Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware? Winfix...

Started by Pierre1981 , Sep 25 2005 10:58 AM

  • Please log in to reply

#1
Pierre1981
Posted 25 September 2005 - 10:58 AM

Pierre1981

    Member

  • Member
  • PipPip
  • 11 posts
Hallo all,
A week ago or something my computer started acting wired. I have a laptop and I have always closed the lid so that it goes into waiting-mode that don´t work anymore. The computer goes into waiting-mode but start it self up a few seconds later.
The computer runs and starts up slower then usual.
And last but not least I get these popups for Winfix. :tazz:

I have checked if there are any programmes installed that I haven´t installed, but I can´t see any.

I have read trough your page and I have read your different guids on how too remove Winfix, but I don´t understand anything. I have never heard of HiJackThis or any other programmes that you guys mentions.

I have Norton Antivirus 2004 Pro and Microsoft Antispyware installed on my computer now.

So if you guys could help me please regard me as a super noob. :)

Btw; Im from Sweden so excuse my poor English.
  • 0

Advertisements

#2
tampabelle
Posted 25 September 2005 - 11:13 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
We'll need you to use a free diagnostic tool, Hijack This. Follow the instructions in step five of this guide, and reply here with your log.

Most of what Hijack This lists lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.

Edited by tampabelle, 25 September 2005 - 11:13 AM.

  • 0

#3
Pierre1981
Posted 25 September 2005 - 03:37 PM

Pierre1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanx for the reply tampabelle
I have now done a scan with the HiJackThis tool, here it is.

Logfile of HijackThis v1.99.1
Scan saved at 23:33:24, on 2005-09-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\D-Tools\daemon.exe
C:\Program\Delade filer\PCSuite\DataLayer\DataLayer.exe
C:\Program\Delade filer\Nokia\Tools\NclTray.exe
C:\Program\Microsoft IntelliPoint\point32.exe
C:\Program\Microsoft AntiSpyware\gcasServ.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Dell\Bluetooth Software\BTTray.exe
C:\Program\Digital Line Detect\DLG.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program\Dell\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pierre\Skrivbord\Portfölj\Ny mapp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.discshop.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.discshop.se/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = login1.telia.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\system32\nnnmn.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Verktygslåda - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar\01.01.1601.0\sv\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DataLayer] C:\Program\Delade filer\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program\Delade filer\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [JVM0.14] C:\WINDOWS\system32\ibbh.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\system32\vijq.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\Program\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: nnnmn - C:\WINDOWS\system32\nnnmn.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
  • 0

#4
tampabelle
Posted 25 September 2005 - 04:49 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning and a list of forums to seek help at.
    it should look like this

    VundoFix V2.1 by Atri
    By pressing enter you agree that you are using this at your own risk
    Please seek assistance at one of the following forums:
    http://www.atribune.org/forums
    http://www.247fixes.com/forums
    http://www.geekstogo.com/forum
    http://forums.net-integration.net

  • At this point press enter one time.
  • Next you will see:

    Type in the filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.

  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\nnnmn.dll
  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • Next you will see:

    Please type in the second filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.

  • At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\nmnnn.*
  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • The fix will run then HijackThis will open.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\system32\nnnmn.dll
    O4 - HKLM\..\Run: [JVM0.14] C:\WINDOWS\system32\ibbh.exe
    O4 - HKLM\..\Run: [Services] C:\WINDOWS\system32\vijq.exe
    O20 - Winlogon Notify: nnnmn - C:\WINDOWS\system32\nnnmn.dll
  • After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
  • Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
  • Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
  • 0

#5
Pierre1981
Posted 25 September 2005 - 09:23 PM

Pierre1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ok, thanx!
But when should I put back the computer in normal mode? :tazz:
  • 0

#6
tampabelle
Posted 26 September 2005 - 07:32 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts

  • After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
  • Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
  • Once your machine reboots please continue with the instructions below.
Download and install  CleanUp!

View Post



If you see the fix, this portion talks about rebooting the PC. At this time you are supposed to reboot the PC in Normal Mode.

Please install and run Clean Up, do a scan at Panda and then post back the logs requested.
  • 0

#7
Pierre1981
Posted 26 September 2005 - 10:27 AM

Pierre1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ActiveScan
Detected Disinfected
Virus 0 0
Spyware 1 0
Hacking Tools 0 0
Dialers 0 0
Security Risks 0 0
Suspicious files 0 0

Vundofix

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Suspending PID 392 'smss.exe'
Threads [396][400][404]

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1644 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1876 'rundll32.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 488 'winlogon.exe'
Killing PID 488 'winlogon.exe'
Killing PID 488 'winlogon.exe'
Killing PID 488 'winlogon.exe'
Killing PID 488 'winlogon.exe'
File Deleted sucessfully.
Files Deleted sucessfully.

HiJack This
Logfile of HijackThis v1.99.1
Scan saved at 19:27:17, on 2005-09-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\D-Tools\daemon.exe
C:\Program\Delade filer\PCSuite\DataLayer\DataLayer.exe
C:\Program\Delade filer\Nokia\Tools\NclTray.exe
C:\Program\Microsoft IntelliPoint\point32.exe
C:\Program\Microsoft AntiSpyware\gcasServ.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\QuickTime\qttask.exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Dell\Bluetooth Software\BTTray.exe
C:\Program\Digital Line Detect\DLG.exe
C:\Program\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program\Dell\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pierre\Skrivbord\Portfölj\Ny mapp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.discshop.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.discshop.se/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = login1.telia.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Verktygslåda - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar\01.01.1601.0\sv\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DataLayer] C:\Program\Delade filer\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program\Delade filer\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\Program\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
  • 0

#8
tampabelle
Posted 26 September 2005 - 11:13 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Great !!!!

Your logs are clean.

Do you have any issues with your PC ????
  • 0

#9
Pierre1981
Posted 26 September 2005 - 01:40 PM

Pierre1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
No, I think it´s ok now?

Thanks for the help tampabelle :tazz:
  • 0

#10
tampabelle
Posted 26 September 2005 - 03:11 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi,


CONGRATULATIONS !!!!!!!!!!! Your PC is clean now :tazz:



I would recommend the following steps to keep your PC clean (especially Step 1 to install critical Windows patches including Service Pack 2 or SP2 if not already installed and Step 8 now that your PC is clean) –

PREVENTIVE MEASURES FOR FUTURE

Operating System
1. Keep the Windows and Internet Explorer updated with the latest fixes. These fixes are available free from Microsoft. Click on Tools in the IE menu bar and then on Windows update. You can also use the following links

Windows security and critical updates
Internet Explorer security and critical updates

Also ensure that automatic updates are enabled for faster updation of the system.
(Right click on My Computer on your desktop, properties and Automatic Updates tab.


Anti-Virus Software
2. Keep your Anti-virus program updated with the latest definitions. Some of the common anti-virus programs in use are :

Norton Anti-Virus
McAfee Anti-Virus
AVG Anti-Virus --- freeware
Avast Home Edition --- freeware

Use only one anti-virus program as multiple such programs can create conflicts between themselves and severely hamper the performance of your PC.


Firewall
3. You should also have a good firewall. Here are 3 free ones available for personal use:
Sygate Personal Firewall, Kerio Personal Firewall, ZoneAlarm


Internet Browsers
4. Have robust explorer settings. It is preferable to use an internet browser other that IE as most of the malware is targetted at IE. In case you prefer to use IE, then download a list of innocent looking but harmful websites from IE-Spyad and install it on ur PC. IE-SPYAD puts over 5000 sites in your internet explorer's restricted zone, so you'll be protected when you visit innocent-looking sites that aren't really innocent at all.

Some alternate browsers I suggest are Firefox Mozilla Browser and Opera

Ensure that Security level, irrespective of whichever browser you use, is set at Medium or higher, restrict the usage of cookies and activeX components.


Spyware Protection
5. Have a wall of protection against spyware / adware by installing SpywareBlaster and SpywareGuard.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs.
SpywareBlaster will prevent spyware from being installed and consumes no system resources.
SpywareGuard offers realtime protection from spyware installation and browser hijack attempts. Both have free ongoing updates.


Spyware Removers
6. Install programs for scanning for malware and uninstalling them. Two of the best programs, both are freeware, are :

Spybot Search & Destroy - A powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

AdAware SE Personal Edition - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.


Regular Maintenance of PC
7. Finally, invest some time for regular maintenance of your PC. Delete the temporary Internet files, temporary files, cookies etc. Click on Start button, Programs, Accessories, System Tools and run the program Disk Cleanup. Follow the instructions.

An alternate freeware software which can be used is CleanUp.

Keep your Registry clean. My favourite software is Registry First Aid. This is not a freeware but a trial version can be downloaded.


System Restore Points
8. Since your PC is currently clean, create a system restore point. A system restore would enable you to revert to the settings on the PC when the restore point was created. It is also a good idea to flush all earlier system restore points which may be containing infected files.

A. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

B. Restart your computer.

C. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

System Restore will now be active again.


Go ahead and enjoy a clean PC !!!!!!!!!!!!!
  • 0

Advertisements

#11
Pierre1981
Posted 26 September 2005 - 04:49 PM

Pierre1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi tampabelle,
I have done step 1 & 8 and downloded an installed SpywareBlaster, SpywareGuard and Spybot Search & Destroy.
Now on later point I think the computer is running a bit slower then usuall, before I got infected with malware that is :tazz: .

I did an new HijackThis logg. Maybe you can see if there are anything left. Or maybe you got any proposal on how too make it faster? It´s kind of slow in startup and opening new windows.

Logfile of HijackThis v1.99.1
Scan saved at 01:38:27, on 2005-09-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\D-Tools\daemon.exe
C:\Program\Delade filer\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Nokia\Tools\NclTray.exe
C:\Program\Microsoft IntelliPoint\point32.exe
C:\Program\Microsoft AntiSpyware\gcasServ.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
C:\Program\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Dell\Bluetooth Software\BTTray.exe
C:\Program\Digital Line Detect\DLG.exe
C:\Program\Dell\BLUETO~1\BTSTAC~1.EXE
C:\Program\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pierre\Skrivbord\Portfölj\Ny mapp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.discshop.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.discshop.se/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = login1.telia.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Verktygslåda - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar\01.01.1601.0\sv\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DataLayer] C:\Program\Delade filer\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program\Delade filer\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\Program\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

Edited by Pierre1981, 26 September 2005 - 05:00 PM.

  • 0

#12
tampabelle
Posted 27 September 2005 - 08:09 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Run Hijack This and click on scan. The following items need to be fixed -

O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Advanced Tools Check] C:\Program\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

This will not delete the programs from your PC. This will only disable the programs from running at Start up and result in a faster PC. You can always run the programs manually by using the respective exe files or the shortcuts.


Reboot the PC in Safe Mode.


Run disk defragmentor. Click on Start ---> Programs ---> Accessories ---> System Tools ---> Disk Defragmentor.

Reboot the PC in Normal Mode.

Let me know if that speeds up your PC.
  • 0

#13
Pierre1981
Posted 27 September 2005 - 06:54 PM

Pierre1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OMG!! What time it took for the Disk Defragmentor to finish.

I think it´s running better now. Can´t tell right now because it´s been on for about 7 hours straight or so. Laptops really sucks at that point!

I done a new HijackThis logg so that you can see if I did everything right. I think I did... Or if it´s anything else you want me to do.


Logfile of HijackThis v1.99.1
Scan saved at 02:39:46, on 2005-09-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe
C:\Program\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\D-Tools\daemon.exe
C:\Program\Delade filer\PCSuite\DataLayer\DataLayer.exe
C:\Program\Delade filer\Nokia\Tools\NclTray.exe
C:\Program\Microsoft IntelliPoint\point32.exe
C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
C:\Program\Microsoft AntiSpyware\gcasServ.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Dell\Bluetooth Software\BTTray.exe
C:\Program\SpywareGuard\sgmain.exe
C:\Program\SpywareGuard\sgbhp.exe
C:\Program\Dell\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Pierre\Skrivbord\Portfölj\Ny mapp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.discshop.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.discshop.se/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = login1.telia.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Verktygslåda - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar\01.01.1601.0\sv\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DataLayer] C:\Program\Delade filer\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program\Delade filer\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program\SpywareGuard\sgmain.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe




PS
Thanks for all your help tampabelle! Really appreciate that there a people on the net that can help with these kind of problems. :tazz:
  • 0

#14
tampabelle
Posted 28 September 2005 - 06:47 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi,



CONGRATULATIONS !!!!!!!!!!! Your PC is clean now :tazz:



I would recommend the following steps to keep your PC clean (especially Step 1 to install critical Windows patches including Service Pack 2 or SP2 if not already installed and Step 8 now that your PC is clean) –

PREVENTIVE MEASURES FOR FUTURE

Operating System
1. Keep the Windows and Internet Explorer updated with the latest fixes. These fixes are available free from Microsoft. Click on Tools in the IE menu bar and then on Windows update. You can also use the following links

Windows security and critical updates
Internet Explorer security and critical updates

Also ensure that automatic updates are enabled for faster updation of the system.
(Right click on My Computer on your desktop, properties and Automatic Updates tab.


Anti-Virus Software
2. Keep your Anti-virus program updated with the latest definitions. Some of the common anti-virus programs in use are :

Norton Anti-Virus
McAfee Anti-Virus
AVG Anti-Virus --- freeware
Avast Home Edition --- freeware

Use only one anti-virus program as multiple such programs can create conflicts between themselves and severely hamper the performance of your PC.


Firewall
3. You should also have a good firewall. Here are 3 free ones available for personal use:
Sygate Personal Firewall, Kerio Personal Firewall, ZoneAlarm


Internet Browsers
4. Have robust explorer settings. It is preferable to use an internet browser other that IE as most of the malware is targetted at IE. In case you prefer to use IE, then download a list of innocent looking but harmful websites from IE-Spyad and install it on ur PC. IE-SPYAD puts over 5000 sites in your internet explorer's restricted zone, so you'll be protected when you visit innocent-looking sites that aren't really innocent at all.

Some alternate browsers I suggest are Firefox Mozilla Browser and Opera

Ensure that Security level, irrespective of whichever browser you use, is set at Medium or higher, restrict the usage of cookies and activeX components.


Spyware Protection
5. Have a wall of protection against spyware / adware by installing SpywareBlaster and SpywareGuard.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs.
SpywareBlaster will prevent spyware from being installed and consumes no system resources.
SpywareGuard offers realtime protection from spyware installation and browser hijack attempts. Both have free ongoing updates.


Spyware Removers
6. Install programs for scanning for malware and uninstalling them. Two of the best programs, both are freeware, are :

Spybot Search & Destroy - A powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

AdAware SE Personal Edition - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.


Regular Maintenance of PC
7. Finally, invest some time for regular maintenance of your PC. Delete the temporary Internet files, temporary files, cookies etc. Click on Start button, Programs, Accessories, System Tools and run the program Disk Cleanup. Follow the instructions.

An alternate freeware software which can be used is CleanUp.

Keep your Registry clean. My favourite software is Registry First Aid. This is not a freeware but a trial version can be downloaded.


System Restore Points
8. Since your PC is currently clean, create a system restore point. A system restore would enable you to revert to the settings on the PC when the restore point was created. It is also a good idea to flush all earlier system restore points which may be containing infected files.

A. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

B. Restart your computer.

C. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

System Restore will now be active again.


Go ahead and enjoy a clean PC !!!!!!!!!!!!!
  • 0

#15
Pierre1981
Posted 29 September 2005 - 01:06 PM

Pierre1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I think it running fine now. But too be shure I will post a new HijackThis logg.

I need too have O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\Quickset.exe open, because that shows me the volume.

Logfile of HijackThis v1.99.1
Scan saved at 21:04:55, on 2005-09-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\D-Tools\daemon.exe
C:\Program\Delade filer\PCSuite\DataLayer\DataLayer.exe
C:\Program\Delade filer\Nokia\Tools\NclTray.exe
C:\Program\Microsoft IntelliPoint\point32.exe
C:\Program\Microsoft AntiSpyware\gcasServ.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Dell\QuickSet\Quickset.exe
C:\Program\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program\Norton AntiVirus\SAVScan.exe
C:\Program\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
C:\Program\Dell\Bluetooth Software\BTTray.exe
C:\Program\SpywareGuard\sgmain.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Dell\BLUETO~1\BTSTAC~1.EXE
C:\Program\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pierre\Skrivbord\Portfölj\Ny mapp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.discshop.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.discshop.se/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = login1.telia.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Verktygslåda - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar\01.01.1601.0\sv\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DataLayer] C:\Program\Delade filer\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program\Delade filer\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\Quickset.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program\SpywareGuard\sgmain.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP