[Modest_Mouse]

Hello mighty geeks!

My parents have run into some serious trouble on their computer and i´m trying to help them out. Maybe someone can take a look at my log from hijackthis and tell me what to do.
It started out a while ago with the computer just acting weird.
Turn itself off and sometimes not able to start it up properly.
Then they decided to format the harddrive and reinstall windows.
That was a real hassle but now we´re able to start it up at least.
I´ve used Ad-aware to remove the most but still in the next search the program finds some tracking cookies for some weird sites such as z1.adserver.com and other. And with previous experience from these nasty parasites i´m worried it´s not yet fixed.
I´ll post the hijackthis log below for you.
Thanks in advance.
/Mouse


Logfile of HijackThis v1.99.1
Scan saved at 12:51:48, on 2005-09-13
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\exe82.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\WINDOWS\System32\devldr32.exe
C:\Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.babysandra.net/gama.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [0a34] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [elos] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [avoxdbh] C:\WINDOWS\System32\sgjbvmc.exe r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe

[Advertisements]

Hi Modest Mouse, Welcome to GTG !!

I am working on your log. As soon as a GTG Staff Member reviews my fix, I will post it for you.
Thank you for being patient.

[Linkmaster]

Hi Modest Mouse, Welcome to GTG !!

I am working on your log. As soon as a GTG Staff Member reviews my fix, I will post it for you.
Thank you for being patient.

[Linkmaster]

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP.
Without this update, you're wide open to re-infection, and we're both just wasting our time. Click here
Apply the update, reboot, and post a fresh Hijack This log.

Edited by Linkmaster, 17 September 2005 - 02:46 AM.

[Modest_Mouse]

Thanks for the reply Linkmaster.
I´ve been away for a while but now i am back to get this fixed.
Dad updated to SP2 and I guess that would work out as well.
Seems like most of the problem with the computer was the hardware. The sound card was removed and the computer runs as it did before(is that a common problem or was it just a coincident?).
Still it would be great to get rid of this stuff anyway.
Just ran a search with ad-aware and removed the stuff it found.
Is ad-aware ever of any help by the way? Seems like it can´t permanently remove any spyware, *ware that i´ve had trouble with.

Ok here is the new hijackthis log.
Thanks again!
/Modest_Mouse



Logfile of HijackThis v1.99.1
Scan saved at 17:28:56, on 2005-09-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\exe82.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\Program\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O4 - HKLM\..\Run: [0a34] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [elos] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [avoxdbh] C:\WINDOWS\System32\sgjbvmc.exe r
O4 - HKLM\..\Run: [:C=e] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [marg] C:\WINDOWS\exe82.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1126704641296
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

[Linkmaster]

Sorry for the delay. We had to reopen your post !!

Please read completely through the instructions below and download the files from the links provided. You may want to save or print out these instructions for easier reference.

First, download Ewido Security Suite.

Next, download VX2 Cleaner Plug-in. Install vx2cleaner_inst.exe, taking all the defaults

Run Ad-Aware, update to the latest definitions, then click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK", then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.

Reboot your PC and run Ad-Aware again. This time, click on the Start button in Ad-Aware, select "Perform smart system scan" and click Next. Once the scan finishes, click "Next" again. Select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Click "Next" one more time, then "OK" to confirm the removal.

You will be prompted to set Ad-Aware to run on reboot, click "OK". Exit Ad-Aware and restart your PC once again.

When Ad-Aware starts up, click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.

For a final cleanup, please install and run Ewido.
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Please finish up by rebooting your system once more, and posting a new HijackThis log and the log from the Ewido scan.

[Modest_Mouse]

I´ve followed the instructions you gave me.

Here´s the ewido log.
As you can see I wasn´t sure about the first 5 things ewido found.
I probably should have removed them but thought it was best to let you take a look at it.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 17:20:51, 2005-10-03
+ Report-Checksum: 1A40FB04

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Ignored
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Ignored
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Ignored
C:\Documents and Settings\Bengt\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Bengt\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Bengt\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Bengt\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Bengt\Cookies\bengt@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Default User\Lokala inställningar\Temporary Internet Files\Content.IE5\TS5VVNU0\mm81[1].ocx -> TrojanDownloader.VB.ov : Cleaned with backup
C:\Documents and Settings\Default User\Lokala inställningar\Temporary Internet Files\Content.IE5\Z5Y56ALJ\stubinstaller6282[1].exe -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Lisa\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Lisa\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Lisa\Cookies\lisa@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Lisa\Cookies\lisa@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Lisa\Lokala inställningar\Temporary Internet Files\Content.IE5\TS5VVNU0\mm81[1].ocx -> TrojanDownloader.VB.ov : Cleaned with backup
C:\Documents and Settings\Lisa\Lokala inställningar\Temporary Internet Files\Content.IE5\Z5Y56ALJ\stubinstaller6282[1].exe -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Ägaren\Cookies\ä[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Ägaren\Cookies\ä[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Ägaren\Cookies\ägaren@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Ägaren\Cookies\ägaren@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Ägaren\Cookies\ägaren@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Ägaren\Cookies\ägaren@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Ägaren\Cookies\ägaren@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Ägaren\Cookies\ä[email protected][2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Ägaren\Cookies\ä[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Ägaren\Cookies\ägaren@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Ägaren\Cookies\ägaren@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Ägaren\Lokala inställningar\Temporary Internet Files\Content.IE5\TS5VVNU0\mm81[1].ocx -> TrojanDownloader.VB.ov : Cleaned with backup
C:\Documents and Settings\Ägaren\Lokala inställningar\Temporary Internet Files\Content.IE5\Z5Y56ALJ\stubinstaller6282[1].exe -> TrojanDownloader.Small.asf : Cleaned with backup
C:\WINDOWS\Del923.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Temporary Internet Files\Content.IE5\TS5VVNU0\mm81[1].ocx -> TrojanDownloader.VB.ov : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Temporary Internet Files\Content.IE5\Z5Y56ALJ\stubinstaller6282[1].exe -> TrojanDownloader.Small.asf : Cleaned with backup
C:\WINDOWS\system32\nbkohq.exe -> Trojan.Agent.ay : Cleaned with backup


::Report End




Here is the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 17:24:13, on 2005-10-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\Program\Java\jre1.5.0_04\bin\jusched.exe
C:\Program\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Downloads\hijackthis\HijackThis.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1126704641296
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

[Linkmaster]

How is your system running now ??

Congratulations! Your log is CLEAN

Real Time Prevention
SpywareBlaster

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.
IESpyad : This will add several hundred Restricted Sites to the Restricted site zone in IE.

Cleaner:
CCleaner is a good app to clean out temp files, cookies, recent folder(win2000) and Prefetch folder(XP), etc

Spyware Scanners:
Ad-aware SE Scans your system for spyware and other threats
a² Scanner : Scans for Malware and Trojans on your system.

Good Free Antivirus Programs:
AVG
Avast!

Windows Update:
It's also very important to keep your system up to date to avoid unnecessary security risks.
Windows Update

Firewalls:
If you have an "always on " internet connection, such as DSL or Cable, I recommend a firewall:
Sygate
ZoneAlarm

These next steps are optional, but will provide the greatest protection
Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness.

Alternatives Browsers:
FireFox
Opera

Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the HijackThis folder if everything is working okay.

Remember always use just 1 antivirus program at a time. Using more than one causes a conflict between the programs !!

Using these apps, your system will be thoroughly protected from future threats.

Edited by Linkmaster, 04 October 2005 - 09:15 AM.

[Modest_Mouse]

It seems to be working fine now.
Thank you very much for all your help linkmaster.
Think I learned a bit more about this stuff now too.
Maybe you´ll hear from me in this forum section again some time but hopefully not
So good luck fighting the nasty spyware in the future.
/Modest_Mouse

[Linkmaster]

Your very Welcome !! Anytime !!
Im glad everything is working great !

[therock247uk]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.