I can't remove OIN (Outerinfo Network), it's layin in the add and remove section in XP, but when I click to remove it im being redirected to their website. I've tried everything.

Please help me!



Patrik

Hi patrik,

Please click the link below, follow the instructions and then post HJT LOG in this thread

Click here

thank you so much for taking the time!

Logfile of HijackThis v1.99.1
Scan saved at 14:40:00, on 2005-06-06
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program\TOSHIBA\Toshibas zoomningsfunktion\SmoothView.exe
C:\Program\SigmaTel\SigmaTel AC97 ljuddrivrutiner\stacmon.exe
C:\Program\Apoint2K\Apoint.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program\TOSHIBA\TouchED\TouchED.Exe
C:\Program\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\TPSMain.exe
C:\Program\TOSHIBA\TOSHIBAs kontroller\TFncKy.exe
C:\Program\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program\Apoint2K\Apntex.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\QuickTime\qttask.exe
C:\WINDOWS\System32\TPSBattM.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program\cahu\snep.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
c:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\Outlook Express\msimn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Patrik\Skrivbord\Ny mapp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program/TOSHIBA/Free%20Update%20Service/splash.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:\Program\TOSHIBA\Free Update Service\splash.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A0011F69-D38C-D603-864E-8B1D833510B3} - C:\WINDOWS\System32\vkn.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program\TOSHIBA\Toshibas zoomningsfunktion\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program\SigmaTel\SigmaTel AC97 ljuddrivrutiner\stacmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunOnce: [AAW] "C:\Program\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Atep] C:\Program\cahu\snep.exe
O4 - HKCU\..\Run: [Lnnaejy] C:\WINDOWS\System32\n?tepad.exe
O4 - HKCU\..\RunOnce: [CleanUp!] C:\Program\CleanUp!\Cleanup.exe /WindowsRestart
O4 - Startup: Konfabulator.lnk = C:\Program\Pixoria\Konfabulator\Konfabulator.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program\TOSHIBA\Free Update Service\splash.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c5.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt01.com/dialer/internazionale_ver11.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

Hi,

The first thing i need you to do is the following:

Launch Notepad, and copy/paste the box below into a new text file. Save it as FindFile.bat and save it on your Desktop.




Locate FindFile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the text here.

Here it is:




Volymen i enhet C har ingen etikett.
Volymens serienummer „r 8042-95F7

Inneh†ll i katalogen C:\WINDOWS\System32

2002-09-11 13:00 66˙560 notepad.exe
2005-05-25 15:10 430˙080 n?tepad.exe
2 fil(er) 496˙640 byte

Inneh†ll i katalogen C:\Documents and Settings\Patrik\Skrivbord

Hi Akademos,

Lets get this sorted, You have several items of malware on your PC.

Lets get this show on the road..

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY HERE
Download CWShredder Here.
Download SpSeHjfix Here.
Download and install CleanUp! Here

Download a free 14 day trial of ewido from the link below. Install it and start it up. Follow the prompts to upgrade it, then close it down.

ewido

Set PC to show hidden files (click link if you do not know how)LINK

Save all of these files somewhere you will remember like to the Desktop.

Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)

Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster

• Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
• Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
• Click "OK" at the prompt with instructions.
• Click "Update" and then "Check For Update" to begin the update process.
• If any updates exist please download them by clicking "Download Update" then click the X to close that window.
• Now close About:Buster

Update CWShredder

• Open CWShredder and click I AGREE
• Click Check For Update
• Close CWShredder

Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:

• Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
• Click Yes to allow it to shutdown explorer.exe.
• It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
• When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
• Reboot your computer into safe mode again

Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

Warning Note: On a few occasions it has been reported that after using the SPSEHjfix you cannot open Internet Explorer. To fix this, go into Control Panel >Internet Options >Programs & press reset web settings, then you can set your home page to what you want on the general tab.

Now scan with HJT and check the following entries if they are there. Some may have been removed by earlier procedures.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program/TOSHIBA/Free%20Update%20Service/splash.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:\Program\TOSHIBA\Free Update Service\splash.html
O2 - BHO: (no name) - {A0011F69-D38C-D603-864E-8B1D833510B3} - C:\WINDOWS\System32\vkn.dll
O4 - HKCU\..\Run: [Atep] C:\Program\cahu\snep.exe
O4 - HKCU\..\Run: [Lnnaejy] C:\WINDOWS\System32\n?tepad.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c5.cab
O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt01.com/dialer/internazionale_ver11.CAB

Ensure no windows open except HJT and click FIX CHECKED.

now using windows explorer locate the following files/folders and delete them.

C:/Program/TOSHIBA/Free%20Update%20Service/splash.html
C:\Program\TOSHIBA\Free Update Service\splash.html
C:\WINDOWS\System32\vkn.dll
C:\Program\cahu\snep.exe


Now also using Windows Explorer you need to loate the following

C:\WINDOWS\System32\notepad.exe THERE WILL BE 2 OF THEM
IT IS IMPORTANT THAT YOU RIGHT CLICK EACH ONE AND FIND THE ONE WHICH IS DATED AND SIZED LIKE THIS 2005-05-25 15:10 430˙080

Now run CleanUp!. Click CleanUp and allow it to delete all the temporary files.Reboot your computer into normal windows.

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

Now run Ewido. click on the Scanner button, Select drives if you have more than one and then start.

grab a cup of coffee, sandwiches, book as this may take some time. Once the first problem is detected ensure you tick the box for all (bottom left) and allow it to continue.

At the end of the scan, it may ask if you would like to delete anything found in archive or zipped files, OK that request, then click on save report. SAVE to the default location, it will then generate a text file. Copy that to post in this thread.

Carry out another HJT scan and post the log back here, so we can sort out any remnants

Thanks alot man, but I still cant get rid of that OIN [bleep].
Got some more tips?

Thanks again!

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 19:14:04, 2005-06-06
+ Report-Checksum: C320AD5D

+ Date of database: 2005-06-06
+ Version of scan engine: v3.0

+ Duration: 49 min
+ Scanned Files: 142933
+ Speed: 47.69 Files/Second
+ Infected files: 7
+ Removed files: 7
+ Files put in quarantine: 7
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Patrik\mt-uninstaller.exe -> Spyware.PurityScan.u -> Cleaned with backup
C:\Documents and Settings\Patrik\Skrivbord\Ny mapp\backups\backup-20050606-180041-288.dll -> Spyware.Adpower.b -> Cleaned with backup
C:\Documents and Settings\Patrik\Skrivbord\Ny mapp\backups\backup-20050606-180041-687.dll -> Spyware.WinAD -> Cleaned with backup
C:\Documents and Settings\Patrik\Skrivbord\Ny mapp\backups\backup-20050606-180041-888.dll -> Spyware.PurityScan.ak -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\YSBactivex.dll -> TrojanDownloader.IstBar -> Cleaned with backup
C:\WINDOWS\oemdrv\install.exe -> Backdoor.Winbach -> Cleaned with backup
C:\WINDOWS\system32\mqexdlm.srg -> Spyware.BargainBuddy.q -> Cleaned with backup


::Report End



Logfile of HijackThis v1.99.1
Scan saved at 19:18:18, on 2005-06-06
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program\TOSHIBA\Toshibas zoomningsfunktion\SmoothView.exe
C:\Program\SigmaTel\SigmaTel AC97 ljuddrivrutiner\stacmon.exe
C:\Program\Apoint2K\Apoint.exe
C:\Program\TOSHIBA\TouchED\TouchED.Exe
C:\Program\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\TPSMain.exe
C:\Program\TOSHIBA\TOSHIBAs kontroller\TFncKy.exe
C:\Program\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\TPSBattM.exe
C:\Program\Apoint2K\Apntex.exe
C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
C:\Program\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program\ewido\security suite\ewidoctrl.exe
C:\Program\ewido\security suite\securitysuite.exe
C:\Program\ewido\security suite\ewidoguard.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\Outlook Express\msimn.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Patrik\Skrivbord\Ny mapp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program\TOSHIBA\Toshibas zoomningsfunktion\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program\SigmaTel\SigmaTel AC97 ljuddrivrutiner\stacmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Konfabulator.lnk = C:\Program\Pixoria\Konfabulator\Konfabulator.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program\TOSHIBA\Free Update Service\splash.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program\ewido\security suite\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

Hi Akademos,

Patience my friend, we haven't tackled that yet, we were clearing out the more serious things first.

Now reboot your PC into SAFE MODE, reopen HJT and click on Open the misc tools Section.

Then click on open uninstall manager.

Locate your nasty OIN, click on it to highlight it, then click on delete this entry.

Voila!.

Let me know if the offending program has gone

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.