Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] My Machine Is Infected

Started by Lavie , Sep 05 2007 01:34 AM

  • This topic is locked This topic is locked
41 replies to this topic

#16 Lavie

Lavie

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 06 September 2007 - 11:30 AM

Hi again...

...first of all - I do not have any intention to wast any time - yours or mine.
I just thought I've turned off the AVG - that was the intention after your e-mail, sorry about that. :oops:

In an earlier reply you ask me about a "no name" regkey - this one:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

- but I don't know what it is or refer to.

I've deleted AVG - and after the SmithFraudfix this is the Hijackthis-log:



Logfile of HijackThis v1.99.1
Scan saved at 19:11:37, on 06.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programfiler\Norman\Npm\bin\NPROSEC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\DigitalPersona\Bin\DPWinLct.exe
C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe
C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE
C:\Programfiler\Norman\Npm\Bin\Zanda.exe
C:\Programfiler\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Programfiler\Fellesfiler\InterVideo\DeviceService\DevSvc.exe
C:\Programfiler\DigitalPersona\Bin\DpHost.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programfiler\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Programfiler\Norman\npc\bin\npcsvc32.exe
C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE
C:\Programfiler\Norman\npc\bin\nuaa.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe
C:\Programfiler\Microsoft IntelliType Pro\itype.exe
C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\stsystra.exe
C:\Programfiler\Microsoft IntelliPoint\ipoint.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Programfiler\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe
C:\Programfiler\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Norman\Nvc\BIN\NIP.EXE
C:\Programfiler\Norman\Nvc\bin\cclaw.exe
C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Programfiler\Digital Line Detect\DLG.exe
C:\Programfiler\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\DOCUME~1\TOMMYL~1\LOKALE~1\Temp\Midlertidig mappe 4 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.graypages.no/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEToolbarBHO Class - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - C:\Programfiler\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: MSVPS System - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - C:\WINDOWS\nsduo.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar1.02.5000.1021\no\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar1.02.5000.1021\no\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: LinkedIn Toolbar - {BB670D0B-5C46-40C7-B38B-40DD26987723} - C:\Programfiler\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DPAgnt] C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [itype] "C:\Programfiler\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programfiler\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Programfiler\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [IPHider] C:\Programfiler\IP Hider\IP Hider.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Norman ZANDA] C:\Programfiler\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Programfiler\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Programfiler\NetWaiting\netwaiting.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Telio Phone Client] "C:\Programfiler\Telio Phone\eyeBeamAsDLL.dll"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programfiler\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Linked&In Search - res://C:\Programfiler\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll/ContextMenu.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .UVR: C:\Programfiler\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37960.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30EA550E-38D4-4CF0-9B44-7814B1BF2542}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{7FC30A7E-8BBC-4647-B902-010761AC0372}: NameServer = 85.255.115.29,85.255.112.140
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A6B646F-816E-49C2-9021-34D25570473C}: NameServer = 85.255.115.29,85.255.112.140
O17 - HKLM\System\CCS\Services\Tcpip\..\{911D2717-8A6E-4B90-83B5-ADDA1E5B7398}: NameServer = 85.255.115.29,85.255.112.140
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{30EA550E-38D4-4CF0-9B44-7814B1BF2542}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: msmhost - {79E459A7-9EBD-42E2-9002-855652B71732} - C:\WINDOWS\msmhost.dll
O21 - SSODL: msmdev - {A45DAE5E-476D-4981-9EF5-8A32E1DC6E9D} - C:\WINDOWS\msmdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programfiler\Fellesfiler\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Programfiler\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Programfiler\DigitalPersona\Bin\DpHost.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Programfiler\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programfiler\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NPROSEC.EXE
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Programfiler\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programfiler\Norman\npm\bin\nvoy.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

    Advertisements

Register to Remove

#17 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 06 September 2007 - 04:08 PM

Hi

I didnt mean to imply you were wasting my time. I just meant we would both be wasting our time cleaning one problem, for another to appear.

Download and Run FixWarout
Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingc.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

At the end of the fix, you may need to restart your computer again.

Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7FC30A7E-8BBC-4647-B902-010761AC0372}: NameServer = 85.255.115.29,85.255.112.140
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8A6B646F-816E-49C2-9021-34D25570473C}: NameServer = 85.255.115.29,85.255.112.140
    O17 - HKLM\System\CCS\Services\Tcpip\..\{911D2717-8A6E-4B90-83B5-ADDA1E5B7398}: NameServer = 85.255.115.29,85.255.112.140
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.
Post the contents of the logfile C:\fixwareout\report.txt

Now lets check some settings on your system.
(2000/XP) Only
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable on some systems
Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)

Open Notepad and Copy/Paste the text in the codebox below into it: 

File::
C:\WINDOWS\msmdev.dll
C:\WINDOWS\msmhost.dll
C:\WINDOWS\nsduo.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88418AA3-16F5-4FC2-A9D8-90B1266DF841}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"msmhost"=-
"msmdev"=-

Save this as "CFScript"

Posted Image


Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log with a new HijackThis log and the Fixwareout report. :thumbup:

Edited by Scotty, 06 September 2007 - 04:16 PM.

You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#18 Lavie

Lavie

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 07 September 2007 - 08:55 AM

Hi Scotty... ...I've been out today - so therefore a little late reply. Here is the Fixwareout-log; Username "Tommy Lavie" - 07.09.2007 16:36:53 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7FC30A7E-8BBC-4647-B902-010761AC0372} "nameserver"="85.255.115.29,85.255.112.140" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{8A6B646F-816E-49C2-9021-34D25570473C} "nameserver"="85.255.115.29,85.255.112.140" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{911D2717-8A6E-4B90-83B5-ADDA1E5B7398} "nameserver"="85.255.115.29,85.255.112.140" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7FC30A7E-8BBC-4647-B902-010761AC0372} "DhcpNameServer"="85.255.115.29,85.255.112.140" <Value cleared. DNS Resolver-bufferen ble tømt. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "omwsc" Value deleted HKCR\CLSID\{EB7BBEA2-330B-4CB8-B3B1-27F254B8C634}\_h\4 Deleted. .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\\Programfiler\\Synaptics\\SynTP\\SynTPEnh.exe" "ShowLOMControl"=dword:00000001 "IntelZeroConfig"="\"C:\\Programfiler\\Intel\\Wireless\\bin\\ZCfgSvc.exe\"" "IntelWireless"="\"C:\\Programfiler\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless" "DVDLauncher"="\"C:\\Programfiler\\filer\\CyberLink\\PowerDVD\\DVDLauncher.exe\"" "DMXLauncher"="C:\\Programfiler\\Dell\\Media Experience\\DMXLauncher.exe" "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe" "ISUSPM Startup"="\"C:\\Programfiler\\Fellesfiler\\InstallShield\\UpdateService\\isuspm.exe\" -startup" "ISUSScheduler"="\"C:\\Programfiler\\Fellesfiler\\InstallShield\\UpdateService\\issch.exe\" -start" "OpwareSE2"="\"C:\\Programfiler\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\"" "DLCCCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\DLCCtime.dll,_RunDLLEntry@16" "dlccmon.exe"="\"C:\\Programfiler\\Dell Photo AIO Printer 924\\dlccmon.exe\"" "QuickTime Task"="\"C:\\Programfiler\\QuickTime\\qttask.exe\" -atboottime" "Adobe Version Cue CS2"="\"c:\\Documents and Settings\\Tommy Lavie\\Skrivebord\\Adobe\\Adobe Version Cue CS2\\ControlPanel\\VersionCueCS2Tray.exe\"" "Acrobat Assistant 7.0"="\"C:\\Documents and Settings\\Tommy Lavie\\Skrivebord\\Adobe\\Adobe Acrobat 7.0\\Distillr\\Acrotray.exe\"" "NeroFilterCheck"="C:\\Programfiler\\Fellesfiler\\Ahead\\Lib\\NeroCheck.exe" "DPAgnt"="C:\\Programfiler\\DigitalPersona\\Bin\\DPAgnt.exe" "itype"="\"C:\\Programfiler\\Microsoft IntelliType Pro\\itype.exe\"" "SunJavaUpdateSched"="C:\\Programfiler\\Java\\j2re1.4.2_03\\bin\\jusched.exe" "SigmatelSysTrayApp"="stsystra.exe" "IntelliPoint"="\"C:\\Programfiler\\Microsoft IntelliPoint\\ipoint.exe\"" "NoteBurner"="C:\\Programfiler\\NoteBurner\\VTBurnerGUI.exe /silence" "IPHider"="C:\\Programfiler\\IP Hider\\IP Hider.exe" "ATICCC"="\"C:\\Programfiler\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay" "Norman ZANDA"="C:\\Programfiler\\Norman\\Npm\\bin\\ZLH.EXE /LOAD /SPLASH" "NPCTray"="C:\\Programfiler\\Norman\\npc\\bin\\npc_tray.exe /LOAD" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "ModemOnHold"="C:\\Programfiler\\NetWaiting\\netwaiting.exe" "MsnMsgr"="\"C:\\Programfiler\\MSN Messenger\\MsnMsgr.Exe\" /background" "Telio Phone Client"="\"C:\\Programfiler\\Telio Phone\\eyeBeamAsDLL.dll\"" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programfiler\\Fellesfiler\\Ahead\\Lib\\NMBgMonitor.exe\"" "Skype"="\"C:\\Programfiler\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "Uniblue RegistryBooster 2"="C:\\Programfiler\\Uniblue\\RegistryBooster 2\\RegistryBooster.exe /S" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~

#19 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 07 September 2007 - 11:30 AM

Still need you to follow the CFScript instruction etc.
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#20 Lavie

Lavie

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 07 September 2007 - 11:47 AM

Here I am again - with a new log - this time CFScript.

The desktop background picture is gone - and are now plain white.


ComboFix 07-09-05.5 - "Tommy Lavie" 2007-09-07 19:26:37.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.214 [GMT 2:00]
* Created a new restore point

FILE::
C:\WINDOWS\msmdev.dll
C:\WINDOWS\msmhost.dll
C:\WINDOWS\nsduo.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\TOMMYL~1\FAVORI~1\Error Cleaner.url
C:\DOCUME~1\TOMMYL~1\FAVORI~1\Privacy Protector.url
C:\DOCUME~1\TOMMYL~1\FAVORI~1\Spyware&Malware Protection.url
C:\DOCUME~1\TOMMYL~1\SKRIVE~1\Error Cleaner.url
C:\DOCUME~1\TOMMYL~1\SKRIVE~1\Privacy Protector.url
C:\DOCUME~1\TOMMYL~1\SKRIVE~1\Spyware&Malware Protection.url
C:\WINDOWS\dat.txt
C:\WINDOWS\msmdev.dll
C:\WINDOWS\msmhost.dll
C:\WINDOWS\nsduo.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt


((((((((((((((((((((((((( Files Created from 2007-08-07 to 2007-09-07 )))))))))))))))))))))))))))))))


2007-09-07 16:30 <DIR> dr------- C:\DOCUME~1\LOCALS~1\Favoritter
2007-09-07 16:30 <DIR> d-------- C:\DOCUME~1\LOCALS~1\PROGRA~1\LinkedIn
2007-09-06 18:52 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-06 18:52 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-06 18:52 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-05 17:49 <DIR> d-------- C:\Programfiler\Password Corral v4.0
2007-09-05 13:42 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-05 10:27 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-09-05 08:55 5,538 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-23 08:01 42,040 --a------ C:\WINDOWS\system32\drivers\ale_nf.sys
2007-08-13 16:16 355,840 --a------ C:\WINDOWS\system32\Transparent Language.scr
2007-08-13 16:16 <DIR> d-------- C:\Programfiler\TLI
2007-08-13 16:06 <DIR> d-------- C:\WORDACE1
2007-08-12 12:27 79,840 --a------ C:\WINDOWS\system32\drivers\ndis_rd.sys
2007-08-12 12:27 72,320 --a------ C:\WINDOWS\system32\drivers\tdi_rd.sys
2007-08-12 12:27 212,024 --a------ C:\WINDOWS\system32\nscrnsav.scr
2007-08-12 12:27 2,973,696 --a------ C:\WINDOWS\system32\qt-mt338.dll
2007-08-12 12:27 19,000 --a------ C:\WINDOWS\system32\drivers\nvcw32mf.sys
2007-08-12 12:26 <DIR> d-------- C:\Programfiler\Norman
2007-08-11 19:46 <DIR> d-------- C:\Programfiler\JazzWare
2007-08-11 18:13 <DIR> d-------- C:\Programfiler\Audacity 1.3 Beta (Unicode)
2007-08-11 18:13 <DIR> d-------- C:\DOCUME~1\TOMMYL~1\PROGRA~1\Audacity
2007-08-10 16:13 <DIR> d-------- C:\Programfiler\LinkedIn


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-07 18:48 --------- d-------- C:\DOCUME~1\TOMMYL~1\PROGRA~1\Skype
2007-09-07 16:31 --------- d-------- C:\Programfiler\Dl_cats
2007-09-06 19:05 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Spybot - Search & Destroy
2007-09-06 09:00 --------- d-------- C:\Programfiler\Fellesfiler\Symantec Shared
2007-09-06 09:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Symantec
2007-09-05 14:37 --------- d-------- C:\Programfiler\MSN Messenger
2007-08-13 16:16 --------- d--h----- C:\Programfiler\InstallShield Installation Information
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-26 12:03 --------- d-------- C:\Programfiler\Broadcom
2007-07-26 11:49 --------- d-------- C:\Programfiler\ATI Technologies
2007-07-24 18:06 --------- d-------- C:\Programfiler\Microsoft Producer 2
2007-07-24 13:31 --------- d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2
2007-07-24 12:29 --------- d-------- C:\Programfiler\Fellesfiler\LightScribe
2007-07-24 12:28 --------- d-------- C:\Programfiler\NCH Swift Sound
2007-07-24 11:30 --------- d-------- C:\DOCUME~1\TOMMYL~1\PROGRA~1\Symantec
2007-07-24 00:32 --------- d-------- C:\DOCUME~1\TOMMYL~1\PROGRA~1\InstallShield
2007-07-23 18:35 --------- d-------- C:\Programfiler\DivX
2007-07-23 08:46 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\BVRP Software
2007-07-23 08:43 --------- d-------- C:\Programfiler\Corel
2007-07-22 22:51 --------- d-------- C:\Programfiler\Opera
2007-07-22 22:24 --------- d-------- C:\Programfiler\Windows Live Toolbar
2007-07-22 22:24 --------- d-------- C:\Programfiler\MSN Apps
2007-07-22 22:24 --------- d-------- C:\DOCUME~1\TOMMYL~1\PROGRA~1\RegistrySmart
2007-07-22 22:20 --------- d-------- C:\Programfiler\PMG
2007-07-22 22:20 --------- d-------- C:\Programfiler\PIXresizer
2007-07-22 22:20 --------- d-------- C:\Programfiler\IP Hider
2007-07-22 22:20 --------- d-------- C:\Programfiler\Canon
2007-07-22 22:19 --------- d-------- C:\Programfiler\KC Softwares
2007-07-22 22:19 --------- d-------- C:\Programfiler\Avanquest update
2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-14 08:57 --------- d-------- C:\Programfiler\EPSON
2007-07-13 14:11 --------- d-------- C:\Programfiler\MSECache
2007-07-13 01:32 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-10 11:37 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Windows Live Toolbar
2007-07-10 10:42 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Office Genuine Advantage
2007-07-09 21:07 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-09 21:07 36624 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-09 21:07 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 21:07 2560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-09 21:07 2432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-09 21:07 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-09 21:07 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-09 21:07 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-09 21:05 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-09 21:05 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-09 21:05 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-09 21:05 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-09 21:05 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-09 21:05 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-09 21:05 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-09 21:05 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-09 21:05 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-09 21:05 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-09 21:05 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-09 21:05 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-09 21:05 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-09 21:05 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-06-27 16:13 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 16:13 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 16:13 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 16:13 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 16:13 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 16:13 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 16:13 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 16:13 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 16:12 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 16:12 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 16:12 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 16:12 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 16:12 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 16:12 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 16:11 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 16:11 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 16:11 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 16:11 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 16:11 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 16:11 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 15:54 317440 --a------ C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-27 10:29 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 09:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-04-29 13:56:43 56 --sh--r C:\WINDOWS\system32\2BAD0DDE8E.sys
2006-07-28 09:36:46 88 --sh--r C:\WINDOWS\system32\8EDE0DAD2B.sys
2007-04-29 13:56:47 6,424 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((( snapshot_2007-09-05_134628,50 )))))))))))))))))))))))))))))))))))))))))

----a-r 29,926 2007-09-05 12:37:20 C:\WINDOWS\Installer\{B4C75EAB-B1B8-4120-B9AF-0852EAE4A434}\MsblIco.Exe
----atw 16,384 2007-09-07 17:31:25 C:\WINDOWS\Temp\Perflib_Perfdata_2c4.dat
----atw 16,384 2007-09-06 07:01:35 C:\WINDOWS\Temp\Perflib_Perfdata_34c.dat
----atw 16,384 2007-09-07 17:31:39 C:\WINDOWS\Temp\Perflib_Perfdata_c4c.dat

----a-r 29,926 2007-02-27 17:05:32 C:\WINDOWS\Installer\{B4C75EAB-B1B8-4120-B9AF-0852EAE4A434}\MsblIco.Exe
----atw 16,384 2007-08-24 05:39:17 C:\WINDOWS\Temp\Perflib_Perfdata_2c4.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 05:56]
"ShowLOMControl"="1 (0x1)" []
"IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55]
"IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56]
"DVDLauncher"="C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 21:29]
"DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]
"ISUSPM Startup"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"OpwareSE2"="C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 01:50]
"dlccmon.exe"="C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 03:41]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-05-25 11:29]
"Adobe Version Cue CS2"="c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58]
"Acrobat Assistant 7.0"="C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
"NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"DPAgnt"="C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe" [2006-10-09 17:27]
"itype"="C:\Programfiler\Microsoft IntelliType Pro\itype.exe" [2005-12-04 17:38]
"SunJavaUpdateSched"="C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 18:30 C:\WINDOWS\stsystra.exe]
"IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 16:52]
"NoteBurner"="C:\Programfiler\NoteBurner\VTBurnerGUI.exe" []
"IPHider"="C:\Programfiler\IP Hider\IP Hider.exe" [2006-10-10 14:10]
"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"Norman ZANDA"="C:\Programfiler\Norman\Npm\bin\ZLH.exe" [2007-06-28 14:45]
"NPCTray"="C:\Programfiler\Norman\npc\bin\npc_tray.exe" [2007-05-14 11:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"ModemOnHold"="C:\Programfiler\NetWaiting\netwaiting.exe" [2003-09-10 03:24]
"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"Telio Phone Client"="C:\Programfiler\Telio Phone\eyeBeamAsDLL.dll" [2005-07-12 14:59]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 17:03]
"Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2007-05-10 16:09]
"Uniblue RegistryBooster 2"="C:\Programfiler\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

C:\DOCUME~1\ALLUSE~1\START-~1\PROGRA~1\Oppstart\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-05-26 12:08:58]
Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
C:\WINDOWS\system32\DPWLEvHd.dll 2006-10-09 17:27 99856 C:\WINDOWS\system32\DPWLEvHd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli DPPWDFLT

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe"

R0 NDIS_RD;Norman Firewall NDIS driver;C:\WINDOWS\system32\drivers\NDIS_RD.sys
R1 NPROSEC;Norman Security driver;\??\C:\Programfiler\Norman\Npm\bin\nprosec.sys
R1 TDI_RD;Norman Firewall TDI driver;\??\C:\WINDOWS\system32\drivers\TDI_RD.SYS
R2 Ndiskio;Ndiskio;\??\C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS
R2 NPFSvc32;Norman Personal Firewall Service;"C:\Programfiler\Norman\npf\bin\npfsvc32.exe"
R2 NPROSECSVC;Norman Security service;C:\Programfiler\Norman\Npm\bin\NPROSEC.EXE
R2 NVOY;Norman's Very Own supplY of resources;C:\Programfiler\Norman\npm\bin\nvoy.exe
R3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys
R3 dpK0Bx01;Fingerprint Reader Filter Driver;C:\WINDOWS\system32\DRIVERS\dpK0Bx01.sys
R3 NPC;Norman Parental Control;C:\Programfiler\Norman\npc\bin\npcsvc32.exe
R3 NUAA;Norman User Activity Agent;C:\Programfiler\Norman\npc\bin\nuaa.exe
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys
R3 nvcoas;Norman Virus Control on-access component;C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
R3 UsbdpFP;Fingerprint Reader Class Driver;C:\WINDOWS\system32\DRIVERS\UsbdpFP.sys
S0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
S3 GRABSTER250;Grabster AV 250;C:\WINDOWS\system32\DRIVERS\GRABSTER250.SYS
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PLCMPR5.SYS
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PLCNDIS5.SYS
S4 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys


Contents of the 'Scheduled Tasks' folder
"2007-09-07 16:42:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE
"2007-08-25 01:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Programfiler\RegistrySmart\RegistrySmart.exe
"2007-01-08 22:26:34 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe
"2007-09-04 16:35:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Programfiler\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-06-26 16:35:53 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Programfiler\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-09-04 16:44:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Programfiler\Uniblue\SpyEraser\SpyEraser.exe
"2007-06-26 16:44:10 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Programfiler\Uniblue\SpyEraser\SpyEraser.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-07 19:32:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NUAA]
"ImagePath"="C:\Programfiler\Norman\npc\bin\nuaa.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp]
"ImagePath"="\SystemRoot\system32\DRIVERS\viaagp.sys"

Completion time: 2007-09-07 19:36:08 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-07 19:35

--- E O F ---

#21 Lavie

Lavie

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 07 September 2007 - 12:00 PM

Just a short comment - when I try to change the background picture, I get a message that states: Can't find the file:///C:WINDOWS/privacy_danger/index.htm.

#22 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 07 September 2007 - 12:25 PM

Hi We will deal with that soon. Still need a new HijackThis log.
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#23 Lavie

Lavie

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 07 September 2007 - 12:40 PM

Si Señor...

Logfile of HijackThis v1.99.1
Scan saved at 20:36:43, on 07.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programfiler\Norman\Npm\bin\NPROSEC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\DigitalPersona\Bin\DPWinLct.exe
C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe
C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE
C:\Programfiler\Norman\Npm\Bin\Zanda.exe
C:\Programfiler\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Programfiler\Fellesfiler\InterVideo\DeviceService\DevSvc.exe
C:\Programfiler\DigitalPersona\Bin\DpHost.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programfiler\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE
C:\Programfiler\Norman\npc\bin\npcsvc32.exe
C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE
C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
C:\Programfiler\Norman\npc\bin\nuaa.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\Norman\npf\bin\npfuser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe
C:\Programfiler\Microsoft IntelliType Pro\itype.exe
C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\stsystra.exe
C:\Programfiler\Microsoft IntelliPoint\ipoint.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\Norman\Npm\bin\ZLH.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programfiler\NetWaiting\netwaiting.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe
C:\Programfiler\Norman\Nvc\BIN\NIP.EXE
C:\Programfiler\Norman\Nvc\bin\cclaw.exe
C:\Programfiler\Digital Line Detect\DLG.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\TOMMYL~1\LOKALE~1\Temp\Midlertidig mappe 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEToolbarBHO Class - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - C:\Programfiler\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar1.02.5000.1021\no\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar1.02.5000.1021\no\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: LinkedIn Toolbar - {BB670D0B-5C46-40C7-B38B-40DD26987723} - C:\Programfiler\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DPAgnt] C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [itype] "C:\Programfiler\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programfiler\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Programfiler\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [IPHider] C:\Programfiler\IP Hider\IP Hider.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Norman ZANDA] C:\Programfiler\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Programfiler\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Programfiler\NetWaiting\netwaiting.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Telio Phone Client] "C:\Programfiler\Telio Phone\eyeBeamAsDLL.dll"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programfiler\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Linked&In Search - res://C:\Programfiler\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll/ContextMenu.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .UVR: C:\Programfiler\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37960.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programfiler\Fellesfiler\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Programfiler\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Programfiler\DigitalPersona\Bin\DpHost.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Programfiler\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programfiler\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NPROSEC.EXE
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Programfiler\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programfiler\Norman\npm\bin\nvoy.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

#24 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 07 September 2007 - 02:01 PM

Okay, let's fix your desktop.

Go to Start > Control Panel > Display Properties > Desktop > Customize Desktop... > Web tab
Select everything privacy_danger you find in there and press the Delete button on the right.
Hit OK below > Apply in previous window.

Download AVG Anti-Spyware.
  • Install AVG Anti-Spyware.
  • Launch AVG by double-clicking on the icon.
  • The program will now open to the main screen.
  • You will need to update AVG to the latest definition files.
  • At the top of the main screen click Update.
  • Then in the Manual Update section, click on Start Update.
[*]The update will start and a progress bar will show the updates being installed.
[*]When updates are completed, close AVG.
[/list]If you are having problems with the updater, you can use this link to manually update AVG.
AVG manual updates

Run a scan with AVG.
  • Click on Scanner
    • Click on the Settings tab, and set the following settings.
      • How to act
      • Click on Recommended actions, and set to Quarantine.
    • How to scan
      • Check all options.
    • Possibly unwanted software.
      • Check all options.
    • Reports
      • Check Do not automatically generate reports after every scan.
    • What to scan
      • Check Scan every file.
  • Click on the Scan tab.
    • Click on Complete System Scan and the scan will begin.
    • When the scan has finished
    • Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the Apply all Actions button.
Note: Don't save the report before you hit the Apply action button.

Close AVG Anti-Spyware.

AVG will save a report in the following location C:\Program Files\Grisoft\AVG anti-spyware 7.5\Reports

Post back with the AVG report and a new HijackThis log, please.
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#25 Lavie

Lavie

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 07 September 2007 - 03:47 PM

Hi Scotty...

...there were no log or report-file made after the AVG-scan under this adress or elsewere: C:\Program Files\Grisoft\AVG anti-spyware 7.5\Reports

anyway - here is a new Hijackthis-log:



Logfile of HijackThis v1.99.1
Scan saved at 23:42:22, on 07.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programfiler\Norman\Npm\bin\NPROSEC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\DigitalPersona\Bin\DPWinLct.exe
C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe
C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE
C:\Programfiler\Norman\Npm\Bin\Zanda.exe
C:\Programfiler\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Programfiler\Fellesfiler\InterVideo\DeviceService\DevSvc.exe
C:\Programfiler\DigitalPersona\Bin\DpHost.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programfiler\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE
C:\Programfiler\Norman\npc\bin\npcsvc32.exe
C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE
C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
C:\Programfiler\Norman\npc\bin\nuaa.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\Norman\npf\bin\npfuser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe
C:\Programfiler\Microsoft IntelliType Pro\itype.exe
C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\stsystra.exe
C:\Programfiler\Microsoft IntelliPoint\ipoint.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\Norman\Npm\bin\ZLH.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programfiler\NetWaiting\netwaiting.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe
C:\Programfiler\Norman\Nvc\BIN\NIP.EXE
C:\Programfiler\Norman\Nvc\bin\cclaw.exe
C:\Programfiler\Digital Line Detect\DLG.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programfiler\Opera\Opera.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\DOCUME~1\TOMMYL~1\LOKALE~1\Temp\Midlertidig mappe 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEToolbarBHO Class - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - C:\Programfiler\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar1.02.5000.1021\no\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar1.02.5000.1021\no\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: LinkedIn Toolbar - {BB670D0B-5C46-40C7-B38B-40DD26987723} - C:\Programfiler\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DPAgnt] C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [itype] "C:\Programfiler\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programfiler\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Programfiler\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [IPHider] C:\Programfiler\IP Hider\IP Hider.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Norman ZANDA] C:\Programfiler\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Programfiler\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Programfiler\NetWaiting\netwaiting.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Telio Phone Client] "C:\Programfiler\Telio Phone\eyeBeamAsDLL.dll"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programfiler\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Linked&In Search - res://C:\Programfiler\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll/ContextMenu.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .UVR: C:\Programfiler\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37960.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programfiler\Fellesfiler\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Programfiler\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Programfiler\DigitalPersona\Bin\DpHost.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Programfiler\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programfiler\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NPROSEC.EXE
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Programfiler\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programfiler\Norman\npm\bin\nvoy.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

    Advertisements

Register to Remove

#26 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 07 September 2007 - 03:58 PM

Ok

Uninstall AVG anti-spyware, then try this.
  • Please go HERE to run PandaActiveScan...

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to your desktop.
Post that report for me.
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#27 Lavie

Lavie

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 08 September 2007 - 12:01 PM

Hi again... ...it took some time - I think the server was busy or down fore a while. Here's the log: Incident Status Location Dialer:dialer.su Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\Switch

#28 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 08 September 2007 - 12:15 PM

Hi

Delete the Smitfraudfix folder, Combofix icon and Fixwareout.exe from your Desktop.

Navigate to and delete the following folders (if they are present):

Folders:
C:\Fixwareout
C:\Combofix/b]
C:\Qoobox

Delete the older versions of Java and download the newest.
Please follow these steps to remove older version Java components.
  • Close any programmes you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel.
  • Click Add/Remove Programs.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove all versions of Java.
  • Reboot your computer once all Java components are removed.
Then download the latest version of Java Runtime Environment (JRE) (4th one down the list), which is JRE6u2, and click Yes at the page warning, then accept the Licence Agreement before downloading the Offline file.

I would advise updating Adobe Reader, as the latest version clears up any vulnerabilities of previous versions.
First uninstall the version you have on your computer then download and install Adobe Reader 8.1.

[b]Post back with a new HijackThis log, when you have done the above, and let me know how your pc is behaving now.
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#29 Lavie

Lavie

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 08 September 2007 - 01:27 PM

Hi - an updatet HijackThis-Log:



Logfile of HijackThis v1.99.1
Scan saved at 21:22:31, on 08.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programfiler\Norman\Npm\bin\NPROSEC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\DigitalPersona\Bin\DPWinLct.exe
C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe
C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE
C:\Programfiler\Norman\Npm\Bin\Zanda.exe
C:\Programfiler\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Programfiler\Fellesfiler\InterVideo\DeviceService\DevSvc.exe
C:\Programfiler\DigitalPersona\Bin\DpHost.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programfiler\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe
C:\Programfiler\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\stsystra.exe
C:\Programfiler\Microsoft IntelliPoint\ipoint.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\Norman\Npm\bin\ZLH.EXE
C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE
C:\Programfiler\Norman\npc\bin\npcsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Norman\Nvc\BIN\NIP.EXE
C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE
C:\Programfiler\NetWaiting\netwaiting.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe
C:\Programfiler\Skype\Phone\Skype.exe
C:\Programfiler\Norman\npc\bin\nuaa.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\Norman\Nvc\bin\cclaw.exe
C:\Programfiler\Digital Line Detect\DLG.exe
C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programfiler\Skype\Plugin Manager\SkypePM.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programfiler\Norman\npf\bin\npfuser.exe
C:\WINDOWS\system32\msiexec.exe
C:\DOCUME~1\TOMMYL~1\LOKALE~1\Temp\Midlertidig mappe 3 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.graypages.no/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEToolbarBHO Class - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - C:\Programfiler\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar1.02.5000.1021\no\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar1.02.5000.1021\no\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: LinkedIn Toolbar - {BB670D0B-5C46-40C7-B38B-40DD26987723} - C:\Programfiler\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DPAgnt] C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [itype] "C:\Programfiler\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programfiler\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Programfiler\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [IPHider] C:\Programfiler\IP Hider\IP Hider.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Norman ZANDA] C:\Programfiler\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Programfiler\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Programfiler\NetWaiting\netwaiting.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Telio Phone Client] "C:\Programfiler\Telio Phone\eyeBeamAsDLL.dll"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programfiler\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Linked&In Search - res://C:\Programfiler\LinkedIn\IE Toolbar\3.0.3.1100\LinkedinIEToolbar.dll/ContextMenu.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .UVR: C:\Programfiler\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37960.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - c:\Documents and Settings\Tommy Lavie\Skrivebord\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programfiler\Fellesfiler\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Programfiler\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Programfiler\DigitalPersona\Bin\DpHost.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Programfiler\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programfiler\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NPROSEC.EXE
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Programfiler\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programfiler\Norman\npm\bin\nvoy.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

#30 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 09 September 2007 - 05:00 AM

Hi

This is my usual speech for when you are clean, which you appear to be.

Please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore.
  • Click Start | Help and Support | Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
  • Close the Help and Support Center box.
  • Click Start | Run and type Cleanmgr
  • Select (C: ) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.
This will remove all previous restore points except the newly created one.

Here are some free programs, I recommend.

Spybot Search and Destroy
Download it from here . Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here

Install Spyware Guard
Download it from here
Find here the tutorial on how to use Spyware Guard here

Install SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here


Make sure your Windows is ALWAYS up to date!

An unpatched Windows is vulnerable and even with the "best" Antivirus and Firewall installed, malware will find its way through.
So visit http://windowsupdate.microsoft.com/ to download and install the latest updates.


Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?"


Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·