I've been hoping to get rid of Winfixer on my own, but I'm stuck and need help.
I for sure got WinFixer and all the right symptoms of it. Tried to read different threads but the logs are always a bit different than mine.
I have Norton Antivirus. Have run spybot and adaware. Have also run CCleaner.
Please note I cannot reboot into Safe mode.
Any help will be highly appreciated.
OK here's my log:
Logfile of HijackThis v1.99.1
Scan saved at 22:00:27, on 06.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\BUFFALO\Client Manager 2\bwsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programfiler\Siemens SBT\Insight\Bin\trcsrv.exe
C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\Norman\bin\ZANDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE
C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Programfiler\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Programfiler\D-Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Bluewin\QUICKH~1\SMARTB~1\MotiveSB.exe
C:\Norman\bin\ZLH.EXE
C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Skype\Phone\Skype.exe
C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programfiler\BUFFALO\Client Manager 2\ClientMgr2.exe
C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Programfiler\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Programfiler\Bluewin\Quick Help\bin\mpbtn.exe
C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programfiler\Google\Web Accelerator\googlewebaccclient.exe
C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe
C:\HJ\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Programfiler\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\geeeb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\googlenav.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Programfiler\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programfiler\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Bluewin\QUICKH~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: ClientManager2.lnk = C:\Programfiler\BUFFALO\Client Manager 2\ClientMgr2.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quick Help.lnk = C:\Programfiler\Bluewin\Quick Help\bin\matcli.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Programfiler\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Service Manager.lnk = C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D0CBE69-DAFC-11D3-96D2-0020182E2E27} - http://itanium2.dial...ia4skype083.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: geeeb - C:\WINDOWS\system32\geeeb.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Buffalo Wireless Service (BWSVC) - BUFFALO INC. - C:\Programfiler\BUFFALO\Client Manager 2\bwsvc.exe
O23 - Service: DESIGO INSIGHT Trace Service - Siemens Building Technologies Ltd., Building Automation - C:\Programfiler\Siemens SBT\Insight\Bin\trcsrv.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programfiler\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: MSSQLSERVER - Unknown owner - C:\Programfiler\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: SQLSERVERAGENT - Unknown owner - C:\Programfiler\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE" -i MSSQLSERVER (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programfiler\RealVNC\VNC4\WinVNC4.exe" -service (file missing)