Devices\ud_7657531_0.dir\WCGrid_Rosetta.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\HiJack This\hijackthis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Search and Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: AVG Free Control Center (2).lnk = C:\Program Files\Grisoft\AVG Free\avgcc.exe
O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Me.../bridge-c8.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1053ab7c...p/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

**HJThis** · 29-07-2005

Hi,VetteBoy2002

Yes there is nothing like having the PC back

& yes get a fireWall right away also have a look
at these progs

SpywareBlaster - Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
http://www.javacoolsoftware.com/spywareblaster.html

SpywareGuard - An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!
http://www.javacoolsoftware.com/spywareguard.html

IE-SPYAD is a Registry file (IE-ADS.REG) that adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer.
https://netfiles.uiuc.edu/ehowes/www/resource.htm

Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

and this prog here will help keep your PC clean.

popular programs for doing this, is a freeware program Called Crap Cleaner. Crap Cleaner is a single utility that lets you clear your Cookies, Internet Explorer History, Empty the Recycle Bin, Uninstall Programs, Clear Usage Tracks and much more. As well as this, it has an Advanced Registry Scanner. Using a program like this is one of the easiest methods.

You should also think about using Firefox & Mozilla & us IE for updates

Get your Firefox here

Mo who

get it done as fast as you can.

HGD

**VetteBoy2002** · 02-08-2005

These are great!! thanks for all the help! my pc is once again my own!!!! :-)

Also, I have figured out why I cannot access the Windows Update page....seems my pc profile got messed up and I am no longer logged in as the administrator so I cannot update the pc. My old password is no longer working so I do not know how to change my profile back to administrator....Im searching D-A-L now. Someone else must have run across this too!

thanks again!
Jim

**HJThis** · 02-08-2005

Hi,VetteBoy2002

Yes there great tools to have just keep them updated
you should not have any problems.

& yes post this at the Win2K forums if you get
no help lit me know so i may look this up for you

HGD

Downloader.Onenet.E

Re: Downloader.Onenet.E

Similar Threads

Please Help I have a trojan horse downloader.onenet.e

trojan horse downloader.onenet.e

Trojan Downloader Onenet.E Problem

HiJackThis log - Trojan horse Downloader.Onenet.E

Downloader.onenet.e Found, Help Please!