View Full Version : Malware Removal / Have all logs
Can't get rid of this stuff. As a matter of fact, this is my second time trying to post this thread because it keeps re-ridirecting my browser. I'm going to have to post the logs in seperate replies as it won't let me post enough characters to do it all in one message.
First Hijack This Log
Logfile of HijackThis v1.99.1
Scan saved at 8:53:01 PM, on 2/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\ms040821273-193.exe
C:\WINDOWS\sys11-1930821273.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\system32\SMBOLS~1\dvdplay.exe
C:\Program Files\Common Files\?ppPatch\w?wexec.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\windows\system32\spool\printers\FireDaemon.exe
c:\windows\system32\spool\printers\winmgnt.exe
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
c:\ucmoreiex.exe
c:\winsysban11.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\HJT\HijackThis.exe
R3 - URLSearchHook: (no name) - {3B1C6C26-D7EA-DE13-C80C-AF98BD16A0CE} - (no file)
O3 - Toolbar: &EyeTideBar - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64
O4 - HKLM\..\Run: [ms040821273-193] C:\WINDOWS\ms040821273-193.exe
O4 - HKLM\..\Run: [sys11-1930821273] C:\WINDOWS\sys11-1930821273.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [winsysupd] c:\\winsysupd11.exe
O4 - HKLM\..\Run: [winsysban] c:\\winsysban11.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Toms] "C:\WINDOWS\system32\SMBOLS~1\dvdplay.exe" -vt yazr
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [ufro] C:\PROGRA~1\COMMON~1\ufro\ufrom.exe
O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlackBerry Desktop Redirector.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {3EEFCD4B-E9FD-4601-BE5D-C5C1776E51D3} (AICPASSV.Spreadsheet) - http://www.cpa-exam.org/AICPATutorial/install/SSItem.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4DCCD2FC-132F-45EC-BFDA-72235B85047C} (AICPAAuthLit.AuthLitItem) - http://www.cpa-exam.org/AICPATutorial/install/SimItems.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/04b36fead4a0c1eebe03/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {909A35CA-61DC-4437-887E-30ED6D89F6C8} (AICPAUI.ucHyperlink) - http://www.cpa-exam.org/AICPATutorial/install/General.cab
O16 - DPF: {96F2228B-0D43-48AC-B857-29972C87EBA4} (AICPACR.ConstructedResponse) - http://www.cpa-exam.org/AICPATutorial/install/CRItem.cab
O16 - DPF: {D4C9E474-9A6C-4FBF-B13A-4BE2BDD34FD5} (AICPA treeView control) - http://www.cpa-exam.org/AICPATutorial/install/AICPAViewerIL.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6993CA0-BCC1-4C1A-88BA-2ECF8AE8A4B4} (AICPAViewer.clsViewer) - http://www.cpa-exam.org/AICPATutorial/install/AICPAViewer.cab
O18 - Protocol: bw+0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: directpt - C:\WINDOWS\SYSTEM32\directpt.dll
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\EYXAC3.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QlA\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FireDaemon Service: dll32 (dll32) - Sublime Solutions Pty Ltd - C:\windows\system32\spool\printers\FireDaemon.exe
O23 - Service: FireDaemon Service: events (events) - Sublime Solutions Pty Ltd - C:\windows\system32\spool\printers\FireDaemon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Spybot Report
--- Search result list ---
Network Monitor: System Service (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor
Smitfraud-C.: Executable (File, fixed)
c:\drsmartload1.exe
Smitfraud-C.: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\drsmartload2
Smitfraud-C.: Data (File, fixed)
c:\windows\drsmartload2.dat
Smitfraud-C.: Executable (File, fixed)
c:\Installer.exe
Smitfraud-C.: Executable (File, fixed)
c:\MTE3NDI6ODoxNg.exe
Smitfraud-C.: Executable (File, fixed)
c:\stub_113_4_0_4_0.exe
Network Monitor: Uninstall settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}
Network Monitor: System Service (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor
Network Monitor: Program directory (Directory, fixed)
C:\Documents and Settings\LocalService\Application Data\NetMon\
Network Monitor: Program directory (Directory, fixed)
C:\Program Files\Network Monitor\
Network Monitor: Text file (File, fixed)
C:\WINDOWS\uninstall_nmon.vbs
Windows.ActiveDesktop: User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-1482476501-839522115-854245398-500\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1
Targetsaver: Executable (File, fixed)
C:\WINDOWS\system32\tsuninst.exe
Targetsaver: Uninstall settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA
UCmore: Executable (File, fixed)
c:\ucmoreiex.exe
UCmore: Uninstall settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator
UCmore: Program group (Directory, fixed)
C:\Program Files\TheSearchAccelerator\
UCmore: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i
UCmore: IE toolbar (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{44BE0690-5429-47f0-85BB-3FFD8020233E}
UCmore: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{44BE0690-5429-47F0-85BB-3FFD8020233E}
UCmore: Personal data file (user) (File, fixed)
\ucmoreiex.exe
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-02-25 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-02-24 Includes\Cookies.sbi (*)
2006-02-24 Includes\Dialer.sbi (*)
2006-02-24 Includes\Hijackers.sbi (*)
2006-02-24 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-02-24 Includes\Malware.sbi (*)
2006-02-24 Includes\PUPS.sbi (*)
2006-02-24 Includes\Revision.sbi (*)
2006-02-24 Includes\Security.sbi (*)
2006-02-24 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-02-24 Includes\Trojans.sbi (*)
-
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Sun 02/26/2006
The current time is: 21:00:00.19
Running from
C:\Documents and Settings\Lil E\Desktop\smitrem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run SharedTask Export
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
atmtd.dll
atmtd.dll._
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 772 'explorer.exe'
Killing PID 772 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN! :)
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 7:08:39 AM, 2/27/2006
+ Report-Checksum: 2A38DB66
+ Scan result:
[696] C:\WINDOWS\system32\LSDIS11n.dll -> Adware.Look2Me : Cleaned with backup
C:\aebcq9z5w.exe -> Downloader.Agent.afi : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jgyirpdd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Realcastmedia : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Realcastmedia : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Findwhat : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Lil E\Application Data\Mozilla\Firefox\Profiles\y3temcoc.BP\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Lil E\Application
Logfile of HijackThis v1.99.1
Scan saved at 4:43:27 PM, on 2/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\ms040821273-193.exe
C:\WINDOWS\sys11-1930821273.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\system32\SMBOLS~1\dvdplay.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe
R3 - URLSearchHook: (no name) - {3B1C6C26-D7EA-DE13-C80C-AF98BD16A0CE} - (no file)
O3 - Toolbar: &EyeTideBar - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64
O4 - HKLM\..\Run: [ms040821273-193] C:\WINDOWS\ms040821273-193.exe
O4 - HKLM\..\Run: [sys11-1930821273] C:\WINDOWS\sys11-1930821273.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Toms] "C:\WINDOWS\system32\SMBOLS~1\dvdplay.exe" -vt yazr
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [ufro] C:\PROGRA~1\COMMON~1\ufro\ufrom.exe
O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlackBerry Desktop Redirector.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {3EEFCD4B-E9FD-4601-BE5D-C5C1776E51D3} (AICPASSV.Spreadsheet) - http://www.cpa-exam.org/AICPATutorial/install/SSItem.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4DCCD2FC-132F-45EC-BFDA-72235B85047C} (AICPAAuthLit.AuthLitItem) - http://www.cpa-exam.org/AICPATutorial/install/SimItems.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/04b36fead4a0c1eebe03/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {909A35CA-61DC-4437-887E-30ED6D89F6C8} (AICPAUI.ucHyperlink) - http://www.cpa-exam.org/AICPATutorial/install/General.cab
O16 - DPF: {96F2228B-0D43-48AC-B857-29972C87EBA4} (AICPACR.ConstructedResponse) - http://www.cpa-exam.org/AICPATutorial/install/CRItem.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D4C9E474-9A6C-4FBF-B13A-4BE2BDD34FD5} (AICPA treeView control) - http://www.cpa-exam.org/AICPATutorial/install/AICPAViewerIL.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6993CA0-BCC1-4C1A-88BA-2ECF8AE8A4B4} (AICPAViewer.clsViewer) - http://www.cpa-exam.org/AICPATutorial/install/AICPAViewer.cab
O18 - Protocol: bw+0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: directpt - directpt.dll (file missing)
O20 - Winlogon Notify: MSSYCLM - C:\WINDOWS\system32\lv8s09l7e.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FireDaemon Service: dll32 (dll32) - Sublime Solutions Pty Ltd - C:\windows\system32\spool\printers\FireDaemon.exe
O23 - Service: FireDaemon Service: events (events) - Sublime Solutions Pty Ltd - C:\windows\system32\spool\printers\FireDaemon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
There was a LOT MORE in the Ewido Log and a little more in the 2nd Hijack This log, but it wouldn't let me post enough. I still have them saved, so if anyone needs to look at them, I have them.
LonnyRJones
2006-03-01, 11:46
Hi
Open a command prompt (start run type cmd press enter) type
sc delete directprt
press enter, type exit and press enter to exit the command prompt
Start Hijackthis and place a check next to these items If there.
Close all browser windows and shut down all other programs that show in the taskbar.(even Folders)
R3 - URLSearchHook: (no name) - {3B1C6C26-D7EA-DE13-C80C-AF98BD16A0CE} - (no file)
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64
O4 - HKLM\..\Run: [ms040821273-193] C:\WINDOWS\ms040821273-193.exe
O4 - HKLM\..\Run: [sys11-1930821273] C:\WINDOWS\sys11-1930821273.exe
O4 - HKCU\..\Run: [ufro] C:\PROGRA~1\COMMON~1\ufro\ufrom.exe
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: directpt - directpt.dll (file missing)
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Manualy delete
C:\WINDOWS\SYSTEM32\avldr.dll
C:\WINDOWS\system32\loadadv64
C:\WINDOWS\ms040821273-193.exe
C:\WINDOWS\sys11-1930821273.exe
C:\PROGRAm files\COMMON files\ufro <folder
Also: Post a report from this tool if any files show
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
Click the i accept button near the bottom of that page.
Download and run blacklite click > scan then > next, next again then exit
there will be a new txt near blacklite. post it please.
Important: If any files show Do not rename them.....legitimate files can be listed.
Post a fresh hijackthis log please
Thank you very much for responding Lonny.
Ok, I did everything you said. I downloaded the Blacklight Program but it would not run. It gave me the following error.
F-Secure Blacklight was unable to acquire necessary privileges (SeDebugPrivilege)
The following is my newest HijackThis Log. (Part 1)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\system32\SMBOLS~1\dvdplay.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\HJT\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
O3 - Toolbar: &EyeTideBar - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Toms] "C:\WINDOWS\system32\SMBOLS~1\dvdplay.exe" -vt yazr
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlackBerry Desktop Redirector.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {3EEFCD4B-E9FD-4601-BE5D-C5C1776E51D3} (AICPASSV.Spreadsheet) - http://www.cpa-exam.org/AICPATutorial/install/SSItem.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4DCCD2FC-132F-45EC-BFDA-72235B85047C} (AICPAAuthLit.AuthLitItem) - http://www.cpa-exam.org/AICPATutorial/install/SimItems.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/04b36fead4a0c1eebe03/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {909A35CA-61DC-4437-887E-30ED6D89F6C8} (AICPAUI.ucHyperlink) - http://www.cpa-exam.org/AICPATutorial/install/General.cab
O16 - DPF: {96F2228B-0D43-48AC-B857-29972C87EBA4} (AICPACR.ConstructedResponse) - http://www.cpa-exam.org/AICPATutorial/install/CRItem.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D4C9E474-9A6C-4FBF-B13A-4BE2BDD34FD5} (AICPA treeView control) - http://www.cpa-exam.org/AICPATutorial/install/AICPAViewerIL.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6993CA0-BCC1-4C1A-88BA-2ECF8AE8A4B4} (AICPAViewer.clsViewer) - http://www.cpa-exam.org/AICPATutorial/install/AICPAViewer.cab
O18 - Protocol: bw+0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
Here is the second part of my newest HijackThis Log.
O18 - Protocol: bwr0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\fp8603lse.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FireDaemon Service: dll32 (dll32) - Sublime Solutions Pty Ltd - C:\windows\system32\spool\printers\FireDaemon.exe
O23 - Service: FireDaemon Service: events (events) - Sublime Solutions Pty Ltd - C:\windows\system32\spool\printers\FireDaemon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
LonnyRJones
2006-03-02, 05:42
You did willingly install Sublime Solutions/FireDaemon ?
Lets cleanup after the l2m infection then blacklite will run
Download L2mfix (new version) from one of these two locations:
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.
Note: If you receive while running option #1, an error similar to: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.
If it is to large to post in one reply do so in two please
I did not willingly install FireDaemon, unless it was part of the install of some other program I willingly installed.
I did not recieve an error when running the l2mfix. Here is the log.
L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
"Asynchronous"=dword:00000000
"DllName"=hex(2):61,00,76,00,6c,00,64,00,72,00,2e,00,64,00,6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Startup"="AvLdrStartupNotification"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\fp8603lse.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{9DE7C09A-17EF-BBB7-33F8-17A83E1F95E1}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1CAA843A-6DBD-40EF-AB71-8F7B209997C0}"="IntelliType Pro Key Settings Control Panel Property Page"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{B327765E-D724-4347-8B16-78AE18552FC3}"="NeroDigitalIconHandler"
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}"="NeroDigitalPropSheetHandler"
"{ACBA0BA3-ACED-4E02-9221-794F7588DD9C}"="All To MP3 Converter"
"{0FFAEF53-E4DD-474D-A352-FC720EA146CB}"=""
"{6EA6B4AE-FAD0-4F96-A866-609D7EAFD39E}"=""
"{F17EC782-ADC0-43DE-81FC-2EF07E819717}"=""
"{FA8D98D1-870E-4323-B5D4-8B6E0E16AE82}"=""
"{F0D5E362-FDF8-42F2-B495-0AC608AE9A08}"=""
"{8A509BE8-7F51-4AAD-B328-ECE405B5D6F9}"=""
"{65756541-C65C-11CD-0000-4B656E696100}"="Panda Antivirus"
**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
bassmod.dll Sun Dec 4 2005 10:33:32p A.... 15,360 15.00 K
gdi32.dll Wed Dec 28 2005 8:54:36p A.... 280,064 273.50 K
sporder.dll Fri Feb 24 2006 8:12:18p A.... 8,464 8.27 K
webclnt.dll Tue Jan 3 2006 9:35:06p A.... 68,096 66.50 K
wmp.dll Tue Dec 6 2005 6:02:16a A.... 5,533,696 5.28 M
5 items found: 5 files, 0 directories.
Total of file sizes: 5,905,680 bytes 5.63 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 8CEA-0167
Directory of C:\WINDOWS\System32
02/21/2006 05:07 PM <DIR> dllcache
04/23/2004 02:35 PM <DIR> Microsoft
05/11/2000 12:00 AM 397,312 Msrdo20.dll
03/14/2000 12:00 AM 151,552 Rdocurs.dll
2 File(s) 548,864 bytes
2 Dir(s) 16,380,399,616 bytes free
Not sure if I was supposed to run Blacklite after that. It seems we just got a log, but anyhow, I attempted it and recieved the same error.
LonnyRJones
2006-03-03, 01:27
Hi
Is Sublime Solutions familur ? its what installed/uses FireDaemon
Close any programs you have open since this step requires a reboot.
Close the internet connection, Unplug your modem !! if on cable or satalite.
From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. It will process then start. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot.
Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log. to shorton the hiajckthis log you can edit out the O18 - Protocol:, to be clear im not suggesting they be fixed..
Now try blacklite again and post its log
Ok.
First, The L2mFix Log.
L2mfix 010406
Creating Account.
The command completed successfully.
Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\SYSTEM32
Killing Processes!
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 516 'smss.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 596 'winlogon.exe'
Killing PID 596 'winlogon.exe'
Killing PID 596 'winlogon.exe'
Killing PID 596 'winlogon.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1740 'explorer.exe'
Killing PID 1740 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Restoring Windows Update Certificates.:
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
"Asynchronous"=dword:00000000
"DllName"=hex(2):61,00,76,00,6c,00,64,00,72,00,2e,00,64,00,6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Startup"="AvLdrStartupNotification"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\fp8603lse.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0FFAEF53-E4DD-474D-A352-FC720EA146CB}"=-
"{6EA6B4AE-FAD0-4F96-A866-609D7EAFD39E}"=-
"{F17EC782-ADC0-43DE-81FC-2EF07E819717}"=-
"{FA8D98D1-870E-4323-B5D4-8B6E0E16AE82}"=-
"{F0D5E362-FDF8-42F2-B495-0AC608AE9A08}"=-
"{8A509BE8-7F51-4AAD-B328-ECE405B5D6F9}"=-
[-HKEY_CLASSES_ROOT\CLSID\{0FFAEF53-E4DD-474D-A352-FC720EA146CB}]
[-HKEY_CLASSES_ROOT\CLSID\{6EA6B4AE-FAD0-4F96-A866-609D7EAFD39E}]
[-HKEY_CLASSES_ROOT\CLSID\{F17EC782-ADC0-43DE-81FC-2EF07E819717}]
[-HKEY_CLASSES_ROOT\CLSID\{FA8D98D1-870E-4323-B5D4-8B6E0E16AE82}]
[-HKEY_CLASSES_ROOT\CLSID\{F0D5E362-FDF8-42F2-B495-0AC608AE9A08}]
[-HKEY_CLASSES_ROOT\CLSID\{8A509BE8-7F51-4AAD-B328-ECE405B5D6F9}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*
zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (164 bytes security) (deflated 81%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
Now the New HijackThis Log
Logfile of HijackThis v1.99.1
Scan saved at 7:07:59 PM, on 3/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe
C:\WINDOWS\system32\?ssembly\?serinit.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\avciman.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimreal.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R3 - URLSearchHook: (no name) - {C0D95C43-EED7-BF72-A4A8-90CB289F0D92} - C:\WINDOWS\system32\hsgfkjvg.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {C0D95C43-EED7-BF72-A4A8-90CB289F0D92} - C:\WINDOWS\system32\hsgfkjvg.dll (file missing)
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Toms] "C:\WINDOWS\system32\SMBOLS~1\dvdplay.exe" -vt yazr
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [Xyhl] C:\WINDOWS\system32\?ssembly\?serinit.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlackBerry Desktop Redirector.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {3EEFCD4B-E9FD-4601-BE5D-C5C1776E51D3} (AICPASSV.Spreadsheet) - http://www.cpa-exam.org/AICPATutorial/install/SSItem.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4DCCD2FC-132F-45EC-BFDA-72235B85047C} (AICPAAuthLit.AuthLitItem) - http://www.cpa-exam.org/AICPATutorial/install/SimItems.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/04b36fead4a0c1eebe03/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {909A35CA-61DC-4437-887E-30ED6D89F6C8} (AICPAUI.ucHyperlink) - http://www.cpa-exam.org/AICPATutorial/install/General.cab
O16 - DPF: {96F2228B-0D43-48AC-B857-29972C87EBA4} (AICPACR.ConstructedResponse) - http://www.cpa-exam.org/AICPATutorial/install/CRItem.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D4C9E474-9A6C-4FBF-B13A-4BE2BDD34FD5} (AICPA treeView control) - http://www.cpa-exam.org/AICPATutorial/install/AICPAViewerIL.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6993CA0-BCC1-4C1A-88BA-2ECF8AE8A4B4} (AICPAViewer.clsViewer) - http://www.cpa-exam.org/AICPATutorial/install/AICPAViewer.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\fp8603lse.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FireDaemon Service: dll32 (dll32) - Sublime Solutions Pty Ltd - C:\windows\system32\spool\printers\FireDaemon.exe
O23 - Service: FireDaemon Service: events (events) - Sublime Solutions Pty Ltd - C:\windows\system32\spool\printers\FireDaemon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NMSAccess - Unknown owner - :\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - PANDA SOFTWARE - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
Blacklite did not find anything.
I am sure I do not know what Sublime Solutions is. I checked out their webiste, and it seems to be a program that allows you to run other programs as services. I've never intentionally installed anything of that nature.
LonnyRJones
2006-03-04, 04:11
Copy the contents of the quote box below into a new notepad document (not wordpad).
Click file> save as...> call it check.bat > file types *all files*> and save it to desktop.
(Echo
sc config dll32 start= disabled
sc stop dll32
sc query dll32
sc config events start= disabled
sc stop events
sc query events
)>logit.txt 2>&1
dir C:\WINDOWS\system32\SMBOLS~1\*.* >>logit.txt
dir C:\WINDOWS\system32\?ssembly\*.* >>logit.txt
start notepad logit.txt
Run check.bat and post back with the text that will open
Next run Hijackthis Run click >"config" then "misc tools" >"delete file on reboot"(exact spelling counts!!! so dont browse to the file)
Copy/Paste the bolded line below into the File name box then click Open,
C:\WINDOWS\SYSTEM32\avldr.dll
answer no to the reboot now prompt
Hit >back< then > Scan and Place a check next to these items.
R3 - URLSearchHook: (no name) - {C0D95C43-EED7-BF72-A4A8-90CB289F0D92} - C:\WINDOWS\system32\hsgfkjvg.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {C0D95C43-EED7-BF72-A4A8-90CB289F0D92} - C:\WINDOWS\system32\hsgfkjvg.dll (file missing)
O4 - HKCU\..\Run: [Toms] "C:\WINDOWS\system32\SMBOLS~1\dvdplay.exe" -vt yazr
O4 - HKCU\..\Run: [Xyhl] C:\WINDOWS\system32\?ssembly\?serinit.exe
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\fp8603lse.dll (file missing)
=============
Now hit fix checked close hijackthis and restart your PC
In addremove programs uninstall nortons NPROTECT or antivirus since your using Panda now..
Post back with another hijackthis log nade when your here at the forum
The Check.Bat Log
ECHO is on.
[SC] ChangeServiceConfig SUCCESS
[SC] ControlService FAILED 1062:
The service has not been started.
SERVICE_NAME: dll32
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1 (0x1)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
[SC] ChangeServiceConfig SUCCESS
[SC] ControlService FAILED 1062:
The service has not been started.
SERVICE_NAME: events
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1 (0x1)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
Volume in drive C has no label.
Volume Serial Number is 8CEA-0167
Directory of C:\WINDOWS\system32\SMBOLS~1
03/03/2006 06:28 PM <DIR> .
03/03/2006 06:28 PM <DIR> ..
03/01/2006 10:04 PM <DIR> s?mbols
0 File(s) 0 bytes
3 Dir(s) 14,039,281,664 bytes free
The New HiJackThis Log
Logfile of HijackThis v1.99.1
Scan saved at 9:46:01 PM, on 3/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\HJT\HijackThis.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlackBerry Desktop Redirector.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {3EEFCD4B-E9FD-4601-BE5D-C5C1776E51D3} (AICPASSV.Spreadsheet) - http://www.cpa-exam.org/AICPATutorial/install/SSItem.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4DCCD2FC-132F-45EC-BFDA-72235B85047C} (AICPAAuthLit.AuthLitItem) - http://www.cpa-exam.org/AICPATutorial/install/SimItems.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/04b36fead4a0c1eebe03/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {909A35CA-61DC-4437-887E-30ED6D89F6C8} (AICPAUI.ucHyperlink) - http://www.cpa-exam.org/AICPATutorial/install/General.cab
O16 - DPF: {96F2228B-0D43-48AC-B857-29972C87EBA4} (AICPACR.ConstructedResponse) - http://www.cpa-exam.org/AICPATutorial/install/CRItem.cab
O16 - DPF: {D4C9E474-9A6C-4FBF-B13A-4BE2BDD34FD5} (AICPA treeView control) - http://www.cpa-exam.org/AICPATutorial/install/AICPAViewerIL.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6993CA0-BCC1-4C1A-88BA-2ECF8AE8A4B4} (AICPAViewer.clsViewer) - http://www.cpa-exam.org/AICPATutorial/install/AICPAViewer.cab
O18 - Protocol: bw40 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {904BB551-ED00-4D4A-8BB3-6BBC7EF2A340} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: avldr - avldr.dll (file missing)
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\fp8603lse.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - PANDA SOFTWARE - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
LonnyRJones
2006-03-07, 06:36
Scan with hijackthis and fix these items
O20 - Winlogon Notify: avldr - avldr.dll (file missing)
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\fp8603lse.dll (file missing)
Other that that the log looks ok, Are there any problems now ?
Id like to see a startup list made from hijackthis, heres how >
Start Hijackthis click config misc tools >
plcase a check in [X] list also minor sections
and [X] list empty sections, then click gernerate startuplist log.
No Lonnie, I'm not having anymore popups or browser hijacks.
You done it!
Man, I can't thank you enough. You are the god of malware removal.
Your time and effort has been and is greatly appreciated.
Thank you.
Here is that startup list you requested. I'll check back on this thread just to make sure you have no other suggesstions for me.
StartupList report, 3/8/2006, 9:56:03 PM
StartupList version: 1.52.2
Started from : C:\HJT\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Lil E\Start Menu\Programs\Startup]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
BlackBerry Desktop Redirector.lnk.disabled
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Logitech Utility = Logi_MwX.Exe
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
APVXDWIN = "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
SCANINICIO = "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
Run Waves Setup = C:\Documents and Settings\Lil E\Desktop\Waves Mixing and Mastering Tools\WavesMasters_V5.0.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
DW4 = "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
ccleaner = "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
AIM = C:\Program Files\AIM\aim.exe -cnetwait.odl
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
*No BHO's found*
--------------------------------------------------
Enumerating Task Scheduler jobs:
HP DArC Task #Hewlett-Packard#deskjet5100#MY36S1J0Q67A.job
Norton SystemWorks One Button Checkup.job
Symantec Drmc.job
--------------------------------------------------
Enumerating Download Program Files:
[{0000000A-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
[Microsoft Office Template and Media Control]
InProcServer32 = C:\PROGRA~1\MICROS~3\OFFICE11\IEAWSDC.DLL
CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab
[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab
[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan60.ocx
CODEBASE = http://housecall60.trendmicro.com/housecall/xscan60.cab
[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab
[AICPASSV.Spreadsheet]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\AICPASSV.ocx
CODEBASE = http://www.cpa-exam.org/AICPATutorial/install/SSItem.cab
[SurferNETWORK Plugin]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SURFER~1.OCX
CODEBASE = http://rd1.surfernetwork.com/surferplugin.ocx
[AICPAAuthLit.AuthLitItem]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\AICPAAuthLit.ocx
CODEBASE = http://www.cpa-exam.org/AICPATutorial/install/SimItems.cab
[{56336BCB-3D8A-11D6-A00B-0050DA18DE71}]
CODEBASE = http://software-dl.real.com/04b36fead4a0c1eebe03/netzip/RdxIE601.cab
[{62475759-9E84-458E-A1AB-5D2C442ADFDE}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
[Java Plug-in 1.4.2_04]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
[AICPAUI.ucHyperlink]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\AICPAUI.ocx
CODEBASE = http://www.cpa-exam.org/AICPATutorial/install/General.cab
[AICPACR.ConstructedResponse]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\AICPACR.ocx
CODEBASE = http://www.cpa-exam.org/AICPATutorial/install/CRItem.cab
[Java Plug-in 1.4.2_04]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
[AICPA treeView control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\AICPAViewerIL.DLL
CODEBASE = http://www.cpa-exam.org/AICPATutorial/install/AICPAViewerIL.cab
[{E5D419D6-A846-4514-9FAD-97E826C84822}]
CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab
[AICPAViewer.clsViewer]
CODEBASE = http://www.cpa-exam.org/AICPATutorial/install/AICPAViewer.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll
Protocol #2: C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll
Protocol #3: C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\mswsock.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\rsvpsp.dll
Protocol #8: C:\WINDOWS\system32\rsvpsp.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
App Filter Plugin: \??\C:\WINDOWS\system32\Drivers\APPFLT.SYS (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\System32\Ati2evxx.exe (autostart)
ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart)
ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Antivirus Filter Driver: \SystemRoot\system32\drivers\av5flt.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
MAC Bridge: System32\DRIVERS\bridge.sys (manual start)
MAC Bridge Miniport: System32\DRIVERS\bridge.sys (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Arrowkey Device Access: \??\C:\Program Files\Shared\CDRPDACC.SYS (autostart)
Software Cinemaster NT4.0 Driver: \SystemRoot\SYSTEM32\DRIVERS\CINEMSUP.SYS (autostart)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Panda Anti-Dialer: \??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys (manual start)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Panda CPoint Driver: system32\Drivers\cpoint.sys (autostart)
Creative Service for CDROM Access: C:\WINDOWS\System32\CTsvcCDA.exe (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Creative AC3 Software Decoder: System32\drivers\ctac32k.sys (manual start)
Creative Audio Driver (WDM): system32\drivers\ctaud2k.sys (manual start)
Creative DVD-Audio Device Driver: System32\drivers\ctdvda2k.sys (manual start)
Game Port: System32\DRIVERS\ctgame.sys (manual start)
Creative Proxy Driver: System32\drivers\ctprxy2k.sys (manual start)
Creative SoundFont Management Device Driver: System32\drivers\ctsfm2k.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
FireDaemon Service: dll32: C:\windows\system32\spool\printers\FireDaemon.exe -s (disabled)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
DSA Filter Plugin: \??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS (autostart)
EDSP Port Driver: System32\DRIVERS\es56tpi.sys (manual start)
E-mu Plug-in Architecture Driver: system32\drivers\emupia2k.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Creative AudioPCI (ES1371,ES1373) (WDM): system32\drivers\es1371mp.sys (manual start)
Event Log: %SystemRoot%\system32\services.exe (autostart)
FireDaemon Service: events: C:\windows\system32\spool\printers\FireDaemon.exe -s (disabled)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Program Files\ewido anti-malware\ewidoctrl.exe (autostart)
ewido security suite driver: \??\C:\Program Files\ewido anti-malware\guard.sys (system)
ewido security suite guard: C:\Program Files\ewido anti-malware\ewidoguard.exe (autostart)
NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver: System32\DRIVERS\FA312nd5.sys (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
FGUARD32: \??\C:\Program Files\Folder Guard Pro XP\FGUARD32.SYS (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
NetMon Filter Plugin: \??\C:\WINDOWS\system32\Drivers\fnetmon.SYS (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Creative Hardware Abstract Layer Driver: system32\drivers\ha10kx2k.sys (manual start)
Creative P16V HAL Driver: System32\drivers\hap16v2k.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
Ids Filter Plugin: \??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS (autostart)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
InCD File System: system32\drivers\InCDFs.sys (disabled)
InCDPass: system32\drivers\InCDPass.sys (system)
InCD Reader: system32\drivers\InCDRm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Logitech PS/2 Mouse Filter Driver: System32\DRIVERS\L8042pr2.Sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Logitech HID/USB Mouse Filter Driver: System32\DRIVERS\LHidFlt2.Sys (manual start)
Logitech USB Receiver device driver: System32\Drivers\LHidUsb.Sys (manual start)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Logitech Mouse Class Filter Driver: System32\DRIVERS\LMouFlt2.Sys (manual start)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
MSSQL$SONY_MEDIAMGR: C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR (manual start)
MSSQLServerADHelper: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Panda Net Driver [NDIS Layer]: system32\Drivers\NETFLT.SYS (system)
Panda Net Driver [TDI Layer]: \??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS (system)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NMSAccess: C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe (autostart)
NT Apm/Legacy Interface Driver: System32\DRIVERS\NtApm.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Creative OS Services Driver: system32\drivers\ctoss2k.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
pavdrv: system32\DRIVERS\pavdrv51.sys (autostart)
Panda Function Service: "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe" (autostart)
Panda Process Protection Driver: \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys (autostart)
Panda Process Protection Service: "C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe" (autostart)
Panda anti-virus service: "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe" (autostart)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Low level access layer for CD devices: System32\Drivers\Pcouffin.sys (manual start)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
PfModNT: \??\C:\WINDOWS\System32\PfModNT.sys (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Panda Antispam Engine: C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe (autostart)
Panda Network Manager: "c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE" (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Panda IManager Service: "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe" (autostart)
PSSdk21: \??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: system32\DRIVERS\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
RIM Virtual Serial Port: system32\DRIVERS\RimSerial.sys (manual start)
RIM Handheld: System32\Drivers\RimUsb.sys (manual start)
Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SB AudioPCI Audio Driver (WDM): system32\drivers\sbpci.sys (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SDdriver: \??\C:\WINDOWS\system32\Drivers\sddriver.sys (manual start)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SMS Filter Plugin: \??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS (autostart)
Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (autostart)
Sony USB Filter Driver (SONYPVU1): system32\DRIVERS\SONYPVU1.SYS (manual start)
Speed Disk service: C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
SQLAgent$SONY_MEDIAMGR: C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR (manual start)
System Restore Filter Driver: \SystemRoot\System32\DRIVERS\sr.sys (disabled)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Software Synthesizer (WDM): system32\drivers\swmidi.sys (system)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{B452DED8-FCFC-42A8-82B4-039110EC2E47} (manual start)
Symantec Core LC: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart)
SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start)
SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start)
SYMIDSCO: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20050901.036\symidsco.sys (manual start)
symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart)
SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
32bit system bus driver: \SystemRoot\System32\Drivers\sysbus32.sys (autostart)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (manual start)
Panda TPSrv: "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe" (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: System32\DRIVERS\viaagp.sys (system)
ViaIde: System32\DRIVERS\viaide.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WDM Virtual Wave Driver (WDM): system32\drivers\wdmaud.sys (system)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
WMDM PMSP Service: C:\WINDOWS\System32\MsPMSPSv.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Wifi Monitor Filter Plugin: \??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS (autostart)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
Automatic Updates: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
xmasbus: system32\DRIVERS\xmasbus.sys (system)
xmasscsi: System32\Drivers\xmasscsi.sys (system)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\LILE~1\LOCALS~1\TEMPOR~1\Content.IE5\index.dat||C:\DOCUME~1\LILE~1\Cookies\index.dat||C:\DOCUME~1\LILE~1\LOCALS~1\History\History.IE5\index.dat||C:\WINDOWS\system32\msvca5b0.rra => C:\WINDOWS\system32\msvcp71.dll||L
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
End of report, 41,638 bytes
Report generated in 0.601 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
LonnyRJones
2006-03-09, 05:23
One bad guy
32bit system bus driver: \SystemRoot\System32\Drivers\sysbus32.sys (autostart)
Open a command prompt (start run type cmd press enter) type
sc delete sysbus32
press enter, type exit and press enter to exit the command prompt
Restart your pc
Open a command prompt (start run type cmd press enter) type
sc query sysbus32
press enter, tell us if its still running or doesnt exists ? then type exit and press enter to exit the command prompt
The specified service does not exist as an installed service.
LonnyRJones
2006-03-10, 03:45
Good
Prevention:
Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Replace it about once monthly to keep it updated
To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279
As the problem appears to be resolved this topic will be archived.:bigthumb:
If you need it re-opened please send me a pm and provide a link to the thread. Cheers.