 Expert advice needed, TROY_FAKEVIR.D |
Welcome to your place for tech questions! ( Log In or Join today ) Get answers from experts today. (it's 100% free) Virus removal forum
  |
 Apr 11 2006, 06:51 AM
Post
#1
|
|
|
Authentic Member  Group: Authentic Member Posts: 46 Joined: 27-July 05 Member No.: 37,177 Operating System: WinXP SR2  |
You have helped me before - and I have been very careful ever sins. A few days ago I downloaded some codec to mediaplayer,- but it seems like it was infested with SpywareQuake and some others. I have followed the Selfhelp description, - but in safe mode it didn't find anything - on that profile. With Safemode with network, I could log on with my normal (- and infected) username (on a domain-offline). Tryed to follow the selfhelp description here, - and it looked like it removed some. Could you be so kind to give me some advice...? Running the Panda online gave me the below log..: Incident Status Location Virus:W32/Sobig.B Disinfected DKMD-1\Sent Items\I get virus in Microsofts name...\Approved (Ref: 38446-263)\movie28.pif Adware:adware/emediacodec Not disinfected C:\Documents and Settings\All Users\Skrivebord\Online Security Guide.url Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\sd\Skrivebord\smitRem\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\sd\Skrivebord\smitRem.exe[Process.exe] Adware:Adware/Findspy Not disinfected C:\Documents and Settings\stidos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-434528de-16f0a3db.class Adware:adware/securityerror Not disinfected C:\Documents and Settings\stidos\Foretrukne\Antivirus Test Online.url Potentially unwanted tool:Application/SpywareQuake Not disinfected C:\Documents and Settings\stidos\Lokale indstillinger\Temp\~nsu.tmp\Au_.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\stidos\Skrivebord\smitRem\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\stidos\Skrivebord\smitRem.exe[Process.exe] ------------------ After uninstalling SpyBot - Reboot - reinstall of SpyBot - download of updates - I run a full check with SpyBot - and it found SpywareQuake in 17 reg. entities. Let it remove it all... And here is a new log fron Hijack Logfile of HijackThis v1.99.1 Scan saved at 15:22:39, on 11-04-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmer\Intel\Wireless\Bin\EvtEng.exe C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Apache2\bin\Apache.exe C:\WINDOWS\system32\basfipm.exe C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe C:\Programmer\Microsoft Firewall Client 2004\FwcAgent.exe C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Programmer\Trend Micro\OfficeScan Client\ntrtscan.exe C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programmer\Trend Micro\OfficeScan Client\tmlisten.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\Programmer\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\Programme\Apache2\bin\Apache.exe C:\WINDOWS\TEMP\QHCE6E.EXE C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe C:\Programmer\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Programmer\Apoint\Apoint.exe C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe C:\Programmer\Dell\QuickSet\quickset.exe C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programmer\Trend Micro\OfficeScan Client\pccntmon.exe C:\Programmer\Apoint\Apntex.exe C:\Programmer\Microsoft AntiSpyware\gcasServ.exe C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe C:\PROGRA~1\FÆLLES~1\PCSuite\Services\SERVIC~1.EXE C:\Programmer\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmer\iPod\bin\iPodService.exe C:\Programmer\Messenger\msmsgs.exe C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Programmer\Digital Line Detect\DLG.exe C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\PROGRA~1\FÆLLES~1\Nokia\MPAPI\MPAPI3s.exe C:\Programmer\Logitech\SetPoint\SetPoint.exe C:\Programmer\Microsoft Firewall Client 2004\FwcMgmt.exe C:\Programme\Apache2\bin\ApacheMonitor.exe C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE C:\Programmer\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Programmer\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe C:\Install\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.dk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.computerworld.dk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://My.Gunnebo.NET R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Gunnebo.NET R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://segboprx01.gunnebo.net:8080;https=http://segboprx01.gunnebo.net:8080;ftp=http://segboprx01.gunnebo.net:8080;gopher=http://segboprx01.gunnebo.net:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.gunnebo.net;superoffice.troax.se;128.5.4.62;128.5.7.6;128.5.84.160;212.180.99.201;212.180.99.205;194.3.73.*;<local> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Nothing - {7a932ed2-1737-4ab8-b84d-c71779958551} - C:\WINDOWS\system32\hp4A9B.tmp (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmer\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [HPWJTOOLBOX] C:\Programmer\Hewlett-Packard\hp business inkjet 2300 series\Toolbox\HPWJTBX.exe "-i" O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [DataLayer] C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Firewall Client Management.lnk = ? O4 - Global Startup: Monitor Apache Servers.lnk = C:\Programme\Apache2\bin\ApacheMonitor.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google-søgning - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Oversæt engelsk ord - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Lignende sider - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Tilbage via links - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Øjebliksbillede af side i cache - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll O14 - IERESET.INF: START_PAGE_URL=http://My.Gunnebo.NET O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/au...InkCSP-1204.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122499746406 O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1....g/GoogleNav.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Sa...G/e-Safekey.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gunnebo.net O17 - HKLM\Software\..\Telephony: DomainName = gunnebo.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gunnebo.net O20 - Winlogon Notify: IntelWireless - C:\Programmer\Intel\Wireless\Bin\LgNotify.dll O23 - Service: Apache2 - Unknown owner - C:\Programme\Apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Programmer\Borland\InterBase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Programmer\Borland\InterBase\bin\ibserver.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe By the way - the folder c:\Windows\Prefetch with nummerous files is still on my pc... Should that have been deleted? Kind regards Stig This post has been edited by StigD: Apr 11 2006, 07:49 AM |
 |
 
|
|
May 9 2006, 07:03 AM
Post
#2
|
|
|
Authentic Member Group: Authentic Member Posts: 46 Joined: 27-July 05 Member No.: 37,177 Operating System: WinXP SR2 |
Hi there.
Would someone be so kind to check over this HJT log, as TROY_FAKEVIR.D seems to keep entering my system. Trend Micro tells me that it has removed it - but how does it come back or stay hidden? Regards, Stig -------------------------HJT-------------------------- Logfile of HijackThis v1.99.1 Scan saved at 14:19:26, on 09-05-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmer\Intel\Wireless\Bin\EvtEng.exe C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Apache2\bin\Apache.exe C:\WINDOWS\system32\basfipm.exe C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe C:\Programmer\Microsoft Firewall Client 2004\FwcAgent.exe C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Programmer\Trend Micro\OfficeScan Client\ntrtscan.exe C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programmer\Trend Micro\OfficeScan Client\tmlisten.exe C:\Programmer\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\Programme\Apache2\bin\Apache.exe C:\WINDOWS\TEMP\ZE1F4D.EXE C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe C:\Programmer\Intel\Wireless\Bin\ZcfgSvc.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programmer\Apoint\Apoint.exe C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe C:\Programmer\Dell\QuickSet\quickset.exe C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe C:\Programmer\Apoint\Apntex.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programmer\Trend Micro\OfficeScan Client\pccntmon.exe C:\Programmer\Hewlett-Packard\hp business inkjet 2300 series\Toolbox\HPWJTBX.exe C:\Programmer\Microsoft AntiSpyware\gcasServ.exe C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programmer\QuickTime\qttask.exe C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe C:\PROGRA~1\FÆLLES~1\PCSuite\Services\SERVIC~1.EXE C:\Programmer\Messenger\msmsgs.exe C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe C:\PROGRA~1\FÆLLES~1\Nokia\MPAPI\MPAPI3s.exe C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe C:\Programmer\Digital Line Detect\DLG.exe C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Programmer\Logitech\SetPoint\SetPoint.exe C:\Programmer\Microsoft Firewall Client 2004\FwcMgmt.exe C:\Programme\Apache2\bin\ApacheMonitor.exe C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Programmer\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Programmer\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE C:\Install\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.dk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.computerworld.dk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://My.Gunnebo.NET R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Gunnebo.NET R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://segboprx01.gunnebo.net:8080;https=http://segboprx01.gunnebo.net:8080;ftp=http://segboprx01.gunnebo.net:8080;gopher=http://segboprx01.gunnebo.net:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.gunnebo.net;superoffice.troax.se;128.5.4.62;128.5.7.6;128.5.84.160;212.180.99.201;212.180.99.205;194.3.73.*;<local> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Nothing - {7a932ed2-1737-4ab8-b84d-c71779958551} - C:\WINDOWS\system32\hp4A9B.tmp (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmer\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [HPWJTOOLBOX] C:\Programmer\Hewlett-Packard\hp business inkjet 2300 series\Toolbox\HPWJTBX.exe "-i" O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [DataLayer] C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Firewall Client Management.lnk = ? O4 - Global Startup: Monitor Apache Servers.lnk = C:\Programme\Apache2\bin\ApacheMonitor.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google-søgning - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Oversæt engelsk ord - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Lignende sider - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Tilbage via links - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Øjebliksbillede af side i cache - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Programmer\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Programmer\Titan Poker\casino.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Programmer\Noble Poker\casino.exe O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Programmer\Noble Poker\casino.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Programmer\Poker.com\poker.exe (HKCU) O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll O14 - IERESET.INF: START_PAGE_URL=http://My.Gunnebo.NET O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/au...InkCSP-1204.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122499746406 O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1....g/GoogleNav.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Sa...G/e-Safekey.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gunnebo.net O17 - HKLM\Software\..\Telephony: DomainName = gunnebo.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gunnebo.net O20 - Winlogon Notify: IntelWireless - C:\Programmer\Intel\Wireless\Bin\LgNotify.dll O23 - Service: Apache2 - Unknown owner - C:\Programme\Apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Programmer\Borland\InterBase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Programmer\Borland\InterBase\bin\ibserver.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe |
|
|
|
|
May 10 2006, 08:10 PM
Post
#3
|
|
 Forum God  Group: Classroom Teacher Posts: 18,672 Joined: 3-December 04 From: Stamford, Connecticut Member No.: 19,436 Operating System: Win 7 Ultimate Win Xp Home SP3 
|
StigD,
Welcome back to the forum, please do not start a new thread, just stay in this thread only. * Download Roguescanfix from here:
Doubleclick roguescanfix.exe Click the 'install' button. This will create a new folder on your desktop called Roguescanfix. Open that folder and doubleclick: Run.bat Note: This tool needs internet connection because it downloads an additional file to let the tool work properly. If your firewall gives an alert, allow it instead of blocking it. In case you still get the message BFU.exe is not present, download BFU.zip from here. Unzip it and place BFU.exe in the Roguescanfix-folder. Then doubleclick Run.bat again. The tool will uninstall some programs and delete related files and registrykeys. When some files won't get deleted, it will ask you to reboot your system to delete the files after reboot. Please make sure the uninstall of the programs are finished before you click Yes to reboot. Download and Install CCleaner * Click on Run Cleaner Tutorial for CCleaner Post back with a new HJT log. |
|
|
|
|
May 11 2006, 02:03 AM
Post
#4
|
|
|
Authentic Member Group: Authentic Member Posts: 46 Joined: 27-July 05 Member No.: 37,177 Operating System: WinXP SR2 |
Hi Ken... Your help is highly appriciated.
After run Roguescanfix and CCleaner - reboot - here is the new HJT: -------------------- Logfile of HijackThis v1.99.1 Scan saved at 09:49:51, on 11-05-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmer\Intel\Wireless\Bin\EvtEng.exe C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Apache2\bin\Apache.exe C:\WINDOWS\system32\basfipm.exe C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe C:\Programmer\Microsoft Firewall Client 2004\FwcAgent.exe C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Programmer\Trend Micro\OfficeScan Client\ntrtscan.exe C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programmer\Trend Micro\OfficeScan Client\tmlisten.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\Programmer\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\Programme\Apache2\bin\Apache.exe C:\WINDOWS\system32\msiexec.exe C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe C:\WINDOWS\TEMP\KL8A95.EXE C:\Programmer\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\sessmgr.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programmer\Apoint\Apoint.exe C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe C:\Programmer\Dell\QuickSet\quickset.exe C:\Programmer\Apoint\Apntex.exe C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programmer\Trend Micro\OfficeScan Client\pccntmon.exe C:\Programmer\Hewlett-Packard\hp business inkjet 2300 series\Toolbox\HPWJTBX.exe C:\Programmer\Microsoft AntiSpyware\gcasServ.exe C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe C:\PROGRA~1\FÆLLES~1\PCSuite\Services\SERVIC~1.EXE C:\Programmer\QuickTime\qttask.exe C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmer\Messenger\msmsgs.exe C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe C:\PROGRA~1\FÆLLES~1\Nokia\MPAPI\MPAPI3s.exe C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe C:\Programmer\Digital Line Detect\DLG.exe C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Programmer\Logitech\SetPoint\SetPoint.exe C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Programmer\Microsoft Firewall Client 2004\FwcMgmt.exe C:\Programme\Apache2\bin\ApacheMonitor.exe C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE C:\Programmer\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Programmer\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Install\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.dk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.computerworld.dk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://My.Gunnebo.NET R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Gunnebo.NET R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://segboprx01.gunnebo.net:8080;https=http://segboprx01.gunnebo.net:8080;ftp=http://segboprx01.gunnebo.net:8080;gopher=http://segboprx01.gunnebo.net:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.gunnebo.net;superoffice.troax.se;128.5.4.62;128.5.7.6;128.5.84.160;212.180.99.201;212.180.99.205;194.3.73.*;<local> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Nothing - {7a932ed2-1737-4ab8-b84d-c71779958551} - C:\WINDOWS\system32\hp4A9B.tmp (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmer\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [HPWJTOOLBOX] C:\Programmer\Hewlett-Packard\hp business inkjet 2300 series\Toolbox\HPWJTBX.exe "-i" O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [DataLayer] C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Firewall Client Management.lnk = ? O4 - Global Startup: Monitor Apache Servers.lnk = C:\Programme\Apache2\bin\ApacheMonitor.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google-søgning - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Oversæt engelsk ord - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Lignende sider - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Tilbage via links - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Øjebliksbillede af side i cache - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Programmer\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Programmer\Titan Poker\casino.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Programmer\Noble Poker\casino.exe O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Programmer\Noble Poker\casino.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Programmer\Poker.com\poker.exe (HKCU) O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll O14 - IERESET.INF: START_PAGE_URL=http://My.Gunnebo.NET O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/au...InkCSP-1204.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122499746406 O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1....g/GoogleNav.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Sa...G/e-Safekey.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gunnebo.net O17 - HKLM\Software\..\Telephony: DomainName = gunnebo.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gunnebo.net O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = gunnebo.net O20 - Winlogon Notify: IntelWireless - C:\Programmer\Intel\Wireless\Bin\LgNotify.dll O23 - Service: Apache2 - Unknown owner - C:\Programme\Apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Programmer\Borland\InterBase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Programmer\Borland\InterBase\bin\ibserver.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe |
|
|
|
|
May 11 2006, 06:01 AM
Post
#5
|
|
|
Forum God Group: Classroom Teacher Posts: 18,672 Joined: 3-December 04 From: Stamford, Connecticut Member No.: 19,436 Operating System: Win 7 Ultimate Win Xp Home SP3
|
Good Morning,
What I was hoping would be gone is still there, so lets run this tool, be sure to use Option #1 only. Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm' |
|
|
|
|
May 11 2006, 06:12 AM
Post
#6
|
|
|
Authentic Member Group: Authentic Member Posts: 46 Joined: 27-July 05 Member No.: 37,177 Operating System: WinXP SR2 |
Morning Ken
Here it is Stig ------------------------------- SmitFraudFix v2.42 Scan done at 14:08:40,87, 11-05-2006 Run from C:\Documents and Settings\stidos\Skrivebord\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» H:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\stidos\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programmer »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End |
|
|
|
|
May 11 2006, 06:50 AM
Post
#7
|
|
|
Forum God Group: Classroom Teacher Posts: 18,672 Joined: 3-December 04 From: Stamford, Connecticut Member No.: 19,436 Operating System: Win 7 Ultimate Win Xp Home SP3
|
StigD,
The problem here is that although I commend you for trying to fix this on your own, it wasnt done correctly and there are bits and pieces left that are giveing us trouble. QUOTE By the way - the folder c:\Windows\Prefetch with nummerous files is still on my pc... Should that have been deleted? Yes, you can delete it all safely. Just the contents of the folder, not the prefetch folder itselfOpen HJT Scan Only, close all open windows and your browser, check these items and click on Fix Checked. O2 - BHO: Nothing - {7a932ed2-1737-4ab8-b84d-c71779958551} - C:\WINDOWS\system32\hp4A9B.tmp (file missing) O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Programmer\Poker.com\poker.exe (HKCU) Enable windows to show all files and folders, instructions HERE * Go to START/ SHUT OF YOUR COMPUTER/ RESTART * As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu. * Use the UP AND DOWN ARROW KEYS to scroll up to SAFEMODE * Then press the ENTER KEY ON YOUR KEYBOARD Look for a delete these files, ithey may be gone so dont fret if you cant find them. C:\WINDOWS\TEMP\KL8A95.EXE C:\WINDOWS\system32\hp4A9B.tmp Reboot normally and then run HJT and post a new log please. This post has been edited by ken545: May 11 2006, 06:51 AM |
|
|
|
|
May 11 2006, 08:02 AM
Post
#8
|
|
|
Authentic Member Group: Authentic Member Posts: 46 Joined: 27-July 05 Member No.: 37,177 Operating System: WinXP SR2 |
Hi again
Deleted the file KL8A95.exe - the other one wherent there. At reboot SpyBot comes up with a warning like..: 11-05-2006 15:51:02 Allowed value "wextract_cleanup0" (new data: "") deleted in System Startup global entry! Tryed to both denie the change and allow - (Last time allow) - and it still comes on every reboot. HJT log now...............: Logfile of HijackThis v1.99.1 Scan saved at 15:59:58, on 11-05-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmer\Intel\Wireless\Bin\EvtEng.exe C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Apache2\bin\Apache.exe C:\WINDOWS\system32\basfipm.exe C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe C:\Programmer\Microsoft Firewall Client 2004\FwcAgent.exe C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Programmer\Trend Micro\OfficeScan Client\ntrtscan.exe C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programmer\Trend Micro\OfficeScan Client\tmlisten.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\Programmer\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\Programme\Apache2\bin\Apache.exe C:\WINDOWS\system32\msiexec.exe C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe C:\Programmer\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\TEMP\QZ1523.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programmer\Apoint\Apoint.exe C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe C:\Programmer\Dell\QuickSet\quickset.exe C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programmer\Trend Micro\OfficeScan Client\pccntmon.exe C:\Programmer\Hewlett-Packard\hp business inkjet 2300 series\Toolbox\HPWJTBX.exe C:\Programmer\Microsoft AntiSpyware\gcasServ.exe C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programmer\QuickTime\qttask.exe C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe C:\Programmer\Apoint\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe C:\PROGRA~1\FÆLLES~1\PCSuite\Services\SERVIC~1.EXE C:\Programmer\Messenger\msmsgs.exe C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe C:\PROGRA~1\FÆLLES~1\Nokia\MPAPI\MPAPI3s.exe C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Programmer\Digital Line Detect\DLG.exe C:\Programmer\Logitech\SetPoint\SetPoint.exe C:\Programmer\Microsoft Firewall Client 2004\FwcMgmt.exe C:\Programme\Apache2\bin\ApacheMonitor.exe C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Programmer\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE C:\Programmer\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Programmer\Internet Explorer\iexplore.exe C:\Install\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.dk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.computerworld.dk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://My.Gunnebo.NET R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Gunnebo.NET R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://segboprx01.gunnebo.net:8080;https=http://segboprx01.gunnebo.net:8080;ftp=http://segboprx01.gunnebo.net:8080;gopher=http://segboprx01.gunnebo.net:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.gunnebo.net;superoffice.troax.se;128.5.4.62;128.5.7.6;128.5.84.160;212.180.99.201;212.180.99.205;194.3.73.*;<local> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7a932ed2-1737-4ab8-b84d-c71779958551} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmer\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [HPWJTOOLBOX] C:\Programmer\Hewlett-Packard\hp business inkjet 2300 series\Toolbox\HPWJTBX.exe "-i" O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [DataLayer] C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Firewall Client Management.lnk = ? O4 - Global Startup: Monitor Apache Servers.lnk = C:\Programme\Apache2\bin\ApacheMonitor.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google-søgning - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Oversæt engelsk ord - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Lignende sider - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Tilbage via links - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Øjebliksbillede af side i cache - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Programmer\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Programmer\Titan Poker\casino.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Programmer\Noble Poker\casino.exe O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Programmer\Noble Poker\casino.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll O14 - IERESET.INF: START_PAGE_URL=http://My.Gunnebo.NET O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/au...InkCSP-1204.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122499746406 O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1....g/GoogleNav.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Sa...G/e-Safekey.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gunnebo.net O17 - HKLM\Software\..\Telephony: DomainName = gunnebo.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gunnebo.net O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = gunnebo.net O20 - Winlogon Notify: IntelWireless - C:\Programmer\Intel\Wireless\Bin\LgNotify.dll O23 - Service: Apache2 - Unknown owner - C:\Programme\Apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Programmer\Borland\InterBase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Programmer\Borland\InterBase\bin\ibserver.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe |
|
|
|
|
May 11 2006, 08:45 AM
Post
#9
|
|
|
Forum God Group: Classroom Teacher Posts: 18,672 Joined: 3-December 04 From: Stamford, Connecticut Member No.: 19,436 Operating System: Win 7 Ultimate Win Xp Home SP3
|
StigD,
Lets disable the Tea Timer in Spybot so as not to interfere with anything. Open Spybot and go to Mode> Advanced Mode> Tools> Resident and take the checkmark out of Tea Timer Lets also disable Microsoft Anti Spyware as something is interfereing with the fix. How to disable the real-time protection There are times that you may want to disable the real-time protection. One reason is if you are getting help via a HijackThis log analysis the real-time protection may make it difficult to fix certain entries. If you are asked to disable the real-time protection simply right click on the icon that looks like this and click on Security Agents Status (Enabled) and click on Disable Real-time Protection. To re enable it, you follow the same steps but click on Enable Real-time Protection. Open HJT Scan Only, close your browser and all open windows and fix this item. O2 - BHO: (no name) - {7a932ed2-1737-4ab8-b84d-c71779958551} - (no file) I just want to make sure that there are files left from the Smitfraud infection before we run the fix. Download and Save Blacklight to your desktop: F-Secure Blacklight Double-click blbeta.exe then accept the agreement, click > scan then > next You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers). Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe" This post has been edited by ken545: May 11 2006, 09:18 AM |
|
|
|
|
May 12 2006, 09:30 AM
Post
#10
|
|
|
Authentic Member Group: Authentic Member Posts: 46 Joined: 27-July 05 Member No.: 37,177 Operating System: WinXP SR2 |
Hi Ken
Blacklight didn't find anything - at all... 05/12/06 17:18:21 [Info]: BlackLight Engine 1.0.36 initialized 05/12/06 17:18:21 [Info]: OS: 5.1 build 2600 (Service Pack 2) 05/12/06 17:18:22 [Note]: 7019 4 05/12/06 17:18:22 [Note]: 7005 0 05/12/06 17:18:26 [Note]: 7006 0 05/12/06 17:18:26 [Note]: 7011 3380 05/12/06 17:18:26 [Note]: 7026 0 05/12/06 17:18:26 [Note]: 7026 0 05/12/06 17:18:34 [Note]: FSRAW library version 1.7.1015 05/12/06 17:23:20 [Note]: 7007 0 -----------HJT------------- Logfile of HijackThis v1.99.1 Scan saved at 17:29:01, on 12-05-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmer\Intel\Wireless\Bin\EvtEng.exe C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Apache2\bin\Apache.exe C:\WINDOWS\system32\basfipm.exe C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe C:\Programmer\Microsoft Firewall Client 2004\FwcAgent.exe C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Programmer\Trend Micro\OfficeScan Client\ntrtscan.exe C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programmer\Trend Micro\OfficeScan Client\tmlisten.exe C:\Programmer\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\Programme\Apache2\bin\Apache.exe C:\WINDOWS\TEMP\EO3C36.EXE C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe C:\Programmer\Intel\Wireless\Bin\ZcfgSvc.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programmer\Apoint\Apoint.exe C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe C:\Programmer\Apoint\Apntex.exe C:\Programmer\Dell\QuickSet\quickset.exe C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programmer\Trend Micro\OfficeScan Client\pccntmon.exe C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe C:\PROGRA~1\FÆLLES~1\PCSuite\Services\SERVIC~1.EXE C:\Programmer\QuickTime\qttask.exe C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmer\Messenger\msmsgs.exe C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Programmer\Digital Line Detect\DLG.exe C:\PROGRA~1\FÆLLES~1\Nokia\MPAPI\MPAPI3s.exe C:\Programmer\Logitech\SetPoint\SetPoint.exe C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Programmer\Microsoft Firewall Client 2004\FwcMgmt.exe C:\Programme\Apache2\bin\ApacheMonitor.exe C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Programmer\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Programmer\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Programmer\Internet Explorer\IEXPLORE.EXE C:\Install\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.dk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.computerworld.dk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://My.Gunnebo.NET R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Gunnebo.NET R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://segboprx01.gunnebo.net:8080;https=http://segboprx01.gunnebo.net:8080;ftp=http://segboprx01.gunnebo.net:8080;gopher=http://segboprx01.gunnebo.net:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.gunnebo.net;superoffice.troax.se;128.5.4.62;128.5.7.6;128.5.84.160;212.180.99.201;212.180.99.205;194.3.73.*;<local> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmer\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [HPWJTOOLBOX] C:\Programmer\Hewlett-Packard\hp business inkjet 2300 series\Toolbox\HPWJTBX.exe "-i" O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [DataLayer] C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Firewall Client Management.lnk = ? O4 - Global Startup: Monitor Apache Servers.lnk = C:\Programme\Apache2\bin\ApacheMonitor.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google-søgning - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Oversæt engelsk ord - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Lignende sider - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Tilbage via links - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Øjebliksbillede af side i cache - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Programmer\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Programmer\Titan Poker\casino.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Programmer\Noble Poker\casino.exe O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Programmer\Noble Poker\casino.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll O14 - IERESET.INF: START_PAGE_URL=http://My.Gunnebo.NET O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/au...InkCSP-1204.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122499746406 O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1....g/GoogleNav.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Sa...G/e-Safekey.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gunnebo.net O17 - HKLM\Software\..\Telephony: DomainName = gunnebo.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gunnebo.net O20 - Winlogon Notify: IntelWireless - C:\Programmer\Intel\Wireless\Bin\LgNotify.dll O23 - Service: Apache2 - Unknown owner - C:\Programme\Apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Programmer\Borland\InterBase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Programmer\Borland\InterBase\bin\ibserver.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe |
|
|
|
|
May 13 2006, 08:31 PM
Post
#11
|
|
|
Forum God Group: Classroom Teacher Posts: 18,672 Joined: 3-December 04 From: Stamford, Connecticut Member No.: 19,436 Operating System: Win 7 Ultimate Win Xp Home SP3
|
Hello StigD,
 Sorry for the late reply but I have been away for a couple of days. If you were still infected with SpyQuake which is a member of the smitfraud trojan family, running Roguescan fix would have cleaned it, by running Option #1 and Blacklight, if the files for that infection were still present, they would have showed up in one of the last 2 progams, and they did not. So I would say that your log looks clean.  Domain = gunnebo.net I am curious about this , could you fill me in on it. If you dont have any specific issues, post back and let me know, I have some free tools and tips for you to help make your system more secure on the internet. |
|
|
|
|
May 14 2006, 09:31 AM
Post
#12
|
|
|
Authentic Member Group: Authentic Member Posts: 46 Joined: 27-July 05 Member No.: 37,177 Operating System: WinXP SR2 |
Hi there Ken - thanks mate.
Gunnebo.net is my companys intranet - but the normal settings are ment for pc's and not a laptop like mine, that also covers my private needs. Very pleased that it now looks clean - and my only problem now seems to be with outlook (2003). After this infection it keeps crashing whenever I opens an email, contact, task or calendar item. I have tryed the repair option - without success - tryed removing outlook,- and installing it over again.... still same problem... So don't really know what to do. If you have any ideas about that, it would be highly appriciated. Stig |
|
|
|
|
May 14 2006, 09:51 AM
Post
#13
|
|
|
Forum God Group: Classroom Teacher Posts: 18,672 Joined: 3-December 04 From: Stamford, Connecticut Member No.: 19,436 Operating System: Win 7 Ultimate Win Xp Home SP3
|
Keep in mind the the lowlife that writes all the malware garbage has no concern about what it does to your computer. I am not saying that the infection you had damaged it, but there is always that possibiltiy.
Try this..... Depending on how your system was set up from the manufacturer, you may or maynot need the windows CD. This will scan your system and replace any missing or corrupted system files. * From the Start menu, select Run. * In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow) * Select the OK button. * Follow the prompts throughout the System File Checker process. * Reboot the computer when System File Checker completes. Let me know if it helped, if not I can direct you to some great windows tech support sites that deal with this sort of issue |
|
|
|
|
May 14 2006, 09:54 AM
Post
#14
|
|
|
Authentic Member Group: Authentic Member Posts: 46 Joined: 27-July 05 Member No.: 37,177 Operating System: WinXP SR2 |
Great m8... I'll try that - and let you in on the results.
Stig |
|
|
|
|
May 15 2006, 06:52 AM
Post
#15
|
|
|
Authentic Member Group: Authentic Member Posts: 46 Joined: 27-July 05 Member No.: 37,177 Operating System: WinXP SR2 |
sorry mate - but that didn't help... so I'm quite lost at this time.
I've tryed to completly remove office 2003 - and reinstalling again - and it still crashes when opening anything within outlook. Any ideas? |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | |||
|---|---|---|---|---|---|---|---|
 |
9 | jody99 | 3,589 | 30th March 2004 - 12:32 AM Last post by: Daemon |
|||
|
4 | rwiley02 | 1,454 | 18th July 2004 - 03:33 PM Last post by: nellie2 |
|||
|
4 | Dawn | 985 | 14th September 2004 - 09:34 AM Last post by: ChrisRLG |
|||
|
7 | pooh736 | 1,171 | 24th September 2004 - 08:53 PM Last post by: little eagle |
|||
 |
 |
18 | Darkelf | 2,074 | 11th October 2004 - 02:26 PM Last post by: little eagle |
||
|
Time is now: 23rd May 2013 - 06:23 AM |
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
