Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Was up with Winfixer. [RESOLVED]

Started by Aaikai , Jul 23 2005 06:40 AM

  • This topic is locked This topic is locked

#1
Aaikai
Posted 23 July 2005 - 06:40 AM

Aaikai

    Member

  • Member
  • PipPip
  • 16 posts
Hey. I got the Winfixer commercial poping up all the time. Have tried Ad-watch, TDS-3, Ewido, CWShredder and Spybot, but nothing has worked. Can somebody please :tazz: me.. Here is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 14:24:06, on 23.07.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\Programfiler\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\gearsec.exe
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\MSN Apps\Updater\01.02.3000.1001\no\msnappau.exe
C:\Programfiler\D-Tools\daemon.exe
C:\Programfiler\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Logitech\MouseWare\system\em_exec.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Alexander Karlsen\Lokale innstillinger\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.creative.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 83.109.242.237:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {39D2FC9B-041C-470E-AE72-F8C001247626} - C:\WINDOWS\REGIST~1\pcdb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.4000.1001\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP-visning - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Programfiler\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.4000.1001\no\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AWMON] "C:\Programfiler\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.sf-anytime.com
O15 - Trusted Zone: *.sf-anytime.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.icanal.no...es/ExentCtl.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O20 - Winlogon Notify: pcdb - C:\WINDOWS\REGIST~1\pcdb.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programfiler\ewido\security suite\ewidoguard.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

Advertisements

#2
Wizard
Posted 23 July 2005 - 04:10 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi Aaikai and Welcome to GeekstoGo!

Since Ad Watch has been activated,it makes this a much stickier situation!

Could I talk you into Uninstalling Ad Aware temporarily and giving me the exact name of a folder?

C:\WINDOWS\REGIST~1\pcdb.dll

If you will do those 2 things and post back,I believe I can fix ya up!
  • 0

#3
Aaikai
Posted 23 July 2005 - 05:10 PM

Aaikai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I have uninstalled Ad-Watch, but I can`t find the folder with that file (pcdb.dll) anywhere
on my computer. But I have two folders in the Windows folder named Registration and
RegisteredPackages, could it be one off them.

Hope you can help me.
  • 0

#4
Wizard
Posted 24 July 2005 - 03:25 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,lets play it Safe!

Because some files are only visible in Safe Mode->Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders,this must be done after restarting in Safe Mode!!
Here is a link to help with that:
http://www.bleepingc...showtutorial=62

Open the Search Assistant(Click Start>>Click Search)
Select All Files and Folders,
Select Advanced Options,
Make sure there is a check by every box under Advanced Options

Now under All Files and Folders,enter this into the text box:

pcdb

and

bdcp

Dont add any extensions to either entry and post back with any returns!
  • 0

#5
Aaikai
Posted 25 July 2005 - 12:40 PM

Aaikai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Here are my founds:

C:\WINDOWS\Registration\pcdb.dll
\bdcp.bak1
\bdcp.bak2
\bdcp.ini
\bdcp.ini2
\bdcp.tmp
  • 0

#6
Wizard
Posted 25 July 2005 - 01:09 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Nice Information,Thank You So Much!

Download the Attached Zip Folder-> Unzip it to the Desktop but dont run it until I ask please!

Download Pocket KillBox from here:
http://www.bleepingc...les/killbox.php
There is a Direct Download and a description of what the Program does inside this link.

Download this NOD32 removal tool
http://www.nod32.it/...pl?tool=AgentCS

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam


Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

O2 - BHO: MSEvents Object - {39D2FC9B-041C-470E-AE72-F8C001247626} - C:\WINDOWS\REGIST~1\pcdb.dll

O20 - Winlogon Notify: pcdb - C:\WINDOWS\REGIST~1\pcdb.dll

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!


Locate the file I had you download and Double Click on Rem.reg to execute it-> Allow it to merge into the Registry!


Open Pocket Killbox-> Copy&Paste each entries below into Killboxes "Full Path of File to Delete"

C:\WINDOWS\Registration\pcdb.dll
C:\WINDOWS\Registration\pcdb.bak1
C:\WINDOWS\Registration\pcdb.bak2
C:\WINDOWS\Registration\pcdb.ini
C:\WINDOWS\Registration\pcdb.ini2
C:\WINDOWS\Registration\pcdb.tmp
C:\WINDOWS\Registration\bdcp.bak1
C:\WINDOWS\Registration\bdcp.bak2
C:\WINDOWS\Registration\bdcp.ini
C:\WINDOWS\Registration\bdcp.ini2
C:\WINDOWS\Registration\bdcp.tmp

As you Paste each into Killbox,place a tick by any of these selections available

"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"

Click the Red Circle with the White X in the Middle to Delete!


Open the Removal Tool From NOD32

Now Double Click on "AGCSCLEAN.exe" to open it-> Click on "Run System Check" and let it Roll!

It Should Restart the System Automatically!

If it Doesnt,Restart Manually!


Once Restarted,have the PC scanned here
http://www.pandasoft...n_principal.htm

Save the Reprt from the Online Scan!


Post back with a fresh HijackThis log and the report from Panda!

Attached Files

  • Attached File  Rem.zip   452bytes   245 downloads

Edited by Cretemonster, 25 July 2005 - 01:09 PM.

  • 0

#7
Aaikai
Posted 25 July 2005 - 02:27 PM

Aaikai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I tried to do the thing you had written me to do and it all worked fine untill I was supposed to delete all the PCDB files. I got these messanges "No file access" and "Couldn`t delete file" on the pcdb.dll. And on the pcdb.bak1 file it couldn`t find it. What to do? :tazz:
  • 0

#8
Wizard
Posted 25 July 2005 - 02:44 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Go ahead with the directions and when you reboot run that file through Killbox again!
  • 0

#9
Aaikai
Posted 25 July 2005 - 05:16 PM

Aaikai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I could delete these now:
C:\WINDOWS\Registration\bdcp.bak1
C:\WINDOWS\Registration\bdcp.bak2
C:\WINDOWS\Registration\bdcp.ini
C:\WINDOWS\Registration\bdcp.ini2
C:\WINDOWS\Registration\bdcp.tmp

But these ones dosen`t exist according to Killbox:
C:\WINDOWS\Registration\pcdb.bak1
C:\WINDOWS\Registration\pcdb.bak2
C:\WINDOWS\Registration\pcdb.ini
C:\WINDOWS\Registration\pcdb.ini2
C:\WINDOWS\Registration\pcdb.tmp

And this one is there a file access message when I try, and couldn`t be deleted according to Killbox even after i rebooted:
C:\WINDOWS\Registration\pcdb.dll
  • 0

#10
Wizard
Posted 25 July 2005 - 05:19 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
In Killbox,Select Delete on Reboot and see if that doesnt get it!
  • 0

Advertisements

#11
Aaikai
Posted 25 July 2005 - 05:40 PM

Aaikai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Nope it didn`t get it. But now these files appered:
file:///C:/WINDOWS/Registration/bdcp.tmp
file:///C:/WINDOWS/Registration/bdcp.tmp2
  • 0

#12
Aaikai
Posted 25 July 2005 - 05:41 PM

Aaikai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Nope it didn`t get it. But now these files appered:
file:///C:/WINDOWS/Registration/bdcp.tmp
file:///C:/WINDOWS/Registration/bdcp.tmp2


Sorry about the double post. Don`t know how it happened

Edited by Aaikai, 25 July 2005 - 06:05 PM.

  • 0

#13
Wizard
Posted 26 July 2005 - 12:40 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Please download Process Explorer by Systernals from Here


Get that Reg file handy also!

Restart in Safe Mode!

Unzip Process Explorer and double click on procexp.exe

Once Process Explorer is Open-> Double Click on "explorer.exe" and then click the "Threads" Tab-> Locate any Instances of

pcdb.dll
pcdb.bak1
pcdb.bak2
pcdb.ini
pcdb.ini2
pcdb.tmp
pcdb.tmp1
pcdb.tmp2
bdcp.bak1
bdcp.bak2
bdcp.ini
bdcp.ini2
bdcp.tmp
bdcp.tmp1
bdcp.tmp2

When you see any of these-> Click on the entry once and then click the "KILL" button!

Once any of those are killed-> Follow the exact same process for "Winlogon.exe"!

Double Click on "Winlogon.exe" and then click the "Threads" Tab-> Locate any Instances of

pcdb.dll
pcdb.bak1
pcdb.bak2
pcdb.ini
pcdb.ini2
pcdb.tmp
pcdb.tmp1
pcdb.tmp2
bdcp.bak1
bdcp.bak2
bdcp.ini
bdcp.ini2
bdcp.tmp
bdcp.tmp1
bdcp.tmp2

When you see any of these-> Click on the entry once and then click the "KILL" button!

Once any of those are Killed-> Go back to "Winlogon.exe" and "Right Click" that process and Select "Suspend"-> Leave Process Explorer Open!

Open HijackThis and Fix these

O2 - BHO: MSEvents Object - {39D2FC9B-041C-470E-AE72-F8C001247626} - C:\WINDOWS\REGIST~1\pcdb.dll

O20 - Winlogon Notify: pcdb - C:\WINDOWS\REGIST~1\pcdb.dll

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!

Now Locate that Reg File and Double Click it to execute-> Allow it to Merge into the Registry!


Open Pocket Killbox-> Copy&Paste each entries below into Killboxes "Full Path of File to Delete"

C:\WINDOWS\Registration\pcdb.dll
C:\WINDOWS\Registration\pcdb.bak1
C:\WINDOWS\Registration\pcdb.bak2
C:\WINDOWS\Registration\pcdb.ini
C:\WINDOWS\Registration\pcdb.ini2
C:\WINDOWS\Registration\pcdb.tmp
C:\WINDOWS\Registration\pcdb.tmp1
C:\WINDOWS\Registration\pcdb.tmp2
C:\WINDOWS\Registration\bdcp.bak1
C:\WINDOWS\Registration\bdcp.bak2
C:\WINDOWS\Registration\bdcp.ini
C:\WINDOWS\Registration\bdcp.ini2
C:\WINDOWS\Registration\bdcp.tmp
C:\WINDOWS\Registration\bdcp.tmp1
C:\WINDOWS\Registration\bdcp.tmp2

As you Paste each into Killbox-> place a tick by

"Delete on Reboot"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"

Click the Red Circle with the White X in the Middle to Delete!

When the prompts come up-> Click

"YES" to comfirm Delete

"NO" to Reboot now

Once you have entered the last file-> Click

"YES" to comfirm Delete

"YES" to Reboot now

If you get a PendingFileRenameOperations Registry Data has been Removed by External Process! message then just restart manually.


Once Completed-> Post a fresh HijackThis log and lets have a look!
  • 0

#14
Aaikai
Posted 26 July 2005 - 07:41 AM

Aaikai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I don`t know if it worked because I had some trouble with Killbox but here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 15:35:42, on 26.07.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\Programfiler\ewido\security suite\ewidoguard.exe
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\D-Tools\daemon.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\MSN Apps\Updater\01.02.3000.1001\no\msnappau.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Documents and Settings\Alexander Karlsen\Lokale innstillinger\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.creative.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 83.109.242.237:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {39D2FC9B-041C-470E-AE72-F8C001247626} - C:\WINDOWS\REGIST~1\pcdb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.4000.1001\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP-visning - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Programfiler\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.4000.1001\no\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AWMON] "C:\Programfiler\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.mtve.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.sf-anytime.com
O15 - Trusted Zone: *.sf-anytime.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.icanal.no...es/ExentCtl.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O20 - Winlogon Notify: pcdb - C:\WINDOWS\REGIST~1\pcdb.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programfiler\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#15
Wizard
Posted 27 July 2005 - 05:12 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
AHHHHHHHHHHHHHHH!

Frigin Ad Watch!!!!!!!!!!!!!!

Disable Ad Watch or Uninstall Ad Aware!

Once thats done!

Fix these with HijackThis

O2 - BHO: MSEvents Object - {39D2FC9B-041C-470E-AE72-F8C001247626} - C:\WINDOWS\REGIST~1\pcdb.dll

O20 - Winlogon Notify: pcdb - C:\WINDOWS\REGIST~1\pcdb.dll

All Windows and Browsers Closed and Click "Fix Checked"

Are you getting the WinFixer PopUps anymore?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP