Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

winfix problems [RESOLVED]


  • This topic is locked This topic is locked

#1
cdq

cdq

    Member

  • Member
  • PipPip
  • 10 posts
Hi.

I'm trying to remove winfix from my machine and thus posting my hijack this log as the last step in this process. I've followed the instructions on http://www.geekstogo...?showtopic=2852, and would like to have my hijackthis log examined as the last mean to remove the spyware.

The hijack this log is as follows

Logfile of HijackThis v1.99.1
Scan saved at 23:13:38, on 09.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Norton Internet Security\ISSVC.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Apoint\Apoint.exe
C:\Programfiler\Apoint\Apntex.exe
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe
C:\Programfiler\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
C:\Programfiler\Digital Line Detect\DLG.exe
C:\Programfiler\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Temp\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TalMgr Class - {70230839-555C-4862-8D42-BB1E2352502C} - C:\WINDOWS\system32\italnrwd.dll (file missing)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NI.UWFX5] "C:\Documents and Settings\Thomas\Lokale innstillinger\Temporary Internet Files\Content.IE5\7HNT71C7\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programfiler\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CMSystem] "C:\Programfiler\CMSystem\CMSystem.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SonicWALL Global VPN Client.lnk = C:\Programfiler\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...earch.html?p=ZN
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127174054640
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programfiler\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Programfiler\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

Regards Chris
  • 0

Advertisements


#2
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi cdq and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. Please DELETE your current HJT program from its present location.

2. Download and run the following HijackThis autoinstall program from Here . Please choose the default location of C:\Program Files\ as the destination. HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!
  • Run HijackThis
  • Click SCAN and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')
  • POST the log into this thread using 'Add Reply' (Ctrl-V to 'paste')

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER


Regards,

Trevuren

  • 0

#3
cdq

cdq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi again, I followed your instructions from your post and here is the logfile after running hijackthis from program files/hijackthis. As previous mentioned, my intention is to have this log reviewed, as everybody else I guess :-) .

Logfile of HijackThis v1.99.1
Scan saved at 20:18:17, on 10.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Norton Internet Security\ISSVC.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\Programfiler\ewido\security suite\ewidoguard.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Programfiler\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe
C:\Programfiler\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
C:\Programfiler\Apoint\Apntex.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Digital Line Detect\DLG.exe
C:\Programfiler\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
C:\Programfiler\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
C:\Programfiler\Opera\Opera.exe
C:\WINDOWS\system32\cmd.exe
C:\Programfiler\Opera\Opera.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TalMgr Class - {70230839-555C-4862-8D42-BB1E2352502C} - C:\WINDOWS\system32\italnrwd.dll (file missing)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NI.UWFX5] "C:\Documents and Settings\Thomas\Lokale innstillinger\Temporary Internet Files\Content.IE5\7HNT71C7\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programfiler\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CMSystem] "C:\Programfiler\CMSystem\CMSystem.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SonicWALL Global VPN Client.lnk = C:\Programfiler\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...earch.html?p=ZN
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127174054640
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programfiler\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Programfiler\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

Regards Chris
  • 0

#4
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
  • First we need to make all files and folders VISIBLE:
    • Go to start>control panel>folder options>view (tab)
    • Choose to "show hidden files and folders,"
    • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
    • Close the window with ok
  • Please RUN HijackThis.
    . Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    O2 - BHO: TalMgr Class - {70230839-555C-4862-8D42-BB1E2352502C} - C:\WINDOWS\system32\italnrwd.dll (file missing)
    O4 - HKLM\..\Run: [NI.UWFX5] "C:\Documents and Settings\Thomas\Lokale innstillinger\Temporary Internet Files\Content.IE5\7HNT71C7\WinFixer2005ScannerInstall[1].exe"
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [CMSystem] "C:\Programfiler\CMSystem\CMSystem.exe"
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsear...earch.html?p=ZN
    O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no file)


  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

  • Reboot Your System in Safe Mode

    How to use the F8 method to Start Your Computer in Safe Mode

    • Restart the computer.
    • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
    • Use the arrow keys to select the Safe mode menu item
    • Press Enter.
  • Using Windows Explorer, locate the following files/folders, and DELETE them (if they are present):

    C:\Documents and Settings\Thomas\Lokale innstillinger\Temporary Internet Files\Content.IE5\7HNT71C7\WinFixer2005ScannerInstall[1].exe
    C:\PROGRAM FILES\MYWEBS~1
    C:\Programfiler\CMSystem<==Folder

  • Exit Explorer, and REBOOT BACK INTO NORMAL MODE

  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.
Regards,

Trevuren

  • 0

#5
cdq

cdq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Trevuren

Here is my log file after having followed your previous instructions. I did, however, not find any of the items you listed when I started up in safe mode. But you mentioned it was a possibility that this migth occur.

Logfile of HijackThis v1.99.1
Scan saved at 22:16:09, on 10.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Norton Internet Security\ISSVC.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\Programfiler\ewido\security suite\ewidoguard.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programfiler\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe
C:\Programfiler\Apoint\Apntex.exe
C:\Programfiler\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
C:\Programfiler\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
C:\Programfiler\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NI.UWFX5] "C:\Documents and Settings\Thomas\Lokale innstillinger\Temporary Internet Files\Content.IE5\7HNT71C7\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [THGuard] "C:\Programfiler\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SonicWALL Global VPN Client.lnk = C:\Programfiler\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
O8 - Extra context menu item: &Google Search - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127174054640
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programfiler\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Programfiler\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

Regards Chris
  • 0

#6
cdq

cdq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi, don't know if you want it but here is the startup log as well

StartupList report, 10.10.2005, 22:24:12
StartupList version: 1.52.2
Started from : C:\Programfiler\Hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Norton Internet Security\ISSVC.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\Programfiler\ewido\security suite\ewidoguard.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Programfiler\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe
C:\Programfiler\Apoint\Apntex.exe
C:\Programfiler\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
C:\Programfiler\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
C:\Programfiler\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
C:\Programfiler\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programfiler\Opera\Opera.exe
C:\Programfiler\Messenger\msmsgs.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Thomas\Start-meny\Programmer\Oppstart]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart]
Adobe Gamma Loader.exe.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
Digital Line Detect.lnk = ?
SonicWALL Global VPN Client.lnk = C:\Programfiler\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Apoint = C:\Programfiler\Apoint\Apoint.exe
IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
SunJavaUpdateSched = C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
(Default) =
IntelWireless = C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
DVDLauncher = "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"
ccApp = "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
ISUSPM Startup = C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler = "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
DMXLauncher = C:\Programfiler\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
NeroCheck = C:\WINDOWS\system32\NeroCheck.exe
UpdateManager = "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
iTunesHelper = "C:\Programfiler\iTunes\iTunesHelper.exe"
QuickTime Task = "C:\Programfiler\QuickTime\qttask.exe" -atboottime
NI.UWFX5 = "C:\Documents and Settings\Thomas\Lokale innstillinger\Temporary Internet Files\Content.IE5\7HNT71C7\WinFixer2005ScannerInstall[1].exe"
THGuard = "C:\Programfiler\TrojanHunter 4.2\THGuard.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
SpybotSD TeaTimer = C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser

[{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
StubPath = rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\ssstars.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registerredigering'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
Norton Internet Security - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
NAV Helper - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Ad-Aware SE Personal.job
Norton AntiVirus - Søk på min datamaskin - Thomas.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\Programfiler\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com...ex/qtplugin.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....k/?linkid=39204

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.micros...b?1127174054640

[Java Plug-in 1.4.2_03]
InProcServer32 = C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pDownloader.cab

[Java Plug-in 1.4.2_03]
InProcServer32 = C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\System32\nwprovau.dll
NameSpace #5: C:\WINDOWS\system32\pnrpnsp.dll
NameSpace #6: C:\WINDOWS\system32\pnrpnsp.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
Protocol #24: C:\WINDOWS\system32\mswsock.dll
Protocol #25: C:\WINDOWS\system32\mswsock.dll
Protocol #26: C:\WINDOWS\system32\mswsock.dll
Protocol #27: C:\WINDOWS\system32\mswsock.dll
Protocol #28: C:\WINDOWS\system32\mswsock.dll
Protocol #29: C:\WINDOWS\system32\mswsock.dll
Protocol #30: C:\WINDOWS\system32\mswsock.dll
Protocol #31: C:\WINDOWS\system32\mswsock.dll
Protocol #32: C:\WINDOWS\system32\mswsock.dll
Protocol #33: C:\WINDOWS\system32\mswsock.dll
Protocol #34: C:\WINDOWS\system32\mswsock.dll
Protocol #35: C:\WINDOWS\system32\mswsock.dll
Protocol #36: C:\WINDOWS\system32\mswsock.dll
Protocol #37: C:\WINDOWS\system32\mswsock.dll
Protocol #38: C:\WINDOWS\system32\mswsock.dll
Protocol #39: C:\WINDOWS\system32\mswsock.dll
Protocol #40: C:\WINDOWS\system32\mswsock.dll
Protocol #41: C:\WINDOWS\system32\mswsock.dll
Protocol #42: C:\WINDOWS\system32\mswsock.dll
Protocol #43: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

IPv6-hjelpetjeneste: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
abp480n5: \SystemRoot\system32\DRIVERS\ABP480N5.SYS (disabled)
Microsoft ACPI-driver: system32\DRIVERS\ACPI.sys (system)
adpu160m: \SystemRoot\system32\DRIVERS\adpu160m.sys (disabled)
Fjerning av akustisk ekko for Microsoft Kernel: system32\drivers\aec.sys (manual start)
AEGIS Protocol (IEEE 802.1x) v3.1.0.1: system32\DRIVERS\AegisP.sys (autostart)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP-bussfilter: \SystemRoot\system32\DRIVERS\agp440.sys (disabled)
Compaq AGP-bussfilter: \SystemRoot\system32\DRIVERS\agpCPQ.sys (disabled)
Aha154x: \SystemRoot\system32\DRIVERS\aha154x.sys (disabled)
aic78u2: \SystemRoot\system32\DRIVERS\aic78u2.sys (disabled)
aic78xx: \SystemRoot\system32\DRIVERS\aic78xx.sys (disabled)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: \SystemRoot\system32\DRIVERS\aliide.sys (disabled)
ALI AGP-bussfilter: \SystemRoot\system32\DRIVERS\alim1541.sys (disabled)
Driver for AMD AGP-bussfilter: \SystemRoot\system32\DRIVERS\amdagp.sys (disabled)
amsint: \SystemRoot\system32\DRIVERS\amsint.sys (disabled)
Alps Touch Pad Filter Driver for Windows 2000/XP: system32\DRIVERS\Apfiltr.sys (manual start)
APPDRV: \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP-klientprotokoll: system32\DRIVERS\arp1394.sys (manual start)
asc: \SystemRoot\system32\DRIVERS\asc.sys (disabled)
asc3350p: \SystemRoot\system32\DRIVERS\asc3350p.sys (disabled)
asc3550: \SystemRoot\system32\DRIVERS\asc3550.sys (disabled)
Statustjeneste for ASP.NET: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS asynkron mediedriver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI harddiskkontroller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Lydstubbedriver: system32\DRIVERS\audstub.sys (manual start)
Broadcom 440x 10/100 Integrated Controller XP Driver: system32\DRIVERS\bcm4sbxp.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
cbidf: \SystemRoot\system32\DRIVERS\cbidf2k.sys (disabled)
Dekoder for teksting for hørselshemmede: system32\DRIVERS\CCDECODE.sys (manual start)
Symantec Event Manager: "C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Network Proxy: "C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe" (autostart)
Symantec Password Validation: "C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe" (manual start)
Symantec Settings Manager: "C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe" (autostart)
cd20xrnt: \SystemRoot\system32\DRIVERS\cd20xrnt.sys (disabled)
CD-ROM-driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Driver for batteri med Microsoft ACPI-kontrollmetode: system32\DRIVERS\CmBatt.sys (manual start)
CmdIde: \SystemRoot\system32\DRIVERS\cmdide.sys (disabled)
Microsoft Composite Battery-driver: system32\DRIVERS\compbatt.sys (system)
COM+-systemapplikasjon: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: \SystemRoot\system32\DRIVERS\cpqarray.sys (disabled)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
dac2w2k: \SystemRoot\system32\DRIVERS\dac2w2k.sys (disabled)
dac960nt: \SystemRoot\system32\DRIVERS\dac960nt.sys (disabled)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Diskdriver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start)
Deterministic Network Enhancer Miniport: system32\DRIVERS\dne2000.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
dpti2o: \SystemRoot\system32\DRIVERS\dpti2o.sys (disabled)
DRM-lyddekoder for Microsoft Kernel: system32\drivers\drmkaud.sys (manual start)
Driver for 3Com EtherLink XL 90XB/C-kort: system32\DRIVERS\el90xbc5.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+-hendelsessystem: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
EvtEng: C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe (autostart)
ewido security suite control: C:\Programfiler\ewido\security suite\ewidoctrl.exe (autostart)
ewido security suite driver: \??\C:\Programfiler\ewido\security suite\guard.sys (system)
ewido security suite guard: C:\Programfiler\ewido\security suite\ewidoguard.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Diskettkontrollerdriver: system32\DRIVERS\fdc.sys (manual start)
Diskettdriver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Driver for Volumbehandling: system32\DRIVERS\ftdisk.sys (system)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
Generisk pakkeklassifiserer: system32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID-klassedriver: system32\DRIVERS\hidusb.sys (manual start)
hpn: \SystemRoot\system32\DRIVERS\hpn.sys (disabled)
HSFHWICH: system32\DRIVERS\HSFHWICH.sys (manual start)
HSF_DP: system32\DRIVERS\HSF_DP.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: \SystemRoot\system32\DRIVERS\i2omp.sys (disabled)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
ialm: system32\DRIVERS\ialmnt5.sys (manual start)
InstallDriver Table Manager: "C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
Driver for CD-brenningsfilter: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
ini910u: \SystemRoot\system32\DRIVERS\ini910u.sys (disabled)
IntelIde: system32\DRIVERS\intelide.sys (system)
Intel-prosessordriver: system32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
Driver for IP-trafikkfilter: system32\DRIVERS\ipfltdrv.sys (manual start)
Driver for IP i IP-tunnel: system32\DRIVERS\ipinip.sys (manual start)
IP-nettverksadresseoversetter: system32\DRIVERS\ipnat.sys (manual start)
iPodService: C:\Programfiler\iPod\bin\iPodService.exe (manual start)
RIP Listener: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
IPSEC-driver: system32\DRIVERS\ipsec.sys (system)
IR-nummereringstjeneste: system32\DRIVERS\irenum.sys (manual start)
Driver for PnP ISA/EISA Bus: system32\DRIVERS\isapnp.sys (system)
ISSvc: "C:\Programfiler\Norton Internet Security\ISSVC.exe" (autostart)
Intel Wireless Connection Agent Miniport for Win XP: system32\DRIVERS\iwca.sys (manual start)
Driver for tastaturklasse: system32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave lydmikser: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
TCP/IP Print Server: %SystemRoot%\system32\tcpsvcs.exe (manual start)
mchInjDrv: \??\C:\DOCUME~1\Thomas\LOKALE~1\Temp\mc24.tmp (disabled)
mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Driver for musklasse: system32\DRIVERS\mouclass.sys (system)
HID-driver for mus: system32\DRIVERS\mouhid.sys (manual start)
mraid35x: \SystemRoot\system32\DRIVERS\mraid35x.sys (disabled)
Enhetsomadresserer for WebDav-klient: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Tjenesteproxy for Microsoft Streaming: system32\drivers\MSKSSRV.sys (manual start)
Klokkeproxy for Microsoft Streaming: system32\drivers\MSPCLOCK.sys (manual start)
Kvalitetsbehandlingsproxy for Microsoft Streaming: system32\drivers\MSPQM.sys (manual start)
BIOS-driver for Microsoft System Management: system32\DRIVERS\mssmbios.sys (manual start)
Tee/Sink-to-Sink-konverterer for Microsoft Streaming: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI-kodek: system32\DRIVERS\NABTSFEC.sys (manual start)
Norton AntiVirus Auto-Protect-tjeneste: "C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe" (autostart)
NAVENG: \??\C:\PROGRA~1\FELLES~1\SYMANT~1\VIRUSD~1\20051007.016\NAVENG.Sys (manual start)
NAVEX15: \??\C:\PROGRA~1\FELLES~1\SYMANT~1\VIRUSD~1\20051007.016\NavEx15.Sys (manual start)
Microsoft TV/video-tilkobling: system32\DRIVERS\NdisIP.sys (manual start)
NDIS TAPI-driver for ekstern pålogging: system32\DRIVERS\ndistapi.sys (manual start)
I/T-protokoll for NDIS-brukermodus: system32\DRIVERS\ndisuio.sys (manual start)
NDIS WAN-driver for ekstern pålogging: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS-grensesnitt: system32\DRIVERS\netbios.sys (system)
NetBios over TCP/IP: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394-nettverksdriver: system32\DRIVERS\nic1394.sys (manual start)
NICCONFIGSVC: C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (autostart)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
Driver for IPX-trafikkfilter: system32\DRIVERS\nwlnkflt.sys (manual start)
Driver for videresending av IPX-trafikk: system32\DRIVERS\nwlnkfwd.sys (manual start)
NWLink IPX/SPX/NetBIOS-kompatibel transportprotokoll: system32\DRIVERS\nwlnkipx.sys (autostart)
NWLink NetBIOS: system32\DRIVERS\nwlnknb.sys (autostart)
NWLink SPX/SPXII-protokoll: system32\DRIVERS\nwlnkspx.sys (autostart)
SAP Agent: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
OHCI-kompatibel IEEE 1394-vertskontroller: system32\DRIVERS\ohci1394.sys (system)
OMCI WDM Device Driver: system32\DRIVERS\omci.sys (system)
Gruppegodkjenning for nodenettverk: %SystemRoot%\system32\svchost.exe -k p2psvc (manual start)
Identitetsbehandling for nodenettverk: %SystemRoot%\system32\svchost.exe -k p2psvc (manual start)
Nodenettverk: %SystemRoot%\system32\svchost.exe -k p2psvc (manual start)
Driver for parallell port: system32\DRIVERS\parport.sys (manual start)
Driver for PCI-buss: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Pcmcia: system32\DRIVERS\pcmcia.sys (system)
perc2: \SystemRoot\system32\DRIVERS\perc2.sys (disabled)
perc2hib: \SystemRoot\system32\DRIVERS\perc2hib.sys (disabled)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Peer Name Resolution Protocol: %SystemRoot%\system32\svchost.exe -k p2psvc (manual start)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN-miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Prosessordriver: system32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS-pakkeplanlegger: system32\DRIVERS\psched.sys (manual start)
Direkte parallell koblingsdriver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
ql1080: \SystemRoot\system32\DRIVERS\ql1080.sys (disabled)
Ql10wnt: \SystemRoot\system32\DRIVERS\ql10wnt.sys (disabled)
ql12160: \SystemRoot\system32\DRIVERS\ql12160.sys (disabled)
ql1240: \SystemRoot\system32\DRIVERS\ql1240.sys (disabled)
ql1280: \SystemRoot\system32\DRIVERS\ql1280.sys (disabled)
SonicWall VPN Client Service: C:\Programfiler\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe (manual start)
Driver for automatisk ekstern påloggingstilkobling: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN-miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
PPPOE-driver for ekstern tilgang: system32\DRIVERS\raspppoe.sys (manual start)
Direkte parallell: system32\DRIVERS\raspti.sys (manual start)
SonicWALL IPsec Driver: \??\C:\WINDOWS\system32\Drivers\RCFOX.sys (system)
SonicWALL VPN Adapter: system32\DRIVERS\rcvpn.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Driver for enhetsomadresserer for Terminal Server: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Filterdriver for digital CD-lydavspilling: system32\DRIVERS\redbook.sys (system)
RegSrvc: C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe (autostart)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Spectrum24 Event Monitor: C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe (autostart)
WLAN Transport: system32\DRIVERS\s24trans.sys (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVRT: \??\C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVRT.SYS (system)
SAVRTPEL: \??\C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS (system)
SAVScan: "C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe" (manual start)
ScriptBlocking Service: C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
sdbus: system32\DRIVERS\sdbus.sys (manual start)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum-filterdriver: system32\DRIVERS\serenum.sys (manual start)
Seriellportdriver: system32\DRIVERS\serial.sys (system)
Windows Firewall / Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Simple TCP/IP Services: %SystemRoot%\system32\tcpsvcs.exe (autostart)
SIS AGP-bussfilter: \SystemRoot\system32\DRIVERS\sisagp.sys (disabled)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Symantec Network Drivers Service: "C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe" (autostart)
Sony Digital Imaging Video2: system32\DRIVERS\sonypvs1.sys (manual start)
Sparrow: \SystemRoot\system32\DRIVERS\sparrow.sys (disabled)
SPBBCDrv: \??\C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCDrv.sys (system)
Symantec SPBBCSvc: "C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe" (autostart)
Lydsplitter for Microsoft Kernel: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Filterdriver for systemgjenoppretting: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
SigmaTel C-Major Audio: system32\drivers\STAC97.sys (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (manual start)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Driver for programvarebuss: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{34DDD0A4-7D2C-4D9C-9E6E-D51BAA6AF810} (manual start)
symc810: \SystemRoot\system32\DRIVERS\symc810.sys (disabled)
symc8xx: \SystemRoot\system32\DRIVERS\symc8xx.sys (disabled)
SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start)
SymEvent: \??\C:\Programfiler\Symantec\SYMEVENT.SYS (manual start)
SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start)
SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start)
SYMIDSCO: \??\C:\PROGRA~1\FELLES~1\SYMANT~1\SymcData\idsdefs\20050920.038\symidsco.sys (manual start)
SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
SymWMI Service: "C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe" (autostart)
sym_hi: \SystemRoot\system32\DRIVERS\sym_hi.sys (disabled)
sym_u3: \SystemRoot\system32\DRIVERS\sym_u3.sys (disabled)
Microsoft Kernel System-lydenhet: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Driver for TCP/IP-protokoll: system32\DRIVERS\tcpip.sys (system)
Microsoft IPv6-protokolldriver: system32\DRIVERS\tcpip6.sys (system)
Driver for terminalenhet: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TosIde: \SystemRoot\system32\DRIVERS\toside.sys (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microsoft Tun Miniport-kortdriver: system32\DRIVERS\tunmp.sys (manual start)
ultra: \SystemRoot\system32\DRIVERS\ultra.sys (disabled)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Oppdateringsdriver for mikrokode: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB-lyddriver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB generell overordnet driver: system32\DRIVERS\usbccgp.sys (manual start)
Miniportdriver for Microsoft USB 2.0 forbedret vertskontroller: system32\DRIVERS\usbehci.sys (manual start)
USB2 aktivert hub: system32\DRIVERS\usbhub.sys (manual start)
USB-masselagringsenhet: system32\DRIVERS\USBSTOR.SYS (manual start)
Miniportdriver for Microsoft USB universell vertskontroller: system32\DRIVERS\usbuhci.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP-bussfilter: \SystemRoot\system32\DRIVERS\viaagp.sys (disabled)
ViaIde: \SystemRoot\system32\DRIVERS\viaide.sys (disabled)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Intel® PRO/Wireless 2200BG nettverkstilkoblingsdriver for Windows XP: system32\DRIVERS\w29n51.sys (manual start)
Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
IP ARP-driver for ekstern pålogging: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility-driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
winachsf: system32\DRIVERS\HSF_CNXT.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
WLANKEEPER: C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe (autostart)
Tjenesten Portable Media Serial Number: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
World Standard Teletext-kodek: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 44 237 bytes
Report generated in 0,187 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Regards Chris
  • 0

#7
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please Download the following tool to assist us in removing this infection!
  • Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!
  • Reboot into Safe Mode

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

  • Doubleclick WinPFind.exe
    • Click "Start Scan"
    • It will scan the entire System, so please be patient!
    • Once the Scan is Complete
    • Go to the WinPFind folder
    • Locate WinPFind.txt
    • Place those results in the next post!
  • Reboot back to Normal Mode!

Regards,

Trevuren

  • 0

#8
cdq

cdq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 10.05.2003 05:39:30 84480 C:\WINDOWS\mvfsoiwbhtp.exe

Checking %System% folder...
PEC2 04.08.2004 13:00:00 41119 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 10.08.2005 00:14:00 692736 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 10.08.2005 00:14:00 692736 C:\WINDOWS\SYSTEM32\DivX.dll
PTech 29.08.2005 13:27:12 520968 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 08.09.2005 21:36:36 1998688 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 08.09.2005 21:36:36 1998688 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04.08.2004 13:00:00 704000 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 04.08.2004 13:00:00 664064 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 04.08.2004 13:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10.10.2005 22:38:32 S 2048 C:\WINDOWS\bootstat.dat
02.10.2005 15:48:20 H 54156 C:\WINDOWS\QTFont.qfn
20.09.2005 20:58:18 HS 7680 C:\WINDOWS\Thumbs.db
14.09.2005 14:31:36 H 0 C:\WINDOWS\inf\oem13.inf
20.09.2005 11:10:46 H 0 C:\WINDOWS\inf\oem20.inf
10.09.2005 14:41:48 RHS 316348 C:\WINDOWS\pchealth\helpctr\PackageStore\package_10.cab
10.09.2005 14:42:08 RHS 266984 C:\WINDOWS\pchealth\helpctr\PackageStore\package_11.cab
10.09.2005 14:42:12 RHS 2991441 C:\WINDOWS\pchealth\helpctr\PackageStore\package_12.cab
10.09.2005 14:40:20 RHS 7166 C:\WINDOWS\pchealth\helpctr\PackageStore\package_6.cab
10.09.2005 14:40:36 RHS 7351 C:\WINDOWS\pchealth\helpctr\PackageStore\package_7.cab
10.09.2005 14:41:36 RHS 21343 C:\WINDOWS\pchealth\helpctr\PackageStore\package_8.cab
10.09.2005 14:41:42 RHS 593714 C:\WINDOWS\pchealth\helpctr\PackageStore\package_9.cab
10.10.2005 22:38:22 H 8192 C:\WINDOWS\system32\config\default.LOG
10.10.2005 22:38:54 H 1024 C:\WINDOWS\system32\config\SAM.LOG
10.10.2005 22:38:34 H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
10.10.2005 22:39:54 H 73728 C:\WINDOWS\system32\config\software.LOG
10.10.2005 22:38:42 H 1286144 C:\WINDOWS\system32\config\system.LOG
14.09.2005 19:16:16 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
10.09.2005 15:04:44 HS 62 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\desktop.ini
14.09.2005 09:51:32 HS 113 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Logg\desktop.ini
14.09.2005 09:51:32 HS 113 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\desktop.ini
10.09.2005 15:06:42 H 2697016 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Programdata\IconCache.db
10.09.2005 15:06:46 H 262144 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat
10.09.2005 15:06:46 H 1024 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG
14.09.2005 09:51:32 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\desktop.ini
14.09.2005 09:51:32 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\desktop.ini
14.09.2005 09:51:32 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\6R038J4H\desktop.ini
14.09.2005 09:51:32 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\AUD5917X\desktop.ini
14.09.2005 09:51:32 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\IVK7EVKN\desktop.ini
14.09.2005 09:51:32 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\VJOQBSXC\desktop.ini
15.09.2005 13:46:12 S 7617 C:\WINDOWS\system32\config\systemprofile\Programdata\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1
17.09.2005 23:20:44 S 688 C:\WINDOWS\system32\config\systemprofile\Programdata\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
15.09.2005 13:46:12 S 14317 C:\WINDOWS\system32\config\systemprofile\Programdata\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019
14.09.2005 14:31:54 S 1047 C:\WINDOWS\system32\config\systemprofile\Programdata\Microsoft\CryptnetUrlCache\Content\7C8A03C4580C6B04FDF34357F3474EDC
17.09.2005 23:20:44 S 18819 C:\WINDOWS\system32\config\systemprofile\Programdata\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30
14.09.2005 14:31:52 S 1370 C:\WINDOWS\system32\config\systemprofile\Programdata\Microsoft\CryptnetUrlCache\Content\B82262A5D5DA4DDACE9EDA7F787D0DEB
16.09.2005 17:30:06 S 558 C:\WINDOWS\system32\config\systemprofile\Programdata\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
16.09.2005 18:21:28 S 70191 C:\WINDOWS\system32\config\systemprofile\Programdata\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1
15.09.2005 13:46:12 S 120 C:\WINDOWS\system32\config\systemprofile\Programdata\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1
17.09.2005 23:20:44 S 94 C:\WINDOWS\system32\config\systemprofile\Programdata\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
15.09.2005 13:46:12 S 124 C:\WINDOWS\system32\config\systemprofile\Programdata\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019
14.09.2005 14:31:54 S 126 C:\WINDOWS\system32\config\systemprofile\Programdata\Microsoft\CryptnetUrlCache\MetaData\7C8A03C4580C6B04FDF34357F3474EDC
17.09.2005 23:20:44 S 124 C:\WINDOWS\system32\config\systemprofile\Programdata\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30
14.09.2005 14:31:52 S 194 C:\WINDOWS\system32\config\systemprofile\Programdata\Microsoft\CryptnetUrlCache\MetaData\B82262A5D5DA4DDACE9EDA7F787D0DEB
16.09.2005 17:30:06 S 144 C:\WINDOWS\system32\config\systemprofile\Programdata\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
16.09.2005 18:21:28 S 128 C:\WINDOWS\system32\config\systemprofile\Programdata\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1
10.09.2005 14:45:20 HS 24 C:\WINDOWS\system32\config\systemprofile\Programdata\Microsoft\Protect\CREDHIST
10.09.2005 14:45:20 HS 388 C:\WINDOWS\system32\config\systemprofile\Programdata\Microsoft\Protect\S-1-5-21-1005792223-1420201687-3057866287-1003\caa55fe9-4022-47a8-8865-190b51b26d19
10.09.2005 14:45:20 HS 24 C:\WINDOWS\system32\config\systemprofile\Programdata\Microsoft\Protect\S-1-5-21-1005792223-1420201687-3057866287-1003\Preferred
14.09.2005 09:51:30 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\5f1608aa-302f-4db9-904e-926b2af8940b
14.09.2005 09:51:30 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\92a319e3-26be-491c-a98d-6e6bde260004
14.09.2005 09:51:30 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\965c7ad4-2652-43fa-b07c-c8bf81555ff5
14.09.2005 09:51:30 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
10.10.2005 22:37:28 H 6 C:\WINDOWS\Tasks\SA.DAT
14.09.2005 10:05:40 HS 113 C:\WINDOWS\Temp\Logg\History.IE5\desktop.ini
14.09.2005 10:05:40 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
14.09.2005 10:05:40 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\5FHUIC38\desktop.ini
14.09.2005 10:05:40 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\F5TE9IL4\desktop.ini
14.09.2005 10:05:40 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\HL9SMIZU\desktop.ini
14.09.2005 10:05:40 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\MF0FY7JV\desktop.ini

Checking for CPL files...
Microsoft Corporation 04.08.2004 13:00:00 69120 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 04.08.2004 13:00:00 551424 C:\WINDOWS\SYSTEM32\appwiz.cpl
18.08.2004 13:28:00 24576 C:\WINDOWS\SYSTEM32\BACSCPL.cpl
Microsoft Corporation 04.08.2004 13:00:00 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 04.08.2004 13:00:00 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04.08.2004 13:00:00 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04.08.2004 13:00:00 155648 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 15.02.2005 16:02:58 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Ahead Software AG 26.05.2003 14:12:14 57344 C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation 04.08.2004 13:00:00 358912 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04.08.2004 13:00:00 130048 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04.08.2004 13:00:00 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04.08.2004 13:00:00 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 19.11.2003 18:48:12 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 04.08.2004 13:00:00 188416 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 04.08.2004 13:00:00 619008 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 04.08.2004 13:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04.08.2004 13:00:00 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Dell Inc. 10.11.2004 12:51:26 122880 C:\WINDOWS\SYSTEM32\NicConfigSvc.Cpl
Microsoft Corporation 04.08.2004 13:00:00 256512 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 04.08.2004 13:00:00 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 04.08.2004 13:00:00 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
SigmaTel Inc. 20.07.2004 16:14:06 102481 C:\WINDOWS\SYSTEM32\STAC97.cpl
Microsoft Corporation 04.08.2004 13:00:00 299008 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 04.08.2004 13:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04.08.2004 13:00:00 93696 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04.08.2004 13:00:00 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26.05.2005 04:16:34 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 04.08.2004 13:00:00 69120 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 26.05.2005 04:16:34 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
19.09.2005 21:05:36 880 C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Gamma Loader.exe.lnk
28.09.2004 19:23:40 HS 84 C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\desktop.ini
10.09.2005 14:47:50 489 C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Digital Line Detect.lnk
17.09.2005 00:14:24 1778 C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\SonicWALL Global VPN Client.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
28.09.2004 19:15:16 HS 62 C:\Documents and Settings\All Users\Programdata\desktop.ini
10.09.2005 14:48:10 H 4 C:\Documents and Settings\All Users\Programdata\QSLLPSVCShare
20.09.2005 23:36:12 1755 C:\Documents and Settings\All Users\Programdata\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
28.09.2004 19:23:40 HS 84 C:\Documents and Settings\Thomas\Start-meny\Programmer\Oppstart\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
28.09.2004 19:15:16 HS 62 C:\Documents and Settings\Thomas\Programdata\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Programfiler\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Startmeny-pinne = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Programfiler\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
CNisExtBho Class = C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Dagens tips = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} = Norton Internet Security : C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\programfiler\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Programfiler\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
Utforsker-bånd for filsøk = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-bånd = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\system32\browseui.dll
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = Norton Internet Security : C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Koblinger : %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\programfiler\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Apoint C:\Programfiler\Apoint\Apoint.exe
IgfxTray C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
SunJavaUpdateSched C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe

IntelWireless C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
DVDLauncher "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"
ccApp "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
ISUSPM Startup C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
DMXLauncher C:\Programfiler\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
NeroCheck C:\WINDOWS\system32\NeroCheck.exe
UpdateManager "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
iTunesHelper "C:\Programfiler\iTunes\iTunesHelper.exe"
QuickTime Task "C:\Programfiler\QuickTime\qttask.exe" -atboottime
NI.UWFX5 "C:\Documents and Settings\Thomas\Lokale innstillinger\Temporary Internet Files\Content.IE5\7HNT71C7\WinFixer2005ScannerInstall[1].exe"
THGuard "C:\Programfiler\TrojanHunter 4.2\THGuard.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe
SpybotSD TeaTimer C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\FELLES~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless
= C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10.10.2005 22:46:21


Regards Chris
  • 0

#9
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Backup the registry by going to Start>Run> and type "regedit" without the quotes. Then on the file menu choose ‘export’ in XP. Export the file to your Desktop.

If a restore of the registry is required in case of emergency, just click on the exported regfile on your desktop, and answer YES to the question whether you want to merge this file with the registry. Wait until you get a message saying something like Merge Successfull.

2. Launch Notepad, and copy/paste everything in the codebox below into the new document, including the word REGEDIT4. Go up to "File Save As" and click the drop-down box to change the "Save As Type" to "All Files" and save it to your desktop as fixme.reg.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NI.UWFX5"=-

3. Locate fixme.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer Yes and wait for a message to appear similar to Merged Successfully.

4. Reboot your computer.

3. Finally, run HijackThis, click SCAN, produce a LOG and POST it in this thread for review.

Regards,

Trevuren

  • 0

#10
cdq

cdq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi.

Here's the hijcakthis log after changing the registry settings

Logfile of HijackThis v1.99.1
Scan saved at 22:42:44, on 11.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Norton Internet Security\ISSVC.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\Programfiler\ewido\security suite\ewidoguard.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\Programfiler\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Programfiler\Apoint\Apoint.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe
C:\Programfiler\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
C:\Programfiler\Digital Line Detect\DLG.exe
C:\Programfiler\Apoint\Apntex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programfiler\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Programfiler\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SonicWALL Global VPN Client.lnk = C:\Programfiler\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
O8 - Extra context menu item: &Google Search - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127174054640
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programfiler\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Programfiler\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

I still have problems with my gui's for both spyboot s&d and my norton applications. I cannot resize them and the letters are big and malplaced. probably beacuse of my other problems I guess.

Regards chris
  • 0

Advertisements


#11
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Your log is now clean but I would like to make sure that your system is as well. I recommend the following:

I need you to download MWav to a convenient location.

This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe. This scan only produces a report, it doesn't clean your system. I will analyze the report and recommend a course of action depending on the results.

Put a check next to the below items before scanning:
  • Memory
  • Startup Folders
  • Drive - All Local Drives
  • Folder - then click "browse" to change the directory to C: (default is C:\Windows)
  • Registry
  • System Folders
  • Services
  • Include Sub-Directory
  • Scan All Files
Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items", please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.

Regards,

Trevuren

  • 0

#12
cdq

cdq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi

Here is the log after running MNWav


unweb Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bigtrafficnet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bigtrafficnet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bigtrafficnet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bigtrafficnet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bigtrafficnet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bigtrafficnet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "euniverse/keenvalue variant Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cydoor.topicks.a Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programfiler\Fellesfiler\Adobe\Fonts\Reqrd\Base\AdobeFnt.lst". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\system32\cmmgr32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\DMX" refers to invalid object "C:\Programfiler\Dell\Media Experience\DMX". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ichckupd" refers to invalid object "C:\WINDOWS\system32\ichckupd.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ItalM" refers to invalid object "C:\WINDOWS\system32\italnrwd.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\MOH.exe" refers to invalid object "C:\Programfiler\NetWaiting\MOH.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\moviemk.exe" refers to invalid object "C:\Programfiler\Movie Maker\moviemk.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Mozilla.exe" refers to invalid object "C:\Programfiler\mozilla.org\Mozilla\Mozilla.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\QuickTimeInstaller.exe" refers to invalid object "C:\Programfiler\Kodak\QuickTimeInstaller\QuickTimeInstaller.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\WMPBurn.exe" refers to invalid object "\WMPBurn\WMPBurn.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\yourapp.Exe" refers to invalid object "C:\DOCUME~1\Eier\LOKALE~1\Temp\yourapp.Exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Eier\Programdata\Jasc Software Inc\Paint Shop Pro Studio\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Eier\Programdata\Jasc Software Inc\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".1". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cue". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fr1E97". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".JP_". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".MTX". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pop". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rar". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ref". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".scn". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfv". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MyWebSearch bar Uninstall". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "QuickTime". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}" refers to invalid object "C:\Programfiler\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}" refers to invalid object "C:\Programfiler\mozilla.org\Mozilla\AccessibleMarshal.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}" refers to invalid object "C:\Programfiler\MyWebSearch\bar\2.bin\F3DTACTL.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}" refers to invalid object "C:\Programfiler\MyWebSearch\bar\2.bin\M3HTML.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{472FDD38-C8CE-4417-9138-C437B0445EBC}" refers to invalid object "C:\Programfiler\Movie Maker\moviemk.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}" refers to invalid object "C:\Programfiler\MyWebSearch\bar\2.bin\MWSBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5B2D374F-B988-481F-BF09-3626AA4B7F8F}" refers to invalid object "C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\EzVCD.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6EDCD38E-8861-11D5-A3DD-00B0D0F3BAA7}" refers to invalid object "C:\Programfiler\mozilla.org\Mozilla\MapiProxy.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}" refers to invalid object "C:\Programfiler\MyWebSearch\bar\2.bin\M3SKIN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}" refers to invalid object "C:\Programfiler\MyWebSearch\bar\2.bin\M3SKIN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7D24FC1F-750E-4f0c-B0B2-F029D6F3D22B}" refers to invalid object "C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\EzVCD.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9824EE63-01DC-11D0-9BEA-00A0246FD2EF}" refers to invalid object "C:\PROGRA~1\JASCSO~1\PAINTS~1\pspa.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AD6BF5C0-7B88-11D5-A5DE-444553540000}" refers to invalid object "C:\Programfiler\Sony Corporation\Picture Package\Picture Package Applications\BMPCapture.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B20B4521-CCF8-11D6-B8A5-000064657374}" refers to invalid object "C:\Programfiler\mozilla.org\Mozilla\mozilla.exe -PalmSyncStartup". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C8CE6FC1-CCF1-11D6-B8A5-000064657374}" refers to invalid object "C:\Programfiler\mozilla.org\Mozilla\PalmSyncProxy.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}" refers to invalid object "C:\Programfiler\MyWebSearch\bar\2.bin\F3HTTPCT.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FE5FB940-2608-4471-80BC-DA77F8B5C5F8}" refers to invalid object "C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\PxReSize.ax". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}" refers to invalid object "C:\Programfiler\MyWebSearch\bar\2.bin\F3HTTPCT.DLL". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}" refers to invalid object "C:\Programfiler\MyWebSearch\bar\2.bin\M3HTML.DLL". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{65D99893-A650-4292-83D0-3AFF6F39E0B5}" refers to invalid object "C:\WINDOWS\system32\italnrwd.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{87099223-C7AF-11D0-B225-00C04FB6C2F5}" refers to invalid object "C:\WINDOWS\system32\fxscom.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{91D84D20-B64E-4552-8089-4697107B280A}" refers to invalid object "C:\Programfiler\Movie Maker\moviemk.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{AA478753-468A-41AB-9D97-263B6580FE8C}" refers to invalid object "C:\Programfiler\Fellesfiler\muvee Technologies\030625\mvflash.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}" refers to invalid object "C:\Programfiler\MyWebSearch\bar\2.bin\F3DTACTL.DLL". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E0B17016-093B-4DFC-A1EB-09DB6C840D59}" refers to invalid object "C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\EzVCD.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{F57B25DE-1945-4BE1-8B3D-A1065F8B31A9}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken.
Entry "HKCR\chrome\shell\open\command" refers to invalid object "C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE -chrome "%1"". Action Taken: No Action Taken.
Entry "HKCR\Collection\shell\open\command" refers to invalid object "C:\PROGRA~1\JASCSO~1\PAINTS~1\pspa.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\system32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\Forside\shell\open\command" refers to invalid object "%systemroot%\system32\fxscover.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\ftp\shell\open\command" refers to invalid object "C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE -url "%1"". Action Taken: No Action Taken.
Entry "HKCR\gopher\shell\open\command" refers to invalid object "C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE -url "%1"". Action Taken: No Action Taken.
Entry "HKCR\JascPaintShopPhotoAlbumAudio\shell\open\command" refers to invalid object "C:\PROGRA~1\JASCSO~1\PAINTS~1\pspa.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\JascPaintShopPhotoAlbumFolder\shell\open\command" refers to invalid object "C:\PROGRA~1\JASCSO~1\PAINTS~1\pspa.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\JascPaintShopPhotoAlbumImage\shell\open\command" refers to invalid object "C:\PROGRA~1\JASCSO~1\PAINTS~1\pspa.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\JascPaintShopPhotoAlbumProject\shell\open\command" refers to invalid object "C:\PROGRA~1\JASCSO~1\PAINTS~1\pspa.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\JascPaintShopPhotoAlbumUploadAlbum\shell\open\command" refers to invalid object "C:\PROGRA~1\JASCSO~1\PAINTS~1\pspa.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\Keyword\shell\open\command" refers to invalid object "C:\PROGRA~1\JASCSO~1\PAINTS~1\pspa.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\MozillaGIF\shell\open\command" refers to invalid object "C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE -url "%1"". Action Taken: No Action Taken.
Entry "HKCR\MozillaHTML\shell\open\command" refers to invalid object "C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE -url "%1"". Action Taken: No Action Taken.
Entry "HKCR\MozillaJPEG\shell\open\command" refers to invalid object "C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE -url "%1"". Action Taken: No Action Taken.
Entry "HKCR\MozillaMNG\shell\open\command" refers to invalid object "C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE -url "%1"". Action Taken: No Action Taken.
Entry "HKCR\MozillaPNG\shell\open\command" refers to invalid object "C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE -url "%1"". Action Taken: No Action Taken.
Entry "HKCR\MozillaXBM\shell\open\command" refers to invalid object "C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE -url "%1"". Action Taken: No Action Taken.
Entry "HKCR\MozillaXHTML\shell\open\command" refers to invalid object "C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE -url "%1"". Action Taken: No Action Taken.
Entry "HKCR\MozillaXML\shell\open\command" refers to invalid object "C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE -url "%1"". Action Taken: No Action Taken.
Entry "HKCR\MozillaXUL\shell\open\command" refers to invalid object "C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE -chrome "%1"". Action Taken: No Action Taken.
Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken.
Entry "HKCR\Panorama\shell\open\command" refers to invalid object "C:\PROGRA~1\JASCSO~1\PAINTS~1\pspa.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKCR\Var8.TalMgr" refers to invalid object "{70230839-555C-4862-8D42-BB1E2352502C}". Action Taken: No Action Taken.
Entry "HKCR\Var8.TalMgr.1" refers to invalid object "{70230839-555C-4862-8D42-BB1E2352502C}". Action Taken: No Action Taken.
Entry "HKCR\Windows.Movie.Maker\shell\open\command" refers to invalid object ""C:\Programfiler\Movie Maker\moviemk.exe" %1". Action Taken: No Action Taken.
File C:\WINDOWS\pf78.exe tagged as "not-a-virus:AdWare.Win32.CASClient.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\bho.dll tagged as "not-a-virus:AdWare.Win32.HideOne.b". Action Taken: No Action Taken.
File C:\DOCUME~1\Thomas\LOKALE~1\Temp\216.tmp\thnall1a.exe tagged as "not-a-virus:AdWare.Win32.BetterInternet.ac". Action Taken: No Action Taken.
File C:\Documents and Settings\Annette\Lokale innstillinger\Temp\183.tmp\thnall1z.exe tagged as "not-a-virus:AdWare.Win32.BetterInternet.ac". Action Taken: No Action Taken.
File C:\Documents and Settings\Thomas\Lokale innstillinger\Temp\216.tmp\thnall1a.exe tagged as "not-a-virus:AdWare.Win32.BetterInternet.ac". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP36\A0006982.dll tagged as "not-a-virus:AdWare.Win32.HideOne.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP36\A0006990.dll tagged as "not-a-virus:AdWare.Win32.CASClient.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP36\A0006999.dll tagged as "not-a-virus:AdWare.Win32.SafeSurfing.r". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP36\snapshot\MFEX-1.DAT tagged as "not-a-virus:AdWare.Win32.HideOne.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP36\snapshot\MFEX-2.DAT tagged as "not-a-virus:AdWare.Win32.HideOne.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP40\A0009997.dll tagged as "not-a-virus:AdWare.Win32.HideOne.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP40\snapshot\MFEX-1.DAT tagged as "not-a-virus:AdWare.Win32.HideOne.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP43\A0010036.exe infected by "Backdoor.Win32.HacDef.bo" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010039.scr tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010042.DLL tagged as "not-a-virus:AdWare.Win32.FunWeb.d". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010043.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.z". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010044.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010045.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010048.SCR tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010049.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.v". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010050.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010051.EXE tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010052.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.l". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010053.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010054.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.f". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010055.DLL tagged as "not-a-virus:AdWare.IWon.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010056.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010057.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.l". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010058.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.ad". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010060.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.p". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010061.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010062.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.i". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010063.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.l". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010065.exe tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0011007.DLL tagged as "not-a-virus:AdWare.Win32.FunWeb.e". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011083.EXE tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011084.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011085.DLL tagged as "not-a-virus:AdWare.Win32.FunWeb.d". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011086.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.z". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011087.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011088.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011091.SCR tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011092.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.v". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011093.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011094.EXE tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011095.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.l". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011096.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011097.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.f". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011098.DLL tagged as "not-a-virus:AdWare.IWon.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011099.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011100.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.l". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011101.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.ad". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011103.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011104.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.i". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011112.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.p". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011113.EXE tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011114.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011115.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.l". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011132.exe tagged as "not-a-virus:AdWare.Win32.CASClient.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011134.exe infected by "Trojan-Downloader.Win32.VB.hw" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011135.scr tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011136.exe infected by "Backdoor.Win32.HacDef.bw" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0012158.exe tagged as "not-a-virus:AdWare.Win32.SafeSurfing.v". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0012159.dll tagged as "not-a-virus:AdWare.Win32.SafeSurfing.r". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0012160.dll tagged as "not-a-virus:AdWare.Win32.HotSearchBar.i". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0012162.dll tagged as "not-a-virus:AdWare.Win32.CASClient.a". Action Taken: No Action Taken.
File C:\WINDOWS\pf78.exe tagged as "not-a-virus:AdWare.Win32.CASClient.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\bho.dll tagged as "not-a-virus:AdWare.Win32.HideOne.b". Action Taken: No Action Taken.
File C:\Documents and Settings\Annette\Lokale innstillinger\Temp\183.tmp\thnall1z.exe tagged as "not-a-virus:AdWare.Win32.BetterInternet.ac". Action Taken: No Action Taken.
File C:\Documents and Settings\Thomas\Lokale innstillinger\Temp\216.tmp\thnall1a.exe tagged as "not-a-virus:AdWare.Win32.BetterInternet.ac". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP36\A0006982.dll tagged as "not-a-virus:AdWare.Win32.HideOne.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP36\A0006990.dll tagged as "not-a-virus:AdWare.Win32.CASClient.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP36\A0006999.dll tagged as "not-a-virus:AdWare.Win32.SafeSurfing.r". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP36\snapshot\MFEX-1.DAT tagged as "not-a-virus:AdWare.Win32.HideOne.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP36\snapshot\MFEX-2.DAT tagged as "not-a-virus:AdWare.Win32.HideOne.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP40\A0009997.dll tagged as "not-a-virus:AdWare.Win32.HideOne.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP40\snapshot\MFEX-1.DAT tagged as "not-a-virus:AdWare.Win32.HideOne.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP43\A0010036.exe infected by "Backdoor.Win32.HacDef.bo" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010039.scr tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010042.DLL tagged as "not-a-virus:AdWare.Win32.FunWeb.d". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010043.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.z". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010044.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010045.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010048.SCR tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010049.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.v". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010050.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010051.EXE tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010052.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.l". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010053.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010054.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.f". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010055.DLL tagged as "not-a-virus:AdWare.IWon.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010056.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010057.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.l". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010058.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.ad". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010060.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.p". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010061.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010062.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.i". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010063.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.l". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0010065.exe tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP44\A0011007.DLL tagged as "not-a-virus:AdWare.Win32.FunWeb.e". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011083.EXE tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011084.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011085.DLL tagged as "not-a-virus:AdWare.Win32.FunWeb.d". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011086.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.z". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011087.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011088.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011091.SCR tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011092.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.v". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011093.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011094.EXE tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011095.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.l". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011096.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011097.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.f". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011098.DLL tagged as "not-a-virus:AdWare.IWon.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011099.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011100.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.l". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011101.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.ad". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011103.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011104.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.i". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011112.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.p". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011113.EXE tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011114.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011115.DLL tagged as "not-a-virus:AdWare.Win32.MyWebSearch.l". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011132.exe tagged as "not-a-virus:AdWare.Win32.CASClient.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011134.exe infected by "Trojan-Downloader.Win32.VB.hw" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011135.scr tagged as "not-a-virus:AdWare.Win32.MyWebSearch". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0011136.exe infected by "Backdoor.Win32.HacDef.bw" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0012158.exe tagged as "not-a-virus:AdWare.Win32.SafeSurfing.v". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0012159.dll tagged as "not-a-virus:AdWare.Win32.SafeSurfing.r". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0012160.dll tagged as "not-a-virus:AdWare.Win32.HotSearchBar.i". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP45\A0012162.dll tagged as "not-a-virus:AdWare.Win32.CASClient.a". Action Taken: No Action Taken.
File C:\WINDOWS\pf78.exe tagged as "not-a-virus:AdWare.Win32.CASClient.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\bho.dll tagged as "not-a-virus:AdWare.Win32.HideOne.b". Action Taken: No Action Taken.

Regards Chris
  • 0

#13
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Download, install, update, configure, and run Ad-Aware SE Personal 1.06.
  • Download Ad-Aware SE Personal 1.06:
  • Install Ad-Aware SE Personal 1.06:
    • Double-click on aawsepersonal.exe to install the program.
    • Follow the default settings for installation.
    • After the program has finished installing uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
  • Update Ad-Aware SE Personal 1.06:
    • Double-click the Ad-Aware SE Personal icon on your desktop.
    • Click "Check for updates now" then click "Connect".
    • It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
  • Configure Ad-Aware SE Personal 1.06:
    • Click on the Gear button at the top of the window.
    • Click "General" on the left hand side to display the General Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Automatically save logfile"
        • "Automatically quarantine objects prior to removal"
        • "Safe Mode (always request confirmation)"
        • "Prompt to update outdated definitions" - change to 7 days from the default 14.
    • Click "Scanning" on the left hand side to display the Scan Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
      • "Scan within archives"
      • "Select drives & folders to scan" - select your hard drive(s).
      • "Scan active processes"
      • "Scan registry"
      • "Deep-scan registry"
      • "Scan my IE favorites for banned URLs"
      • "Scan my Hosts file"
    • Click "Advanced" on the left hand side to display the Advanced Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
      • "Move deleted files to Recycle Bin"
      • "Include additional object information"
      • "Include negligible objects information"
      • "Include environment information"
    • Click "Defaults" on the left hand side to display the Default Settings box.
      • Make sure these items have your preferred settings in them.:
      • "Default homepage"
      • "Default searchpage"
    • Click "Tweak" on the left hand side to display the Tweak Settings box.
      • Click the + (plus) sign next to the Log Files section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Include basic Ad-Aware settings in log file"
        • "Include additional Ad-Aware settings in log file"
        • "Include reference summary in log file"
        • "Include alternate data stream details in log file"
      • Click the + (plus) sign next to the Scanning Engine section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Unload recognized processes & modules during scan"
        • "Scan registry for all users instead of current user only"
        • "Obtain command line of scanned processes"
      • Click the + (plus) sign next to the Cleaning Engine section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Always try to unload modules before deletion"
        • "During removal, unload Explorer and IE if necessary"
        • "Let Windows remove files in use at next reboot"
        • "Delete quarantined objects after restoring"
    • Once you are done with these settings, click "Proceed" to save them.
    • This will take you back to the main screen.
  • Run Ad-Aware SE Personal 1.06:
    • Click the "Start" button.
    • Uncheck the "Search for negligible risk entries" entry.
    • Choose the "Use custom scanning options" scan mode.
    • Click the "Next" button.
    • Ad-Aware will begin to scan for malware residing on your computer.
    • Allow the scan to finish.
    • Right-click on any entry in the list and click "Select All" to select the whole list.
    • Click "Next" and choose "OK" at the prompt to quarantine and remove the objects.
2. Please follow the instructions provided, you may want to print out these instructions and use them as a reference.
  • Please download ewido security suite it is a trial version of the program.
    • Install ewido security suite
    • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    • Launch ewido, there should be an icon on your desktop double-click it.
    • The program will prompt you to update click the OK button
    • The program will now go to the main screen
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update
    • Click on Start
    • The update will start and a progress bar will show the updates being installed.
  • Once the updates are installed do the following:
    • REBOOT into Safe Mode
    • Run EWIDO
    • Click on scanner
    • Click on Start Scan
    • Let the program scan the machine
    • While the scan is in progress you will be prompted to clean files, click OK
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    • Click Save report
    • Save the report to your desktop
  • Reboot your machine and post back a new HJT log and the ewido .txt log file you saved by using Add Reply
Regards,

Trevuren

  • 0

#14
cdq

cdq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Logfile of HijackThis v1.99.1
Scan saved at 22:26:21, on 12.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Norton Internet Security\ISSVC.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Apoint\Apoint.exe
C:\Programfiler\Apoint\Apntex.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe
C:\Programfiler\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Digital Line Detect\DLG.exe
C:\Programfiler\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Opera\Opera.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\Hijackthis\HijackThis.exe
C:\Programfiler\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Sonic\Sonic Solutions Product CD\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Programfiler\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SonicWALL Global VPN Client.lnk = C:\Programfiler\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
O8 - Extra context menu item: &Google Search - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127174054640
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Programfiler\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe



---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 22:18:30, 12.10.2005
+ Report-Checksum: 7B4B96A6

+ Scan result:

C:\Documents and Settings\Thomas\Lokale innstillinger\Temp\s16o.3.exe -> TrojanDropper.Agent.xw : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Thomas\Programdata\Mozilla\Firefox\Profiles\8a1epypp.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Thomas\Programdata\Mozilla\Firefox\Profiles\8a1epypp.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Thomas\Programdata\Mozilla\Firefox\Profiles\8a1epypp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Thomas\Programdata\Mozilla\Firefox\Profiles\8a1epypp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Thomas\Programdata\Mozilla\Firefox\Profiles\8a1epypp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Thomas\Programdata\Mozilla\Firefox\Profiles\8a1epypp.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Thomas\Programdata\Mozilla\Firefox\Profiles\8a1epypp.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Thomas\Programdata\Mozilla\Firefox\Profiles\8a1epypp.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Thomas\Programdata\Mozilla\Firefox\Profiles\8a1epypp.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup


::Report End
  • 0

#15
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Your log looks good. If you have no more malware-related problems that you are aware of, just give me the OK and we can start the final but essential cleanup procedures.

Trevuren
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP