Hi! I have now done the following;
- DLLUnregisterServer in q5025065_disk.dll succeeded.
- Ran Killbox (when pasting from clipboard only the last line got into the Killbox filebox don’t know if this affects anything?)
- Rebooted in Safe Mode
- Opened HijackThis and checked all the lines listed by you. Clicked Fixed checked and exited after HijackThis had deleted the files. Here’s the initial log file before deletion:
Logfile of HijackThis v1.99.1
Scan saved at 22:23:10, on 07.07.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\rfossum\My Documents\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.oneclicks...earch.php?qq=%1R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.oneclicks...es.com/bar.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.oneclicks...earch.php?qq=%1R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.oneclicks...earch.php?qq=%1R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://www.oneclicks...earch.php?qq=%1R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://www.oneclicks...earch.php?qq=%1R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
http://www.oneclicksearches.com/F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O1 - Hosts: 213.188.133.139 hhprod.energica.no hhprod
O1 - Hosts: 213.188.133.140 apps.senitel.no apps
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hpE042.tmp
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\System32\intel32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\hookdump.exe
O4 - Global Startup: Philips Wireless Notebook Adapter Utility.lnk = C:\Program Files\philips\Philips54MbpsWirelessNotebookAdapterUtility\PHILIPSMonitor.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone:
http://hhprod.energica.noO16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akama...meInstaller.exeO16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} -
http://hhprod.energi...tor/oajinit.exeO20 - Winlogon Notify: style2 - C:\WINDOWS\q5025065_disk.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: OracleOracle9iClientCache - Unknown owner - C:\Oracle9i\BIN\ONRSD.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
- Opened the smitRem folder and ran the RunThis.bat
- Opened Ad-aware (I do not have a internet connection with the infected computer, but Ad-aware is only 37 days old), ran Ad-aware and no critical objects found.
- Opened Ewido an ran the Complete system scan (maybe I should have emptied the recycler/trash before the scan, but I didn’t) . Here’s the log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 00:09:46, 08.07.2005
+ Report-Checksum: AD4EC649
+ Scan result:
HKLM\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D2-8D96-D7ACAC95951F} -> Spyware.CommonName : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D2-8D96-D7ACAC95951F} -> Spyware.CommonName : Cleaned with backup
C:\Documents and Settings\rfossum\My Documents\Hijackthis\backups\backup-20050707-222623-922.dll -> Trojan.Puper.m : Cleaned with backup
C:\RECYCLER\NPROTECT\00027409.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00027410.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00027411.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00027416.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00027417.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00027418.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00027419.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00027422.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00027423.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00027425.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00027426.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028490.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028491.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028492.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028493.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028498.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028499.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028501.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028502.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028526.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028527.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028528.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028529.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028530.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028531.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028532.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028533.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028535.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028536.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028538.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028540.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028541.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028543.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028545.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028546.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028547.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028548.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028549.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028554.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028555.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028557.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028558.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028563.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028564.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028566.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028567.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028571.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028572.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028573.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00028574.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029231.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029232.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029233.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029234.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029235.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029236.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029237.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029238.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029245.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029246.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029248.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029249.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029250.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029251.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029253.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029254.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029255.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029256.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029257.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029258.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029259.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029260.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029261.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029262.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029265.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029266.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029267.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029268.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029269.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029270.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029272.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029273.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029274.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029277.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029278.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029279.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029280.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029285.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029286.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029287.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029288.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029291.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029292.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029562.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029563.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029565.TXT -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\RECYCLER\NPROTECT\00029567.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00029568.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00035623.TXT -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00035624.TXT -> Spyware.Cookie.Adtech : Cleaned with backup
C:\RECYCLER\NPROTECT\00035625.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00035626.TXT -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\RECYCLER\NPROTECT\00035627.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00035628.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00035630.TXT -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\RECYCLER\NPROTECT\00035631.TXT -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\RECYCLER\NPROTECT\00035632.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00038143.exe -> Trojan.Agent.ff : Cleaned with backup
C:\RECYCLER\NPROTECT\00038144.exe -> Trojan.Puper.w : Cleaned with backup
C:\RECYCLER\NPROTECT\00038146.exe -> Trojan.Puper.w : Cleaned with backup
::Report End
- Rebooted into normal mode (I do not get the Trojan-Spy.HTML.Smitfraud.c blue screen or Windows Explorer tell me it has encountered a problem and needs to close!!), here’s the new HJT file;
Logfile of HijackThis v1.99.1
Scan saved at 00:16:21, on 08.07.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\philips\Philips54MbpsWirelessNotebookAdapterUtility\PHILIPSMonitor.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\rfossum\My Documents\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.oneclicks...earch.php?qq=%1R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.oneclicks...es.com/bar.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.oneclicks...earch.php?qq=%1R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.oneclicks...earch.php?qq=%1R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://www.oneclicks...earch.php?qq=%1R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://www.oneclicks...earch.php?qq=%1R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
http://www.oneclicksearches.com/F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O1 - Hosts: 213.188.133.139 hhprod.energica.no hhprod
O1 - Hosts: 213.188.133.140 apps.senitel.no apps
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hpE042.tmp (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\System32\intel32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\hookdump.exe
O4 - Global Startup: Philips Wireless Notebook Adapter Utility.lnk = C:\Program Files\philips\Philips54MbpsWirelessNotebookAdapterUtility\PHILIPSMonitor.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone:
http://hhprod.energica.noO16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akama...meInstaller.exeO16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} -
http://hhprod.energi...tor/oajinit.exeO20 - Winlogon Notify: style2 - C:\WINDOWS\q5025065_disk.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: OracleOracle9iClientCache - Unknown owner - C:\Oracle9i\BIN\ONRSD.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
- Will do the Control Panel uncheck and Panda scan now.