I have a big problem, but before I tell u about it, I'll let u know what I've done to try and fix it. I followed your instructions, started out w adaware, did the CWshredder in safe mode, ran spybot in normal mode, immunized, ran ewido in safe mode and ran an online scanner (trend housecall). I found a trojan ( or my mcafee virus scanner did), but ewido didn't show anything. When I started my comp in normal mode the online scanner found some different malware, but couldn't remove all of it.
So i'm sorted of stuck... everytime i run one of my scanners it finds something (tracking cookies or trojans) but i can't seem to get to the bottom of it.. i would post the ewido log but it said clean so I'll just post HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 04:31:22, on 25-03-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
C:\Programmer\Network Associates\VirusScan\Mcshield.exe
C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe
C:\Programmer\Logitech\SetPoint\kem.exe
C:\PROGRAMMER\LOGITECH\SETPOINT\KHALMNPR.EXE
C:\Programmer\CableConnect\CableConnect.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Administrator\Skrivebord\hijack-this\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll
O4 - HKLM\..\Run: [Genvej til egenskabsside for High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [awxDTools] rundll32 C:\PROGRA~1\D-Tools\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: CableConnect.lnk = C:\Programmer\CableConnect\CableConnect.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Download using FlashGet - C:\Programmer\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.c...InkCSP-1204.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113288630875
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.dans...B/e-Safekey.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: LBTServ - C:\Programmer\Fælles filer\Logitech\Bluetooth\lbtserv.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
plz help me, Im completely bummed
I just had a look at add/remove programs... there was a program that said: Red swoosh EDN client (lol remove only)...
Edited by mojomagic, 25 March 2006 - 03:54 PM.