Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

What can be removed?

Started by tom0934 , Nov 29 2004 03:58 AM

  • Please log in to reply

#1
tom0934
Posted 29 November 2004 - 03:58 AM

tom0934

    New Member

  • Member
  • Pip
  • 1 posts
Would appreciate help with removal of unnecessary files.
Thanks
Tom

---------------------------------------------------------------------------
Logfile of HijackThis v1.98.2
Scan saved at 10:52:33, on 2004-11-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\Program\Norton Utilities\NPROTECT.EXE
C:\Program\Dantz\Retrospect\retrorun.exe
C:\Program\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\xdservice.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Dantz\RETROS~1\ComboButton.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\Program\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\HighCriteria\PersonalInfoKeeper\pikeeper.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program\GetRight\getright.exe
C:\Program\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
C:\Program\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program\GetRight\getright.exe
c:\Program\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\Program\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\Program\Avant Browser\avant.exe
C:\Program\Adobe\Acrobat 5.0\Acrobat\Acrobat.exe
C:\Program\Delade filer\Adobe\Web\AOM.exe
C:\Program\Microsoft Office\Office\WINPROJ.EXE
C:\Program\Commander\EFCW.EXE
C:\Program\HJT\HIJACK~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program\Copernic Agent\Web\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://se.my.yahoo.c...WQlxPBGv7ZHsA--
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.home.se
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program\GetRight\xx2gr.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll
O2 - BHO: ieCom Class - {C6CEAC32-D45C-11D4-94AF-0050BABD5FD6} - C:\Program\Bookmark Buddy\UrlOrgIE.dll
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\System32\AlxTB1.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program\COPERN~1\COPERN~1.DLL
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O3 - Toolbar: Sök i NE - {ACECC8E8-45A5-41ec-A82A-B3363103E293} - C:\Program\Nationalencyklopedin\NE_sokverktyg_20\NeToolbar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll
O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\System32\SHDOCVW.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [MaxtorCombo] "C:\Program\Dantz\RETROS~1\ComboButton.exe"
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RunPikeeper] C:\Program\HighCriteria\PersonalInfoKeeper\pikeeper.exe -min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [RoboForm] "C:\Program\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Bookmark Buddy.lnk = C:\Program\Bookmark Buddy\BmkBuddy.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program\GetRight\getright.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 3.lnk = C:\Program\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Alexa Web Search - http://client.alexa....ions/search.htm
O8 - Extra context menu item: Anpassa RF menu - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Blockera alla bilder från samma sida - C:\Program\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fyll i formulär &] - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Get Alexa Data - http://client.alexa....ns/sitedata.htm
O8 - Extra context menu item: Lägg till i AD Svartlistan - C:\Program\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Mail to a Friend... - http://client.alexa....ions/mailto.htm
O8 - Extra context menu item: Markera - C:\Program\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program\GetRight\GRbrowse.htm
O8 - Extra context menu item: RF verktygslist &2 - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save to &Xdrive - res://C:\Program\Xdrive\Xdrive Desktop\xdrive.exe/std.html
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: See Related Links - http://client.alexa....ons/related.htm
O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Spara &formulär &[ - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Sök - C:\Program\Avant Browser\Search.htm
O8 - Extra context menu item: Sök i NE - res://C:\Program\Nationalencyklopedin\NE_sokverktyg_20\NeToolbar.dll/NeSearch.html
O8 - Extra context menu item: Translate into English - res://c:\program\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Write a Review... - http://client.alexa....ions/review.htm
O8 - Extra context menu item: Öppna alla länkar på sidan... - C:\Program\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Översätt i NE - res://C:\Program\Nationalencyklopedin\NE_sokverktyg_20\NeToolbar.dll/NeTranslate.html
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program\COPERN~1\COPERN~1.EXE
O9 - Extra button: Fyll i - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fyll i formulär &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Spara - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Spara &formulär &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program\COPERN~1\COPERN~1.EXE
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF verktygslist &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Alexa - {9D74677A-E227-40fb-9511-F7E92EA4083A} - C:\WINDOWS\System32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Alexa Toolbar - {9D74677A-E227-40fb-9511-F7E92EA4083A} - C:\WINDOWS\System32\SHDOCVW.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program\google\google desktop search\googledesktopnetwork1.dll
O12 - Plugin for .bcf: C:\Program\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.home.se
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://www.xdrive.co...stall/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...81/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,19/mcgdmgr.cab
O16 - DPF: {BE9B2B7C-6680-44E6-9F51-05384AD9C2FF} (MapConnect Control) - http://eu.mywayfinde.../MapConnect.ocx
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://hembanken.oe...B/e-Safekey.cab
  • 0

Advertisements

#2
Metallica
Posted 29 November 2004 - 05:32 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
I'm preparing my answer. This will take a few minutes.

Regards,

Pieter
  • 0

#3
Metallica
Posted 29 November 2004 - 05:48 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://se.my.yahoo.c...WQlxPBGv7ZHsA--

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)

O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\System32\AlxTB1.dll

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O8 - Extra context menu item: Get Alexa Data - http://client.alexa....ns/sitedata.htm

O8 - Extra context menu item: Mail to a Friend... - http://client.alexa....ions/mailto.htm

O8 - Extra context menu item: See Related Links - http://client.alexa....ons/related.htm

O8 - Extra context menu item: Write a Review... - http://client.alexa....ions/review.htm

Then reboot.

I had to guess about these:

O3 - Toolbar: Sök i NE - {ACECC8E8-45A5-41ec-A82A-B3363103E293} - C:\Program\Nationalencyklopedin\NE_sokverktyg_20\NeToolbar.dll
http://www.nationale...olbar/index.jsp

O8 - Extra context menu item: Sök i NE - res://C:\Program\Nationalencyklopedin\NE_sokverktyg_20\NeToolbar.dll/NeSearch.html

O8 - Extra context menu item: Översätt i NE - res://C:\Program\Nationalencyklopedin\NE_sokverktyg_20\NeToolbar.dll/NeTranslate.html

and ended up here:
http://www.nationale...olbar/index.jsp

How did I do?

Regards,

Pieter
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP