[Solved] Annoying popups (look2me)

Unknown
edited December 2005 in Spyware & Virus Removal
Hi there!

I have tried to get rid of some annoying ad-aware or virus. Scanned with Panda, Norton, Ad-aware, Spybot and some more, but nothing helps.

The only similiar answer from all of them is: Look2me. Some files are being deleted ,but it`s still there! :scratch:

I have read som earlier threads about the subject, but need some help for further instruction regarding my own PC. :confused:

Here's a L2Mfix log:

L2MFIX find log 1.99
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Control Panel]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\jtjs0717e.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT-MYNDIGHET\SYSTEM
(IO) ALLOW Full access NT-MYNDIGHET\SYSTEM
(NI) ALLOW Full access NT-MYNDIGHET\SYSTEM
(IO) ALLOW Full access NT-MYNDIGHET\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Brukere
(ID-IO) ALLOW Read BUILTIN\Brukere
(ID-NI) ALLOW Full access BUILTIN\Administratorer
(ID-IO) ALLOW Full access BUILTIN\Administratorer
(ID-NI) ALLOW Full access NT-MYNDIGHET\SYSTEM
(ID-IO) ALLOW Full access NT-MYNDIGHET\SYSTEM
(ID-IO) ALLOW Full access OPPRETTER EIER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{CCE1B23B-D34C-6006-1C64-20CA030003F5}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Egenskapsside for multimediefil"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM skannerbehandling"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-sikkerhetsside"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Egenskapsside for OLE DOC-fil"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Skallutvidelse for deling"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Kontrollpanelsutvidelse for skjermkort"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Kontrollpanelsutvidelse for skjermtype"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Kontrollpanelsutvidelse for skjermpanorering"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-sikkerhetsside"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilitetsside"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Diskkopieringsutvidelse"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Skallutvidelser for Microsoft Windows-nettverksobjekter"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM skjermbehandling"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM skriverbehandling"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Skallutvidelser for filkomprimering"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Skallutvidelse for Web-skriver"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Hurtigmeny for kryptering"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Koffert"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Ikonutvidelse for HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Skrifter"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Skriversikkerhetsside"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Skallutvidelse for deling"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-utvidelse"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign-utvidelse"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Nettverkstilkoblinger"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Nettverkstilkoblinger"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannere og kameraer"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannere og kameraer"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannere og kameraer"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannere og kameraer"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannere og kameraer"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Skallutvidelser for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-datakobling"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Planlagte oppgaver"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Oppgavelinje og Start-meny"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="S›k"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hjelp og st›tte"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hjelp og st›tte"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Kj›r..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internett"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-post"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative verkt›y"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internett-verkt›ylinje"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Nedlastingsstatus"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="B†ndproxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft-tjeneste for tidligere URL-adresser"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Logg"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Midlertidige Internett-filer"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Midlertidige Internett-filer"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft-binding for URL-s›k"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Velkomstbilde for Internet Explorer 4.0"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internett"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-b†nd"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Mappe for ActiveX-hurtigbuffer"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Abonnementsmappe"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Behandling av skallprogrammer"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Enumerator for installerte programmer"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin Programpubliserer"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Uttrekking av miniatyrbilder i GDI+-filer"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Behandling av informasjon om miniatyrbilder"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Uttrekking av HTML-miniatyrbilder"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Veiviser for Web-publisering"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestille utskrifter via Weben"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Veiviserobjekt for skallpublisering"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="F† en passport-veiviser"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Brukerkontoer"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanalfil"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanalsnarvei"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanalbehandlingsobjekt"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Mappe for Frakoblede filer"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Etter &personer..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web-mapper"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{1869D78C-8CBB-4E00-A69C-F94F5A65EB86}"=""
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{5EC3EA89-4453-4416-A78B-65F689DC2048}"="Goback Drives"
"{6809E580-A3A7-11D1-9A00-00A0C945B006}"="GoBack Shell Extension"
"{B0C075FA-6533-4DC4-8081-70119E5EA8C3}"=""
"{51917337-5113-4EC2-9CB6-C6212D0EF3E9}"="BPS Shredder Context Menu"
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}"="My Logitech Pictures"
"{389D1395-6647-46AC-9820-EA2796CF881B}"=""
"{DE1BDD5C-0E24-4703-A6EE-18BBDB4A91AF}"=""
"{EBD02E39-E29C-4D3E-8ECA-F5677CE3C402}"=""
"{2ED14805-BB84-43B6-B7E2-5CEBC22F3008}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2ED14805-BB84-43B6-B7E2-5CEBC22F3008}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2ED14805-BB84-43B6-B7E2-5CEBC22F3008}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2ED14805-BB84-43B6-B7E2-5CEBC22F3008}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2ED14805-BB84-43B6-B7E2-5CEBC22F3008}\InprocServer32]
@="C:\\WINDOWS\\system32\\dlmsadsn.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
browseui.dll Sat 3 Sep 2005 0:54:56 A.... 1 019 904 996,00 K
capicom.dll Wed 5 Oct 2005 14:44:38 A.... 466 944 456,00 K
cdfview.dll Sat 3 Sep 2005 0:54:56 A.... 151 552 148,00 K
cdosys.dll Sat 10 Sep 2005 2:55:36 A.... 2 067 968 1,97 M
danim.dll Sat 3 Sep 2005 0:54:58 A.... 1 054 208 1,00 M
dlmsadsn.dll Sun 27 Nov 2005 20:13:10 ..S.R 233 606 228,13 K
dxtrans.dll Sat 3 Sep 2005 0:54:58 A.... 205 312 200,50 K
extmgr.dll Sat 3 Sep 2005 0:54:58 ..... 55 808 54,50 K
gdi32.dll Thu 6 Oct 2005 4:19:00 A.... 280 064 273,50 K
gwfspi~1.dll Mon 29 Aug 2005 12:27:06 A.... 23 304 22,76 K
iepeers.dll Sat 3 Sep 2005 0:54:58 A.... 251 392 245,50 K
inseng.dll Sat 3 Sep 2005 0:55:00 A.... 96 768 94,50 K
jtjs07~1.dll Sun 27 Nov 2005 13:19:50 ..S.R 233 606 228,13 K
legitc~1.dll Mon 29 Aug 2005 12:27:12 A.... 520 968 508,76 K
linkinfo.dll Thu 1 Sep 2005 3:28:08 A.... 19 968 19,50 K
lvlu09~1.dll Sun 27 Nov 2005 20:13:08 ..S.R 234 545 229,05 K
mshtml.dll Tue 4 Oct 2005 16:27:36 A.... 3 013 120 2,87 M
mshtmled.dll Sat 3 Sep 2005 0:55:02 A.... 448 512 438,00 K
msrating.dll Sat 3 Sep 2005 0:55:04 A.... 146 432 143,00 K
mstime.dll Sat 3 Sep 2005 0:55:04 A.... 530 432 518,00 K
pngfilt.dll Sat 3 Sep 2005 0:55:04 A.... 39 424 38,50 K
quartz.dll Tue 30 Aug 2005 4:56:40 A.... 1 290 240 1,23 M
shdocvw.dll Sat 3 Sep 2005 0:55:06 A.... 1 484 288 1,41 M
shell32.dll Fri 23 Sep 2005 4:07:48 A.... 8 456 704 8,06 M
shlwapi.dll Sat 3 Sep 2005 0:55:06 A.... 473 600 462,50 K
sirenacm.dll Thu 13 Oct 2005 0:11:06 A.... 118 784 116,00 K
urlmon.dll Sat 3 Sep 2005 0:55:08 A.... 603 648 589,50 K
wininet.dll Sat 3 Sep 2005 0:55:08 A.... 657 920 642,50 K
winsrv.dll Thu 1 Sep 2005 3:28:08 A.... 291 840 285,00 K

29 items found: 29 files (3 H/S), 0 directories.
Total of file sizes: 24 470 861 bytes 23,34 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volumet i stasjon C er uten navn.
Volumserienummeret er B85D-8106

Innhold i C:\WINDOWS\System32

27.11.2005 20:13 233ÿ606 dlmsadsn.dll
27.11.2005 20:13 234ÿ545 lvlu0939e.dll
27.11.2005 13:19 233ÿ606 jtjs0717e.dll
13.11.2005 17:12 <DIR> dllcache
21.05.2005 15:03 <DIR> Microsoft
30.09.1999 18:21 166ÿ672 mstext35.dll
28.09.1999 20:42 1ÿ050ÿ896 msjet35.dll
09.09.1999 21:06 252ÿ688 msexcl35.dll
09.09.1999 21:06 168ÿ720 msltus35.dll
25.08.1999 13:57 415ÿ504 msrepl35.dll
10.06.1999 08:34 24ÿ848 msjter35.dll
10.06.1999 08:34 123ÿ664 msjint35.dll
07.06.1999 17:59 250ÿ128 mspdox35.dll
25.04.1999 16:00 287ÿ504 Msxbse35.dll
25.04.1999 16:00 368ÿ912 Vbar332.dll
25.04.1999 16:00 252ÿ176 Msrd2x35.dll
14 fil(er) 4ÿ063ÿ469 byte
2 mappe(r) 4ÿ103ÿ622ÿ656 byte ledig

Comments

  • SpywareShooterSpywareShooter 127.0.0.1
    edited November 2005
    Please download HijackThis and post a log.
  • mr_kane
    edited November 2005
    Hi and thank you!

    Here`s a log:

    Logfile of HijackThis v1.99.1
    Scan saved at 22:33:01, on 27.11.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Programfiler\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
    C:\Programfiler\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
    D:\Programfiler\B54 Wireless Monitor\WLService.exe
    D:\Programfiler\B54 Wireless Monitor\WLanCfgG.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Programfiler\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Programfiler\MSN Messenger\MsnMsgr.Exe
    C:\Programfiler\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Programfiler\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Programfiler\Internet Explorer\iexplore.exe
    C:\Programfiler\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\El jefe\Skrivebord\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hostingproject.info/Zilos/googlex/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Programfiler\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Norton GoBack.lnk = C:\Programfiler\Norton SystemWorks\Norton GoBack\GBTray.exe
    O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15012/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4618/mcfscan.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15012/CTPID.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\jtjs0717e.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: WLB54 Service (WLB54) - Unknown owner - D:\Programfiler\B54 Wireless Monitor\WLService.exe
  • SpywareShooterSpywareShooter 127.0.0.1
    edited November 2005
    Boot into Safe Mode (press F8 at the BIOS screen when booting) and fix these entries:

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\jtjs0717e.dll

    Still in Safe Mode, find and delete this file:
    C:\WINDOWS\system32\jtjs0717e.dll

    Then boot back into Normal Mode and post a new log.
  • mr_kane
    edited November 2005
    Hi again!

    I have done what you told me.

    Still I have the same problem :confused:

    Here`s my new log:

    Logfile of HijackThis v1.99.1
    Scan saved at 19:06:16, on 28.11.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Programfiler\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
    C:\Programfiler\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
    D:\Programfiler\B54 Wireless Monitor\WLService.exe
    D:\Programfiler\B54 Wireless Monitor\WLanCfgG.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
    C:\Programfiler\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Programfiler\MSN Messenger\MsnMsgr.Exe
    C:\Programfiler\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Programfiler\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\Logitech\Video\FxSvr2.exe
    C:\Documents and Settings\El jefe\Skrivebord\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hostingproject.info/Zilos/googlex/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Programfiler\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Norton GoBack.lnk = C:\Programfiler\Norton SystemWorks\Norton GoBack\GBTray.exe
    O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15012/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4618/mcfscan.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15012/CTPID.cab
    O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\iHssvcs.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: WLB54 Service (WLB54) - Unknown owner - D:\Programfiler\B54 Wireless Monitor\WLService.exe
  • mr_kane
    edited November 2005
    Hey people!

    Anyone having any ideas of what to do next here?
  • TroganTrogan London, UK
    edited December 2005
    Download L2mfix from one of these two locations:

    http://www.atribune.org/downloads/l2mfix.exe
    http://www.downloads.subratam.org/l2mfix.exe

    Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

    IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

    if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe
    C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.
  • mr_kane
    edited December 2005
    Thank you!

    Here`s the log


    L2MFIX find log 1.99
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
    "Asynchronous"=dword:00000000
    "DllName"=""
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Uninstall]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\gp0ul3d91.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"


    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (NI) ALLOW Full access NT-MYNDIGHET\SYSTEM
    (IO) ALLOW Full access NT-MYNDIGHET\SYSTEM
    (NI) ALLOW Full access NT-MYNDIGHET\SYSTEM
    (IO) ALLOW Full access NT-MYNDIGHET\SYSTEM
    (ID-NI) ALLOW Read BUILTIN\Brukere
    (ID-IO) ALLOW Read BUILTIN\Brukere
    (ID-NI) ALLOW Full access BUILTIN\Administratorer
    (ID-IO) ALLOW Full access BUILTIN\Administratorer
    (ID-NI) ALLOW Full access NT-MYNDIGHET\SYSTEM
    (ID-IO) ALLOW Full access NT-MYNDIGHET\SYSTEM
    (ID-IO) ALLOW Full access OPPRETTER EIER


    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{CCE1B23B-D34C-6006-1C64-20CA030003F5}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Egenskapsside for multimediefil"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM skannerbehandling"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-sikkerhetsside"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Egenskapsside for OLE DOC-fil"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Skallutvidelse for deling"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Kontrollpanelsutvidelse for skjermkort"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Kontrollpanelsutvidelse for skjermtype"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Kontrollpanelsutvidelse for skjermpanorering"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-sikkerhetsside"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilitetsside"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Diskkopieringsutvidelse"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Skallutvidelser for Microsoft Windows-nettverksobjekter"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM skjermbehandling"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM skriverbehandling"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Skallutvidelser for filkomprimering"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Skallutvidelse for Web-skriver"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Hurtigmeny for kryptering"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Koffert"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Ikonutvidelse for HyperTerminal"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Skrifter"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profil"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Skriversikkerhetsside"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Skallutvidelse for deling"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-utvidelse"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign-utvidelse"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Nettverkstilkoblinger"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Nettverkstilkoblinger"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannere og kameraer"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannere og kameraer"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannere og kameraer"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannere og kameraer"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannere og kameraer"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Skallutvidelser for Windows Script Host"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-datakobling"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Planlagte oppgaver"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Oppgavelinje og Start-meny"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="S›k"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hjelp og st›tte"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hjelp og st›tte"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Kj›r..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internett"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-post"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative verkt›y"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internett-verkt›ylinje"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Nedlastingsstatus"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="B†ndproxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft-tjeneste for tidligere URL-adresser"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Logg"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Midlertidige Internett-filer"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Midlertidige Internett-filer"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft-binding for URL-s›k"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Velkomstbilde for Internet Explorer 4.0"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internett"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-b†nd"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="Mappe for ActiveX-hurtigbuffer"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Abonnementsmappe"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Behandling av skallprogrammer"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Enumerator for installerte programmer"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin Programpubliserer"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Uttrekking av miniatyrbilder i GDI+-filer"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Behandling av informasjon om miniatyrbilder"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Uttrekking av HTML-miniatyrbilder"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Veiviser for Web-publisering"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestille utskrifter via Weben"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Veiviserobjekt for skallpublisering"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="F† en passport-veiviser"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Brukerkontoer"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanalfil"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanalsnarvei"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanalbehandlingsobjekt"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Mappe for Frakoblede filer"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Etter &personer..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
    "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
    "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
    "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
    "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web-mapper"
    "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
    "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
    "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
    "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
    "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
    "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
    "{1869D78C-8CBB-4E00-A69C-F94F5A65EB86}"=""
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
    "{5EC3EA89-4453-4416-A78B-65F689DC2048}"="Goback Drives"
    "{6809E580-A3A7-11D1-9A00-00A0C945B006}"="GoBack Shell Extension"
    "{B0C075FA-6533-4DC4-8081-70119E5EA8C3}"=""
    "{51917337-5113-4EC2-9CB6-C6212D0EF3E9}"="BPS Shredder Context Menu"
    "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}"="My Logitech Pictures"
    "{389D1395-6647-46AC-9820-EA2796CF881B}"=""
    "{DE1BDD5C-0E24-4703-A6EE-18BBDB4A91AF}"=""
    "{EBD02E39-E29C-4D3E-8ECA-F5677CE3C402}"=""
    "{2ED14805-BB84-43B6-B7E2-5CEBC22F3008}"=""
    "{249AFB86-0C96-4097-9164-65C4529DE28C}"=""
    "{99EFA66C-61C4-466F-B12B-D8700501C1FF}"=""

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{2ED14805-BB84-43B6-B7E2-5CEBC22F3008}]
    @=&quot;"

    [HKEY_CLASSES_ROOT\CLSID\{2ED14805-BB84-43B6-B7E2-5CEBC22F3008}\Implemented Categories]
    @=&quot;"

    [HKEY_CLASSES_ROOT\CLSID\{2ED14805-BB84-43B6-B7E2-5CEBC22F3008}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=&quot;"

    [HKEY_CLASSES_ROOT\CLSID\{2ED14805-BB84-43B6-B7E2-5CEBC22F3008}\InprocServer32]
    @=&quot;C:\\WINDOWS\\system32\\sjrvdeps.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{249AFB86-0C96-4097-9164-65C4529DE28C}]
    @=&quot;"

    [HKEY_CLASSES_ROOT\CLSID\{249AFB86-0C96-4097-9164-65C4529DE28C}\Implemented Categories]
    @=&quot;"

    [HKEY_CLASSES_ROOT\CLSID\{249AFB86-0C96-4097-9164-65C4529DE28C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=&quot;"

    [HKEY_CLASSES_ROOT\CLSID\{249AFB86-0C96-4097-9164-65C4529DE28C}\InprocServer32]
    @=&quot;C:\\WINDOWS\\system32\\durawex.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{99EFA66C-61C4-466F-B12B-D8700501C1FF}]
    @=&quot;"

    [HKEY_CLASSES_ROOT\CLSID\{99EFA66C-61C4-466F-B12B-D8700501C1FF}\Implemented Categories]
    @=&quot;"

    [HKEY_CLASSES_ROOT\CLSID\{99EFA66C-61C4-466F-B12B-D8700501C1FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=&quot;"

    [HKEY_CLASSES_ROOT\CLSID\{99EFA66C-61C4-466F-B12B-D8700501C1FF}\InprocServer32]
    @=&quot;C:\\WINDOWS\\system32\\searddlg.dll"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    browseui.dll Sat 3 Sep 2005 0:54:56 A.... 1 019 904 996,00 K
    capicom.dll Wed 5 Oct 2005 14:44:38 A.... 466 944 456,00 K
    cdfview.dll Sat 3 Sep 2005 0:54:56 A.... 151 552 148,00 K
    cdosys.dll Sat 10 Sep 2005 2:55:36 A.... 2 067 968 1,97 M
    danim.dll Sat 3 Sep 2005 0:54:58 A.... 1 054 208 1,00 M
    durawex.dll Wed 30 Nov 2005 18:42:34 ..S.R 236 656 231,11 K
    dxtrans.dll Sat 3 Sep 2005 0:54:58 A.... 205 312 200,50 K
    extmgr.dll Sat 3 Sep 2005 0:54:58 ..... 55 808 54,50 K
    fp0q03~1.dll Mon 28 Nov 2005 18:19:30 ..S.R 235 048 229,54 K
    gdi32.dll Thu 6 Oct 2005 4:19:00 A.... 280 064 273,50 K
    gp0ul3~1.dll Wed 30 Nov 2005 20:13:34 ..S.R 236 656 231,11 K
    iepeers.dll Sat 3 Sep 2005 0:54:58 A.... 251 392 245,50 K
    inseng.dll Sat 3 Sep 2005 0:55:00 A.... 96 768 94,50 K
    j4l4le~1.dll Thu 1 Dec 2005 20:54:40 ..S.R 233 965 228,48 K
    mshtml.dll Tue 4 Oct 2005 16:27:36 A.... 3 013 120 2,87 M
    mshtmled.dll Sat 3 Sep 2005 0:55:02 A.... 448 512 438,00 K
    msrating.dll Sat 3 Sep 2005 0:55:04 A.... 146 432 143,00 K
    mstime.dll Sat 3 Sep 2005 0:55:04 A.... 530 432 518,00 K
    pngfilt.dll Sat 3 Sep 2005 0:55:04 A.... 39 424 38,50 K
    searddlg.dll Thu 1 Dec 2005 15:45:04 ..S.R 237 011 231,45 K
    shdocvw.dll Sat 3 Sep 2005 0:55:06 A.... 1 484 288 1,41 M
    shell32.dll Fri 23 Sep 2005 4:07:48 A.... 8 456 704 8,06 M
    shlwapi.dll Sat 3 Sep 2005 0:55:06 A.... 473 600 462,50 K
    sirenacm.dll Thu 13 Oct 2005 0:11:06 A.... 118 784 116,00 K
    sjrvdeps.dll Thu 1 Dec 2005 20:54:40 ..S.R 236 656 231,11 K
    urlmon.dll Sat 3 Sep 2005 0:55:08 A.... 603 648 589,50 K
    wininet.dll Sat 3 Sep 2005 0:55:08 A.... 657 920 642,50 K

    27 items found: 27 files (6 H/S), 0 directories.
    Total of file sizes: 23 038 776 bytes 21,97 M
    Locate .tmp files:

    No matches found.
    **********************************************************************************
    Directory Listing of system files:
    Volumet i stasjon C er uten navn.
    Volumserienummeret er B85D-8106

    Innhold i C:\WINDOWS\System32

    01.12.2005 20:54 236ÿ656 sjrvdeps.dll
    01.12.2005 20:54 233ÿ965 j4l4le3q1h.dll
    01.12.2005 15:45 237ÿ011 searddlg.dll
    30.11.2005 20:13 236ÿ656 gp0ul3d91.dll
    30.11.2005 18:42 236ÿ656 durawex.dll
    28.11.2005 18:19 235ÿ048 fp0q03d5e.dll
    13.11.2005 17:12 <DIR> dllcache
    21.05.2005 15:03 <DIR> Microsoft
    30.09.1999 18:21 166ÿ672 mstext35.dll
    28.09.1999 20:42 1ÿ050ÿ896 msjet35.dll
    09.09.1999 21:06 252ÿ688 msexcl35.dll
    09.09.1999 21:06 168ÿ720 msltus35.dll
    25.08.1999 13:57 415ÿ504 msrepl35.dll
    10.06.1999 08:34 123ÿ664 msjint35.dll
    10.06.1999 08:34 24ÿ848 msjter35.dll
    07.06.1999 17:59 250ÿ128 mspdox35.dll
    25.04.1999 16:00 252ÿ176 Msrd2x35.dll
    25.04.1999 16:00 368ÿ912 Vbar332.dll
    25.04.1999 16:00 287ÿ504 Msxbse35.dll
    17 fil(er) 4ÿ777ÿ704 byte
    2 mappe(r) 4ÿ097ÿ900ÿ544 byte ledig
  • TroganTrogan London, UK
    edited December 2005
    Close any browsers and programs you have open since this step requires a reboot.

    From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. It will process then start. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

    IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
    If after the reboot the log does not open double click on it in the l2mfix folder.
  • mr_kane
    edited December 2005
    Ok, here`s the lo2.txt from the l2mfix folder

    I hope this is the right text file from the folder, the only file with changes after reeboot.

    Starting Beta Fix 112305
    Creating Account.
    Kommandoen er fullf›rt.

    Adding Administrative privleges.
    Systemfeil 1376 har oppst†tt.

    Lokalgruppen finnes ikke.

    Checking for L2MFix account(0=no 1=yes):
    1
    Granting SeDebugPrivilege to L2MFIX ... successful
    Checking for L2MFix account(0=no 1=yes):
    0


    And here`s a new hijackthis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 18:02:42, on 02.12.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Programfiler\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
    C:\Programfiler\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
    D:\Programfiler\B54 Wireless Monitor\WLService.exe
    D:\Programfiler\B54 Wireless Monitor\WLanCfgG.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Programfiler\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Programfiler\MSN Messenger\MsnMsgr.Exe
    C:\Programfiler\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Programfiler\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\Programfiler\Internet Explorer\iexplore.exe
    C:\Documents and Settings\El jefe\Skrivebord\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hostingproject.info/Zilos/googlex/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Programfiler\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Norton GoBack.lnk = C:\Programfiler\Norton SystemWorks\Norton GoBack\GBTray.exe
    O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15012/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4618/mcfscan.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15012/CTPID.cab
    O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\j4l4le3q1h.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: WLB54 Service (WLB54) - Unknown owner - D:\Programfiler\B54 Wireless Monitor\WLService.exe
  • TroganTrogan London, UK
    edited December 2005
    Type javascript:navigator.userAgent or just copy and paste it in your IE Address bar then hit enter. Make certain there are no spaces in the line. Post the results back here.


    Download and run VX2Finder(.exe).
    http://www.downloads.subratam.org/VX2Finder.exe

    Open the program and click the 'Click to Find VX2.aBetterInternet' button. This will attempt to find all VX2 related files and registry keys and when present display them in its logfile. To create a logfile, click the button named: 'Make Log'. This will open logfile using Notepad. Please post (copy/paste) the results and post them in this topic.

    Download these two tools:

    http://www.downloads.subratam.org/DllCompare.exe
    &
    http://www.downloads.subratam.org/KillBox.exe

    Run Dllcompare by clicking the "Run Locate.com" then click Compare button... when done post that log here. Do not reboot once you have posted the logs because all the filenames will change otherwise.
  • mr_kane
    edited December 2005
    Ok!

    Here`s the result of the first task.

    Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; {CCE1B23B-D34C-6006-1C64-20CA030003F5})

    And here`s the VX2 log:

    Log for VX2.BetterInternet File Finder (ALL)

    Files Found---

    Additional Files---

    Keys Under Notify---
    crypt32chain
    cryptnet
    cscdll
    MCD
    ScCertProp
    Schedule
    sclgntfy
    SensLogn
    termsrv
    wlballoon
    wzcnotif


    Guardian Key--- is called:

    Guardian Key--- :

    User Agent String---
    {CCE1B23B-D34C-6006-1C64-20CA030003F5}

    And finally the dllCompare log

    * DLLCompare Log version(1.0.0.127)
    Files Found that Windows does not See or cannot Access
    *Not everything listed here means you are infected!
    ________________________________________________

    C:\WINDOWS\SYSTEM32\csgbkend.dll Sat 3 Dec 2005 12:41:58 ..S.R 233 975 228,49 K
    C:\WINDOWS\SYSTEM32\d0j00a~1.dll Fri 2 Dec 2005 17:53:14 ..S.R 233 975 228,49 K
    C:\WINDOWS\SYSTEM32\durawex.dll Wed 30 Nov 2005 18:42:34 ..S.R 236 656 231,11 K
    C:\WINDOWS\SYSTEM32\dzgest.dll Fri 2 Dec 2005 17:53:14 ..S.R 233 965 228,48 K
    C:\WINDOWS\SYSTEM32\fp0q03~1.dll Mon 28 Nov 2005 18:19:30 ..S.R 235 048 229,54 K
    C:\WINDOWS\SYSTEM32\hpl023~1.dll Fri 2 Dec 2005 17:42:06 ..S.R 235 998 230,46 K
    C:\WINDOWS\SYSTEM32\hr8805~1.dll Fri 2 Dec 2005 13:41:42 ..S.R 234 850 229,34 K
    C:\WINDOWS\SYSTEM32\l8p2li~1.dll Fri 2 Dec 2005 18:58:14 ..S.R 233 965 228,48 K
    C:\WINDOWS\SYSTEM32\msexcl35.dll Thu 9 Sep 1999 21:06:38 A.S.. 252 688 246,77 K
    C:\WINDOWS\SYSTEM32\msjet35.dll Tue 28 Sep 1999 20:42:48 A.S.. 1 050 896 1,00 M
    C:\WINDOWS\SYSTEM32\msjint35.dll Thu 10 Jun 1999 8:34:04 A.S.. 123 664 120,77 K
    C:\WINDOWS\SYSTEM32\msjter35.dll Thu 10 Jun 1999 8:34:04 A.S.. 24 848 24,27 K
    C:\WINDOWS\SYSTEM32\msltus35.dll Thu 9 Sep 1999 21:06:38 A.S.. 168 720 164,77 K
    C:\WINDOWS\SYSTEM32\mspdox35.dll Mon 7 Jun 1999 17:59:34 A.S.. 250 128 244,27 K
    C:\WINDOWS\SYSTEM32\msrd2x35.dll Sun 25 Apr 1999 16:00:00 A.S.. 252 176 246,27 K
    C:\WINDOWS\SYSTEM32\msrepl35.dll Wed 25 Aug 1999 13:57:26 A.S.. 415 504 405,77 K
    C:\WINDOWS\SYSTEM32\mstext35.dll Thu 30 Sep 1999 18:21:24 A.S.. 166 672 162,77 K
    C:\WINDOWS\SYSTEM32\msxbse35.dll Sun 25 Apr 1999 16:00:00 A.S.. 287 504 280,77 K
    C:\WINDOWS\SYSTEM32\vbar332.dll Sun 25 Apr 1999 16:00:00 A.S.. 368 912 360,27 K
    ________________________________________________

    1 233 items found: 1 233 files (19 H/S), 0 directories.
    Total of file sizes: 263 103 098 bytes 250,91 M

    Administrator Account = True
    End log
  • TroganTrogan London, UK
    edited December 2005
    Stay offline when doing the following fix.

    Open killbox and paste in C:\WINDOWS\SYSTEM32\csgbkend.dll

    With the full path to the file name in the topmost textbox, click the option *replace on reboot* and *Use Dummy* which will create a numbered dummy file instantly for you.

    Click the Red X ...and for the confirmation message that will appear, you will need to click Yes
    A second message will ask to Reboot now? you will need to click No (since you are not finished adding all related files in yet)

    Repeat the above for each of these;

    C:\WINDOWS\SYSTEM32\d0j00a~1.dll
    C:\WINDOWS\SYSTEM32\durawex.dll
    C:\WINDOWS\SYSTEM32\dzgest.dll
    C:\WINDOWS\SYSTEM32\fp0q03~1.dll
    C:\WINDOWS\SYSTEM32\hpl023~1.dll
    C:\WINDOWS\SYSTEM32\hr8805~1.dll
    C:\WINDOWS\SYSTEM32\l8p2li~1.dll

    On that last file, close all programs and Reboot your computer.

    Post another log from dllcompare please.
  • mr_kane
    edited December 2005
    Hello again!

    I didn`t reboot my PC at once after the last dllCompare yesterday, but my little son turned off the PC today before I did the killbox operation.
    Will this affect the result?
    Do I have to repeat one of the earlier steps?

    Here`s the new dllCompare log


    * DLLCompare Log version(1.0.0.127)
    Files Found that Windows does not See or cannot Access
    *Not everything listed here means you are infected!
    ________________________________________________

    C:\WINDOWS\SYSTEM32\g8lm0i~1.dll Sun 4 Dec 2005 15:01:34 ..S.R 234 113 228,63 K
    C:\WINDOWS\SYSTEM32\ijsso.dll Sun 4 Dec 2005 15:01:36 ..S.R 233 975 228,49 K
    C:\WINDOWS\SYSTEM32\mhpistub.dll Sun 4 Dec 2005 14:49:46 ..S.R 233 965 228,48 K
    C:\WINDOWS\SYSTEM32\msexcl35.dll Thu 9 Sep 1999 21:06:38 A.S.. 252 688 246,77 K
    C:\WINDOWS\SYSTEM32\msjet35.dll Tue 28 Sep 1999 20:42:48 A.S.. 1 050 896 1,00 M
    C:\WINDOWS\SYSTEM32\msjint35.dll Thu 10 Jun 1999 8:34:04 A.S.. 123 664 120,77 K
    C:\WINDOWS\SYSTEM32\msjter35.dll Thu 10 Jun 1999 8:34:04 A.S.. 24 848 24,27 K
    C:\WINDOWS\SYSTEM32\msltus35.dll Thu 9 Sep 1999 21:06:38 A.S.. 168 720 164,77 K
    C:\WINDOWS\SYSTEM32\mspdox35.dll Mon 7 Jun 1999 17:59:34 A.S.. 250 128 244,27 K
    C:\WINDOWS\SYSTEM32\msrd2x35.dll Sun 25 Apr 1999 16:00:00 A.S.. 252 176 246,27 K
    C:\WINDOWS\SYSTEM32\msrepl35.dll Wed 25 Aug 1999 13:57:26 A.S.. 415 504 405,77 K
    C:\WINDOWS\SYSTEM32\mstext35.dll Thu 30 Sep 1999 18:21:24 A.S.. 166 672 162,77 K
    C:\WINDOWS\SYSTEM32\msxbse35.dll Sun 25 Apr 1999 16:00:00 A.S.. 287 504 280,77 K
    C:\WINDOWS\SYSTEM32\n28olc~1.dll Sat 3 Dec 2005 15:27:58 ..S.R 233 975 228,49 K
    C:\WINDOWS\SYSTEM32\vbar332.dll Sun 25 Apr 1999 16:00:00 A.S.. 368 912 360,27 K
    ________________________________________________

    1 234 items found: 1 234 files (15 H/S), 0 directories.
    Total of file sizes: 262 160 974 bytes 250,02 M

    Administrator Account = True
    End log
  • TroganTrogan London, UK
    edited December 2005
    No problem :)


    Can you do the same process with Killbox but for these files:

    C:\WINDOWS\SYSTEM32\g8lm0i~1.dll
    C:\WINDOWS\SYSTEM32\ijsso.dll
    C:\WINDOWS\SYSTEM32\mhpistub.dll
    C:\WINDOWS\SYSTEM32\n28olc~1.dll


    Reboot and post another DLLcompare log please :)
  • mr_kane
    edited December 2005
    Haven`t been any popups now, after the last killbox action.

    Here`s the result of the new log:


    * DLLCompare Log version(1.0.0.127)
    Files Found that Windows does not See or cannot Access
    *Not everything listed here means you are infected!
    ________________________________________________

    C:\WINDOWS\SYSTEM32\msexcl35.dll Thu 9 Sep 1999 21:06:38 A.S.. 252 688 246,77 K
    C:\WINDOWS\SYSTEM32\msjet35.dll Tue 28 Sep 1999 20:42:48 A.S.. 1 050 896 1,00 M
    C:\WINDOWS\SYSTEM32\msjint35.dll Thu 10 Jun 1999 8:34:04 A.S.. 123 664 120,77 K
    C:\WINDOWS\SYSTEM32\msjter35.dll Thu 10 Jun 1999 8:34:04 A.S.. 24 848 24,27 K
    C:\WINDOWS\SYSTEM32\msltus35.dll Thu 9 Sep 1999 21:06:38 A.S.. 168 720 164,77 K
    C:\WINDOWS\SYSTEM32\mspdox35.dll Mon 7 Jun 1999 17:59:34 A.S.. 250 128 244,27 K
    C:\WINDOWS\SYSTEM32\msrd2x35.dll Sun 25 Apr 1999 16:00:00 A.S.. 252 176 246,27 K
    C:\WINDOWS\SYSTEM32\msrepl35.dll Wed 25 Aug 1999 13:57:26 A.S.. 415 504 405,77 K
    C:\WINDOWS\SYSTEM32\mstext35.dll Thu 30 Sep 1999 18:21:24 A.S.. 166 672 162,77 K
    C:\WINDOWS\SYSTEM32\msxbse35.dll Sun 25 Apr 1999 16:00:00 A.S.. 287 504 280,77 K
    C:\WINDOWS\SYSTEM32\vbar332.dll Sun 25 Apr 1999 16:00:00 A.S.. 368 912 360,27 K
    ________________________________________________

    1 232 items found: 1 232 files (11 H/S), 0 directories.
    Total of file sizes: 261 225 058 bytes 249,12 M

    Administrator Account = True
    End log
  • TroganTrogan London, UK
    edited December 2005
    Nearly there. Only a few more steps :)


    Can you post a new HJT log please :)
  • mr_kane
    edited December 2005
    Ok! :) Thanks!

    The new HJT log coming up:

    Logfile of HijackThis v1.99.1
    Scan saved at 16:10:23, on 04.12.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Programfiler\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
    C:\Programfiler\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
    D:\Programfiler\B54 Wireless Monitor\WLService.exe
    D:\Programfiler\B54 Wireless Monitor\WLanCfgG.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Programfiler\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Programfiler\MSN Messenger\MsnMsgr.Exe
    C:\Programfiler\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Programfiler\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\El jefe\Skrivebord\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hostingproject.info/Zilos/googlex/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Programfiler\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Norton GoBack.lnk = C:\Programfiler\Norton SystemWorks\Norton GoBack\GBTray.exe
    O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15012/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4618/mcfscan.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15012/CTPID.cab
    O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\g8lm0i31e8.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: WLB54 Service (WLB54) - Unknown owner - D:\Programfiler\B54 Wireless Monitor\WLService.exe
  • TroganTrogan London, UK
    edited December 2005
    Check the following in HJT and click 'Fix Checked'

    O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\g8lm0i31e8.dll
    --


    Run VX2Finder and hit the 'Click to find VX2betterinternet' button. Then hit the restore policy button and useragent string button.


    Then, Reboot!


    Type javascript:navigator.userAgent or just copy and paste it in your IE Address bar then hit enter. Make certain there are no spaces in the line. Post the results back here.
  • mr_kane
    edited December 2005
    Here`s the result of the last steps:

    Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
  • TroganTrogan London, UK
    edited December 2005
    Perfect! :thumbsup:


    Post a new HJT log and lets see if anything is left :)
  • mr_kane
    edited December 2005
    Looking good now! ;D

    Here`s the log, hopefully the last one.... :)


    Logfile of HijackThis v1.99.1
    Scan saved at 21:00:28, on 04.12.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Programfiler\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
    C:\Programfiler\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
    D:\Programfiler\B54 Wireless Monitor\WLService.exe
    D:\Programfiler\B54 Wireless Monitor\WLanCfgG.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
    C:\Programfiler\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Programfiler\MSN Messenger\MsnMsgr.Exe
    C:\Programfiler\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Programfiler\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\Documents and Settings\El jefe\Skrivebord\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hostingproject.info/Zilos/googlex/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Programfiler\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Norton GoBack.lnk = C:\Programfiler\Norton SystemWorks\Norton GoBack\GBTray.exe
    O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15012/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4618/mcfscan.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15012/CTPID.cab
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: WLB54 Service (WLB54) - Unknown owner - D:\Programfiler\B54 Wireless Monitor\WLService.exe
  • TroganTrogan London, UK
    edited December 2005
    This is the last one - your log is clean :thumbsup:


    Please consider joining the Folding@Home Project :)
    Join our Folding@Home team! Alzheimer's, Parkinson's, cancer... we're trying to cure them with our computers! You've at least read a little about it in the greeting I sent you when you signed up for the site. We're always really pleased to greet new members to the team, and it's a quick way to become an appreciated member of the community.
    MORE INFO: READ THIS


    Follow this guide by Crunchie to stay more secure

    Now that your PC is clean you need to follow these easy steps to keeping it this way:

    Secure your Internet Explorer by going here and following the instructions there.

    Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.

    Use a firewall to help prevent your PC's control being usurped by undesireables.

    Install and keep updated, Ad-Aware SE, and Spybot S&D.
    Run them both on a regular basis, following the manufacturer's recommendations.

    Install and keep updated, SpywareBlaster 3.4

    Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.

    Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.


    Clear your Temp folders.
    Clear out your Temporary internet files and other temp files.
    Go to Start > Settings > Control Panel >Internet Options.
    Under the General tab click the Delete temporary internet files,
    delete all Offline content as well. Clear out Cookies.

    Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

    Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)

    C:\Documents and Settings\username\Local Settings\Temp\

    In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.

    Empty the Recycle Bin.

    For XP users.
    After something like this it is a good idea to Flush the Restore Points and start fresh.
    To flush the XP system Restore Points.

    Go to Start>Run and type msconfig. Press enter.

    When msconfig opens, click the Launch System Restore Button.
    On the next page, click the System Restore Settings link on the left.

    Check the box labelled 'Turn off System restore'.

    Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.

    Note that all previous restore points will be lost.

    ===============

    If you have any more problems, post back.
  • mr_kane
    edited December 2005
    Thanks a lot from Norway, for all your help !
    Appreciate it!!

    A little bit less annoying visiting the web now :)

    Glory, glory ManUnited ;D
  • TroganTrogan London, UK
    edited December 2005
    lol, stick around :D:thumbsup:


    I'm marking this resolved. If you need help again, hopefully not, then start a new thread :thumbsup:
This discussion has been closed.