Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

red cross and vlack deskop


  • Please log in to reply

#1
kungbult

kungbult

    New Member

  • Member
  • Pip
  • 5 posts
Please help me i give up :tazz: , I have read everything but can´t get rid off it.
I have the red cross and the black deskop and the warning messeges that the computer is infeckted. i have run many antispy and antivirusprogram. I really need help.

This is may log file:
Logfile of HijackThis v1.99.1
Scan saved at 18:01:02, on 2005-06-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\MSI\Bluetooth Software\bin\btwdins.exe
C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Program\MSN Apps\Updater\01.03.0000.1005\sv\msnappau.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Program\Java\jre1.5.0_02\bin\jusched.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\SpyCatcher\DeleteSatellite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\hookdump.exe
C:\Program\MSI\Bluetooth Software\BTTray.exe
C:\Program\MSI\BLUETO~1\BTSTAC~1.EXE
C:\Program\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Documents and Settings\stefan johansson\Skrivbord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.di.se/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.03.0000.1005\sv\msnappau.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Program\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program\SpyCatcher\DeleteSatellite.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\system32\hookdump.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Program\expektMPP\MPPoker.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program\Agnitum\Outpost Firewall 1.0\trash.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program\Agnitum\Outpost Firewall 1.0\trash.exe (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {4E0A52DB-75FF-4C0F-BCC3-DC724FBFF5FF} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4E0A52DB-75FF-4C0F-BCC3-DC724FBFF5FF} - (no file) (HKCU)
O15 - Trusted Zone: http://clients.playout.se
O15 - Trusted Zone: http://psswe.playout.se
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com...8b0e4/enter.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3594579-D24C-48F6-9245-B3C1AB3D4A21}: NameServer = 194.22.31.162,194.22.31.178
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Copy the part in bold below into notepad and save it as AVGoldfix.reg
Set Filetype to All Files and save it somewhere easy to find. We will use it later.

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusGold]


*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\Windows\System32\hookdump.exe
C:\Windows\desktop.html
C:\Windows\screen.html

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt if you get one.
*If the computer does not reboot by itself, do it manually.

While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Doubleclick the AVGoldfix.reg we made earlier.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe

O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\system32\hookdump.exe

O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Program\expektMPP\MPPoker.exe

O9 - Extra button: Microsoft AntiSpyware helper - {4E0A52DB-75FF-4C0F-BCC3-DC724FBFF5FF} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4E0A52DB-75FF-4C0F-BCC3-DC724FBFF5FF} - (no file) (HKCU)

O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com...8b0e4/enter.cab

And (still in safe mode) use the DiskCleanup Tool to empty all your Temp folders.

Delete the entire folder C:\Program Files\AntiVirusGold

In the Control Panel click Display > Desktop > Customize desktop > Website > Uncheck "Security Info"

Then boot back to normal, run HijackThis again and post a new log.

Regards,
  • 0

#3
kungbult

kungbult

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Copy the part in bold below into notepad and save it as AVGoldfix.reg
Set Filetype to All Files and save it somewhere easy to find. We will use it later.

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusGold]


*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\Windows\System32\hookdump.exe
C:\Windows\desktop.html
C:\Windows\screen.html

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt if you get one.
*If the computer does not reboot by itself, do it manually.

While your computer is restarting, tap the F8 key continually until a menu appears.  Use your up arrow key to highlight Safe Mode, then hit enter.

Doubleclick the AVGoldfix.reg we made earlier.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe

O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\system32\hookdump.exe

O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Program\expektMPP\MPPoker.exe

O9 - Extra button: Microsoft AntiSpyware helper - {4E0A52DB-75FF-4C0F-BCC3-DC724FBFF5FF} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4E0A52DB-75FF-4C0F-BCC3-DC724FBFF5FF} - (no file) (HKCU)

O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com...8b0e4/enter.cab

And (still in safe mode) use the DiskCleanup Tool to empty all your Temp folders.

Delete the entire folder C:\Program Files\AntiVirusGold

In the Control Panel click Display > Desktop > Customize desktop > Website > Uncheck "Security Info"

Then boot back to normal, run HijackThis again and post a new log.

Regards,

View Post


  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
All you posted was a quote. :tazz:
  • 0

#5
kungbult

kungbult

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Sorry i´m not good at this.



Logfile of HijackThis v1.99.1
Scan saved at 19:12:34, on 2005-06-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\MSI\Bluetooth Software\bin\btwdins.exe
C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Program\MSN Apps\Updater\01.03.0000.1005\sv\msnappau.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Program\Java\jre1.5.0_02\bin\jusched.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\qttask.exe
C:\Program\SpyCatcher\DeleteSatellite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\MSI\Bluetooth Software\BTTray.exe
C:\Program\MSI\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\stefan johansson\Skrivbord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.di.se/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.03.0000.1005\sv\msnappau.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Program\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program\SpyCatcher\DeleteSatellite.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program\Agnitum\Outpost Firewall 1.0\trash.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program\Agnitum\Outpost Firewall 1.0\trash.exe (file missing) (HKCU)
O15 - Trusted Zone: http://clients.playout.se
O15 - Trusted Zone: http://psswe.playout.se
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3594579-D24C-48F6-9245-B3C1AB3D4A21}: NameServer = 194.22.31.162,194.22.31.178
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
  • 0

#6
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
No problem. :tazz:

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe

Reboot and let me know how your computer is behaving.

Please do have a look at my site about removing and preventing spyware.

Regards,
  • 0

#7
kungbult

kungbult

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Nice evreything looks nice, THANK YOU. I post my log.
Can you see vhy my computer stops and "sleep" for a while when i start it the monitor sleep also a little while before start?.
i hope you understand what i mean, i takes a long time to boot the computer

Logfile of HijackThis v1.99.1
Scan saved at 21:57:51, on 2005-06-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\MSI\Bluetooth Software\bin\btwdins.exe
C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Program\MSN Apps\Updater\01.03.0000.1005\sv\msnappau.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Program\Java\jre1.5.0_02\bin\jusched.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\qttask.exe
C:\Program\SpyCatcher\DeleteSatellite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\MSI\Bluetooth Software\BTTray.exe
C:\Program\MSI\BLUETO~1\BTSTAC~1.EXE
C:\Program\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\stefan johansson\Skrivbord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.di.se/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.03.0000.1005\sv\msnappau.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Program\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program\SpyCatcher\DeleteSatellite.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program\Agnitum\Outpost Firewall 1.0\trash.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program\Agnitum\Outpost Firewall 1.0\trash.exe (file missing) (HKCU)
O15 - Trusted Zone: http://clients.playout.se
O15 - Trusted Zone: http://psswe.playout.se
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3594579-D24C-48F6-9245-B3C1AB3D4A21}: NameServer = 194.22.31.162,194.22.31.178
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
  • 0

#8
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Your log looks clean now.

Is that between the black XP screen and the blue Welcome screen?

If so, try this:

Close as many programs as possible.
Click Start > Run > copy&paste Rundll32.exe advapi32.dll,ProcessIdleTasks > OK

Then reboot.
The first one should take even a little longer. The reboot after that should be faster.

Regards,
  • 0

#9
kungbult

kungbult

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thank you, it´s faster,
You are a computergod and i will think off you every day until i´m dead.
Thanks
You are number one.
  • 0

#10
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Glad I could help. :tazz:

Please do have a look at my site about removing and preventing spyware.

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP