Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware/Virus/Spyware Removal Efforts Still Fail in WinXP-SP2


  • Please log in to reply

#1
Stretch

Stretch

    Member

  • Member
  • PipPip
  • 15 posts
Problems:

System extremely slow, takes upwards of 15 min. to boot (and currently don't have anything in Start-Up Folder). Also, many screen display details, usually dialog boxes, are distorted, mis-aligned, etc. Sometimes, applications don't load (e.g., Norton AV/Internet Sec, some other here and there).

What I do know (I think):

I think I've got (or at least have remnants of) that VX2.LOOK2ME infection. For example, there's a file in my Windows/Temp folder called "Perflib_Perfdata_2ac.dat" that I can't erase. As a matter of fact, when I try to shred it using SpyBot's Shredder tool as part of an attempt to shred all temp files, Spybot crashes. However, when I run various antispyware per your directions (see 1) below), this doesn't appear as an infection. This includes Ad-Aware and it's specific plug-in VX2cleaner, CWShredder, Spybot, Ewido, Trend Housecall, Trend's Sysclean (by the way, that one took 13 hours! And, there were many files it could not access...), Panda Active Scan, TrojanHunter.

I have Norton AV and internet security, fully updated/scanned.

Can't delete following files in C:\WINDOWS\Temp
Perflib_Perfdata_2c0.dat
T30DebugLogFile.txt
Perflib_Perfdata_2ac.dat

What I've done so far:

1) gone thru every step in the "HiJackThis Logs Go Here First" posting (at least what ran/worked).
2) I already have had XP's SP2 installed for many months now, well before the subject problems at issue now. And, I have all automatic updates turned ON and have seen them update and install on a regular basis.

The system has had slight improvement after doing the above, but it still has very slow restart, applications run slow, just switching between apps there are signifigant delays, and stil have display problems as described earlier. Also, the AM/PM selection box in Date & Time properties is all messed up. There's probably more, I just can't recall everything. It's almost as if I had got infected by some kind of damaging virus and caught it after it had started because no real results seem to come up with scans, yet it seems it may have gotten some damage done. I'm all but ready to FDISK it and reload everything all over. But I'm hoping you may be able to help me before resorting to that. Is a "repair installation" of any ny value?

So with that said, here is my HiJackThis log and the Ewido results report. I've also attached the Trend SysClean Log results as well fyi.

Thanks in advance...

HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 6:58:01 PM, on 10/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Software602\PrintPack\PrnPack.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\eCopy\Desktop\PCLprint\mrmlnc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Express ClickYes\ClickYes.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\ES Trent Operations\Internet Downloads + Copies of Application CDs\Anti Spyware Virus Adware System Clean Utils Fixes Etc\HiJackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.c...tml?locid=08610
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PrintPack dispatcher] "C:\Program Files\Software602\PrintPack\PrnPack.exe" /server
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [eCopy Desktop Printer Service] C:\PROGRA~1\eCopy\Desktop\PCLprint\mrmlnc32.exe
O4 - HKLM\..\Run: [eCopy Desktop Inbox Monitor] C:\PROGRA~1\eCopy\Desktop\Bin\INBOXM~1.EXE -run
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Express ClickYes] C:\Program Files\Express ClickYes\ClickYes.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\System32\Print602.dll
O9 - Extra 'Tools' menuitem: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\System32\Print602.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Print2Mail - {A156A7A7-14A2-4282-B487-8E25AB68D608} - C:\WINDOWS\System32\Print602.dll
O9 - Extra 'Tools' menuitem: Print2Mail - {A156A7A7-14A2-4282-B487-8E25AB68D608} - C:\WINDOWS\System32\Print602.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Print2Picture - {F242786D-E1AE-49e7-BD01-E1ABCA405241} - C:\WINDOWS\System32\Print602.dll
O9 - Extra 'Tools' menuitem: Print2Picture - {F242786D-E1AE-49e7-BD01-E1ABCA405241} - C:\WINDOWS\System32\Print602.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130196623202
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_03) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

----------------------------------------------------------------------------------------------------

Ewido Results:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:38:22 PM, 10/28/2005
+ Report-Checksum: 5E0B1A88

+ Scan result:

HKU\S-1-5-21-2934359721-3875574395-885194392-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
C:\Documents and Settings\Ed Scanlan\Cookies\ed scanlan@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Ed Scanlan\Cookies\ed [email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ed Scanlan\Cookies\ed [email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ed Scanlan\Cookies\ed scanlan@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Ed Scanlan\Cookies\ed [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ed Scanlan\Cookies\ed [email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ed Scanlan\Cookies\ed [email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ed Scanlan\Cookies\ed [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ed Scanlan\Cookies\ed [email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Ed Scanlan\Cookies\ed [email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ed Scanlan\Cookies\ed [email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Ed Scanlan\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\96A4F425-7672-4107-9AD8-C099E6\BC9B6971-B5C3-4284-A29B-DEE82A -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Ed Scanlan\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\9840F46A-85E8-4540-A477-4BC3A3\D8D0402F-49C6-448F-AA17-92FA87 -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Ed Scanlan\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\B2E897D6-D973-416F-B0B6-5E81AD\65103D1F-E03F-46DC-856E-DF927F -> Spyware.Cookie.Questionmarket : Cleaned with backup


::Report End

--------------------------------------------------------------------------------------------------------------------

SysClean Log:

[indent=1]

/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


2005-10-27, 13:07:10, Auto-clean mode specified.
2005-10-27, 13:07:10, Running scanner "C:\ES Trent Operations\Internet Downloads + Copies of Application CDs\Programs\SysClean\TSC.BIN"...
2005-10-27, 13:07:58, Scanner "C:\ES Trent Operations\Internet Downloads + Copies of Application CDs\Programs\SysClean\TSC.BIN" has finished running.
2005-10-27, 13:07:58, TSC Log:

Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: Service Pack 2)

Start time : Thu Oct 27 2005 13:07:11

Load Damage Cleanup Template (DCT) "C:\ES Trent Operations\Internet Downloads + Copies of Application CDs\Programs\SysClean\tsc.ptn" (version 670) [success]

Complete time : Thu Oct 27 2005 13:07:58
Execute pattern count(4482), Virus found count(0), Virus clean count(0), Clean failed count(0)

2005-10-27, 13:15:57, An error occurred while scanning file "C:\Documents and Settings\Ed Scanlan\NTUSER.DAT": Access is denied.
2005-10-27, 13:15:57, An error occurred while scanning file "C:\Documents and Settings\Ed Scanlan\ntuser.dat.LOG": Access is denied.
2005-10-27, 13:20:55, An error occurred while scanning file "C:\Documents and Settings\Ed Scanlan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-10-27, 13:20:55, An error occurred while scanning file "C:\Documents and Settings\Ed Scanlan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-10-27, 13:21:34, An error occurred while scanning file "C:\Documents and Settings\Ed Scanlan\Local Settings\Temp\JET6161.tmp": Access is denied.
2005-10-27, 13:35:08, An error occurred while scanning file "C:\Documents and Settings\LocalService\NTUSER.DAT": Access is denied.
2005-10-27, 13:35:08, An error occurred while scanning file "C:\Documents and Settings\LocalService\ntuser.dat.LOG": Access is denied.
2005-10-27, 13:35:09, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-10-27, 13:35:09, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-10-27, 13:35:10, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Access is denied.
2005-10-27, 13:35:10, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Access is denied.
2005-10-27, 13:35:10, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-10-27, 13:35:10, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-10-27, 16:32:32, An error occurred while scanning file "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll": Access is denied.
2005-10-27, 16:46:52, An error occurred while scanning file "C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\master.mdf": Access is denied.
2005-10-27, 16:46:52, An error occurred while scanning file "C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\mastlog.ldf": Access is denied.
2005-10-27, 16:46:52, An error occurred while scanning file "C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\model.mdf": Access is denied.
2005-10-27, 16:46:52, An error occurred while scanning file "C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\modellog.ldf": Access is denied.
2005-10-27, 16:46:53, An error occurred while scanning file "C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\tempdb.mdf": Access is denied.
2005-10-27, 16:46:53, An error occurred while scanning file "C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\templog.ldf": Access is denied.
2005-10-27, 16:56:57, An error occurred while scanning file "C:\System Volume Information\catalog.wci\CiCL0001.000": Access is denied.
2005-10-27, 16:56:58, An error occurred while scanning file "C:\System Volume Information\catalog.wci\CiP10000.000": Access is denied.
2005-10-27, 16:56:58, An error occurred while scanning file "C:\System Volume Information\catalog.wci\CiP20000.000": Access is denied.
2005-10-27, 16:56:58, An error occurred while scanning file "C:\System Volume Information\catalog.wci\CiPT0000.000": Access is denied.
2005-10-27, 16:56:58, An error occurred while scanning file "C:\System Volume Information\catalog.wci\CiSL0001.000": Access is denied.
2005-10-27, 16:56:58, An error occurred while scanning file "C:\System Volume Information\catalog.wci\CiSP0000.000": Access is denied.
2005-10-27, 16:56:58, An error occurred while scanning file "C:\System Volume Information\catalog.wci\CiST0000.000": Access is denied.
2005-10-27, 16:56:58, An error occurred while scanning file "C:\System Volume Information\catalog.wci\CiVP0000.000": Access is denied.
2005-10-27, 16:56:58, An error occurred while scanning file "C:\System Volume Information\catalog.wci\INDEX.000": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\1XCONFIG.EXE-23EC3955.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\ACROBAT.EXE-37DF90AA.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\ACROTRAY.EXE-0F021257.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\ALG.EXE-275708CF.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\ALUNOTIFY.EXE-0FA22AC9.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\APNTEX.EXE-07D7E94A.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\APOINT.EXE-03E36C22.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\ATI2EVXX.EXE-07A42849.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\ATI2MDXX.EXE-2A5FBD2A.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\ATIPRBXX.EXE-2DA84FA2.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\ATIPTAXX.EXE-19794D05.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\AUPDATE.EXE-223E3682.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\BCMSMMSG.EXE-061D0722.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\BTWDINS.EXE-1C897179.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\CCAPP.EXE-10E11A7C.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\CCEVTMGR.EXE-2847280A.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\CCPROXY.EXE-2B7C33DA.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\CCSETMGR.EXE-022FAA6A.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\CIDAEMON.EXE-01BEEBF3.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\CISVC.EXE-3185911D.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\CLICKYES.EXE-3B02207C.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\CTFMON.EXE-05E57A5E.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\DSAGNT.EXE-2C86BFCE.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\DVDLAUNCHER.EXE-1E7A529B.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\DW20.EXE-2834F196.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\EM_EXEC.EXE-033F425D.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\EXCEL.EXE-2055DCA9.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\FXSSVC.EXE-140862E7.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\G2COMM.EXE-2E89CC6F.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\G2PRE.EXE-2B18999A.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\G2SVC.EXE-001732E7.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\G2TRAY.EXE-3B35611B.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\HFXP.EXE-22DC59A0.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\INBOXM~1.EXE-04DB741F.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\JUSCHED.EXE-08269FEC.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGI_MWX.EXE-2A67FE85.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\LUCOMS~1.EXE-1DF6F3E9.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\MDM.EXE-13735E69.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\MIM.EXE-2E9A88A3.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\MIMBOOT.EXE-2E91FAF9.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\MMCOMP~1.EXE-22A4A7BD.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\MMDIAG.EXE-14B69449.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\MRMLNC32.EXE-09CA8AD7.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\MSMSGS.EXE-0620E8B3.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVAPSVC.EXE-31405EF8.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVW32.EXE-06EAD342.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVW32.EXE-214D87DC.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\NDETECT.EXE-2DABC14D.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\OPSCAN.EXE-0E9D5367.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\OSE.EXE-2C5425B3.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\OUTLOOK.EXE-0CC1C5E5.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\PCMSERVICE.EXE-3369AF87.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\PRNPACK.EXE-1093851D.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\PRONOMGR.EXE-2F0DF75D.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\QTTASK.EXE-1876A1A1.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\QUICKSET.EXE-0E717A50.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\REGSRVC.EXE-1C9BCFD0.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\REGSVR32.EXE-396DEA2C.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4142950D.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-513CEF6D.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\SAVSCAN.EXE-0934A495.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\SBSERV.EXE-01EB0FE7.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\SCRNSAVE.SCR-22431769.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\SGTRAY.EXE-31581176.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\SNDMON.EXE-1C89C7E1.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\SNDSRVC.EXE-37536620.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\SUNPROTECTIONSERVER.EXE-2133CA02.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\SUNSERVALERT.EXE-064319F0.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\SUNSERVER.EXE-3040FF39.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\SUNTHREATENGINE.EXE-3935F410.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\SVCHOST.EXE-2D5FBD18.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\SYMLCSVC.EXE-2CB155BD.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\SYMWSC.EXE-06237CF7.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.COM-363DA2AF.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.EXE-29AE3406.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMAN.EXE-3A23F715.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\TEATIMER.EXE-0390E8A7.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\TFSWCTRL.EXE-2D67C816.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\TSC.BIN-15A7CC1C.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\URLLSTCK.EXE-04A846FA.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\WFXSNT40.EXE-14122244.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\WFXSWTCH.EXE-2BEBC8B6.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\WINRAR.EXE-0AA31BB9.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\WINWORD.EXE-33AEA629.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\WISPTIS.EXE-1AD43041.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\WSCNTFY.EXE-0B14C27D.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\WSCRIPT.EXE-0C5C5251.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf": Access is denied.
2005-10-27, 18:04:45, Could not set file for reading on "C:\WINDOWS\Prefetch\ZCFGSVC.EXE-38074293.pf": Access is denied.
2005-10-27, 18:18:54, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CatRoot2\edb.log": Access is denied.
2005-10-27, 18:18:56, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb": Access is denied.
2005-10-27, 18:19:00, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT": Access is denied.
2005-10-27, 18:19:00, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG": Access is denied.
2005-10-27, 18:19:00, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SAM": Access is denied.
2005-10-27, 18:19:00, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG": Access is denied.
2005-10-27, 18:19:01, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SECURITY": Access is denied.
2005-10-27, 18:19:01, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG": Access is denied.
2005-10-27, 18:19:01, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE": Access is denied.
2005-10-27, 18:19:01, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG": Access is denied.
2005-10-27, 18:19:02, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM": Access is denied.
2005-10-27, 18:19:02, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG": Access is denied.
2005-10-27, 18:25:46, An error occurred while scanning file "C:\WINDOWS\Temp\Perflib_Perfdata_170.dat": Access is denied.
2005-10-27, 18:26:16, Running scanner "C:\ES Trent Operations\Internet Downloads + Copies of Application CDs\Programs\SysClean\VSCANTM.BIN"...
2005-10-27, 21:31:58, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 10/27/2005 18:26:19
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 915 (111790 Patterns) (2005/10/27) (291500)
Command Line: C:\ES Trent Operations\Internet Downloads + Copies of Application CDs\Programs\SysClean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\ES Trent Operations\Internet Downloads + Copies of Application CDs\Programs\SysClean

87694 files have been read.
87694 files have been checked.
66780 files have been scanned.
123402 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/27/2005 21:31:58
---------*---------*---------*---------*---------*---------*---------*---------*
2005-10-27, 21:31:58, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 10/27/2005 18:26:18
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 915 (111790 Patterns) (2005/10/27) (291500)
Command Line: C:\ES Trent Operations\Internet Downloads + Copies of Application CDs\Programs\SysClean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\ES Trent Operations\Internet Downloads + Copies of Application CDs\Programs\SysClean

87694 files have been read.
87694 files have been checked.
66780 files have been scanned.
123402 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/27/2005 21:31:58 3 hours 5 minutes 23 seconds (11122.29 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-10-27, 21:31:58, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 10/27/2005 18:26:18
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 915 (111790 Patterns) (2005/10/27) (291500)
Command Line: C:\ES Trent Operations\Internet Downloads + Copies of Application CDs\Programs\SysClean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\ES Trent Operations\Internet Downloads + Copies of Application CDs\Programs\SysClean

87694 files have been read.
87694 files have been checked.
66780 files have been scanned.
123402 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/27/2005 21:31:58 3 hours 5 minutes 23 seconds (11122.29 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-10-27, 21:31:58, Scanner "C:\ES Trent Operations\Internet Downloads + Copies of Application CDs\Programs\SysClean\VSCANTM.BIN" has finished running.

--------------------------------------------------------------------------------------------------------------------
  • 0

Advertisements


#2
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.

  • 0

#3
Stretch

Stretch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
CoachWife6:

Thank you for responding. I have gone thru opt. #1 of l2mfix.bat and the results are below...

L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToMyPC]
"Logoff"="G2Logoff"
"DLLName"="G2WinLogon.dll"
"Asynchronous"=dword:00000000
"Logon"="G2Logon"
"Startup"="G2Startup"
"Impersonate"=dword:00000000
"Shutdown"="G2Shutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
"Logoff"="SebringUserLogoff"
"Logon"="SebringUserLogon"
"Impersonate"=dword:00000000
"Dllname"="C:\\WINDOWS\\System32\\LgNotify.dll"
"Asynchronous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess"
@=""
"{6af09ec9-b429-11d4-a1fb-0090960218cb}"="My Bluetooth Places"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{02040CD1-EF11-11D5-BC3F-0003473F5BF0}"="HotShell Shell Extension"
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}"="Autodesk Drawing Preview"
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}"="AutoCAD Digital Signatures Icon Overlay Handler"
"{6DEA92E9-8682-4b6a-97DE-354772FE5727}"="Autodesk DWF Preview"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{7D5C4BDD-B015-4401-8731-1507B87DE297}"="QBVersionTool"
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"="TrojanHunter Menu Shell Extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
browseui.dll Fri Sep 2 2005 6:52:04p A.... 1,019,904 996.00 K
cdfview.dll Fri Sep 2 2005 6:52:04p A.... 151,040 147.50 K
cdosys.dll Fri Sep 9 2005 8:53:42p A.... 2,067,968 1.97 M
danim.dll Fri Sep 2 2005 6:52:04p A.... 1,053,696 1.00 M
dxtrans.dll Fri Sep 2 2005 6:52:04p A.... 205,312 200.50 K
extmgr.dll Fri Sep 2 2005 6:52:04p ..... 55,808 54.50 K
iepeers.dll Fri Sep 2 2005 6:52:04p A.... 251,392 245.50 K
inseng.dll Fri Sep 2 2005 6:52:04p A.... 96,256 94.00 K
legitc~1.dll Mon Aug 29 2005 12:27:12p A.... 520,968 508.76 K
linkinfo.dll Wed Aug 31 2005 8:41:54p A.... 19,968 19.50 K
mshtml.dll Tue Oct 4 2005 4:26:00p A.... 3,015,168 2.88 M
mshtmled.dll Fri Sep 2 2005 6:52:06p A.... 448,512 438.00 K
msrating.dll Fri Sep 2 2005 6:52:06p A.... 146,432 143.00 K
mstime.dll Fri Sep 2 2005 6:52:06p A.... 530,432 518.00 K
netman.dll Mon Aug 22 2005 1:29:46p A.... 197,632 193.00 K
nmwcdcls.dll Tue Aug 9 2005 3:08:08p A.... 53,040 51.80 K
nmwcdlog.dll Tue Aug 9 2005 3:08:08p A.... 4,960 4.84 K
pngfilt.dll Fri Sep 2 2005 6:52:06p A.... 39,424 38.50 K
quartz.dll Mon Aug 29 2005 10:54:26p A.... 1,287,168 1.23 M
shdocvw.dll Fri Sep 2 2005 6:52:06p A.... 1,483,776 1.41 M
shell32.dll Thu Sep 22 2005 10:05:30p A.... 8,450,560 8.06 M
shlwapi.dll Fri Sep 2 2005 6:52:06p A.... 473,600 462.50 K
umpnpmgr.dll Mon Aug 22 2005 10:35:42p A.... 123,392 120.50 K
urlmon.dll Fri Sep 2 2005 6:52:06p A.... 608,768 594.50 K
wininet.dll Fri Sep 2 2005 6:52:06p A.... 658,432 643.00 K
winsrv.dll Wed Aug 31 2005 8:41:54p A.... 291,840 285.00 K

26 items found: 26 files, 0 directories.
Total of file sizes: 23,255,448 bytes 22.18 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 2CA5-57F4

Directory of C:\WINDOWS\System32

10/22/2005 04:51 AM <DIR> DLLCACHE
07/20/2004 06:48 AM <DIR> Microsoft
0 File(s) 0 bytes
2 Dir(s) 35,720,339,456 bytes free

[end of reply]
  • 0

#4
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Hi stretch.

I'm looking at your log and see that it can be accessed remotely. That is OK. Just wanted to make sure that's something you are aware of.

Also, have you tried running cleanup!?

Please download CleanUp! - Download - HomePage
Install and run. Click on the button labeled CleanUp!.

When it finishes it will prompt you to restart Windows - there will be one or two files it cannot delete when Windows is running - however, they will be deleted next time Windows starts up.

Also, you might give me a silent runners log.

Download Silent Runners
Unzip it to a permanent folder.
Start SilentRunners.vbs
When your antivirus is giving an alert, do not block this. Allow the script.
Copy and paste the content of the txtfile you get afterwards in your next reply.
  • 0

#5
Stretch

Stretch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello CoachWife6:

Thank you again for following up. Here are replies to your last set of instructions/comments...

I'm not sure exactly what you mean by "that it can be accessed remotely." Do you mean access my laptop via an internet connection maybe? If this has something to do with "GoToMyPC" application, then yes, I do use that. Anything else, I'm not aware of and have concern if so. Please elaborate as needed.

I did come across CleanUp (ver. 4.0 by Steven R. Gould) when working on this problem. I've now been using it at least twice a day because it does help temporarily get me thru the day. So I think we're set on this item.

Here is the text file results of Silent Runners as you instructed:

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Express ClickYes" = "C:\Program Files\Express ClickYes\ClickYes.exe" ["ContextMagic.com"]
"DellSupport" = ""C:\Program Files\Dell Support\DSAgnt.exe" /startup" ["Gteko Ltd."]
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]
"BCMSMMSG" = "BCMSMMSG.exe" ["Broadcom Corporation"]
"Apoint" = "C:\Program Files\Apoint\Apoint.exe" ["Alps Electric Co., Ltd."]
"dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"]
"UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"PCMService" = ""C:\Program Files\Dell\Media Experience\PCMService.exe"" ["CyberLink Corp."]
"URLLSTCK.exe" = "C:\Program Files\Norton Internet Security\UrlLstCk.exe" ["Symantec Corporation"]
"PrintPack dispatcher" = ""C:\Program Files\Software602\PrintPack\PrnPack.exe" /server" ["Software602 a.s."]
"WFXSwtch" = "C:\PROGRA~1\WinFax\WFXSWTCH.exe" [null data]
"WinFaxAppPortStarter" = "wfxsnt40.exe" [MS]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"]
"GoToMyPC" = "C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon" ["Citrix Online"]
"eCopy Desktop Printer Service" = "C:\PROGRA~1\eCopy\Desktop\PCLprint\mrmlnc32.exe" [null data]
"eCopy Desktop Inbox Monitor" = "C:\PROGRA~1\eCopy\Desktop\Bin\INBOXM~1.EXE -run" ["eCopy, Inc."]
"SunServer" = "C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" ["Sunbelt Software"]
"SunJavaUpdateSched" = "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [null data]
"PRONoMgr.exe" = "C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" ["Intel® Corporation"]
"MimBoot" = "C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" ["Musicmatch, Inc."]
"KernelFaultCheck" = "%systemroot%\system32\dumprep 0 -k" [MS]
"DVDLauncher" = ""C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"" ["CyberLink Corp."]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"THGuard" = ""C:\Program Files\TrojanHunter 4.2\THGuard.exe"" ["Mischel Internet Security"]
"DataLayer" = "C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = "DriveLetterAccess" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "CNisExtBho Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = "AcroIEToolbarHelper Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "CNavExtBho Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\btneighborhood.dll" ["WIDCOMM, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{02040CD1-EF11-11D5-BC3F-0003473F5BF0}" = "HotShell Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\efax\hotshell.dll" ["eFax.com"]
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"]
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "AutoCAD Digital Signatures Icon Overlay Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\AcSignIcon.dll" ["Autodesk"]
"{6DEA92E9-8682-4b6a-97DE-354772FE5727}" = "Autodesk DWF Preview"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll" ["Autodesk"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{7D5C4BDD-B015-4401-8731-1507B87DE297}" = "QBVersionTool"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll" ["TODO: <Company name>"]
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" = "TrojanHunter Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{A213B520-C6C2-11d0-AF9D-008029E1027E}" = "WinFax PRO IShellExecuteHook" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinFax\WfxSeh32.Dll" ["Symantec Corporation"]
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! GoToMyPC\DLLName = "G2WinLogon.dll" ["Citrix Online"]
INFECTION WARNING! Sebring\DLLName = "C:\WINDOWS\System32\LgNotify.dll" ["Intel Corporation"]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
HotShellExt\(Default) = "{02040CD1-EF11-11D5-BC3F-0003473F5BF0}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\efax\hotshell.dll" ["eFax.com"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\dell.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\scrnsave.scr" [MS]


Let me know... Thanks,

Ed
  • 0

#6
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
you have a lot of stuff running on your computer. Do this for me. Uninstall teatimer for now. It interferes with fixes.

As soon as you boot up your computer, run hijack this and post the log here.

After you do that, go into the Config option when you start HijackThis, and then click on the Misc Tools button at the top. You will then click on the button labeled "Generate StartupList Log". Once you click that button, the program will automatically open up a notepad filled with the Startup items from your computer. Copy and paste these entries into a message and paste it here.
  • 0

#7
Stretch

Stretch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Coachwife6,

Ok, I've disabled TeaTimer (by simply unchecking box in Spybot Tools Resident).

Here is the fresh HJT log after rebooting:

Logfile of HijackThis v1.99.1
Scan saved at 6:15:26 PM, on 11/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Software602\PrintPack\PrnPack.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\eCopy\Desktop\PCLprint\mrmlnc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Express ClickYes\ClickYes.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\ES Trent Operations\Internet Downloads + Copies of Application CDs\Anti Spyware Virus Adware System Clean Utils Fixes Etc\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.c...tml?locid=08610
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PrintPack dispatcher] "C:\Program Files\Software602\PrintPack\PrnPack.exe" /server
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [eCopy Desktop Printer Service] C:\PROGRA~1\eCopy\Desktop\PCLprint\mrmlnc32.exe
O4 - HKLM\..\Run: [eCopy Desktop Inbox Monitor] C:\PROGRA~1\eCopy\Desktop\Bin\INBOXM~1.EXE -run
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Express ClickYes] C:\Program Files\Express ClickYes\ClickYes.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\System32\Print602.dll
O9 - Extra 'Tools' menuitem: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\System32\Print602.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Print2Mail - {A156A7A7-14A2-4282-B487-8E25AB68D608} - C:\WINDOWS\System32\Print602.dll
O9 - Extra 'Tools' menuitem: Print2Mail - {A156A7A7-14A2-4282-B487-8E25AB68D608} - C:\WINDOWS\System32\Print602.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Print2Picture - {F242786D-E1AE-49e7-BD01-E1ABCA405241} - C:\WINDOWS\System32\Print602.dll
O9 - Extra 'Tools' menuitem: Print2Picture - {F242786D-E1AE-49e7-BD01-E1ABCA405241} - C:\WINDOWS\System32\Print602.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130196623202
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_03) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Here is the HJT Startup Log Entries as well:

StartupList report, 11/1/2005, 6:16:29 PM
StartupList version: 1.52.2
Started from : C:\ES Trent Operations\Internet Downloads + Copies of Application CDs\Anti Spyware Virus Adware System Clean Utils Fixes Etc\HiJackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Software602\PrintPack\PrnPack.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\eCopy\Desktop\PCLprint\mrmlnc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Express ClickYes\ClickYes.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\ES Trent Operations\Internet Downloads + Copies of Application CDs\Anti Spyware Virus Adware System Clean Utils Fixes Etc\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ATIModeChange = Ati2mdxx.exe
BCMSMMSG = BCMSMMSG.exe
Apoint = C:\Program Files\Apoint\Apoint.exe
dla = C:\WINDOWS\system32\dla\tfswctrl.exe
UpdateManager = "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
PCMService = "C:\Program Files\Dell\Media Experience\PCMService.exe"
URLLSTCK.exe = C:\Program Files\Norton Internet Security\UrlLstCk.exe
PrintPack dispatcher = "C:\Program Files\Software602\PrintPack\PrnPack.exe" /server
WFXSwtch = C:\PROGRA~1\WinFax\WFXSWTCH.exe
WinFaxAppPortStarter = wfxsnt40.exe
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe
GoToMyPC = C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
eCopy Desktop Printer Service = C:\PROGRA~1\eCopy\Desktop\PCLprint\mrmlnc32.exe
eCopy Desktop Inbox Monitor = C:\PROGRA~1\eCopy\Desktop\Bin\INBOXM~1.EXE -run
SunServer = C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
PRONoMgr.exe = C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
MimBoot = C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
KernelFaultCheck = %systemroot%\system32\dumprep 0 -k
DVDLauncher = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
THGuard = "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
DataLayer = C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Express ClickYes = C:\Program Files\Express ClickYes\ClickYes.exe
DellSupport = "C:\Program Files\Dell Support\DSAgnt.exe" /startup

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\AutoCADLTScriptFile\shell\open\command

(Default) = "C:\WINDOWS\notepad.exe" "%1"

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\scrnsave.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890}
(no name) - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
(no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
(no name) - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Defrag.job
Disk Cleanup.job
ISP signup reminder 1.job
Norton AntiVirus - Scan my computer - Ed Scanlan.job
Spybot - Search & Destroy - Scheduled Task.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[{01A88BB1-1174-41EC-ACCB-963509EAE56B}]

[Shockwave ActiveX Control]

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....k/?linkid=39204

[{31B7EB4E-8B4B-11D1-A789-00A0CC6651A8}]

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.micros...ontent/opuc.cab

[Malicious Software Removal Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\WebCleaner.dll
CODEBASE = http://download.micr.../WebCleaner.cab

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.micros...b?1130196623202

[Java Plug-in 1.4.2_03]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoft...free/asinst.cab

[Java Plug-in 1.4.2_03]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

[ActiveDataInfo Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SymAData.dll
CODEBASE = https://www-secure.s...ta/SymAData.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab

[ActiveDataObj Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ActiveData.dll
CODEBASE = https://www-secure.s.../ActiveData.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 10,289 bytes
Report generated in 0.050 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only



Thanks again. Let me know...

Ed-
  • 0

#8
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Find these and right-click on them and tell me their properties.

C:\WINDOWS\notepad.exe

C:\WINDOWS\system32\NOTEPAD.EXE
  • 0

#9
Stretch

Stretch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
CoachWife6,

Wasn't sure exactly what properties you wanted so I've attached screen shots for both notepad.exe locations.

Note, system is running a little better since turning off teatimer, but still something wrong. Also, I usally don't have so much running - much of this was from following instruction of "Read This First Before Posing HJT Log" stuff. Anyway, jut thought I'd mention this.

See attached files...

Thanks again,

StretchNotepad_Properties_11_1_05.jpg Sys32_Notepad_Properties_11_1_05.jpg
  • 0

#10
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Have you already paid for Norton? You might install a free anti-viral, like avg/grisoft and then uninstalling Norton and seeing if that helps. Sometimes that program really slows down a computer. Don't run both at the same time. I will be away today with my job but will check back later. :tazz:
  • 0

Advertisements


#11
Stretch

Stretch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
CoachWife6,

I'm not worried about paid for stuff and I'll buy whatever new software I need to get a proper and smooth operating system again. I'm just trying to avoid all the effort associated with starting over (reinstall everything, updates, etc.). So whatever you think is appropriate and best fits needs, please advise.

Regarding your schedule, no problem - I understand. As a matter of fact, I'll probably have to put this venture on hold after Wed night as well for a while due to business.

Anyway, thanks so far for your help and let me know when you get a chance.

Regards,

-Stretch
  • 0

#12
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Stretch:

I just want you to have an anti-viral when you uninstall Norton. Add AVG. Uninstall Norton and see if that helps. We have a couple of guys on staff who I really respect who have problems with Norton. And I have helped users who have had problems with it as well. I haven't personally, but it's worth a shot. Since our schedules are going to criss-cross, I just want you to run three more programs just to be on the safe side and that way we don't keep playing tag missing each other. I can review the results and get back to you when you get back. :tazz: Have a safe trip.

Download and save backlight to your desktop. Doubleclick blbeta.exe, accept the agreement, leave [X]scan through Windows Explorer checked, click scan > next.

You'll see a list of all the items it found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (where xxxxxxx represents numbers). The application finds both bad files and legitimate ones such as "wbemtest.exe", so don't choose the rename option yet! Copy and paste the log it generated in your next reply.

Please download Rootkit Revealer (link is at the very bottom of the page)
  • Unzip it to your desktop.
  • Open the rootkitrevealer folder and double-click rootkitrevealer.exe
  • Click the Scan button (bottom right)
  • It may take a while to scan (don't do anything while it's running)
  • When it's done, go up to File > Save. Choose to save it to your desktop.
  • Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here
Please download WebRoot SpySweeper from HERE(It's a 2 week trial):

* Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
* Double-click the file to install it as follows:
o Click "Next", read the agreement, Click "Next"
o Choose "Custom" click "Next".
o Leave the default installation directory as it is, then click "Next".
o UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
o On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
o Finally, click "Install"
* Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits
o Please UNCHECK Do not Sweep System Restore Folder.
* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
  • 0

#13
Stretch

Stretch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
CoachWife6,

Ok, just a couple quick clarifications if you're still there...

1) do I uninstall Norton AV and install AVG before doing the other stuff you indicate?

2) do I leave Norton Internet Security for Firewall or is there something better for that too?

Thx, Stretch
  • 0

#14
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
1. install avg and then uninstall norton.

2. get rid of norton's firewall for now.
  • 0

#15
Stretch

Stretch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
CoachWife6:

I haven't forgotten about this. I was overwelmed with work upon returning from vaca.

I will be proceeding with your next recommended steps. Should I maybe turn on Window's Firewall feature in the interim?

When uninstalling Norton, do I do it thru Control Panel's Add/Remove Programs? I've heard that route is always the best way to remove programs, and I don't see an Uninstall icon in Norton's program groups.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP