Skip to main content

Qnorsten's Own new topic Trojandownloader.zlob

Comments

56 comments

  • Customer

    * You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.

     

    * Download smitRem.exe and save the file to your desktop.

    Double click on the file to extract it to it's own folder on the desktop.

     

    * First download AVG Anti-Spyware 7.5 from HERE and save that file to your desktop.

    This is a 30 day trial of the program


    1. Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.


    2. Once the setup is complete you will need run AVG Anti-Spyware 7.5 and update the definition files.



    3. Run AVG Anti-Spyware


    4. From the main AVG Anti-Spyware screen, click on Update, then click the Start update button.


    5. After the update finishes (the status bar at the bottom will display "Update successful")


    6. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".


    7. Under "Reports


    8. Select "Automatically generate report after every scan"


    9. Un-Select "Only if threats were found"



    Close AVG Anti-Spyware 7.5, Do Not run a scan just yet, we will shortly.

     

    * If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:

    Ad-Aware SE Setup

    Again, do NOT run a scan yet.

     

     

    * Next, please reboot your computer in Safe Mode by doing the following:


    1. Restart your computer


    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.


    3. Instead of Windows loading as normal, a menu should appear


    4. Select the first option, to run Windows in Safe Mode.



    * Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.

    Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.

     

    * Next, run Ad-aware and perform a full scan. Remove everything found.


    1. Lauch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.


    2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".


    3. AVG Anti-Spyware 7.5 will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:


    4. If you have any infections you will prompted, then select "Apply all actions"


    5. Next select the "Reports" icon at the top.


    6. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).



    * Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck "Security Info" if present.

     

     

    * Restart your computer in normal mode.

     

    * Please download ATF Cleaner by Atribune.

    This program is for XP and Windows 2000 only

      Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.


    If you use Firefox browser

      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.


    If you use Opera browser

      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.


    Click Exit on the Main menu to close the program.

    For Technical Support, double-click the e-mail address located at the bottom of each menu.

     

    * Run the Panda online virus scan at http://www.pandasoftware.com/products/activescan.htm

     

    - Once you are on the Panda site click the Scan your PC button

    - A new window will open...click the Check Now button

    - Enter your Country

    - Enter your State/Province

    - Enter your e-mail address and click send

    - Select either Home User or Company

    - Click the big Scan Now button

    - If it wants to install an ActiveX component allow it

    - It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

    - When download is complete, click on Local Disks to start the scan

    - When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

     

    * Finally, restart your computer once more, and please post a new HijackThis log as well as the log from the AVG Anti-Spyware 7.5 scan and the log from the smitRem tool, which will be located at C:\smitfiles.txt.

    Let us know if any problems persist.

    0
  • Customer

    hie i have followed your instructions but i am just able to scan with hijakthis in safe mode when i start normal mode explorer.exe starts to take up 98-99% of cpu usage and then Norton keeps telling me that it has found a virus named "Downloader" in the temp map I don’t remember the name on the file but if the first one is named temp.dat (this is not the file name) so is the second named tempa.dat and the third tempb.dat and so one.

     

    here is the logs you requested (all scaned in safemode) ad-aware found noting this time but use to find win32.trojan someting

     

    Logfile of HijackThis v1.99.1

    Scan saved at 17:23:50, on 2006-11-14

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\taskmgr.exe

    C:\Program\Mozilla Firefox\firefox.exe

    C:\HJT\HijackThis.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

    O1 - Hosts: 127.255.255.255 images.alcohol-soft.com

    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe

    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start

    O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_05\bin\npjpi150_05.dll

    O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_05\bin\npjpi150_05.dll

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140536817421

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\ccPwdSvc.exe

    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Norton Internet Security\comHost.exe

    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program\Norton GoBack\GBPoll.exe

    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program\HPQ\SHARED\HPQWMI.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

    O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

     

     

     

     

    smitRem © log file

    version 3.2

     

    by noahdfear

     

     

    Microsoft Windows XP [Version 5.1.2600]

    "IE"="6.0000"

     

    Running from

    C:\smitRem

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    Pre-run SharedTask Export

     

    (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)

    Copyright© 2006 BleepingComputer.com

     

    Registry Pseudo-Format Mode (Not a valid reg file):

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]

    @="%SystemRoot%\system32\browseui.dll"

     

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]

    @="%SystemRoot%\system32\browseui.dll"

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    Appinitdll check ........ Thank you Grinler!

     

    dumphive.exe ©2000-2004 Markus Stephany

    REGEDIT4

     

    [Windows]

    "AppInit_DLLs"=""

    "DeviceNotSelectedTimeout"="15"

    "GDIProcessHandleQuota"=dword:00002710

    "Spooler"="yes"

    "swapdisk"=""

    "TransmissionRetryTimeout"="90"

    "USERProcessHandleQuota"=dword:00002710

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    XP Firewall allowed access

     

    Windows Registry Editor Version 5.00

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    "C:\\Program\\iTunes\\iTunes.exe"="C:\\Program\\iTunes\\iTunes.exe:*:Enabled:iTunes"

    "C:\\Program\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program\\Hp\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"

    "C:\\Program\\Hp\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program\\Hp\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"

    "C:\\Program\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program\\Hp\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"

    "C:\\Program\\Hp\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program\\Hp\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"

    "C:\\Program\\Hp\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program\\Hp\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"

    "C:\\Program\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

    "C:\\Program\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

    "C:\\Program\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program\\Hp\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"

    "C:\\Program\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program\\Hp\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"

    "C:\\Program\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

    "C:\\Program\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

    "C:\\Program\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"

    "C:\\Program\\Hp\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program\\Hp\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"

    "E:\\setup\\HPZNET01.EXE"="E:\\setup\\HPZNET01.EXE:*:Enabled:hpznet01.exe"

    "E:\\setup\\HPONICIFS01.EXE"="E:\\setup\\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"

    "D:\\Slaget om Midg†rd II\\game.dat"="D:\\Slaget om Midg†rd II\\game.dat:*:Enabled:Slaget om Midg†rdT II"

    "C:\\Program\\Messenger\\msmsgs.exe"="C:\\Program\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

    "C:\\Program\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"="C:\\Program\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe:*:Enabled:BattlefrontII"

    "D:\\Quake III Arena\\quake3.exe"="D:\\Quake III Arena\\quake3.exe:*:Enabled:quake3"

    "C:\\Program\\BitLord\\BitLord.exe"="C:\\Program\\BitLord\\BitLord.exe:*:Enabled:BitLord"

    "C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"

    "C:\\Program\\MSN Messenger\\msncall.exe"="C:\\Program\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

    "C:\\Program\\Skype\\Phone\\Skype.exe"="C:\\Program\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

    "D:\\crack\\utorrent.exe"="D:\\crack\\utorrent.exe:*:Enabled:æTorrent"

    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Fj„rrhj„lp - Windows Messenger och tal"

    "\\\\compaqxp\\C\\Rockbox\\utorrent.exe"="\\\\compaqxp\\C\\Rockbox\\utorrent.exe:*:Enabled:æTorrent"

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

     

    checking for ShudderLTD key

     

    ShudderLTD key not present!

     

    checking for PSGuard.com key

     

     

    PSGuard.com key not present!

     

     

    checking for WinHound.com key

     

     

    WinHound.com key not present!

     

     

    checking for drsmartload2 key

     

     

    drsmartload2 key not present!

     

    spyaxe uninstaller NOT present

    Winhound uninstaller NOT present

    SpywareStrike uninstaller NOT present

    AlfaCleaner uninstaller NOT present

    SpyFalcon uninstaller NOT present

    SpywareQuake uninstaller NOT present

    SpywareSheriff uninstaller NOT present

    Trust Cleaner uninstaller NOT present

    SpyHeal uninstaller NOT present

    VirusBurst uninstaller NOT present

    BraveSentry uninstaller NOT present

    AntiVermins uninstaller NOT present

    VirusBursters uninstaller NOT present

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    Existing Pre-run Files

     

     

    ~~~ Program Files ~~~

     

     

     

    ~~~ Shortcuts ~~~

     

     

     

    ~~~ Favorites ~~~

     

     

     

    ~~~ system32 folder ~~~

     

     

     

    ~~~ Icons in System32 ~~~

     

     

     

    ~~~ Windows directory ~~~

     

     

     

    ~~~ Drive root ~~~

     

     

    ~~~ Miscellaneous Files/folders ~~~

     

     

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

    Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

    Killing PID 1424 'explorer.exe'

     

    Starting registry repairs

     

    Registry repairs complete

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    SharedTask Export after registry fix

     

    (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)

    Copyright© 2006 BleepingComputer.com

     

    Registry Pseudo-Format Mode (Not a valid reg file):

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]

    @="%SystemRoot%\system32\browseui.dll"

     

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]

    @="%SystemRoot%\system32\browseui.dll"

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    Deleting files

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    Remaining Post-run Files

     

     

    ~~~ Program Files ~~~

     

     

     

    ~~~ Shortcuts ~~~

     

     

     

    ~~~ Favorites ~~~

     

     

     

    ~~~ system32 folder ~~~

     

     

     

    ~~~ Icons in System32 ~~~

     

     

     

    ~~~ Windows directory ~~~

     

     

     

    ~~~ Drive root ~~~

     

     

    ~~~ Miscellaneous Files/folders ~~~

     

     

     

    ~~~ Wininet.dll ~~~

     

    CLEAN!

     

    Ad-Aware SE Build 1.06r1

    Logfile Created on:den 14 november 2006 07:28:30

    Created with Ad-Aware SE Personal, free for private use.

    Using definitions file:SE1R131 09-11-2006

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    References detected during the scan:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    None

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    Ad-Aware SE Settings

    ===========================

    Set : Search for low-risk threats

    Set : Safe mode (always request confirmation)

    Set : Scan active processes

    Set : Scan registry

    Set : Deep-scan registry

    Set : Scan my IE Favorites for banned URLs

    Set : Scan my Hosts file

     

    Extended Ad-Aware SE Settings

    ===========================

    Set : Unload recognized processes & modules during scan

    Set : Scan registry for all users instead of current user only

    Set : Always try to unload modules before deletion

    Set : During removal, unload Explorer and IE if necessary

    Set : Let Windows remove files in use at next reboot

    Set : Delete quarantined objects after restoring

    Set : Include basic Ad-Aware settings in log file

    Set : Include additional Ad-Aware settings in log file

    Set : Include reference summary in log file

    Set : Include alternate data stream details in log file

    Set : Play sound at scan completion if scan locates critical objects

     

     

    2006-11-14 07:28:30 - Scan started. (Full System Scan)

     

    Listing running processes

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    #:1 [smss.exe]

    FilePath : \SystemRoot\System32\

    ProcessID : 768

    ThreadCreationTime : 2006-11-14 06:19:00

    BasePriority : Normal

     

     

    #:2 [csrss.exe]

    FilePath : \??\C:\WINDOWS\system32\

    ProcessID : 820

    ThreadCreationTime : 2006-11-14 06:19:07

    BasePriority : Normal

     

     

    #:3 [winlogon.exe]

    FilePath : \??\C:\WINDOWS\system32\

    ProcessID : 844

    ThreadCreationTime : 2006-11-14 06:19:09

    BasePriority : High

     

     

    #:4 [services.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 892

    ThreadCreationTime : 2006-11-14 06:19:13

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Operativsystemet Microsoft® Windows®

    CompanyName : Microsoft Corporation

    FileDescription : Tjänst- och styrenhetsprogram

    InternalName : services.exe

    LegalCopyright : © Microsoft Corporation. Med ensamrätt.

    OriginalFilename : services.exe

     

    #:5 [lsass.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 904

    ThreadCreationTime : 2006-11-14 06:19:14

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : LSA Shell (Export Version)

    InternalName : lsass.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : lsass.exe

     

    #:6 [svchost.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1048

    ThreadCreationTime : 2006-11-14 06:19:19

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

     

    #:7 [svchost.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1132

    ThreadCreationTime : 2006-11-14 06:19:21

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

     

    #:8 [svchost.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1216

    ThreadCreationTime : 2006-11-14 06:19:22

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

     

    #:9 [svchost.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1292

    ThreadCreationTime : 2006-11-14 06:19:23

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

     

    #:10 [svchost.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1348

    ThreadCreationTime : 2006-11-14 06:19:24

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

     

    #:11 [explorer.exe]

    FilePath : C:\WINDOWS\

    ProcessID : 1888

    ThreadCreationTime : 2006-11-14 06:24:22

    BasePriority : Normal

    FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 6.00.2900.2180

    ProductName : Operativsystemet Microsoft® Windows®

    CompanyName : Microsoft Corporation

    FileDescription : Utforskaren

    InternalName : explorer

    LegalCopyright : © Microsoft Corporation. Med ensamrätt.

    OriginalFilename : EXPLORER.EXE

     

    #:12 [avgas.exe]

    FilePath : C:\Program\Grisoft\AVG Anti-Spyware 7.5\

    ProcessID : 1456

    ThreadCreationTime : 2006-11-14 06:24:50

    BasePriority : Normal

    FileVersion : 7, 5, 0, 50

    ProductVersion : 7, 5, 0, 50

    ProductName : AVG Anti-Spyware

    CompanyName : Anti-Malware Development a.s.

    FileDescription : AVG Anti-Spyware

    InternalName : AVG Anti-Spyware

    LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.

    OriginalFilename : avgas.exe

     

    #:13 [firefox.exe]

    FilePath : C:\Program\Mozilla Firefox\

    ProcessID : 1500

    ThreadCreationTime : 2006-11-14 06:24:54

    BasePriority : Normal

     

     

    #:14 [ad-aware.exe]

    FilePath : C:\Program\Lavasoft\Ad-Aware SE Personal\

    ProcessID : 1332

    ThreadCreationTime : 2006-11-14 06:28:20

    BasePriority : Normal

    FileVersion : 6.2.0.236

    ProductVersion : SE 106

    ProductName : Lavasoft Ad-Aware SE

    CompanyName : Lavasoft Sweden

    FileDescription : Ad-Aware SE Core application

    InternalName : Ad-Aware.exe

    LegalCopyright : Copyright © Lavasoft AB Sweden

    OriginalFilename : Ad-Aware.exe

    Comments : All Rights Reserved

     

    Memory scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 0

     

     

    Started registry scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    Registry Scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 0

     

     

    Started deep registry scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    Deep registry scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 0

     

     

    Started Tracking Cookie scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

     

    Tracking cookie scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 0

     

     

     

    Deep scanning and examining files (C:)

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    Disk Scan Result for C:\

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 0

     

     

    Deep scanning and examining files (D:)

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    Disk Scan Result for D:\

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 0

     

     

    Scanning Hosts file......

    Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    Hosts file scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    3 entries scanned.

    New critical objects:0

    Objects found so far: 0

     

     

    07:36:41 Scan Complete

     

    Summary Of This Scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Total scanning time:00:08:10.453

    Objects scanned:189941

    Objects identified:0

    Objects ignored:0

    New critical objects:0

    0
  • Customer

    I don't see any logs.

    they are there now all exept the avg log that i couldn't find but it just detected some cookies.

    0
  • Customer

    I don't see any logs.

    0
  • Customer

    hi i am trying to uninstall java now but normalmode is just so slow and when i started the computer nod32 displayed this "C:\WINDOWS\system32\wvurrrr.dll - probably a variant of Win32/TrojanDownloader.ConHook trojan", and this "probably a variant of Win32/TrojanDownloader.ConHook trojan found in operating memory. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed. No action can be taken while the file is in memory. Click "Leave" to continue and subsequently run the cleaning of all local disks. System memory infection originated from file C:\WINDOWS\system32\wvurrrr.dll."

    i also had to quit explorer.exe to ba able to do anyting on the computer.

     

    but i am working to install the new java and then run the other file.

    0
  • Customer

    Please post the log as your next reply instead and do not edit your posts.

     

    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

     

    Updating Java:


    • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.


    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".


    • Click the "Download" button to the right.


    • Check the box that says: "Accept License Agreement".


    • The page will refresh.


    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.


    • Close any programs you may have running - especially your web browser.


    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.


    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.


    • Click the Remove or Change/Remove button.


    • Repeat as many times as necessary to remove each Java versions.


    • Reboot your computer once all Java components are removed.


    • Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.



    * Please open hijackthis and put a check next to the following:

     

    O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

    O1 - Hosts: 127.255.255.255 images.alcohol-soft.com

     

    * After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

     

    1. Download this file - combofix.exe

    2. Double click combofix.exe & follow the prompts.

    3. When finished, it shall produce a log for you. Post that log in your next reply with a new hijackthis log.

     

    Note:

    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    0
  • Customer

    okej how long is a scaning suposed to take?

    it have been scaning for some houres now and it just keep saying searching for file : update.exe then switch to spuninst.exe then back to update.exe again.

    Edit: it just started to search normal again,


    What tool are you talking about?

    0
  • Customer

    Do this step first:

     

    Please download VundoFix.exe

    to your desktop.


    • Double-click VundoFix.exe to run it.


    • Click the Scan for Vundo button.


    • Once it's done scanning, click the Remove Vundo button.


    • You will receive a prompt asking if you want to remove the files, click YES


    • Once you click yes, your desktop will go blank as it starts removing Vundo.


    • When completed, it will prompt that it will reboot your computer, click OK.


    • Please post the contents of C:\vundofix.txt and a new HiJackThis log.



    Note: It is possible that VundoFix encountered a file it could not remove.

    In this case, VundoFix will run on reboot, simply follow the above

    instructions starting from "Click the Scan for Vundo button." when

    VundoFix appears at reboot.

    0
  • Customer

    okej how long is a scaning suposed to take?

    it have been scaning for some houres now and it just keep saying searching for file : update.exe then switch to spuninst.exe then back to update.exe again.

     

     

    Edit: it just started to search normal again,

    0
  • Customer

    VundoFix

     

    VundoFix V6.2.8

     

    Checking Java version...

     

    Sun Java not detected

    Scan started at 18:01:40 2006-11-14

     

    Listing files found while scanning....

     

    C:\WINDOWS\system32\awvtu.dll

    C:\WINDOWS\system32\utvwa.ini

    C:\WINDOWS\system32\utvwa.bak1

    C:\WINDOWS\system32\utvwa.bak2

    C:\WINDOWS\system32\utvwa.ini2

    C:\WINDOWS\system32\utvwa.tmp

     

    Beginning removal...

     

    Attempting to delete C:\WINDOWS\system32\awvtu.dll

    C:\WINDOWS\system32\awvtu.dll Could not be deleted.

     

    Attempting to delete C:\WINDOWS\system32\utvwa.ini

    C:\WINDOWS\system32\utvwa.ini Has been deleted!

     

    Attempting to delete C:\WINDOWS\system32\utvwa.bak1

    C:\WINDOWS\system32\utvwa.bak1 Has been deleted!

     

    Attempting to delete C:\WINDOWS\system32\utvwa.bak2

    C:\WINDOWS\system32\utvwa.bak2 Has been deleted!

     

    Attempting to delete C:\WINDOWS\system32\utvwa.ini2

    C:\WINDOWS\system32\utvwa.ini2 Has been deleted!

     

    Attempting to delete C:\WINDOWS\system32\utvwa.tmp

    C:\WINDOWS\system32\utvwa.tmp Has been deleted!

     

    Performing Repairs to the registry.

    Done!

     

    Beginning removal...

     

    Attempting to delete C:\WINDOWS\system32\awvtu.dll

    C:\WINDOWS\system32\awvtu.dll Has been deleted!

     

    Performing Repairs to the registry.

    Done!

    0
  • Customer

    combofixlog:

    HEMPC - 06-11-14 21:43:03,90 Service Pack 2

    ComboFix 06.11.9 - Running from: "C:\"

     

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

     

     

    C:\WINDOWS\system32\components

    C:\Program\Delade filer\{31B22731-0891-1053-1107-05050926002e}

    C:\Program\Delade filer\{51B22731-0891-1053-1107-05050926002e}

     

    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

     

    Folders Quarantined:

     

    C:\QooBox\Purity\Documents and Settings\HEMPC\Mina dokument\MBOLS~1

    C:\QooBox\Purity\Documents and Settings\HEMPC\Mina dokument\MBOLS~1\??mbols

    C:\QooBox\Purity\Program\RACLE~1

    C:\QooBox\Purity\WINDOWS\system32\CROSOF~1.NET

    C:\QooBox\Purity\WINDOWS\system32\CROSOF~1.NET\??crosoft.NET

     

     

    ((((((((((((((((((((((((((((((( Files Created from 2006-10-14 to 2006-11-14 ))))))))))))))))))))))))))))))))))

     

     

    2006-11-14 21:12 16,508,560 --a------ C:\jre-1_5_0_09-windows-i586-p.exe

    2006-11-14 21:06 692,276 ---hs---- C:\WINDOWS\system32\ddcyx.dll

    2006-11-14 21:06 692,276 ---hs---- C:\WINDOWS\system32\awvts.dll

    2006-11-14 18:01 86,528 --a------ C:\VundoFix.exe

    2006-11-14 17:38 277,182 --a------ C:\combofix.exe

    2006-11-13 21:54 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

    2006-11-13 17:16 40,960 --a------ C:\WINDOWS\system32\swsc.exe

    2006-11-13 17:16 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

    2006-11-13 17:16 2,898 --a------ C:\WINDOWS\system32\tmp.reg

    2006-11-13 17:16 135,168 --a------ C:\WINDOWS\system32\swreg.exe

    2006-11-12 15:37 40,973 --------- C:\WINDOWS\system32\wvurrrr.dll

    2006-11-12 13:30 2 --a------ C:\WINDOWS\system32\wcpit.exe

    2006-11-12 10:11 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys

    2006-11-12 10:11 274,432 --a------ C:\WINDOWS\system32\imon.dll

    2006-11-10 18:49 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe

    2006-11-10 18:49 33,533 --a------ C:\WINDOWS\system32\CoreVorbis-uninstall.exe

    2006-11-10 18:48 40,960 --a------ C:\WINDOWS\system32\MMAVILNG.exe

    2006-11-01 22:20 45,568 --a------ C:\WINDOWS\UniFish3.exe

    2006-10-21 12:09 81,920 --a------ C:\WINDOWS\system32\ElbyCDIO.dll

    2006-10-21 12:09 8,064 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys

    2006-10-21 12:09 4,608 --a------ C:\WINDOWS\system32\drivers\ElbyDelay.sys

    2006-10-20 16:40 92,208 --a------ C:\WINDOWS\system32\WING.DLL

    2006-10-20 16:40 188,960 --a------ C:\WINDOWS\system32\WINGDE.DLL

     

     

    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

     

     

    2006-11-14 21:44 -------- d-------- C:\Program\Delade filer

    2006-11-14 21:41 -------- d-------- C:\Program\Mozilla Firefox

    2006-11-14 21:15 -------- d-------- C:\Program\Java

    2006-11-14 21:14 -------- d-------- C:\Program\Delade filer\Java

    2006-11-14 21:13 -------- d-------- C:\Program\Delade filer\Symantec Shared

    2006-11-14 17:56 -------- d-------- C:\Program\Norton Internet Security

    2006-11-13 22:24 -------- d-------- C:\Program\Internet Explorer

    2006-11-13 21:54 -------- d-------- C:\Program\Grisoft

    2006-11-13 21:52 -------- d-------- C:\Documents and Settings\HEMPC\Application Data\uTorrent

    2006-11-13 16:49 -------- d-------- C:\Program\VSAdd-in

    2006-11-12 13:51 -------- d-------- C:\Program\Eset

    2006-11-11 15:19 -------- d-------- C:\Program\DC++

    2006-11-10 23:51 -------- d-------- C:\Program\Adobe

    2006-11-10 22:40 -------- d-------- C:\Program\Delade filer\Adobe

    2006-11-10 22:40 -------- d-------- C:\Documents and Settings\HEMPC\Application Data\Adobe

    2006-11-10 22:19 -------- d-------- C:\Program\Morgan

    2006-11-10 18:50 -------- d-------- C:\Program\GordianKnot

    2006-11-10 18:50 -------- d-------- C:\Program\Gabest

    2006-11-10 18:50 -------- d-------- C:\Program\AviSynth 2.5

    2006-11-10 18:48 -------- d-------- C:\Program\XviD

    2006-11-06 21:30 -------- d-------- C:\Documents and Settings\HEMPC\Application Data\Real

    2006-11-06 21:29 -------- d-------- C:\Program\Real

    2006-11-06 21:29 -------- d-------- C:\Program\Delade filer\xing shared

    2006-11-06 21:29 -------- d-------- C:\Program\Delade filer\Real

    2006-10-21 10:47 -------- d-------- C:\Program\Music NFO Builder

    2006-10-21 08:22 -------- d-------- C:\Program\SlySoft

    2006-10-21 08:21 -------- d-------- C:\Program\HTTP-Bugger v 2.2

    2006-10-21 08:21 -------- d-------- C:\Program\DVDlabPro

    2006-10-21 08:20 -------- d--h----- C:\Program\InstallShield Installation Information

    2006-10-21 08:18 -------- d-------- C:\Program\BitLord

    2006-10-21 08:17 -------- d-------- C:\Program\Accessdiver

    2006-10-21 07:57 -------- d-------- C:\Program\WM Recorder 10

    2006-10-21 07:57 -------- d-------- C:\Program\VirtualDJ

    2006-10-20 17:08 -------- d-------- C:\Program\Winamp

    2006-10-20 16:16 -------- d-------- C:\Program\FLAC

    2006-09-28 20:02 -------- d-------- C:\Program\Symantec

    2006-09-15 21:04 48816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

    2006-09-15 21:04 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

    2006-09-13 06:07 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

    2006-09-08 12:20 249856 --------- C:\WINDOWS\Setup1.exe

    2006-09-08 12:19 73216 --a------ C:\WINDOWS\ST6UNST.EXE

    2006-08-25 16:54 617472 --a------ C:\WINDOWS\system32\comctl32.dll

    2006-08-21 13:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll

    2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe

    2006-08-20 18:05 85 ---hsc--- C:\Documents and Settings\HEMPC\Application Data\.zreglib

    2006-08-16 12:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll

     

     

    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

     

    *Note* empty entries are not shown

     

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program\\Delade filer\\Ahead\\lib\\NMBgMonitor.exe\""

    "MSMSGS"="\"C:\\Program\\Messenger\\msmsgs.exe\" /background"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

    "ATIPTA"="\"C:\\Program\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""

    "HP Software Update"="C:\\Program\\HP\\HP Software Update\\HPWuSchd2.exe"

    "hpWirelessAssistant"="C:\\Program\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"

    "iTunesHelper"="C:\\Program\\iTunes\\iTunesHelper.exe"

    "LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"

    "eabconfg.cpl"="C:\\Program\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"

    "ccApp"="\"C:\\Program\\Delade filer\\Symantec Shared\\ccApp.exe\""

    "DAEMON Tools"="\"C:\\Program\\DAEMON Tools\\daemon.exe\" -lang 1033"

    "ISUSPM Startup"="C:\\Program\\DELADE~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"

    "ISUSScheduler"="\"C:\\Program\\Delade filer\\InstallShield\\UpdateService\\issch.exe\" -start"

    "nod32kui"="\"C:\\Program\\Eset\\nod32kui.exe\" /WAITSERVICE"

    "!AVG Anti-Spyware"="\"C:\\Program\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

    "TkBellExe"="\"C:\\Program\\Delade filer\\Real\\Update_OB\\realsched.exe\" -osboot"

    "SunJavaUpdateSched"="\"C:\\Program\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

    "Installed"="1"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

    "Installed"="1"

    "NoChange"="1"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

    "Installed"="1"

     

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

    "DeskHtmlVersion"=dword:00000110

    "DeskHtmlMinorVersion"=dword:00000005

    "Settings"=dword:00000001

    "GeneralFlags"=dword:00000001

     

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

     

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

     

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

    "NoDispAppearancePage"=dword:00000000

    "NoColorChoice"=dword:00000000

    "NoSizeChoice"=dword:00000000

    "NoDispBackgroundPage"=dword:00000000

    "NoDispScrSavPage"=dword:00000000

    "NoDispCPL"=dword:00000000

    "NoVisualStyleChoice"=dword:00000000

    "NoDispSettingsPage"=dword:00000000

     

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "NoDriveTypeAutoRun"=dword:00000091

    "NoActiveDesktop"=dword:00000000

    "NoSaveSettings"=dword:00000000

    "ClassicShell"=dword:00000000

    "NoThemesTab"=dword:00000000

    "ForceActiveDesktopOn"=dword:00000000

     

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "dontdisplaylastusername"=dword:00000000

    "legalnoticecaption"=""

    "legalnoticetext"=""

    "shutdownwithoutlogon"=dword:00000001

    "undockwithoutlogon"=dword:00000001

    "DisableTaskMgr"=dword:00000000

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

    "NoActiveDesktopChanges"=dword:00000000

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

     

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

    "NoDriveTypeAutoRun"=hex:91,00,00,00

     

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

    "NoDriveTypeAutoRun"=hex:91,00,00,00

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Gamma.lnk]

    "path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Adobe Gamma.lnk"

    "backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkCommon Startup"

    "location"="Common Startup"

    "command"="C:\\Program\\DELADE~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "

    "item"="Adobe Gamma"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Reader Speed Launch.lnk]

    "path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Adobe Reader Speed Launch.lnk"

    "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"

    "location"="Common Startup"

    "command"="C:\\Program\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "

    "item"="Adobe Reader Speed Launch"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^BTTray.lnk]

    "path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\BTTray.lnk"

    "backup"="C:\\WINDOWS\\pss\\BTTray.lnkCommon Startup"

    "location"="Common Startup"

    "command"="C:\\Program\\WIDCOMM\\BLUETO~1\\BTTray.exe "

    "item"="BTTray"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Digital Imaging Monitor.lnk]

    "path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\HP Digital Imaging Monitor.lnk"

    "backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"

    "location"="Common Startup"

    "command"="C:\\Program\\Hp\\DIGITA~1\\bin\\hpqtra08.exe "

    "item"="HP Digital Imaging Monitor"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Image Zone Snabbstarta.lnk]

    "path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\HP Image Zone Snabbstarta.lnk"

    "backup"="C:\\WINDOWS\\pss\\HP Image Zone Snabbstarta.lnkCommon Startup"

    "location"="Common Startup"

    "command"="C:\\Program\\Hp\\DIGITA~1\\bin\\hpqthb08.exe -s"

    "item"="HP Image Zone Snabbstarta"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Microsoft Office.lnk]

    "path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Microsoft Office.lnk"

    "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"

    "location"="Common Startup"

    "command"="C:\\Program\\MICROS~2\\Office10\\OSA.EXE -b -l"

    "item"="Microsoft Office"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Norton GoBack.lnk]

    "path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Norton GoBack.lnk"

    "backup"="C:\\WINDOWS\\pss\\Norton GoBack.lnkCommon Startup"

    "location"="Common Startup"

    "command"="C:\\Program\\NORTON~1\\GBTray.exe "

    "item"="Norton GoBack"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="AnyDVD"

    "hkey"="HKLM"

    "command"="C:\\Program\\SlySoft\\AnyDVD\\AnyDVD.exe"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hcou]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="taskmgr"

    "hkey"="HKCU"

    "command"="\"C:\\DOCUME~1\\HEMPC\\MINADO~1\\MBOLS~1\\taskmgr.exe\" -vt yazb"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="Language"

    "hkey"="HKLM"

    "command"="C:\\Program\\CyberLink\\PowerDVD\\Language\\Language.exe"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="MsgPlus"

    "hkey"="HKCU"

    "command"="\"C:\\Program\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="msmsgs"

    "hkey"="HKCU"

    "command"="\"C:\\Program\\Messenger\\msmsgs.exe\" /background"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="MsnMsgr"

    "hkey"="HKCU"

    "command"="\"C:\\Program\\MSN Messenger\\MsnMsgr.Exe\" /background"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="NeroCheck"

    "hkey"="HKLM"

    "command"="C:\\Program\\Delade filer\\Ahead\\Lib\\NeroCheck.exe"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"=""

    "hkey"="HKLM"

    "command"=""

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="qttask"

    "hkey"="HKLM"

    "command"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="PDVDServ"

    "hkey"="HKLM"

    "command"="C:\\Program\\CyberLink\\PowerDVD\\PDVDServ.exe"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="Skype"

    "hkey"="HKCU"

    "command"="\"C:\\Program\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="jusched"

    "hkey"="HKLM"

    "command"="C:\\Program\\Java\\jre1.5.0_05\\bin\\jusched.exe"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="SynTPEnh"

    "hkey"="HKLM"

    "command"="C:\\Program\\Synaptics\\SynTP\\SynTPEnh.exe"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="realsched"

    "hkey"="HKLM"

    "command"="\"C:\\Program\\Delade filer\\Real\\Update_OB\\realsched.exe\" -osboot"

    "inimapping"="0"

     

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyx

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwim32

     

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

     

     

     

    ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

     

    backup-20061114-214138-321

    O1 - Hosts: 127.255.255.255 images.alcohol-soft.com

    backup-20061114-214138-184

    O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

    backup-20061113-170127-778

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

    backup-20061113-170127-956

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

    backup-20061113-165718-293

    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

    backup-20061113-165718-462

    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

    backup-20061113-165718-376

    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program\TechSmith\SnagIt 8\SnagItIEAddin.dll

    backup-20061112-135912-679

    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

    backup-20061112-135652-472

    R3 - URLSearchHook: (no name) - {8044184C-88FC-8D0E-8BA8-A428E10734CC} - C:\WINDOWS\system32\epcoka.dll

    backup-20061112-135439-940

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

    backup-20061112-135031-701

    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

    backup-20061112-135031-887

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.100.101.112:3124

    backup-20061112-134942-537

    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

    backup-20061112-134753-672

    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

    backup-20061112-134738-993

    O4 - HKCU\..\Run: [Yskf] C:\Program\?racle\w?aclt.exe

     

    Contents of the 'Scheduled Tasks' folder

    C:\WINDOWS\tasks\HPpromotions journeysoftware.job

    C:\WINDOWS\tasks\Norton AntiVirus - S”k igenom datorn - HEMPC.job

    C:\WINDOWS\tasks\WebReg Photosmart 2570 series.job

     

    Completion time: 06-11-14 21:45:23.65

    C:\ComboFix.txt ... 06-11-14 21:45

     

     

    hijakthis log:

    Logfile of HijackThis v1.99.1

    Scan saved at 21:55:36, on 2006-11-14

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

    C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

    C:\Program\Delade filer\Symantec Shared\ccProxy.exe

    C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

    C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\Program\Norton GoBack\GBPoll.exe

    C:\Program\Delade filer\LightScribe\LSSrvc.exe

    C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

    C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\Program\CyberLink\Shared files\RichVideo.exe

    C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\Program\HP\HP Software Update\HPWuSchd2.exe

    C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    C:\Program\iTunes\iTunesHelper.exe

    C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

    C:\Program\HPQ\Quick Launch Buttons\EabServr.exe

    C:\Program\iPod\bin\iPodService.exe

    C:\Program\Delade filer\Symantec Shared\ccApp.exe

    C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

    C:\Program\Eset\nod32kui.exe

    C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    C:\Program\Delade filer\Real\Update_OB\realsched.exe

    C:\Program\HPQ\SHARED\HPQWMI.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe

    C:\Program\Messenger\msmsgs.exe

    C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

    C:\Program\Norton Internet Security\Norton AntiVirus\NAVW32.EXE

    C:\Program\Eset\nod32krn.exe

    C:\Program\Mozilla Firefox\firefox.exe

    C:\WINDOWS\system32\taskmgr.exe

    c:\HJT\HijackThis.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

    O2 - BHO: (no name) - {7A4B80CC-0EBF-4678-8C51-58381069D783} - C:\WINDOWS\system32\awvtu.dll (file missing)

    O2 - BHO: (no name) - {8044184C-88FC-8D0E-8BA8-A428E10734CC} - C:\WINDOWS\system32\epcoka.dll (file missing)

    O2 - BHO: (no name) - {8FE802E4-9E0B-9BFD-7C02-BE891B2866CA} - C:\WINDOWS\system32\ocgkfpb.dll (file missing)

    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\yreijmjn.dll (file missing)

    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe

    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start

    O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\npjpi150_09.dll

    O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\npjpi150_09.dll

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140536817421

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O20 - Winlogon Notify: ddcyx - C:\WINDOWS\system32\ddcyx.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\ccPwdSvc.exe

    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Norton Internet Security\comHost.exe

    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program\Norton GoBack\GBPoll.exe

    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program\HPQ\SHARED\HPQWMI.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

    O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

     

     

     

    anyting eles you need?

    0
  • Customer

    Yes, can you redo the step with vundofix please? Post the report of it here with a new hijackthis log and combofix log.

    0
  • Customer

    you meen run vundofix again?

    0
  • Customer

    you meen run vundofix again?

    Yes. The infection is not completely gone.

    0
  • Customer

    ok i will leave the computer on when i go to bed now now i will disconect my internet.

     

    good night i will post the log in the morning

    0
  • Customer

    Ok.

     

    Sweet dreams.

    0
  • Customer

    here is the logs:

    VundoFix V6.2.8

     

    Checking Java version...

     

    Sun Java not detected

    Scan started at 22:02:15 2006-11-14

     

    Listing files found while scanning....

     

    C:\WINDOWS\system32\ddcyx.dll

    C:\WINDOWS\system32\xycdd.ini

     

    Beginning removal...

     

    Attempting to delete C:\WINDOWS\system32\ddcyx.dll

    C:\WINDOWS\system32\ddcyx.dll Could not be deleted.

     

    Attempting to delete C:\WINDOWS\system32\xycdd.ini

    C:\WINDOWS\system32\xycdd.ini Has been deleted!

     

    Performing Repairs to the registry.

    Done!

     

    Beginning removal...

     

    Attempting to delete C:\WINDOWS\system32\ddcyx.dll

    C:\WINDOWS\system32\ddcyx.dll Has been deleted!

     

    Performing Repairs to the registry.

    Done!

     

     

    HEMPC - 06-11-15 6:50:32,17 Service Pack 2

    ComboFix 06.11.9 - Running from: "C:\"

     

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

     

     

     

    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

     

    Folders Quarantined:

     

    C:\QooBox\Purity\Documents and Settings\HEMPC\Mina dokument\MBOLS~1

    C:\QooBox\Purity\Documents and Settings\HEMPC\Mina dokument\MBOLS~1\??mbols

    C:\QooBox\Purity\Program\RACLE~1

    C:\QooBox\Purity\WINDOWS\system32\CROSOF~1.NET

    C:\QooBox\Purity\WINDOWS\system32\CROSOF~1.NET\??crosoft.NET

     

     

    ((((((((((((((((((((((((((((((( Files Created from 2006-10-15 to 2006-11-15 ))))))))))))))))))))))))))))))))))

     

     

    2006-11-14 21:12 16,508,560 --a------ C:\jre-1_5_0_09-windows-i586-p.exe

    2006-11-14 21:06 692,276 ---hs---- C:\WINDOWS\system32\awvts.dll

    2006-11-14 18:01 86,528 --a------ C:\VundoFix.exe

    2006-11-14 17:38 277,182 --a------ C:\combofix.exe

    2006-11-13 21:54 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

    2006-11-13 17:16 40,960 --a------ C:\WINDOWS\system32\swsc.exe

    2006-11-13 17:16 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

    2006-11-13 17:16 2,898 --a------ C:\WINDOWS\system32\tmp.reg

    2006-11-13 17:16 135,168 --a------ C:\WINDOWS\system32\swreg.exe

    2006-11-12 15:37 40,973 --------- C:\WINDOWS\system32\wvurrrr.dll

    2006-11-12 13:30 2 --a------ C:\WINDOWS\system32\wcpit.exe

    2006-11-12 10:11 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys

    2006-11-12 10:11 274,432 --a------ C:\WINDOWS\system32\imon.dll

    2006-11-10 18:49 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe

    2006-11-10 18:49 33,533 --a------ C:\WINDOWS\system32\CoreVorbis-uninstall.exe

    2006-11-10 18:48 40,960 --a------ C:\WINDOWS\system32\MMAVILNG.exe

    2006-11-01 22:20 45,568 --a------ C:\WINDOWS\UniFish3.exe

    2006-10-21 12:09 81,920 --a------ C:\WINDOWS\system32\ElbyCDIO.dll

    2006-10-21 12:09 8,064 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys

    2006-10-21 12:09 4,608 --a------ C:\WINDOWS\system32\drivers\ElbyDelay.sys

    2006-10-20 16:40 92,208 --a------ C:\WINDOWS\system32\WING.DLL

    2006-10-20 16:40 188,960 --a------ C:\WINDOWS\system32\WINGDE.DLL

     

     

    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

     

     

    2006-11-15 06:51 -------- d-------- C:\Program\Delade filer\Symantec Shared

    2006-11-15 06:46 -------- d-------- C:\Program\Mozilla Firefox

    2006-11-14 21:44 -------- d-------- C:\Program\Delade filer

    2006-11-14 21:15 -------- d-------- C:\Program\Java

    2006-11-14 21:14 -------- d-------- C:\Program\Delade filer\Java

    2006-11-14 17:56 -------- d-------- C:\Program\Norton Internet Security

    2006-11-13 22:24 -------- d-------- C:\Program\Internet Explorer

    2006-11-13 21:54 -------- d-------- C:\Program\Grisoft

    2006-11-13 21:52 -------- d-------- C:\Documents and Settings\HEMPC\Application Data\uTorrent

    2006-11-13 16:49 -------- d-------- C:\Program\VSAdd-in

    2006-11-12 13:51 -------- d-------- C:\Program\Eset

    2006-11-11 15:19 -------- d-------- C:\Program\DC++

    2006-11-10 23:51 -------- d-------- C:\Program\Adobe

    2006-11-10 22:40 -------- d-------- C:\Program\Delade filer\Adobe

    2006-11-10 22:40 -------- d-------- C:\Documents and Settings\HEMPC\Application Data\Adobe

    2006-11-10 22:19 -------- d-------- C:\Program\Morgan

    2006-11-10 18:50 -------- d-------- C:\Program\GordianKnot

    2006-11-10 18:50 -------- d-------- C:\Program\Gabest

    2006-11-10 18:50 -------- d-------- C:\Program\AviSynth 2.5

    2006-11-10 18:48 -------- d-------- C:\Program\XviD

    2006-11-06 21:30 -------- d-------- C:\Documents and Settings\HEMPC\Application Data\Real

    2006-11-06 21:29 -------- d-------- C:\Program\Real

    2006-11-06 21:29 -------- d-------- C:\Program\Delade filer\xing shared

    2006-11-06 21:29 -------- d-------- C:\Program\Delade filer\Real

    2006-10-21 10:47 -------- d-------- C:\Program\Music NFO Builder

    2006-10-21 08:22 -------- d-------- C:\Program\SlySoft

    2006-10-21 08:21 -------- d-------- C:\Program\HTTP-Bugger v 2.2

    2006-10-21 08:21 -------- d-------- C:\Program\DVDlabPro

    2006-10-21 08:20 -------- d--h----- C:\Program\InstallShield Installation Information

    2006-10-21 08:18 -------- d-------- C:\Program\BitLord

    2006-10-21 08:17 -------- d-------- C:\Program\Accessdiver

    2006-10-21 07:57 -------- d-------- C:\Program\WM Recorder 10

    2006-10-21 07:57 -------- d-------- C:\Program\VirtualDJ

    2006-10-20 17:08 -------- d-------- C:\Program\Winamp

    2006-10-20 16:16 -------- d-------- C:\Program\FLAC

    2006-09-28 20:02 -------- d-------- C:\Program\Symantec

    2006-09-15 21:04 48816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

    2006-09-15 21:04 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

    2006-09-13 06:07 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

    2006-09-08 12:20 249856 --------- C:\WINDOWS\Setup1.exe

    2006-09-08 12:19 73216 --a------ C:\WINDOWS\ST6UNST.EXE

    2006-08-25 16:54 617472 --a------ C:\WINDOWS\system32\comctl32.dll

    2006-08-21 13:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll

    2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe

    2006-08-20 18:05 85 ---hsc--- C:\Documents and Settings\HEMPC\Application Data\.zreglib

    2006-08-16 12:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll

     

     

    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

     

    *Note* empty entries are not shown

     

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program\\Delade filer\\Ahead\\lib\\NMBgMonitor.exe\""

    "MSMSGS"="\"C:\\Program\\Messenger\\msmsgs.exe\" /background"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

    "ATIPTA"="\"C:\\Program\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""

    "HP Software Update"="C:\\Program\\HP\\HP Software Update\\HPWuSchd2.exe"

    "hpWirelessAssistant"="C:\\Program\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"

    "iTunesHelper"="C:\\Program\\iTunes\\iTunesHelper.exe"

    "LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"

    "eabconfg.cpl"="C:\\Program\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"

    "ccApp"="\"C:\\Program\\Delade filer\\Symantec Shared\\ccApp.exe\""

    "DAEMON Tools"="\"C:\\Program\\DAEMON Tools\\daemon.exe\" -lang 1033"

    "ISUSPM Startup"="C:\\Program\\DELADE~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"

    "ISUSScheduler"="\"C:\\Program\\Delade filer\\InstallShield\\UpdateService\\issch.exe\" -start"

    "nod32kui"="\"C:\\Program\\Eset\\nod32kui.exe\" /WAITSERVICE"

    "!AVG Anti-Spyware"="\"C:\\Program\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

    "TkBellExe"="\"C:\\Program\\Delade filer\\Real\\Update_OB\\realsched.exe\" -osboot"

    "SunJavaUpdateSched"="\"C:\\Program\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

    "Installed"="1"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

    "Installed"="1"

    "NoChange"="1"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

    "Installed"="1"

     

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

    "DeskHtmlVersion"=dword:00000110

    "DeskHtmlMinorVersion"=dword:00000005

    "Settings"=dword:00000001

    "GeneralFlags"=dword:00000001

     

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

     

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

     

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

    "NoDispAppearancePage"=dword:00000000

    "NoColorChoice"=dword:00000000

    "NoSizeChoice"=dword:00000000

    "NoDispBackgroundPage"=dword:00000000

    "NoDispScrSavPage"=dword:00000000

    "NoDispCPL"=dword:00000000

    "NoVisualStyleChoice"=dword:00000000

    "NoDispSettingsPage"=dword:00000000

     

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "NoDriveTypeAutoRun"=dword:00000091

    "NoActiveDesktop"=dword:00000000

    "NoSaveSettings"=dword:00000000

    "ClassicShell"=dword:00000000

    "NoThemesTab"=dword:00000000

    "ForceActiveDesktopOn"=dword:00000000

     

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "dontdisplaylastusername"=dword:00000000

    "legalnoticecaption"=""

    "legalnoticetext"=""

    "shutdownwithoutlogon"=dword:00000001

    "undockwithoutlogon"=dword:00000001

    "DisableTaskMgr"=dword:00000000

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

    "NoActiveDesktopChanges"=dword:00000000

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

     

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

    "NoDriveTypeAutoRun"=hex:91,00,00,00

     

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

    "NoDriveTypeAutoRun"=hex:91,00,00,00

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Gamma.lnk]

    "path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Adobe Gamma.lnk"

    "backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkCommon Startup"

    "location"="Common Startup"

    "command"="C:\\Program\\DELADE~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "

    "item"="Adobe Gamma"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Reader Speed Launch.lnk]

    "path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Adobe Reader Speed Launch.lnk"

    "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"

    "location"="Common Startup"

    "command"="C:\\Program\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "

    "item"="Adobe Reader Speed Launch"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^BTTray.lnk]

    "path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\BTTray.lnk"

    "backup"="C:\\WINDOWS\\pss\\BTTray.lnkCommon Startup"

    "location"="Common Startup"

    "command"="C:\\Program\\WIDCOMM\\BLUETO~1\\BTTray.exe "

    "item"="BTTray"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Digital Imaging Monitor.lnk]

    "path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\HP Digital Imaging Monitor.lnk"

    "backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"

    "location"="Common Startup"

    "command"="C:\\Program\\Hp\\DIGITA~1\\bin\\hpqtra08.exe "

    "item"="HP Digital Imaging Monitor"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Image Zone Snabbstarta.lnk]

    "path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\HP Image Zone Snabbstarta.lnk"

    "backup"="C:\\WINDOWS\\pss\\HP Image Zone Snabbstarta.lnkCommon Startup"

    "location"="Common Startup"

    "command"="C:\\Program\\Hp\\DIGITA~1\\bin\\hpqthb08.exe -s"

    "item"="HP Image Zone Snabbstarta"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Microsoft Office.lnk]

    "path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Microsoft Office.lnk"

    "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"

    "location"="Common Startup"

    "command"="C:\\Program\\MICROS~2\\Office10\\OSA.EXE -b -l"

    "item"="Microsoft Office"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Norton GoBack.lnk]

    "path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Norton GoBack.lnk"

    "backup"="C:\\WINDOWS\\pss\\Norton GoBack.lnkCommon Startup"

    "location"="Common Startup"

    "command"="C:\\Program\\NORTON~1\\GBTray.exe "

    "item"="Norton GoBack"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="AnyDVD"

    "hkey"="HKLM"

    "command"="C:\\Program\\SlySoft\\AnyDVD\\AnyDVD.exe"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hcou]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="taskmgr"

    "hkey"="HKCU"

    "command"="\"C:\\DOCUME~1\\HEMPC\\MINADO~1\\MBOLS~1\\taskmgr.exe\" -vt yazb"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="Language"

    "hkey"="HKLM"

    "command"="C:\\Program\\CyberLink\\PowerDVD\\Language\\Language.exe"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="MsgPlus"

    "hkey"="HKCU"

    "command"="\"C:\\Program\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="msmsgs"

    "hkey"="HKCU"

    "command"="\"C:\\Program\\Messenger\\msmsgs.exe\" /background"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="MsnMsgr"

    "hkey"="HKCU"

    "command"="\"C:\\Program\\MSN Messenger\\MsnMsgr.Exe\" /background"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="NeroCheck"

    "hkey"="HKLM"

    "command"="C:\\Program\\Delade filer\\Ahead\\Lib\\NeroCheck.exe"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"=""

    "hkey"="HKLM"

    "command"=""

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="qttask"

    "hkey"="HKLM"

    "command"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="PDVDServ"

    "hkey"="HKLM"

    "command"="C:\\Program\\CyberLink\\PowerDVD\\PDVDServ.exe"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="Skype"

    "hkey"="HKCU"

    "command"="\"C:\\Program\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="jusched"

    "hkey"="HKLM"

    "command"="C:\\Program\\Java\\jre1.5.0_05\\bin\\jusched.exe"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="SynTPEnh"

    "hkey"="HKLM"

    "command"="C:\\Program\\Synaptics\\SynTP\\SynTPEnh.exe"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="realsched"

    "hkey"="HKLM"

    "command"="\"C:\\Program\\Delade filer\\Real\\Update_OB\\realsched.exe\" -osboot"

    "inimapping"="0"

     

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwim32

     

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

     

     

    Contents of the 'Scheduled Tasks' folder

    C:\WINDOWS\tasks\HPpromotions journeysoftware.job

    C:\WINDOWS\tasks\Norton AntiVirus - S”k igenom datorn - HEMPC.job

    C:\WINDOWS\tasks\WebReg Photosmart 2570 series.job

     

    Completion time: 06-11-15 6:53:04.93

    C:\ComboFix.txt ... 06-11-15 06:53

    C:\ComboFix2.txt ... 06-11-14 21:45

     

     

    Logfile of HijackThis v1.99.1

    Scan saved at 06:54:09, on 2006-11-15

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

    C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

    C:\Program\Delade filer\Symantec Shared\ccProxy.exe

    C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

    C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\Program\Norton GoBack\GBPoll.exe

    C:\Program\Delade filer\LightScribe\LSSrvc.exe

    C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

    C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

    C:\Program\Eset\nod32krn.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\Program\CyberLink\Shared files\RichVideo.exe

    C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\taskmgr.exe

    C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\Program\HP\HP Software Update\HPWuSchd2.exe

    C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    C:\Program\Mozilla Firefox\firefox.exe

    C:\Program\iTunes\iTunesHelper.exe

    C:\Program\HPQ\SHARED\HPQWMI.exe

    C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

    C:\Program\HPQ\Quick Launch Buttons\EabServr.exe

    C:\Program\Delade filer\Symantec Shared\ccApp.exe

    C:\Program\iPod\bin\iPodService.exe

    C:\Program\DAEMON Tools\daemon.exe

    C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

    C:\Program\Eset\nod32kui.exe

    C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    C:\Program\Delade filer\Real\Update_OB\realsched.exe

    C:\Program\Java\jre1.5.0_09\bin\jusched.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe

    C:\Program\Messenger\msmsgs.exe

    C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    c:\HJT\HijackThis.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

    O2 - BHO: (no name) - {7A4B80CC-0EBF-4678-8C51-58381069D783} - C:\WINDOWS\system32\awvtu.dll (file missing)

    O2 - BHO: (no name) - {8044184C-88FC-8D0E-8BA8-A428E10734CC} - C:\WINDOWS\system32\epcoka.dll (file missing)

    O2 - BHO: (no name) - {8FE802E4-9E0B-9BFD-7C02-BE891B2866CA} - C:\WINDOWS\system32\ocgkfpb.dll (file missing)

    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\yreijmjn.dll (file missing)

    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe

    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start

    O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140536817421

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\ccPwdSvc.exe

    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Norton Internet Security\comHost.exe

    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program\Norton GoBack\GBPoll.exe

    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program\HPQ\SHARED\HPQWMI.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

    O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

    0
  • Customer

    i allso runed an adaware:;

     

    Ad-Aware SE Build 1.06r1

    Logfile Created on:den 15 november 2006 06:57:02

    Created with Ad-Aware SE Personal, free for private use.

    Using definitions file:SE1R132 14-11-2006

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    References detected during the scan:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Adware.Searchcolours(TAC index:4):3 total references

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    Ad-Aware SE Settings

    ===========================

    Set : Search for low-risk threats

    Set : Safe mode (always request confirmation)

    Set : Scan active processes

    Set : Scan registry

    Set : Deep-scan registry

    Set : Scan my IE Favorites for banned URLs

    Set : Scan my Hosts file

     

    Extended Ad-Aware SE Settings

    ===========================

    Set : Unload recognized processes & modules during scan

    Set : Scan registry for all users instead of current user only

    Set : Always try to unload modules before deletion

    Set : During removal, unload Explorer and IE if necessary

    Set : Let Windows remove files in use at next reboot

    Set : Delete quarantined objects after restoring

    Set : Include basic Ad-Aware settings in log file

    Set : Include additional Ad-Aware settings in log file

    Set : Include reference summary in log file

    Set : Include alternate data stream details in log file

    Set : Play sound at scan completion if scan locates critical objects

     

     

    2006-11-15 06:57:02 - Scan started. (Full System Scan)

     

    Listing running processes

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    #:1 [smss.exe]

    FilePath : \SystemRoot\System32\

    ProcessID : 628

    ThreadCreationTime : 2006-11-15 05:43:14

    BasePriority : Normal

     

     

    #:2 [csrss.exe]

    FilePath : \??\C:\WINDOWS\system32\

    ProcessID : 692

    ThreadCreationTime : 2006-11-15 05:43:16

    BasePriority : Normal

     

     

    #:3 [winlogon.exe]

    FilePath : \??\C:\WINDOWS\system32\

    ProcessID : 724

    ThreadCreationTime : 2006-11-15 05:43:21

    BasePriority : High

     

     

    #:4 [services.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 772

    ThreadCreationTime : 2006-11-15 05:43:22

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Operativsystemet Microsoft® Windows®

    CompanyName : Microsoft Corporation

    FileDescription : Tjänst- och styrenhetsprogram

    InternalName : services.exe

    LegalCopyright : © Microsoft Corporation. Med ensamrätt.

    OriginalFilename : services.exe

     

    #:5 [lsass.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 784

    ThreadCreationTime : 2006-11-15 05:43:22

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : LSA Shell (Export Version)

    InternalName : lsass.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : lsass.exe

     

    #:6 [ati2evxx.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 940

    ThreadCreationTime : 2006-11-15 05:43:23

    BasePriority : Normal

    FileVersion : 6.14.10.4124

    ProductVersion : 6.14.10.4124.01

    ProductName : ATI External Event Utility for WindowsNT and Windows9X

    CompanyName : ATI Technologies Inc.

    FileDescription : ATI External Event Utility EXE Module

    InternalName : ATI2EVXX.EXE

    LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.

    OriginalFilename : ATI2EVXX.EXE

     

    #:7 [svchost.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 956

    ThreadCreationTime : 2006-11-15 05:43:23

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

     

    #:8 [svchost.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1020

    ThreadCreationTime : 2006-11-15 05:43:23

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

     

    #:9 [svchost.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 1068

    ThreadCreationTime : 2006-11-15 05:43:23

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

     

    #:10 [svchost.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1184

    ThreadCreationTime : 2006-11-15 05:43:24

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

     

    #:11 [svchost.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1268

    ThreadCreationTime : 2006-11-15 05:43:24

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

     

    #:12 [ati2evxx.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1376

    ThreadCreationTime : 2006-11-15 05:43:24

    BasePriority : Normal

    FileVersion : 6.14.10.4124

    ProductVersion : 6.14.10.4124.01

    ProductName : ATI External Event Utility for WindowsNT and Windows9X

    CompanyName : ATI Technologies Inc.

    FileDescription : ATI External Event Utility EXE Module

    InternalName : ATI2EVXX.EXE

    LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.

    OriginalFilename : ATI2EVXX.EXE

     

    #:13 [explorer.exe]

    FilePath : C:\WINDOWS\

    ProcessID : 1440

    ThreadCreationTime : 2006-11-15 05:43:24

    BasePriority : Normal

    FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 6.00.2900.2180

    ProductName : Operativsystemet Microsoft® Windows®

    CompanyName : Microsoft Corporation

    FileDescription : Utforskaren

    InternalName : explorer

    LegalCopyright : © Microsoft Corporation. Med ensamrätt.

    OriginalFilename : EXPLORER.EXE

     

    #:14 [ccsetmgr.exe]

    FilePath : C:\Program\Delade filer\Symantec Shared\

    ProcessID : 1548

    ThreadCreationTime : 2006-11-15 05:43:25

    BasePriority : Normal

    FileVersion : 104.0.8.3

    ProductVersion : 104.0.8.3

    ProductName : Client and Host Security Platform

    CompanyName : Symantec Corporation

    FileDescription : Symantec Settings Manager Service

    InternalName : ccSetMgr

    LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.

    OriginalFilename : ccSetMgr.exe

     

    #:15 [ccevtmgr.exe]

    FilePath : C:\Program\Delade filer\Symantec Shared\

    ProcessID : 1592

    ThreadCreationTime : 2006-11-15 05:43:25

    BasePriority : Normal

    FileVersion : 104.0.8.3

    ProductVersion : 104.0.8.3

    ProductName : Client and Host Security Platform

    CompanyName : Symantec Corporation

    FileDescription : Symantec Event Manager Service

    InternalName : ccEvtMgr

    LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.

    OriginalFilename : ccEvtMgr.exe

     

    #:16 [ccproxy.exe]

    FilePath : C:\Program\Delade filer\Symantec Shared\

    ProcessID : 1672

    ThreadCreationTime : 2006-11-15 05:43:26

    BasePriority : Normal

    FileVersion : 104.0.7.3

    ProductVersion : 104.0.7.3

    ProductName : Client and Host Security Platform

    CompanyName : Symantec Corporation

    FileDescription : Symantec Network Proxy Service

    InternalName : ccProxy

    LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.

    OriginalFilename : ccProxy.exe

     

    #:17 [sndsrvc.exe]

    FilePath : C:\Program\Delade filer\Symantec Shared\

    ProcessID : 1696

    ThreadCreationTime : 2006-11-15 05:43:26

    BasePriority : Normal

    FileVersion : 6.0.4.402

    ProductVersion : 6.0

    ProductName : Symantec Security Drivers

    CompanyName : Symantec Corporation

    FileDescription : Network Driver Service

    InternalName : SndSrvc

    LegalCopyright : Copyright 2002 - 2006 Symantec Corporation

    OriginalFilename : SndSrvc.exe

     

    #:18 [spbbcsvc.exe]

    FilePath : C:\Program\Delade filer\Symantec Shared\SPBBC\

    ProcessID : 1740

    ThreadCreationTime : 2006-11-15 05:43:27

    BasePriority : Normal

    FileVersion : 2.1.0.4

    ProductVersion : 2.1.0.4

    ProductName : SPBBC

    CompanyName : Symantec Corporation

    FileDescription : SPBBC Service

    InternalName : SPBBCSvc

    LegalCopyright : Copyright © 2004, 2005 Symantec Corporation. All rights reserved.

    OriginalFilename : SPBBCSvc.exe

     

    #:19 [symlcsvc.exe]

    FilePath : C:\Program\Delade filer\Symantec Shared\CCPD-LC\

    ProcessID : 1792

    ThreadCreationTime : 2006-11-15 05:43:27

    BasePriority : Normal

    FileVersion : 1.9.1.762

    ProductVersion : 1.9.1.762

    ProductName : Symantec Core Component

    CompanyName : Symantec Corporation

    FileDescription : Symantec Core Component

    InternalName : symlcsvc

    LegalCopyright : Copyright © 2003

    OriginalFilename : symlcsvc.exe

     

    #:20 [spoolsv.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 2020

    ThreadCreationTime : 2006-11-15 05:43:29

    BasePriority : Normal

    FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

    ProductVersion : 5.1.2600.2696

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Spooler SubSystem App

    InternalName : spoolsv.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : spoolsv.exe

     

    #:21 [aluschedulersvc.exe]

    FilePath : C:\Program\Symantec\LiveUpdate\

    ProcessID : 340

    ThreadCreationTime : 2006-11-15 05:43:35

    BasePriority : Normal

    FileVersion : 3.0.0.171

    ProductVersion : 3.0.0.171

    ProductName : LiveUpdate

    CompanyName : Symantec Corporation

    FileDescription : Automatic LiveUpdate Scheduler Service

    InternalName : Automatic LiveUpdate Scheduler Service

    LegalCopyright : Copyright © 1996-2005 Symantec Corporation

    OriginalFilename : ALUSchedulerSvc.exe

     

    #:22 [guard.exe]

    FilePath : C:\Program\Grisoft\AVG Anti-Spyware 7.5\

    ProcessID : 356

    ThreadCreationTime : 2006-11-15 05:43:35

    BasePriority : Normal

    FileVersion : 7, 5, 0, 47

    ProductVersion : 7, 5, 0, 47

    ProductName : AVG Anti-Spyware

    CompanyName : Anti-Malware Development a.s.

    FileDescription : AVG Anti-Spyware guard

    InternalName : AVG Anti-Spyware guard

    LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.

    OriginalFilename : guard.exe

     

    #:23 [gbpoll.exe]

    FilePath : C:\Program\Norton GoBack\

    ProcessID : 440

    ThreadCreationTime : 2006-11-15 05:43:36

    BasePriority : Normal

     

     

    #:24 [lssrvc.exe]

    FilePath : C:\Program\Delade filer\LightScribe\

    ProcessID : 468

    ThreadCreationTime : 2006-11-15 05:43:36

    BasePriority : Normal

    FileVersion : 1.4.44.1

    ProductName : LightScribe

    CompanyName : Hewlett-Packard Company

    LegalCopyright : © Copyright 2003-2005 Hewlett-Packard Development Company, LP

    OriginalFilename : LSSrvc.exe

     

    #:25 [mdm.exe]

    FilePath : C:\Program\Delade filer\Microsoft Shared\VS7Debug\

    ProcessID : 508

    ThreadCreationTime : 2006-11-15 05:43:36

    BasePriority : Normal

    FileVersion : 7.00.9466

    ProductVersion : 7.00.9466

    ProductName : Microsoft® Visual Studio .NET

    CompanyName : Microsoft Corporation

    FileDescription : Machine Debug Manager

    InternalName : mdm.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : mdm.exe

     

    #:26 [navapsvc.exe]

    FilePath : C:\Program\Norton Internet Security\Norton AntiVirus\

    ProcessID : 560

    ThreadCreationTime : 2006-11-15 05:43:36

    BasePriority : Normal

    FileVersion : 12.2.0.13

    ProductVersion : 12.2.0

    ProductName : Norton AntiVirus

    CompanyName : Symantec Corporation

    FileDescription : Norton AntiVirus Auto-Protect Service

    InternalName : NAVAPSVC

    LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.

    OriginalFilename : NAVAPSVC.EXE

     

    #:27 [nod32krn.exe]

    FilePath : C:\Program\Eset\

    ProcessID : 584

    ThreadCreationTime : 2006-11-15 05:43:36

    BasePriority : Normal

    FileVersion : 2, 51, 30

    ProductVersion : 2, 51, 30

    ProductName : NOD32 Antivirus System

    CompanyName : Eset

    FileDescription : NOD32 Kernel Service

    InternalName : NOD32 Kernel

    LegalCopyright : Copyright © 1992-2005 Eset

    LegalTrademarks : NOD, NOD32, AMON, ESET are registered trademarks of Eset

    OriginalFilename : nod32krn.exe

     

    #:28 [hpzipm12.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 596

    ThreadCreationTime : 2006-11-15 05:43:36

    BasePriority : Normal

    FileVersion : 9, 0, 0, 0

    ProductVersion : 9, 0, 0, 0

    ProductName : HP PML

    CompanyName : HP

    FileDescription : PML Driver

    InternalName : PmlDrv

    LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company

    OriginalFilename : PmlDrv.exe

     

    #:29 [richvideo.exe]

    FilePath : C:\Program\CyberLink\Shared files\

    ProcessID : 684

    ThreadCreationTime : 2006-11-15 05:43:37

    BasePriority : Normal

    FileVersion : 1.1.0808

    ProductVersion : 1.1.0808

    ProductName : RichVideo Module

    FileDescription : RichVideo Module

    InternalName : RichVideo

    LegalCopyright : Copyright 2004

    OriginalFilename : RichVideo.EXE

     

    #:30 [starwindservice.exe]

    FilePath : C:\Program\Alcohol Soft\Alcohol 120\StarWind\

    ProcessID : 1152

    ThreadCreationTime : 2006-11-15 05:43:37

    BasePriority : Normal

    FileVersion : 2.6.1 Build 0x20050401

    ProductVersion : 2.6.1 Build 0x20050401

    ProductName : StarWind

    CompanyName : Rocket Division Software

    FileDescription : StarWind iSCSI Target (Alcohol Edition)

    InternalName : StarWind

    LegalCopyright : Copyright © Rocket Division Software 2003-2005. All rights reserved.

    OriginalFilename : StarWind

     

    #:31 [svchost.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1776

    ThreadCreationTime : 2006-11-15 05:43:42

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

     

    #:32 [wdfmgr.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 2052

    ThreadCreationTime : 2006-11-15 05:43:48

    BasePriority : Normal

    FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)

    ProductVersion : 5.2.3790.1230

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Windows User Mode Driver Manager

    InternalName : WdfMgr

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : WdfMgr.exe

     

    #:33 [wmiprvse.exe]

    FilePath : C:\WINDOWS\system32\wbem\

    ProcessID : 2504

    ThreadCreationTime : 2006-11-15 05:44:22

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : WMI

    InternalName : Wmiprvse.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : Wmiprvse.exe

     

    #:34 [alg.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 2632

    ThreadCreationTime : 2006-11-15 05:44:27

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Application Layer Gateway Service

    InternalName : ALG.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : ALG.exe

     

    #:35 [atiptaxx.exe]

    FilePath : C:\Program\ATI Technologies\ATI Control Panel\

    ProcessID : 2816

    ThreadCreationTime : 2006-11-15 05:44:53

    BasePriority : Normal

    FileVersion : 6.14.10.5168

    ProductVersion : 6.14.10.5168

    ProductName : ATI Desktop Component

    CompanyName : ATI Technologies, Inc.

    FileDescription : ATI Desktop Control Panel

    InternalName : Atiptaxx.exe

    LegalCopyright : Copyright © 1998-2005 ATI Technologies Inc.

    OriginalFilename : Atiptaxx.exe

     

    #:36 [hpwuschd2.exe]

    FilePath : C:\Program\HP\HP Software Update\

    ProcessID : 3140

    ThreadCreationTime : 2006-11-15 05:45:09

    BasePriority : Normal

    FileVersion : 53.0.13.000

    ProductVersion : 053.000.013.000

    ProductName : hp digital imaging - hp all-in-one series

    CompanyName : Hewlett-Packard Co.

    FileDescription : Hewlett-Packard Product Assistant

    InternalName : hpwuSchd2

    LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004

    OriginalFilename : hpwuSchd2.exe

    Comments : Hewlett-Packard Product Assistant

     

    #:37 [hp wireless assistant.exe]

    FilePath : C:\Program\hpq\HP Wireless Assistant\

    ProcessID : 3172

    ThreadCreationTime : 2006-11-15 05:45:12

    BasePriority : Normal

    FileVersion : 1, 1, 2, 2

    ProductVersion : 1, 1, 2, 2

    ProductName : hp Wireless Assistant

    CompanyName : Hewlett-Packard Company

    FileDescription : hp Wireless Assistant Module

    InternalName : hp Wireless Assistant

    LegalCopyright : Copyright 2004

    OriginalFilename : hp Wireless Assistant.exe

     

    #:38 [firefox.exe]

    FilePath : C:\Program\Mozilla Firefox\

    ProcessID : 3196

    ThreadCreationTime : 2006-11-15 05:45:15

    BasePriority : Normal

     

     

    #:39 [ituneshelper.exe]

    FilePath : C:\Program\iTunes\

    ProcessID : 3392

    ThreadCreationTime : 2006-11-15 05:45:21

    BasePriority : Normal

    FileVersion : 4.7.0.42

    ProductVersion : 4.7.0.42

    ProductName : iTunes

    CompanyName : Apple Computer, Inc.

    FileDescription : iTunesHelper Module

    InternalName : iTunesHelper

    LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.

    OriginalFilename : iTunesHelper.exe

     

    #:40 [hpqwmi.exe]

    FilePath : C:\Program\HPQ\SHARED\

    ProcessID : 3408

    ThreadCreationTime : 2006-11-15 05:45:22

    BasePriority : Normal

    FileVersion : 1, 0, 6, 1

    ProductVersion : 1, 0, 6, 1

    ProductName : hpqwmi Module

    CompanyName : Hewlett-Packard Development Company, L.P.

    FileDescription : hpqwmi Module

    InternalName : hpqwmi

    LegalCopyright : © Copyright 2003, 2005 Hewlett-Packard Development Company, L.P.

    OriginalFilename : hpqwmi.EXE

     

    #:41 [lsburnwatcher.exe]

    FilePath : C:\hp\drivers\hplsbwatcher\

    ProcessID : 3500

    ThreadCreationTime : 2006-11-15 05:45:27

    BasePriority : Normal

    FileVersion : 4, 10, 14, 0

    ProductVersion : 4, 10, 14, 0

    ProductName : LightScribe

    CompanyName : Hewlett-Packard Company

    FileDescription : LightScribe Burn Watcher

    InternalName : LSBurnWatcher

    LegalCopyright : Copyright © 2004

    OriginalFilename : LSBurnWatcher.exe

    Comments : LightScribe automatic labeller launcher; waits to see when you've written a music CD and helps you create the LightScribe label for it.

     

    #:42 [eabservr.exe]

    FilePath : C:\Program\HPQ\Quick Launch Buttons\

    ProcessID : 3580

    ThreadCreationTime : 2006-11-15 05:45:33

    BasePriority : Normal

    FileVersion : 5, 20, 4, 2

    ProductVersion : 5, 2, 4, 2

    ProductName : Quick Launch Buttons

    CompanyName : Hewlett-Packard

    FileDescription : Quick Launch Buttons

    InternalName : eabsrvr

    LegalCopyright : © Copyright 2004, 2005 Hewlett-Packard Development Company, L.P.

    OriginalFilename : eabsrvr.exe

     

    #:43 [ccapp.exe]

    FilePath : C:\Program\Delade filer\Symantec Shared\

    ProcessID : 3644

    ThreadCreationTime : 2006-11-15 05:45:36

    BasePriority : Normal

    FileVersion : 104.0.8.3

    ProductVersion : 104.0.8.3

    ProductName : Client and Host Security Platform

    CompanyName : Symantec Corporation

    FileDescription : Symantec User Session

    InternalName : ccApp

    LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.

    OriginalFilename : ccApp.exe

     

    #:44 [ipodservice.exe]

    FilePath : C:\Program\iPod\bin\

    ProcessID : 3648

    ThreadCreationTime : 2006-11-15 05:45:37

    BasePriority : Normal

    FileVersion : 6.0.2.17

    ProductVersion : 6.0.2.17

    ProductName : iTunes

    CompanyName : Apple Computer, Inc.

    FileDescription : iPodService Module

    InternalName : iPodService

    LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.

    OriginalFilename : iPodService.exe

     

    #:45 [daemon.exe]

    FilePath : C:\Program\DAEMON Tools\

    ProcessID : 3692

    ThreadCreationTime : 2006-11-15 05:45:40

    BasePriority : Normal

     

     

    #:46 [issch.exe]

    FilePath : C:\Program\Delade filer\InstallShield\UpdateService\

    ProcessID : 3948

    ThreadCreationTime : 2006-11-15 05:45:45

    BasePriority : Normal

    FileVersion : 3, 10, 100, 1155

    ProductVersion : 3, 10

    ProductName : InstallShield Update Service

    CompanyName : InstallShield Software Corporation

    FileDescription : InstallShield Update Service Scheduler

    InternalName : Scheduler

    LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation

    OriginalFilename : issch.exe

     

    #:47 [nod32kui.exe]

    FilePath : C:\Program\Eset\

    ProcessID : 4076

    ThreadCreationTime : 2006-11-15 05:45:53

    BasePriority : Normal

    FileVersion : 2, 51, 30

    ProductVersion : 2, 51, 30

    ProductName : NOD32 Antivirus System

    CompanyName : Eset

    FileDescription : NOD32 Control Center GUI

    InternalName : NOD32 Control Center GUI

    LegalCopyright : Copyright © 1992-2005 Eset

    LegalTrademarks : NOD, NOD32, AMON, ESET are registered trademarks of Eset

    OriginalFilename : nod32kui.exe

     

    #:48 [avgas.exe]

    FilePath : C:\Program\Grisoft\AVG Anti-Spyware 7.5\

    ProcessID : 2176

    ThreadCreationTime : 2006-11-15 05:46:13

    BasePriority : Normal

    FileVersion : 7, 5, 0, 50

    ProductVersion : 7, 5, 0, 50

    ProductName : AVG Anti-Spyware

    CompanyName : Anti-Malware Development a.s.

    FileDescription : AVG Anti-Spyware

    InternalName : AVG Anti-Spyware

    LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.

    OriginalFilename : avgas.exe

     

    #:49 [realsched.exe]

    FilePath : C:\Program\Delade filer\Real\Update_OB\

    ProcessID : 1208

    ThreadCreationTime : 2006-11-15 05:46:15

    BasePriority : Normal

    FileVersion : 0.1.0.3208

    ProductVersion : 0.1.0.3208

    ProductName : RealPlayer (32-bit)

    CompanyName : RealNetworks, Inc.

    FileDescription : RealNetworks Scheduler

    InternalName : schedapp

    LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004

    LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.

    OriginalFilename : realsched.exe

     

    #:50 [jusched.exe]

    FilePath : C:\Program\Java\jre1.5.0_09\bin\

    ProcessID : 1276

    ThreadCreationTime : 2006-11-15 05:46:16

    BasePriority : Normal

     

     

    #:51 [ctfmon.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 2348

    ThreadCreationTime : 2006-11-15 05:46:18

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : CTF Loader

    InternalName : CTFMON

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : CTFMON.EXE

     

    #:52 [nmbgmonitor.exe]

    FilePath : C:\Program\Delade filer\Ahead\lib\

    ProcessID : 2544

    ThreadCreationTime : 2006-11-15 05:46:19

    BasePriority : Normal

     

     

    #:53 [msmsgs.exe]

    FilePath : C:\Program\Messenger\

    ProcessID : 1816

    ThreadCreationTime : 2006-11-15 05:46:26

    BasePriority : Normal

    FileVersion : 4.7.3001

    ProductVersion : Version 4.7.3001

    ProductName : Messenger

    CompanyName : Microsoft Corporation

    FileDescription : Windows Messenger

    InternalName : msmsgs

    LegalCopyright : Copyright © Microsoft Corporation 2004

    LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

    OriginalFilename : msmsgs.exe

     

    #:54 [nscsrvce.exe]

    FilePath : C:\Program\Delade filer\Symantec Shared\Security Console\

    ProcessID : 3720

    ThreadCreationTime : 2006-11-15 05:47:26

    BasePriority : Normal

    FileVersion : 2006.1.5.17

    ProductVersion : 2006.1.5

    ProductName : Norton Security Console

    CompanyName : Symantec Corporation

    FileDescription : Norton Security Console Norton Protection Center Service

    InternalName : NSCService

    LegalCopyright : Norton Security Console 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.

    OriginalFilename : NSCSrvce.exe

     

    #:55 [svchost.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 2208

    ThreadCreationTime : 2006-11-15 05:48:10

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

     

    #:56 [taskmgr.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1348

    ThreadCreationTime : 2006-11-15 05:56:09

    BasePriority : High

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Operativsystemet Microsoft® Windows®

    CompanyName : Microsoft Corporation

    FileDescription : Aktivitetshanteraren

    InternalName : taskmgr

    LegalCopyright : © Microsoft Corporation. Med ensamrätt.

    OriginalFilename : taskmgr.exe

     

    #:57 [ad-aware.exe]

    FilePath : C:\Program\Lavasoft\Ad-Aware SE Personal\

    ProcessID : 4024

    ThreadCreationTime : 2006-11-15 05:56:24

    BasePriority : Normal

    FileVersion : 6.2.0.236

    ProductVersion : SE 106

    ProductName : Lavasoft Ad-Aware SE

    CompanyName : Lavasoft Sweden

    FileDescription : Ad-Aware SE Core application

    InternalName : Ad-Aware.exe

    LegalCopyright : Copyright © Lavasoft AB Sweden

    OriginalFilename : Ad-Aware.exe

    Comments : All Rights Reserved

     

    Memory scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 0

     

     

    Started registry scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    Adware.Searchcolours Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 4

    Category : Adware

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\microsoft\windows\currentversion\uninstall\{74dd705d-6834-439c-a735-a6dbe2677452}

     

    Adware.Searchcolours Object Recognized!

    Type : RegValue

    Data :

    TAC Rating : 4

    Category : Adware

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\microsoft\windows\currentversion\uninstall\{74dd705d-6834-439c-a735-a6dbe2677452}

    Value : UninstallString

     

    Registry Scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 2

    Objects found so far: 2

     

     

    Started deep registry scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    Deep registry scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 2

     

     

    Started Tracking Cookie scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

     

    Tracking cookie scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 2

     

     

     

    Deep scanning and examining files (C:)

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    Disk Scan Result for C:\

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 2

     

     

    Deep scanning and examining files (D:)

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    Disk Scan Result for D:\

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 2

     

     

    Scanning Hosts file......

    Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    Hosts file scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    1 entries scanned.

    New critical objects:0

    Objects found so far: 2

     

     

     

     

    Performing conditional scans...

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    Adware.Searchcolours Object Recognized!

    Type : Folder

    TAC Rating : 4

    Category : Adware

    Comment : Adware.Searchcolours

    Object : C:\Program\VSAdd-in

     

    Conditional scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 1

    Objects found so far: 3

     

    07:16:32 Scan Complete

     

    Summary Of This Scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Total scanning time:00:19:29.891

    Objects scanned:193593

    Objects identified:3

    Objects ignored:0

    New critical objects:3

    0
  • Customer

    * Please delete these folders using Windows Explorer(if present):

      * Click Start>>All Programs>>Accessories>>Windows Explorer
      * Navigate to the listed folders, then right-click to select them and click delete


    C:\QooBox

     

    * First download AVG Anti-Spyware 7.5 from HERE and save that file to your desktop.

    This is a 30 day trial of the program


    1. Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.


    2. Once the setup is complete you will need run AVG Anti-Spyware 7.5 and update the definition files.



    3. Run AVG Anti-Spyware


    4. From the main AVG Anti-Spyware screen, click on Update, then click the Start update button.


    5. After the update finishes (the status bar at the bottom will display "Update successful")


    6. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".


    7. Under "Reports


    8. Select "Automatically generate report after every scan"


    9. Un-Select "Only if threats were found"



    Close AVG Anti-Spyware 7.5, Do Not run a scan just yet, we will shortly.

     

    * If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:

    Ad-Aware SE Setup

    Again, do NOT run a scan yet.

     

     

    * Next, please reboot your computer in Safe Mode by doing the following:


    1. Restart your computer


    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.


    3. Instead of Windows loading as normal, a menu should appear


    4. Select the first option, to run Windows in Safe Mode.



    * Next, run Ad-aware and perform a full scan. Remove everything found.


    1. Lauch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.


    2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".


    3. AVG Anti-Spyware 7.5 will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:


    4. If you have any infections you will prompted, then select "Apply all actions"


    5. Next select the "Reports" icon at the top.


    6. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).



    * Restart your computer in normal mode.

     

    * Please download ATF Cleaner by Atribune.

    This program is for XP and Windows 2000 only

      Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.


    If you use Firefox browser

      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.


    If you use Opera browser

      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.


    Click Exit on the Main menu to close the program.

    For Technical Support, double-click the e-mail address located at the bottom of each menu.

     

    * After that, post a new hijackthis log here with the report of AVG antispyware.

    0
  • Customer

    * Please download the Killbox by Option^Explicit.

     

    Note: In the event you already have Killbox, this is a new version that I need you to download.


    • Save it to your desktop.


    • Please double-click Killbox.exe to run it.


    • Select:


      • Delete on Reboot


      • then Click on the All Files button.



      [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

       

      C:\WINDOWS\system32\wvurrrr.dll

       

       

       

      [*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.

       

      [*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).



    If your computer does not restart automatically, please restart it manually.

     

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

     

    * Please open hijackthis and put a check next to the following:

     

    O2 - BHO: (no name) - {7A4B80CC-0EBF-4678-8C51-58381069D783} - C:\WINDOWS\system32\awvtu.dll (file missing)

    O2 - BHO: (no name) - {8044184C-88FC-8D0E-8BA8-A428E10734CC} - C:\WINDOWS\system32\epcoka.dll (file missing)

    O2 - BHO: (no name) - {8FE802E4-9E0B-9BFD-7C02-BE891B2866CA} - C:\WINDOWS\system32\ocgkfpb.dll (file missing)

    O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\yreijmjn.dll (file missing)

    O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)

     

    * After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

     

    * After that, post a new hijackthis log here and tell me how everything is working.

    0
  • Customer

    ok here is the new logs:

     

    Logfile of HijackThis v1.99.1

    Scan saved at 16:06:02, on 2006-11-15

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

    C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

    C:\Program\Delade filer\Symantec Shared\ccProxy.exe

    C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

    C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\Program\Norton GoBack\GBPoll.exe

    C:\Program\Delade filer\LightScribe\LSSrvc.exe

    C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

    C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

    C:\Program\Eset\nod32krn.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\Program\CyberLink\Shared files\RichVideo.exe

    C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\taskmgr.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\Program\HP\HP Software Update\HPWuSchd2.exe

    C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    C:\Program\iTunes\iTunesHelper.exe

    C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

    C:\Program\HPQ\Quick Launch Buttons\EabServr.exe

    C:\Program\Delade filer\Symantec Shared\ccApp.exe

    C:\Program\DAEMON Tools\daemon.exe

    C:\Program\HPQ\SHARED\HPQWMI.exe

    C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program\iPod\bin\iPodService.exe

    C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    C:\Program\Delade filer\Real\Update_OB\realsched.exe

    C:\Program\Java\jre1.5.0_09\bin\jusched.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe

    C:\Program\Messenger\msmsgs.exe

    C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

    C:\Program\Mozilla Firefox\firefox.exe

    C:\Program\Internet Explorer\iexplore.exe

    C:\HJT\HijackThis.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

    O2 - BHO: (no name) - {7A4B80CC-0EBF-4678-8C51-58381069D783} - C:\WINDOWS\system32\awvtu.dll (file missing)

    O2 - BHO: (no name) - {8044184C-88FC-8D0E-8BA8-A428E10734CC} - C:\WINDOWS\system32\epcoka.dll (file missing)

    O2 - BHO: (no name) - {8FE802E4-9E0B-9BFD-7C02-BE891B2866CA} - C:\WINDOWS\system32\ocgkfpb.dll (file missing)

    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\yreijmjn.dll (file missing)

    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe

    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start

    O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140536817421

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\ccPwdSvc.exe

    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Norton Internet Security\comHost.exe

    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program\Norton GoBack\GBPoll.exe

    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program\HPQ\SHARED\HPQWMI.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

    O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

     

     

     

    ---------------------------------------------------------

    AVG Anti-Spyware - Scan Report

    ---------------------------------------------------------

     

    + Created at: 15:54:36 2006-11-15

     

    + Scan result:

     

     

     

    C:\WINDOWS\system32\wvurrrr.dll -> Adware.Virtumonde : No action taken.

    :mozilla.12:C:\Documents and Settings\HEMPC\Application Data\Mozilla\Firefox\Profiles\jcyy1cux.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

    :mozilla.13:C:\Documents and Settings\HEMPC\Application Data\Mozilla\Firefox\Profiles\jcyy1cux.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

    :mozilla.15:C:\Documents and Settings\HEMPC\Application Data\Mozilla\Firefox\Profiles\jcyy1cux.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

    :mozilla.16:C:\Documents and Settings\HEMPC\Application Data\Mozilla\Firefox\Profiles\jcyy1cux.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

    :mozilla.17:C:\Documents and Settings\HEMPC\Application Data\Mozilla\Firefox\Profiles\jcyy1cux.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

    :mozilla.50:C:\Documents and Settings\HEMPC\Application Data\Mozilla\Firefox\Profiles\jcyy1cux.default\cookies.txt -> TrackingCookie.Adtech : No action taken.

    :mozilla.51:C:\Documents and Settings\HEMPC\Application Data\Mozilla\Firefox\Profiles\jcyy1cux.default\cookies.txt -> TrackingCookie.Adtech : No action taken.

    :mozilla.40:C:\Documents and Settings\HEMPC\Application Data\Mozilla\Firefox\Profiles\jcyy1cux.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.

     

     

    ::Report end

     

     

     

    cheers Qnorsten

    0
  • Customer

    hello everyting seems to work normal again thanks for your help.

    here is the new hijackthis log:

     

     

    Logfile of HijackThis v1.99.1

    Scan saved at 16:51:34, on 2006-11-15

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

    C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

    C:\Program\Delade filer\Symantec Shared\ccProxy.exe

    C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

    C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\Program\Norton GoBack\GBPoll.exe

    C:\Program\Delade filer\LightScribe\LSSrvc.exe

    C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

    C:\Program\Eset\nod32krn.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\Program\CyberLink\Shared files\RichVideo.exe

    C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\Program\HP\HP Software Update\HPWuSchd2.exe

    C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    C:\Program\iTunes\iTunesHelper.exe

    C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

    C:\Program\HPQ\Quick Launch Buttons\EabServr.exe

    C:\Program\Delade filer\Symantec Shared\ccApp.exe

    C:\Program\DAEMON Tools\daemon.exe

    C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

    C:\Program\Eset\nod32kui.exe

    C:\Program\iPod\bin\iPodService.exe

    C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    C:\Program\Delade filer\Real\Update_OB\realsched.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program\Java\jre1.5.0_09\bin\jusched.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program\HPQ\SHARED\HPQWMI.exe

    C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe

    C:\Program\Messenger\msmsgs.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

    C:\HJT\HijackThis.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe

    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start

    O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140536817421

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\ccPwdSvc.exe

    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Norton Internet Security\comHost.exe

    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program\Norton GoBack\GBPoll.exe

    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program\HPQ\SHARED\HPQWMI.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

    O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

    0
  • Customer

    Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we at Lavasoftsupport are to help you, for your sake we would rather not have repeat customers.

     

    1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

     

    Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

     

    2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

     

    Ad-Aware SE

    A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

     

    Spybot-Search & Destroy

    A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

     

    SpywareBlaster

    A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

     

    SpywareGuard

    A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

     

    Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

     

    3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:

    http://www.mozilla.org/products/firefox/

     

    4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

     

    Please also read Tony Klein's excellent article: How I got Infected in the First Place

     

    Hopefully this should take care of your problems! Good luck.

    0
  • Customer

    thanks but i accidently removed the wrong file with killbox and now when i try to remove the right one, it tells me "Pendingfilenameoperations Registry daga has been Removed By External process!"

    0
  • Customer

    thanks is the file removed now.

     

    Pocket Killbox version 2.0.0.648

    Running on Windows XP as HEMPC(Administrator)

    was started @ onsdag, november 15, 2006, 4:42 PM

     

    Pocket Killbox version 2.0.0.648

    Running on Windows XP as HEMPC(Administrator)

    was started @ onsdag, november 15, 2006, 4:42 PM

     

     

    I Rebooted @ 4:45:05 PM

    Killbox Closed(Exit) @ 4:45:08 PM

    __________________________________________________

     

    Pocket Killbox version 2.0.0.648

    Running on Windows XP as HEMPC(Administrator)

    was started @ onsdag, november 15, 2006, 5:04 PM

     

    # 1 [Delete on Reboot]

    Path = C:\WINDOWS\system32\wvurrrr.dll

     

     

    PendingFileRenameOperations Registry Data has been Removed by External Process! @ 5:07:19 PM

    # 2 [Delete on Reboot]

    Path = C:\WINDOWS\system32\wvurrrr.dll

     

     

    PendingFileRenameOperations Registry Data has been Removed by External Process! @ 5:09:15 PM

    # 3 [Delete on Reboot]

    Path = C:\WINDOWS\system32\wvurrrr.dll

     

     

    PendingFileRenameOperations Registry Data has been Removed by External Process! @ 5:09:33 PM

    # 4 [Delete on Reboot]

    Path = C:\WINDOWS\system32\wvurrrr.dll

     

     

    PendingFileRenameOperations Registry Data has been Removed by External Process! @ 5:11:13 PM

    Killbox Closed(Exit) @ 5:11:16 PM

    __________________________________________________

     

    Pocket Killbox version 2.0.0.648

    Running on Windows XP as HEMPC(Administrator)

    was started @ onsdag, november 15, 2006, 5:17 PM

     

    # 1 [Delete on Reboot]

    Path = C:\WINDOWS\system32\wvurrrr.dll

     

     

    PendingFileRenameOperations Registry Data has been Removed by External Process! @ 5:19:06 PM

    # 2 [Delete on Reboot]

    Path = C:\WINDOWS\system32\wvurrrr.dll

     

     

    PendingFileRenameOperations Registry Data has been Removed by External Process! @ 5:27:37 PM

    # 3 [Delete on Reboot]

    Path = C:\WINDOWS\system32\wvurrrr.dll

    0
  • Customer

    thanks but i accidently removed the wrong file with killbox and now when i try to remove the right one, it tells me "Pendingfilenameoperations Registry daga has been Removed By External process!"

    Reboot manually.

    0
  • Customer

    Please run ATF cleaner in Safe mode.

    0
  • Customer

    no it seems to be gone now i just have one problem left.

    it's an 14kb big file in c:\windows\temp that keeps renameing it self every second , norton antivirus call the virus "Downloader" and nod32 calls it win32/Adware.softomate application

    0
  • Customer

    Go to C:\WINDOWS\system32 and see if the file wvurrrr.dll is still present.

    0
  • Customer

    done but the warning still keeps coming up.

    0

Please sign in to leave a comment.