Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

About 130 Processes running...HELP [CLOSED]


  • This topic is locked This topic is locked

#1
puritan

puritan

    Member

  • Member
  • PipPip
  • 10 posts
As this log says, there's a lot of [bleep] running, but where to start, I have used Hijackthis.exe and killbox but I am not sure where to start...

The log is here:

Logfile of HijackThis v1.99.1
Scan saved at 21:08:35, on 2005-06-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\SYSTEM\iclogin1.2.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
C:\Program\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program\Lexmark X5100 Series\lxbabmgr.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Lexmark X5100 Series\lxbabmon.exe
C:\Program\QuickTime\qttask.exe
C:\WINDOWS\System32\vmss\vmss.exe
C:\windows\system32\u.exe
C:\windows\system32\UO.exe
C:\WINDOWS\system32\ati2cqag.exe
C:\windows\system32\p30x5MK.exe
C:\WINDOWS\system32\adsnt453.exe
C:\windows\system32\c2Y3E.exe
C:\windows\system32\Sv2ClU.exe
C:\windows\system32\btwPFm.exe
C:\windows\system32\yXYJ.exe
C:\windows\system32\rgFwkohg.exe
C:\windows\system32\aYQS.exe
C:\windows\system32\GwbIWWe.exe
C:\WINDOWS\system32\iisver.exe
C:\windows\system32\53Idn.exe
C:\WINDOWS\system32\AVWAV069.exe
C:\windows\system32\MFrz3VP.exe
C:\WINDOWS\system32\atl70795.exe
C:\windows\system32\rUyr.exe
C:\WINDOWS\system32\bitsprx3.exe
C:\windows\system32\M5UbSL.exe
C:\WINDOWS\system32\ati3d2ag.exe
C:\windows\system32\rmP.exe
C:\windows\system32\QX2hc.exe
C:\WINDOWS\system32\AAAAMON9.exe
C:\windows\system32\DOVm45lX.exe
C:\WINDOWS\system32\ati2dvag.exe
C:\windows\system32\WWk.exe
C:\WINDOWS\system32\browselc.exe
C:\windows\system32\tyTo6Fe5.exe
C:\WINDOWS\system32\a3d45595.exe
C:\windows\system32\a.exe
C:\WINDOWS\system32\btpanui8.exe
C:\windows\system32\Y.exe
C:\WINDOWS\system32\ativcoxx.exe
C:\windows\system32\D.exe
C:\WINDOWS\system32\a5488643.exe
C:\windows\system32\BjgD9.exe
C:\windows\system32\OT.exe
C:\WINDOWS\system32\ACCTRES4.exe
C:\windows\system32\C.exe
C:\WINDOWS\system32\adsldpc1.exe
C:\windows\system32\YYhvOpk.exe
C:\windows\system32\ZCPMiSw.exe
C:\WINDOWS\system32\btwpfm58.exe
C:\windows\system32\UyP.exe
C:\WINDOWS\system32\appmgr13.exe
C:\windows\system32\l2i6B.exe
C:\WINDOWS\system32\advpack3.exe
C:\windows\system32\zY.exe
C:\WINDOWS\system32\alrsvc69.exe
C:\windows\system32\O4.exe
C:\WINDOWS\system32\ativtmxx.exe
C:\windows\system32\d0WLdZ.exe
C:\WINDOWS\system32\appmgmts.exe
C:\WINDOWS\system32\apphelp0.exe
C:\windows\system32\57.exe
C:\WINDOWS\system32\a2460628.exe
C:\windows\system32\UlLqNVsB.exe
C:\WINDOWS\system32\ADSNDS56.exe
C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
C:\windows\system32\1qOj.exe
C:\windows\system32\e.exe
C:\WINDOWS\system32\ACCTRES1.exe
C:\WINDOWS\system32\AHQCpURe.exe
C:\windows\system32\Yz.exe
C:\WINDOWS\system32\AVTAPI90.exe
C:\windows\system32\p5MGRrQuw.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\AVWAV206.exe
C:\windows\system32\GEbDD.exe
C:\WINDOWS\system32\cabinet5.exe
C:\windows\system32\z9qhLySYJ.exe
C:\WINDOWS\system32\adsldp21.exe
C:\windows\system32\B.exe
C:\windows\system32\Gg.exe
C:\windows\system32\v50pT.exe
C:\windows\system32\nFILt9.exe
C:\windows\system32\sye.exe
C:\WINDOWS\system32\piallstyle.exe
C:\WINDOWS\system32\pdhcifce.exe
C:\Program\MSN Messenger\msnmsgr.exe
c:\windows\system32\ynztdv.exe
C:\Program\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\ativtmxx.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\CxtPls\CxtPls.exe
C:\Program\NORTON~1\navw32.exe
C:\Documents and Settings\Janne\Skrivbord\HijackThis.exe
C:\Program\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program\CxtPls\cxtpls.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - C:\WINDOWS\system32\lmf32v.dll
O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program\eSyndicate\esyn.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program\CleanMyPC Popup Blocker\CleanBar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TgrZGg] C:\documents and settings\janne\lokala inställningar\temp\TgrZGg.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\System32\vmss\vmss.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [u] C:\windows\system32\u.exe
O4 - HKLM\..\Run: [UO] C:\windows\system32\UO.exe
O4 - HKLM\..\Run: [962f925ab967] C:\WINDOWS\system32\ati2cqag.exe
O4 - HKLM\..\Run: [p30x5MK] C:\windows\system32\p30x5MK.exe
O4 - HKLM\..\Run: [d4012da5f392] C:\WINDOWS\system32\adsnt453.exe
O4 - HKLM\..\Run: [c2Y3E] C:\windows\system32\c2Y3E.exe
O4 - HKLM\..\Run: [Sv2ClU] C:\windows\system32\Sv2ClU.exe
O4 - HKLM\..\Run: [btwPFm] C:\windows\system32\btwPFm.exe
O4 - HKLM\..\Run: [yXYJ] C:\windows\system32\yXYJ.exe
O4 - HKLM\..\Run: [rgFwkohg] C:\windows\system32\rgFwkohg.exe
O4 - HKLM\..\Run: [aYQS] C:\windows\system32\aYQS.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [GwbIWWe] C:\windows\system32\GwbIWWe.exe
O4 - HKLM\..\Run: [iisver] C:\WINDOWS\system32\iisver.exe
O4 - HKLM\..\Run: [53Idn] C:\windows\system32\53Idn.exe
O4 - HKLM\..\Run: [c83defe92320] C:\WINDOWS\system32\AVWAV069.exe
O4 - HKLM\..\Run: [MFrz3VP] C:\windows\system32\MFrz3VP.exe
O4 - HKLM\..\Run: [7fa4d4cf7972] C:\WINDOWS\system32\atl70795.exe
O4 - HKLM\..\Run: [rUyr] C:\windows\system32\rUyr.exe
O4 - HKLM\..\Run: [e71d5fee4c3d] C:\WINDOWS\system32\bitsprx3.exe
O4 - HKLM\..\Run: [M5UbSL] C:\windows\system32\M5UbSL.exe
O4 - HKLM\..\Run: [e4bcfefd6914] C:\WINDOWS\system32\ati3d2ag.exe
O4 - HKLM\..\Run: [rmP] C:\windows\system32\rmP.exe
O4 - HKLM\..\Run: [QX2hc] C:\windows\system32\QX2hc.exe
O4 - HKLM\..\Run: [199b5f858c62] C:\WINDOWS\system32\AAAAMON9.exe
O4 - HKLM\..\Run: [DOVm45lX] C:\windows\system32\DOVm45lX.exe
O4 - HKLM\..\Run: [8dc45701cfeb] C:\WINDOWS\system32\ati2dvag.exe
O4 - HKLM\..\Run: [WWk] C:\windows\system32\WWk.exe
O4 - HKLM\..\Run: [b38e6f05720b] C:\WINDOWS\system32\browselc.exe
O4 - HKLM\..\Run: [tyTo6Fe5] C:\windows\system32\tyTo6Fe5.exe
O4 - HKLM\..\Run: [771a64c4e2b2] C:\WINDOWS\system32\a3d45595.exe
O4 - HKLM\..\Run: [a] C:\windows\system32\a.exe
O4 - HKLM\..\Run: [cf6ffa3f8362] C:\WINDOWS\system32\btpanui8.exe
O4 - HKLM\..\Run: [Y] C:\windows\system32\Y.exe
O4 - HKLM\..\Run: [8e95fc1f6b4a] C:\WINDOWS\system32\ativcoxx.exe
O4 - HKLM\..\Run: [D] C:\windows\system32\D.exe
O4 - HKLM\..\Run: [e0628f654675] C:\WINDOWS\system32\a5488643.exe
O4 - HKLM\..\Run: [BjgD9] C:\windows\system32\BjgD9.exe
O4 - HKLM\..\Run: [14c50e6ce648] C:\WINDOWS\system32\atitvo32.exe
O4 - HKLM\..\Run: [OT] C:\windows\system32\OT.exe
O4 - HKLM\..\Run: [9c5ec9004d8b] C:\WINDOWS\system32\ACCTRES4.exe
O4 - HKLM\..\Run: [C] C:\windows\system32\C.exe
O4 - HKLM\..\Run: [4be61a4bd709] C:\WINDOWS\system32\adsldpc1.exe
O4 - HKLM\..\Run: [YYhvOpk] C:\windows\system32\YYhvOpk.exe
O4 - HKLM\..\Run: [96ef8ec4c897] C:\WINDOWS\system32\atiiiexx.exe
O4 - HKLM\..\Run: [ZCPMiSw] C:\windows\system32\ZCPMiSw.exe
O4 - HKLM\..\Run: [89c2d9dc8876] C:\WINDOWS\system32\btwpfm58.exe
O4 - HKLM\..\Run: [UyP] C:\windows\system32\UyP.exe
O4 - HKLM\..\Run: [8e4566a9727d] C:\WINDOWS\system32\appmgr13.exe
O4 - HKLM\..\Run: [l2i6B] C:\windows\system32\l2i6B.exe
O4 - HKLM\..\Run: [7bc47fd129de] C:\WINDOWS\system32\advpack3.exe
O4 - HKLM\..\Run: [zY] C:\windows\system32\zY.exe
O4 - HKLM\..\Run: [4e58c5c59f95] C:\WINDOWS\system32\alrsvc69.exe
O4 - HKLM\..\Run: [O4] C:\windows\system32\O4.exe
O4 - HKLM\..\Run: [37af43a57321] C:\WINDOWS\system32\ativtmxx.exe
O4 - HKLM\..\Run: [d0WLdZ] C:\windows\system32\d0WLdZ.exe
O4 - HKLM\..\Run: [31352cb07b8b] C:\WINDOWS\system32\appmgmts.exe
O4 - HKLM\..\Run: [0ce6087997fb] C:\WINDOWS\system32\apphelp0.exe
O4 - HKLM\..\Run: [57] C:\windows\system32\57.exe
O4 - HKLM\..\Run: [c5e2c24d7269] C:\WINDOWS\system32\a2460628.exe
O4 - HKLM\..\Run: [UlLqNVsB] C:\windows\system32\UlLqNVsB.exe
O4 - HKLM\..\Run: [3b294945f0cd] C:\WINDOWS\system32\ADSNDS56.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [1qOj] C:\windows\system32\1qOj.exe
O4 - HKLM\..\Run: [e] C:\windows\system32\e.exe
O4 - HKLM\..\Run: [d8b65963681d] C:\WINDOWS\system32\ACCTRES1.exe
O4 - HKLM\..\Run: [1c0b7fe81208] C:\WINDOWS\system32\AHQCpURe.exe
O4 - HKLM\..\Run: [Yz] C:\windows\system32\Yz.exe
O4 - HKLM\..\Run: [9b8855ff3bea] C:\WINDOWS\system32\AVTAPI90.exe
O4 - HKLM\..\Run: [p5MGRrQuw] C:\windows\system32\p5MGRrQuw.exe
O4 - HKLM\..\Run: [5e53946b323b] C:\WINDOWS\system32\AVWAV206.exe
O4 - HKLM\..\Run: [GEbDD] C:\windows\system32\GEbDD.exe
O4 - HKLM\..\Run: [80977e3b1f14] C:\WINDOWS\system32\cabinet5.exe
O4 - HKLM\..\Run: [z9qhLySYJ] C:\windows\system32\z9qhLySYJ.exe
O4 - HKLM\..\Run: [ebecc7a4cba1] C:\WINDOWS\system32\adsldp21.exe
O4 - HKLM\..\Run: [B] C:\windows\system32\B.exe
O4 - HKLM\..\Run: [Gg] C:\windows\system32\Gg.exe
O4 - HKLM\..\Run: [v50pT] C:\windows\system32\v50pT.exe
O4 - HKLM\..\Run: [nFILt9] C:\windows\system32\nFILt9.exe
O4 - HKLM\..\Run: [sye] C:\windows\system32\sye.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [pFmf3qR] piallstyle.exe
O4 - HKLM\..\Run: [sfqgan] c:\windows\system32\ynztdv.exe
O4 - HKCU\..\Run: [Yo5pRkd4W] pdhcifce.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Adst] C:\Documents and Settings\Janne\Application Data\qqxo??.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\maxspeed.exe (file missing)
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro....er/PROFILER.CAB
O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\WINDOWS\system32\lmf32v.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: IC Login Service (ICLogin) - Unknown owner - C:\WINDOWS\SYSTEM\iclogin1.2.exe" -service (file missing)
O23 - Service: iPod-tjänst (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

Used Trend Micro and found:

It didnt work, 25 minutes and then I lost the cookie....

Used The Cleaner and got:

ABetterInternet
File: c:\windows\bolger.dll
PROBLEM: Could not delete file. Code 15
SOLUTION: Reboot to allow The Cleaner Professional to finish.

Agent
File: c:\windows\system32\drpmon.dll
PROBLEM: Could not delete file. Code 45
SOLUTION: Reboot to allow The Cleaner Professional to finish.

Filename Trojan Action
-------- ------ ------
c:\documents and settings\janne\skrivbord\rÖr ej endast hampus\backups\backup-20050601-214901-501.dll Agent Cleaned (Delete)
c:\documents and settings\janne\skrivbord\rÖr ej endast hampus\backups\backup-20050601-214901-870.dll ABetterInternet Cleaned (Delete)
c:\system volume information\_restore{41231bb5-6a21-4ab4-81d9-dd9912c7f2f3}\rp229\a0049870.dll Envolo Cleaned (Delete)
c:\system volume information\_restore{41231bb5-6a21-4ab4-81d9-dd9912c7f2f3}\rp234\a0051117.dll Envolo Cleaned (Delete)
c:\system volume information\_restore{41231bb5-6a21-4ab4-81d9-dd9912c7f2f3}\rp237\a0055248.dll Apropop Cleaned (Delete)
c:\system volume information\_restore{41231bb5-6a21-4ab4-81d9-dd9912c7f2f3}\rp237\a0055299.dll Apropop Cleaned (Delete)
c:\system volume information\_restore{41231bb5-6a21-4ab4-81d9-dd9912c7f2f3}\rp239\a0057417.dll Apropop Cleaned (Delete)
c:\system volume information\_restore{41231bb5-6a21-4ab4-81d9-dd9912c7f2f3}\rp243\a0060665.exe Agent Cleaned (Delete)
c:\system volume information\_restore{41231bb5-6a21-4ab4-81d9-dd9912c7f2f3}\rp243\a0060666.exe Agent Cleaned (Delete)
c:\system volume information\_restore{41231bb5-6a21-4ab4-81d9-dd9912c7f2f3}\rp243\a0060700.exe Agent Cleaned (Delete)
c:\system volume information\_restore{41231bb5-6a21-4ab4-81d9-dd9912c7f2f3}\rp243\a0060708.exe Agent Cleaned (Delete)
c:\system volume information\_restore{41231bb5-6a21-4ab4-81d9-dd9912c7f2f3}\rp243\a0060709.exe Agent Cleaned (Delete)
c:\system volume information\_restore{41231bb5-6a21-4ab4-81d9-dd9912c7f2f3}\rp243\a0060716.exe Agent Cleaned (Delete)
c:\system volume information\_restore{41231bb5-6a21-4ab4-81d9-dd9912c7f2f3}\rp245\a0062018.exe Pakes Cleaned (Delete)
c:\system volume information\_restore{41231bb5-6a21-4ab4-81d9-dd9912c7f2f3}\rp245\a0062019.exe Pakes Cleaned (Delete)
c:\system volume information\_restore{41231bb5-6a21-4ab4-81d9-dd9912c7f2f3}\rp246\a0062107.dll WinTools Cleaned (Delete)
c:\system volume information\_restore{41231bb5-6a21-4ab4-81d9-dd9912c7f2f3}\rp246\a0062108.exe ABetterInternet Cleaned (Delete)
c:\system volume information\_restore{41231bb5-6a21-4ab4-81d9-dd9912c7f2f3}\rp246\a0062135.dll Agent Cleaned (Delete)
c:\system volume information\_restore{41231bb5-6a21-4ab4-81d9-dd9912c7f2f3}\rp254\a0063496.dll Agent Cleaned (Delete)
c:\system volume information\_restore{41231bb5-6a21-4ab4-81d9-dd9912c7f2f3}\rp254\a0063497.dll ABetterInternet Cleaned (Delete)
c:\windows\abiuninst.htm ABetterInternet Cleaned (Delete)
c:\windows\ac3api.ini ABetterInternet Cleaned (Delete)
c:\windows\bolger.dll ABetterInternet Error
c:\windows\system32\drpmon.dll Agent Error
c:\windows\system32\lmf32v.dll Downldr Cleaned (Delete)
c:\windows\system32\occrnr.exe Pakes Cleaned (Delete)
c:\windows\system32\odpalui.exe Pakes Cleaned (Delete)

What else could I do?

Best regards
/Puritan
  • 0

Advertisements


#2
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Welcome,Puritain :tazz:

Lets see if we can clean you up some before we start on your log

Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

First:
Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Please reboot into safe mode Safe mode(continually tap the F8 key while your system is starting, select Safe Mode from the menu).

Click.....start.....run and type in %temp% delete whats in there thenopen Ewido

:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.**
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")

Edited by loophole, 15 July 2005 - 04:02 PM.

  • 0

#3
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP