Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Winfixer problem?

Started by Labrat , Aug 29 2005 12:18 AM

This topic is locked

#1
Labrat

Posted 29 August 2005 - 12:18 AM

Member

Member
34 posts

I stupidly took advice to add 'plugin' to msn messenger, namely 'Messenger Plus!' - it tried to install a bunch of stuff that Counterspy flagged as bad so I exited the install. Apparently something got in there anyway because now I get IE popups when I run Slimbrowser or Firefox.

Most of the time they have either 'zedo' or 'c1.zedo.com' in the top bar. It also keeps giving me shortcuts for dating and cleanup on the desktop. One last new thing that has appeared is that as I shut down, a window appears that says 'BOLTID~1.exe could not initialize...'

I have tried AdAwarePro, Spybot, CounterSpy, and specific tools that claimed they could remove it: XoftSpy & SpywareEliminator. They have not.

Please help me... :tazz:

Here is my HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:01:27 AM, on 8/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINXP\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINXP\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINXP\System32\wltrysvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINXP\Explorer.EXE
C:\WINXP\System32\bcmwltry.exe
C:\Program Files\SoftLeds\SoftLeds.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\WINXP\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINXP\system32\LVCOMSX.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Plaxo\2.2.3.5\InstallStub.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Sunbelt Software\iHateSpam\siMain.exe
C:\Program Files\Sunbelt Software\iHateSpam\siSpamFilterEngine.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Documents and Settings\Paul Miner.PAUL-LAPTOP\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rfzwgtjdp...QrPs50R9Xfk.cgi
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...ilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: FreePicGrabber Helper - {DF390801-491F-4659-8E7F-FCCC639A37BD} - C:\Program Files\FreePicGrabber\TheBar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: FreePicGrabber - {EBC780C8-5A2F-4BF2-B274-FDA3D61ACC6C} - C:\Program Files\FreePicGrabber\TheBar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoftLeds] C:\Program Files\SoftLeds\SoftLeds.exe /min
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINXP\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [sunasDtServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINXP\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] "C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE" /P23 EPSON Stylus C62 Series /O6 USB002 /M Stylus C62
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\WINXP\system32\LVCOMSX.EXE"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINXP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [sunasServ] "C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX6400 on MINER_DESKTOP] C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P41 "Auto EPSON Stylus CX6400 on MINER_DESKTOP" /O23 "\\MINER_DESKTOP\Printer" /M "Stylus CX6400"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX6400 on MINER_DESKTOP (Copy 1)] C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P50 "Auto EPSON Stylus CX6400 on MINER_DESKTOP (Copy 1)" /O27 "\\MINER_DESKTOP\EPSONCX6400" /M "Stylus CX6400"
O4 - HKLM\..\Run: [\\MINER_DESKTOP\EPSON Stylus CX6400] C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P35 "\\MINER_DESKTOP\EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [glue new setup ref] C:\Documents and Settings\All Users.WINXP\Application Data\Title site glue new\Bolt Idle.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.2.3.5\InstallStub.exe -a
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [antibuild] C:\DOCUME~1\PAULMI~1.PAU\APPLIC~1\FLAGGR~1\2 license.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Free Pic GRAB - res://C:\Program Files\FreePicGrabber\Options.exe/132
O8 - Extra context menu item: &Quick GRAB Pics - res://C:\Program Files\FreePicGrabber\Options.exe/133
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Launch High Impact eMail 3.0 - {670F87A1-88B0-11d4-9030-000021D9C559} - C:\Program Files\KMT Software\High Impact eMail 3.0\HIE3.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {C4A67F75-88B2-11d4-9030-000021D9C559} - C:\Program Files\KMT Software\High Impact eMail 3.0\HIE3.exe
O9 - Extra 'Tools' menuitem: Launch High Impact eMail 3.0 - {C4A67F75-88B2-11d4-9030-000021D9C559} - C:\Program Files\KMT Software\High Impact eMail 3.0\HIE3.exe
O9 - Extra button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll
O9 - Extra 'Tools' menuitem: iSiloX Clipper... - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.co...laxoInstall.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaud...d/ccpm_0237.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akam...loadManager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108244642656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1121205669078
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.h...cdetection3.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O18 - Protocol: bw+0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll
O18 - Protocol: offline-8876480 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: vskype - (no CLSID) - (no file)
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: PCANotify - C:\WINXP\SYSTEM32\PCANotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ascserv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINXP\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~2\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINXP\System32\wltrysvc.exe

Edited by Labrat, 30 August 2005 - 09:35 AM.

#2
Labrat

Posted 29 August 2005 - 11:42 PM

Member

Topic Starter
Member
34 posts

Here is the L2MFIX.bat log:

L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient]
"Asynchronous"=dword:00000000
"DllName"="C:\\Program Files\\Common Files\\Stardock\\mcpstub.dll"
"Startup"="MCPSystemStartup"
"Logon"="MCPLogonStartup"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"Unlock"="WLEventUnlock"
"Lock"="WLEventLock"
"Startup"="WLEventStartup"
"DllName"="PCANotify.dll"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{950FF917-7A57-46BC-8017-59D9BF474000}"="Shell Extension for CDRW"
"{2F603045-309F-11CF-9774-0020AFD0CFF6}"="Synaptics Control Panel"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{B4B6C9B0-51C7-11D3-9D06-0000B45C849A}"="MagellanShellExtension"
"Zinio Magazine Column Provider"="{A9AACA72-1C51-4F84-804D-90EDBA0D58F4}"
"Zinio Shell Extension"="{AC0B5D2E-B691-4E12-A4F9-CA88492579A2}"
"Zinio Shell Extension UI Object"="{091D66CD-24B7-4210-A790-78463B1B3D7A}"
"{AC0B5D2E-B691-4E12-A4F9-CA88492579A2}"="Zinio Shell Extension"
"{A9AACA72-1C51-4F84-804D-90EDBA0D58F4}"="Zinio Magazine Column Provider"
"{091D66CD-24B7-4210-A790-78463B1B3D7A}"="Zinio Shell Extension UI Object"
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}"="SnagIt"
"{CF74B903-3389-469c-B3B6-0204D204FCBD}"="SnagIt Shell Extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{6DEA92E9-8682-4b6a-97DE-354772FE5727}"="Autodesk DWF Preview"
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}"="AutoCAD Digital Signatures Icon Overlay Handler"
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}"="Autodesk Drawing Preview"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="Universal Plug and Play Devices"
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}"="My Logitech Pictures"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINXP\SYSTEM32\
bassmod.dll Tue Jul 26 2005 10:03:42a A.... 15,360 15.00 K
browseui.dll Sat Jul 2 2005 8:11:28p A.... 1,019,904 996.00 K
cdfview.dll Sat Jul 2 2005 8:11:28p A.... 151,040 147.50 K
cfhd.dll Wed Jul 13 2005 1:19:12p A.... 1,024,000 1000.00 K
divx.dll Thu Jun 9 2005 2:32:28p A.... 692,736 676.50 K
dpwtdaxp.dll Sat Aug 13 2005 10:44:54a ..SH. 23 0.02 K
dpwtpaxp.dll Sat Aug 13 2005 10:44:54a ..SH. 14 0.01 K
icm32.dll Tue Jun 28 2005 7:46:00p A.... 254,976 249.00 K
iepeers.dll Sat Jul 2 2005 8:11:28p A.... 251,392 245.50 K
inseng.dll Sat Jul 2 2005 8:11:28p A.... 96,256 94.00 K
kerberos.dll Wed Jun 15 2005 11:49:30a A.... 295,936 289.00 K
mscms.dll Tue Jun 28 2005 7:46:00p A.... 74,240 72.50 K
mshtml.dll Tue Jul 19 2005 8:00:30p A.... 3,014,144 2.87 M
mshtmled.dll Sat Jul 2 2005 8:11:30p A.... 448,512 438.00 K
msrating.dll Sat Jul 2 2005 8:11:30p A.... 146,432 143.00 K
pncrt.dll Sun Aug 28 2005 11:04:34p A.... 278,528 272.00 K
pndx5016.dll Sun Aug 28 2005 11:04:34p A.... 6,656 6.50 K
pndx5032.dll Sun Aug 28 2005 11:04:34p A.... 5,632 5.50 K
pngfilt.dll Sat Jul 2 2005 8:11:30p A.... 39,424 38.50 K
rmoc3260.dll Sun Aug 28 2005 11:04:46p A.... 176,167 172.04 K
s32evnt1.dll Thu Jul 28 2005 2:52:18p A.... 91,856 89.70 K
shdocvw.dll Sat Jul 2 2005 8:11:30p A.... 1,483,776 1.41 M
shlwapi.dll Sat Jul 2 2005 8:11:30p A.... 473,600 462.50 K
spwtpaxp.dll Sat Aug 13 2005 10:49:36a ..SH. 12 0.01 K
sys2679b.dll Mon Aug 1 2005 3:33:44p A.... 3,676 3.59 K
tapisrv.dll Fri Jul 8 2005 10:27:56a A.... 249,344 243.50 K
tsccvid.dll Wed Jun 15 2005 3:00:00a A.... 102,400 100.00 K
umpnpmgr.dll Wed Jun 29 2005 8:02:40p A.... 118,272 115.50 K
urlmon.dll Sat Jul 2 2005 8:11:30p A.... 607,744 593.50 K
wininet.dll Sat Jul 2 2005 8:11:30p A.... 658,432 643.00 K
winsusrm.dll Tue Aug 23 2005 9:09:24p A.... 264 0.26 K

31 items found: 31 files (3 H/S), 0 directories.
Total of file sizes: 11,780,748 bytes 11.23 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 389E-2CCE

Directory of C:\WINXP\System32

08/22/2005 05:33 PM 952 KGyGaAvL.sys
08/13/2005 10:49 AM 12 spwtpaxp.dll
08/13/2005 10:44 AM 14 dpwtpaxp.dll
08/13/2005 10:44 AM 23 dpwtdaxp.dll
08/10/2005 12:36 AM <DIR> dllcache
07/20/2005 08:22 PM 979 msbasm.dat
04/25/2005 09:02 PM <DIR> Microsoft
05/22/2001 01:00 AM 22,016 borlndmm.dll
09/30/1999 06:21 PM 166,672 mstext35.dll
09/09/1999 09:06 PM 168,720 msltus35.dll
09/09/1999 09:06 PM 252,688 msexcl35.dll
06/07/1999 05:59 PM 250,128 mspdox35.dll
04/25/1999 04:00 PM 287,504 Msxbse35.dll
11 File(s) 1,149,708 bytes
2 Dir(s) 21,570,048,000 bytes free

#3
Metallica

Posted 02 September 2005 - 12:32 PM

Spyware Veteran

GeekU Moderator
33,101 posts

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rfzwgtjdp...QrPs50R9Xfk.cgi

O4 - HKLM\..\Run: [glue new setup ref] C:\Documents and Settings\All Users.WINXP\Application Data\Title site glue new\Bolt Idle.exe

O4 - HKCU\..\Run: [LDM] \Program\

O4 - HKCU\..\Run: [antibuild] C:\DOCUME~1\PAULMI~1.PAU\APPLIC~1\FLAGGR~1\2 license.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

O18 - Protocol: bw+0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll
O18 - Protocol: offline-8876480 - {C72630D5-FD10-4310-A0F3-FFF825E7586D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: vskype - (no CLSID) - (no file)

Reboot into safe mode and delete:
C:\Documents and Settings\All Users.WINXP\Application Data\Title site glue new <= entire folder
C:\Documents and Settings\PAULMI~1.PAU\Application Data\FLAGGR~1 <= abbreviated foldername, find and delete the one with the file2 license.exe in it

Boot back to normal and download and unzip to one folder:
http://metallica.gee...com/findlop.zip

Inside the folder find findlop.bat

Doubleclick it and it will create the file C:\findlop.txt
Find that file and copy the content into your next post together with a new HijackThis log.

Regards,

#4
Labrat

Posted 02 September 2005 - 04:48 PM

Member

Topic Starter
Member
34 posts

I did what you asked - when I rebooted normally after deleting the files in safe mode, both Trend and Norton popped up the same virus alerts as before.

Here is the the 'findlop' report:

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'Norton AntiVirus - Scan my computer - Paul Miner.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\PROGRA~1\NORTON~2\NORTON~3\Navw32.exe'
Parameters: '/task:"C:\Documents and Settings\All Users.WINXP\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"'
WorkingDirectory: ''
Comment: 'This is a schedule scan task from Norton AntiVirus.'
Creator: 'Paul Miner'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 08/19/2005 20:00:00
NextRun: 09/02/2005 20:00:00
StartError: S_OK
ExitCode: 0x1
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .....F.
StartDate: 04/30/2005
EndDate: 00/00/0000
StartTime: 20:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

[TRACE] Activating job 'Norton SystemWorks One Button Checkup.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Norton SystemWorks\OBC.exe'
Parameters: ' /CUSTOM /SCHEDULE /AUTO'
WorkingDirectory: ''
Comment: ''
Creator: 'Paul Miner'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 30
IdleDeadline: 0
MostRecentRun: 08/22/2005 2:00:00
NextRun: 09/05/2005 2:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .M.....
StartDate: 04/30/2005
EndDate: 00/00/0000
StartTime: 02:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

[TRACE] Activating job 'Symantec Drmc.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe'
Parameters: ' /CUSTOM /SCHEDULE'
WorkingDirectory: ''
Comment: ''
Creator: 'Paul Miner'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 30
IdleDeadline: 0
MostRecentRun: 09/01/2005 0:00:00
NextRun: 09/03/2005 0:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 04/30/2005
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

[TRACE] Activating job 'Symantec NetDetect.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE'
Parameters: ''
WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate'
Comment: 'Symantec NetDetect'
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 09/02/2005 10:50:00
NextRun: 09/02/2005 18:52:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 09/02/2005
EndDate: 00/00/0000
StartTime: 14:52
MinutesDuration: 1440
MinutesInterval: 240
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Here is the new Hijak report:

Logfile of HijackThis v1.99.1
Scan saved at 4:47:06 PM, on 9/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\csrss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINXP\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINXP\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINXP\system32\wdfmgr.exe
C:\WINXP\System32\wltrysvc.exe
C:\WINXP\System32\bcmwltry.exe
C:\Program Files\SoftLeds\SoftLeds.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINXP\system32\LVCOMSX.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Plaxo\2.2.3.5\InstallStub.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
C:\WINXP\System32\alg.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...ilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: FreePicGrabber Helper - {DF390801-491F-4659-8E7F-FCCC639A37BD} - C:\Program Files\FreePicGrabber\TheBar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: FreePicGrabber - {EBC780C8-5A2F-4BF2-B274-FDA3D61ACC6C} - C:\Program Files\FreePicGrabber\TheBar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoftLeds] C:\Program Files\SoftLeds\SoftLeds.exe /min
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINXP\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [sunasDtServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINXP\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] "C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE" /P23 EPSON Stylus C62 Series /O6 USB002 /M Stylus C62
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\WINXP\system32\LVCOMSX.EXE"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINXP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [sunasServ] "C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX6400 on MINER_DESKTOP] C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P41 "Auto EPSON Stylus CX6400 on MINER_DESKTOP" /O23 "\\MINER_DESKTOP\Printer" /M "Stylus CX6400"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX6400 on MINER_DESKTOP (Copy 1)] C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P50 "Auto EPSON Stylus CX6400 on MINER_DESKTOP (Copy 1)" /O27 "\\MINER_DESKTOP\EPSONCX6400" /M "Stylus CX6400"
O4 - HKLM\..\Run: [\\MINER_DESKTOP\EPSON Stylus CX6400] C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P35 "\\MINER_DESKTOP\EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.2.3.5\InstallStub.exe -a
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Free Pic GRAB - res://C:\Program Files\FreePicGrabber\Options.exe/132
O8 - Extra context menu item: &Quick GRAB Pics - res://C:\Program Files\FreePicGrabber\Options.exe/133
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Launch High Impact eMail 3.0 - {670F87A1-88B0-11d4-9030-000021D9C559} - C:\Program Files\KMT Software\High Impact eMail 3.0\HIE3.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {C4A67F75-88B2-11d4-9030-000021D9C559} - C:\Program Files\KMT Software\High Impact eMail 3.0\HIE3.exe
O9 - Extra 'Tools' menuitem: Launch High Impact eMail 3.0 - {C4A67F75-88B2-11d4-9030-000021D9C559} - C:\Program Files\KMT Software\High Impact eMail 3.0\HIE3.exe
O9 - Extra button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll
O9 - Extra 'Tools' menuitem: iSiloX Clipper... - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.co...laxoInstall.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaud...d/ccpm_0237.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akam...loadManager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108244642656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1121205669078
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.h...cdetection3.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O18 - Protocol: vskype - (no CLSID) - (no file)
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: PCANotify - C:\WINXP\SYSTEM32\PCANotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ascserv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINXP\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~2\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINXP\System32\wltrysvc.exe

#5
Metallica

Posted 03 September 2005 - 06:16 AM

Spyware Veteran

GeekU Moderator
33,101 posts

Well. The Lop infection is gone.

Can you post the exact content of the virus alerts you get?
I would be particularly interested in the full path and filename of the found infected files.

And make sure that only one of the two Antivirus programs is running resident.

Regards,

#6
Labrat

Posted 03 September 2005 - 08:52 AM

Member

Topic Starter
Member
34 posts

Norton says:

Virus Alert - High Risk
Object Name C:\WINXP\TEMP\tmp57.tmp
Virus Name W32.Alcra.B
Action Taken The File was automatically deleted

If I hit OK it just reappears - This automatic deletion places the file in the Norton Quarantined files. It continues finding and deleting until the disk is full. the temp files just keep name changing. I have to run Cleanup! to get them out. The results are usually in the 30 GByte range which is the (was) the free space on the computer.

Additionally, the nightly full scan shows the following:

The file C:\Documents and Settings\Paul Miner.PAUL-LAPTOP\Application Data\FlagGrimTest\Roam Bib Spam The.exe is a Adware threat.
The file C:\Documents and Settings\Paul Miner.PAUL-LAPTOP\Application Data\FlagGrimTest\deolhvej.exe is a Adware threat.

The Trend mico log follows:

3:09 Real-time Scan File WORM_VB.AS C:\WINXP\TEMP\tmpD.tmp Quarantine Success

and continues by renaming the tmp file hexidecimally where th 'D' is for thousands of entries.

Thank you for helping me.

#7
Metallica

Posted 03 September 2005 - 11:54 AM

Spyware Veteran

GeekU Moderator
33,101 posts

OK. Let's try something.

Please read:
http://metallica.gee...structions.html

This is the script I'd like you to save and execute:

RegSetDwordValue HKLM\System\CurrentControlSet\Control\Lsa|Restrictanonymous|0
RegSetStringValue HKLM\SOFTWARE\Microsoft\OLE|EnableDCOM|Y
FileDelete %SYSTEMDRIVE%\temp.zip
FileDelete %SYSTEMDRIVE%\x.txt
FileDelete %SYSTEMDRIVE%\z.txt
FileDelete %SYSTEMDRIVE%\z.tmp
OptionPauseBetweenCmds 300
FileDelete %SYSDIR%\p2pnetwork.exe
FolderDelete %PROGRAMFILES%\MsConfigs
FileDelete %SYSDIR%\CMD.COM
FileDelete %SYSDIR%\netstat.com
FileDelete %SYSDIR%\ping.com
FileDelete %SYSDIR%\regedit.com
FileDelete %SYSDIR%\tasklist.com
FileDelete %SYSDIR%\taskkill.com
FileDelete %SYSDIR%\taskmgr.com
FileDelete %SYSDIR%\tracert.com
FileDelete %SYSDIR%\bszip.dll
FolderDelete %ProgramFiles%\winupdates
FolderDelete C:\Documents and Settings\Paul Miner.PAUL-LAPTOP\Application Data\FlagGrimTest
SystemEmptyTempFolder
SystemRestart

Close as many programs as possible before you run it, since the script will reboot the computer.
Let me know if the computer is networked and if there are other active user accounts.

Regards,

#8
Labrat

Posted 03 September 2005 - 12:59 PM

Member

Topic Starter
Member
34 posts

Ran BFU with the script. It completed and rebooted - same W32.alcra.B alert from Norton. Turned Trend off as advised.

MSHome network two other users, both other machines have been off for two days.

Any ideas? Again, thanks for helping.

Edited by Labrat, 03 September 2005 - 01:00 PM.

#9
Metallica

Posted 03 September 2005 - 01:31 PM

Spyware Veteran

GeekU Moderator
33,101 posts

I was working from the description here:
http://securityrespo...32.alcra.b.html

since Norton is the program finding it, that seemed the logical choice.

Only other thing I can imagine:
Spreads through various file-sharing networks
but I don't see any running on your computer.

Can you do a Find Files for "Setup.exe"?

Unfortunately this is a very common filename, so please don't delete any yet.

This may be handy, copy the code below into notepad and save it as lookup.bat
Set Filetype to "All files"

dir %Systemdrive%\Setup.exe /a h /s > files.txt
start notepad files.txt

That will open a file called files.txt. Post the content of that file.

Regards,

#10
Labrat

Posted 04 September 2005 - 12:04 AM

Member

Topic Starter
Member
34 posts

This is the result of Lookup.bat:

Volume in drive C has no label.
Volume Serial Number is 389E-2CCE

Directory of C:\Documents and Settings\Paul Miner.PAUL-LAPTOP\Desktop\71.89_win2kxp_english

04/01/2005 04:16 PM 116,880 setup.exe
1 File(s) 116,880 bytes

Directory of C:\Documents and Settings\Paul Miner.PAUL-LAPTOP\Desktop\ItsD7Updt15101

12/14/1999 01:43 PM 45,360 SETUP.EXE
1 File(s) 45,360 bytes

Directory of C:\Documents and Settings\Paul Miner.PAUL-LAPTOP\Desktop\MotoPhoneTools\Setup

11/22/2004 02:26 PM 253,952 setup.exe
1 File(s) 253,952 bytes

Directory of C:\Documents and Settings\Paul Miner.PAUL-LAPTOP\Desktop\Nvidia\5663win2k-xp\5663_XP2000

02/29/2004 02:18 AM 165,888 Setup.exe
1 File(s) 165,888 bytes

Directory of C:\Documents and Settings\Paul Miner.PAUL-LAPTOP\Desktop\pcc25f1244\Antispam

06/01/2004 02:38 PM 8,300,505 setup.exe
1 File(s) 8,300,505 bytes

Directory of C:\Documents and Settings\Paul Miner.PAUL-LAPTOP\Desktop\pcc25f1244\Setup

09/15/2004 07:46 PM 217,088 setup.exe
1 File(s) 217,088 bytes

Directory of C:\Documents and Settings\Paul Miner.PAUL-LAPTOP\Desktop\PDA\Miliage Programs\AALPalm0520

04/13/2004 10:32 AM 40,960 setup.exe
1 File(s) 40,960 bytes

Directory of C:\Documents and Settings\Paul Miner.PAUL-LAPTOP\Desktop\PDA\Miliage Programs\AALPalm0520\JSync

01/13/1999 02:38 PM 61,440 setup.exe
1 File(s) 61,440 bytes

Directory of C:\Documents and Settings\Paul Miner.PAUL-LAPTOP\Desktop\Punch

10/11/2001 04:10 PM 237,804,212 Setup.EXE
1 File(s) 237,804,212 bytes

Directory of C:\epson\epson10543

10/16/2002 02:16 PM 4,351,490 SETUP.EXE
1 File(s) 4,351,490 bytes

Directory of C:\epson\epson11199

02/12/2004 01:00 AM 225,280 Setup.exe
1 File(s) 225,280 bytes

Directory of C:\epson\epson11325

09/28/2004 07:13 AM 757,760 SETUP.EXE
1 File(s) 757,760 bytes

Directory of C:\epson\epson11341

09/04/2001 07:23 AM 56,320 Setup.exe
1 File(s) 56,320 bytes

Directory of C:\hp\drivers\printers\deskjet

05/14/2003 07:03 AM 45,056 setup.exe
1 File(s) 45,056 bytes

Directory of C:\hp\tmp\src\psptr

05/08/2003 09:19 AM 823,296 Setup.exe
1 File(s) 823,296 bytes

Directory of C:\hp\tmp\src\psptr\util\ccc\Diagnostics

05/22/2003 06:45 PM 1,206,077 setup.exe
1 File(s) 1,206,077 bytes

Directory of C:\NVIDIA\Win2KXP\66.93

10/29/2004 03:50 PM 116,880 setup.exe
1 File(s) 116,880 bytes

Directory of C:\NVIDIA\Win2KXP\71.89

04/01/2005 04:16 PM 116,880 setup.exe
1 File(s) 116,880 bytes

Directory of C:\Program Files\Autodesk\Autodesk DWF Viewer

04/14/2005 10:48 AM 76,056 Setup.exe
1 File(s) 76,056 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN

01/12/1999 06:42 AM 73,728 Setup.exe
1 File(s) 73,728 bytes

Directory of C:\Program Files\Design Science\MathPlayer

06/27/2003 04:11 PM 348,160 Setup.exe
1 File(s) 348,160 bytes

Directory of C:\Program Files\EPSON\escndv\setup

02/12/2004 01:00 AM 225,280 setup.exe
1 File(s) 225,280 bytes

Directory of C:\Program Files\EPSON\PrinterDriverTemp\SCX6400

09/28/2004 07:13 AM 757,760 SETUP.EXE
1 File(s) 757,760 bytes

Directory of C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}

09/16/2003 08:31 PM 962,560 setup.exe
1 File(s) 962,560 bytes

Directory of C:\Program Files\HP\Memories Disc\skins\HewlettPackard_0002\skingen\MEMDISC\PROVIDED\RETAILPF

11/20/2003 07:42 PM 0 SETUP.EXE
1 File(s) 0 bytes

Directory of C:\Program Files\InstallShield Installation Information\{0134A1A1-C283-4A47-91A1-92F19F960372}

04/05/2005 02:08 PM 835,584 setup.exe
1 File(s) 835,584 bytes

Directory of C:\Program Files\InstallShield Installation Information\{084709F7-38C5-4609-B55F-2417939315EB}

12/02/2002 10:33 AM 107,512 setup.exe
1 File(s) 107,512 bytes

Directory of C:\Program Files\InstallShield Installation Information\{13C8D5EF-ECAB-4BF9-AB35-9774AEC00EEE}

02/24/2005 02:14 PM 116,880 setup.exe
1 File(s) 116,880 bytes

Directory of C:\Program Files\InstallShield Installation Information\{1CEE552A-5E9E-49C3-9DE6-0BD978E20663}

07/24/2005 11:57 AM 117,200 setup.exe
1 File(s) 117,200 bytes

Directory of C:\Program Files\InstallShield Installation Information\{26EB2AD3-F045-48DE-A3D9-147811DD6A97}

01/20/2005 12:01 PM 117,200 setup.exe
1 File(s) 117,200 bytes

Directory of C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}

07/04/2005 12:11 AM 119,016 setup.exe
1 File(s) 119,016 bytes

Directory of C:\Program Files\InstallShield Installation Information\{3FE31026-246F-4BAF-A313-8838962BCB95}

08/05/2002 04:59 AM 98,296 setup.exe
1 File(s) 98,296 bytes

Directory of C:\Program Files\InstallShield Installation Information\{580EFF1F-18B6-4DDB-93F5-58C963313AAB}

09/05/2001 04:23 AM 56,320 Setup.exe
1 File(s) 56,320 bytes

Directory of C:\Program Files\InstallShield Installation Information\{5D7564B5-864C-4967-858D-8030E45A6C69}

02/12/2005 11:29 PM 109,712 setup.exe
1 File(s) 109,712 bytes

Directory of C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}

11/03/1999 11:53 AM 35,840 Setup.exe
1 File(s) 35,840 bytes

Directory of C:\Program Files\InstallShield Installation Information\{625304B0-2976-473B-AD81-5CA376093F03}

08/16/2005 05:05 PM 116,688 setup.exe
1 File(s) 116,688 bytes

Directory of C:\Program Files\InstallShield Installation Information\{6ACA2FD2-4C4A-42F3-AFB5-7B433BBDF6DB}

11/03/1999 12:53 PM 35,840 Setup.exe
1 File(s) 35,840 bytes

Directory of C:\Program Files\InstallShield Installation Information\{6BD31B80-7E9E-4FAF-B911-0AC31FB94BF6}

12/02/2002 05:33 PM 107,512 setup.exe
1 File(s) 107,512 bytes

Directory of C:\Program Files\InstallShield Installation Information\{737D7CA8-D05C-46C7-AFED-A76616E8CA3B}

05/16/2000 02:37 PM 46,080 Setup.exe
1 File(s) 46,080 bytes

Directory of C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}

08/08/2005 02:00 PM 107,512 setup.exe
1 File(s) 107,512 bytes

Directory of C:\Program Files\InstallShield Installation Information\{7C21EEE0-E6FD-11D4-BD19-00D0B702AEC0}

10/05/2000 10:05 AM 165,888 Setup.exe
1 File(s) 165,888 bytes

Directory of C:\Program Files\InstallShield Installation Information\{7F4C8163-F259-49A0-A018-2857A90578BC}

09/04/2003 01:01 PM 40,960 Setup.exe
1 File(s) 40,960 bytes

Directory of C:\Program Files\InstallShield Installation Information\{8B76CB9B-3204-4AFF-8C1B-8C4896D70000}

09/05/2001 05:23 AM 56,320 Setup.exe
1 File(s) 56,320 bytes

Directory of C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}

09/05/2001 01:03 AM 168,448 Setup.exe
1 File(s) 168,448 bytes

Directory of C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}

11/03/1999 01:34 PM 127,488 Setup.exe
1 File(s) 127,488 bytes

Directory of C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}

09/19/2003 09:34 AM 107,512 setup.exe
1 File(s) 107,512 bytes

Directory of C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}

04/11/2001 06:07 PM 166,912 Setup.exe
1 File(s) 166,912 bytes

Directory of C:\Program Files\InstallShield Installation Information\{9692FD03-6662-4E62-B08C-30DFF51651E1}

05/03/2004 12:42 PM 56,320 Setup.exe
1 File(s) 56,320 bytes

Directory of C:\Program Files\InstallShield Installation Information\{9809E95B-6AB5-445C-8BCB-6B0FBD62B823}

01/24/2005 05:57 PM 102,912 setup.exe
1 File(s) 102,912 bytes

Directory of C:\Program Files\InstallShield Installation Information\{9BBD0637-7687-41D4-88A0-886593FDED9B}

02/15/2005 08:03 AM 107,512 setup.exe
1 File(s) 107,512 bytes

Directory of C:\Program Files\InstallShield Installation Information\{9DBBC53C-AD7B-44ED-91A7-7568B51182F8}

02/15/2005 09:34 AM 116,880 setup.exe
1 File(s) 116,880 bytes

Directory of C:\Program Files\InstallShield Installation Information\{9E11661F-C75F-4566-A91F-85BD90D09C70}

12/02/2002 02:33 PM 107,512 setup.exe
1 File(s) 107,512 bytes

Directory of C:\Program Files\InstallShield Installation Information\{A14F7508-B784-40B8-B11A-E0E2EEB7229F}

12/02/2002 05:33 PM 107,512 setup.exe
1 File(s) 107,512 bytes

Directory of C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}

02/12/2005 03:41 PM 116,880 setup.exe
1 File(s) 116,880 bytes

Directory of C:\Program Files\InstallShield Installation Information\{A96D3ED0-E7B3-41F6-8BB5-F3C63D80901D}

02/15/2005 08:17 AM 116,880 setup.exe
1 File(s) 116,880 bytes

Directory of C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}

06/16/2005 09:37 PM 116,880 setup.exe
1 File(s) 116,880 bytes

Directory of C:\Program Files\InstallShield Installation Information\{BD53F8C1-B5D7-49D1-AE6C-B516D66C1380}

09/05/2001 04:03 AM 168,448 Setup.exe
1 File(s) 168,448 bytes

Directory of C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}

09/03/2003 12:18 AM 109,712 setup.exe
1 File(s) 109,712 bytes

Directory of C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}

12/02/2002 02:33 PM 107,512 setup.exe
1 File(s) 107,512 bytes

Directory of C:\Program Files\InstallShield Installation Information\{D14E3D40-2004-11D3-BFBF-00A0248F3321}

12/02/2002 04:33 PM 107,512 setup.exe
1 File(s) 107,512 bytes

Directory of C:\Program Files\InstallShield Installation Information\{D52ECEBC-9B20-41A5-81C4-A62DE2367419}

09/19/2003 09:38 AM 5,947,392 setup.exe
1 File(s) 5,947,392 bytes

Directory of C:\Program Files\InstallShield Installation Information\{D5BBD350-F44E-47C1-9245-228AD8A9171D}

11/10/2003 06:55 PM 116,880 setup.exe
1 File(s) 116,880 bytes

Directory of C:\Program Files\InstallShield Installation Information\{E4F00E71-27C3-4D71-9FC9-0E6EC40C011E}

06/11/2005 03:04 PM 116,880 setup.exe
1 File(s) 116,880 bytes

Directory of C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}

12/02/2002 09:33 AM 107,512 setup.exe
1 File(s) 107,512 bytes

Directory of C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}

12/02/2002 02:33 PM 107,512 setup.exe
1 File(s) 107,512 bytes

Directory of C:\Program Files\InstallShield Installation Information\{FC6E442D-ACBF-4EE3-BB0F-E9EFD6A43D07}

12/02/2002 03:33 PM 107,512 setup.exe
1 File(s) 107,512 bytes

Directory of C:\Program Files\LiveUpdate\Engine

08/08/2005 02:00 PM 107,512 setup.exe
1 File(s) 107,512 bytes

Directory of C:\Program Files\MDC\AEGIS Client

11/10/2003 12:13 PM 135,168 setup.exe
1 File(s) 135,168 bytes

Directory of C:\Program Files\PowerPoint Viewer\setup

12/10/2002 12:00 AM 405,504 SETUP.EXE
1 File(s) 405,504 bytes

Directory of C:\Program Files\Real\RealPlayer\Setup

08/28/2005 11:04 PM 11,589,152 setup.exe
1 File(s) 11,589,152 bytes

Directory of C:\Program Files\Sony Setup\Sound Forge 8.0

02/14/2005 06:41 PM 455,680 Setup.exe
1 File(s) 455,680 bytes

Directory of C:\Program Files\Sony Setup\Vegas 5.0

04/16/2004 05:39 PM 454,656 Setup.exe
1 File(s) 454,656 bytes

Directory of C:\Program Files\Synaptics\SynTP\Media

06/18/2003 03:24 PM 168,448 Setup.exe
1 File(s) 168,448 bytes

Directory of C:\Program Files\TurboTax\Premier 2004\DlInst

12/02/2002 04:33 PM 107,512 setup.exe
1 File(s) 107,512 bytes

Directory of C:\Program Files\WebCamDV

02/22/2005 10:15 AM 3,117,858 Setup.exe
1 File(s) 3,117,858 bytes

Directory of C:\swsetup\SP24934

09/05/2001 04:03 AM 168,448 Setup.exe
1 File(s) 168,448 bytes

Directory of C:\swsetup\SP27617

11/03/1999 11:34 AM 127,488 Setup.exe
1 File(s) 127,488 bytes

Directory of C:\swsetup\SP28508\Disk1

12/02/2002 03:33 PM 107,512 setup.exe
1 File(s) 107,512 bytes

Directory of C:\swsetup\SP28601

06/18/2003 02:24 PM 168,448 Setup.exe
1 File(s) 168,448 bytes

Directory of C:\swsetup\SP28668\Disk1

12/02/2002 03:33 PM 107,512 setup.exe
1 File(s) 107,512 bytes

Directory of C:\swsetup\SP28911

04/11/2001 06:07 PM 166,912 Setup.exe
1 File(s) 166,912 bytes

Directory of C:\swsetup\SP28916

09/20/2004 03:10 PM 10,599,765 setup.exe
1 File(s) 10,599,765 bytes

Directory of C:\swsetup\SP28932

06/15/2004 02:13 PM 319,488 Setup.exe
1 File(s) 319,488 bytes

Directory of C:\swsetup\SP29137\Disk1

12/02/2002 02:33 PM 107,512 setup.exe
1 File(s) 107,512 bytes

Directory of C:\swsetup\SP29255\Disk1

12/02/2002 01:33 PM 107,512 setup.exe
1 File(s) 107,512 bytes

Directory of C:\swsetup\SP29294

06/18/2003 03:24 PM 168,448 Setup.exe
1 File(s) 168,448 bytes

Directory of C:\swsetup\SP29361A

10/27/2004 05:15 PM 168,448 Setup.exe
1 File(s) 168,448 bytes

Directory of C:\swsetup\SP29362A

10/27/2004 05:16 PM 168,448 Setup.exe
1 File(s) 168,448 bytes

Directory of C:\swsetup\SP29557

11/03/1999 01:34 PM 127,488 Setup.exe
1 File(s) 127,488 bytes

Directory of C:\WINXP\system32

08/03/2004 10:56 PM 23,040 setup.exe
1 File(s) 23,040 bytes

Directory of C:\WINXP\system32\dllcache

08/03/2004 10:56 PM 23,040 setup.exe
1 File(s) 23,040 bytes

A search gave me hundreds of hits as expected - how can I get that list to you?

#11
Metallica

Posted 04 September 2005 - 04:40 AM

Spyware Veteran

GeekU Moderator
33,101 posts

No need for that. I don't think it will reveal anything more usefull then the list.txt

This looks a bit strange:

Directory of C:\Documents and Settings\Paul Miner.PAUL-LAPTOP\Desktop\Punch

10/11/2001 04:10 PM 237,804,212 Setup.EXE
1 File(s) 237,804,212 bytes

Quite a big file. Do you know what it is for?

Also try the Kaspersky Online Scanner: http://www.kaspersky.com/virusscanner and see if that finds anything.

Regards,

#12
Labrat

Posted 04 September 2005 - 10:16 AM

Member

Topic Starter
Member
34 posts

That setup.exe is the install file for the Punch Architectural CAD Suite - It is very large, but I think it is fine - I just haven't archived it as yet.

Its gone from bad to worse overnight - Sometime during the night the system encountered a serious error and rebooted itself, thereafter Counterspy did its nightly scan and found two new problems. Here they are:

Optix IV 1.11 (RAT) found in c:\winxp\system32\rtl60.bpl and c:\winxp\system32\vcl60.bpl

NewDotNet (Browser Plug-in) in HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2\Parameters\NameSpace_Catalog5\CatalogEntries\000000000004Stores ServiceClassInfo 1

Counterspy Quarantined them and I had to reboot.

Now when I reboot, it is extremely slow - about 6 minutes to get to the desktop, and Norton says that TCP/IP is not installed. I can't see the network or connect to the internet.

What now? :tazz:

Edited by Labrat, 04 September 2005 - 10:18 AM.

#13
Metallica

Posted 04 September 2005 - 10:49 AM

Spyware Veteran

GeekU Moderator
33,101 posts

I'm beginning to wonder what's worse. The problem or Copunterspy?

Download and transfer to that computer:
http://www.softpedia...inSockFix.shtml

Run the program and you should have your connection back.

Then get the latest version of my Alcra fix.
http://metallica.gee.../p2pnetwork.bfu
Save it to the same folder as BFU.exe and execute the script.

Let me know if that solves it and if some scanner finds something let me know what it is before allowing it to be deleted.

Regards,

#14
Labrat

Posted 04 September 2005 - 11:51 AM

Member

Topic Starter
Member
34 posts

Ran the winsock fix - got the network and internet back - Thank You!

Ran the BFU script with this result:

BFU v1.00.0
Script started at 11:45:09 AM, on 9/4/2005
Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|p2pnetwork (key not found)
Failed: FileDelete C:\temp.zip (file(s) not found)
Failed: FileDelete C:\x.txt (file(s) not found)
Failed: FileDelete C:\z.txt (file(s) not found)
Failed: FileDelete C:\z.tmp (file(s) not found)
Failed: FileDelete C:\xz.exe (file(s) not found)
Option pause between commands: 300 ms
Failed: FileDelete C:\WINXP\system32\p2pnetwork.exe (file(s) not found)
Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
Failed: FolderDelete C:\Program Files\winupdates (folder not found)
Failed: FolderDelete C:\Program Files\winupdate (folder not found)
Failed: FileDelete C:\WINXP\system32\CMD.COM (file(s) not found)
Failed: FileDelete C:\WINXP\system32\netstat.com (file(s) not found)
Failed: FileDelete C:\WINXP\system32\ping.com (file(s) not found)
Failed: FileDelete C:\WINXP\system32\regedit.com (file(s) not found)
Failed: FileDelete C:\WINXP\system32\tasklist.com (file(s) not found)
Failed: FileDelete C:\WINXP\system32\taskkill.com (file(s) not found)
Failed: FileDelete C:\WINXP\system32\taskmgr.com (file(s) not found)
Failed: FileDelete C:\WINXP\system32\tracert.com (file(s) not found)
Failed: FileDelete C:\WINXP\system32\bszip.dll (file(s) not found)
Script completed.

Norton is quiet - for a change...

Should I reboot? :tazz: