Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Problem with my task manager & regedit etc.


  • This topic is locked This topic is locked
49 replies to this topic

#31 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 28 April 2008 - 08:43 AM

You have alot of files/programs in c:\temp\


Do you know what these are?
C:\WINDOWS\system32\DELS3ci.exe
C:\WINDOWS\system32\DELS3ci.dll
C:\WINDOWS\system32\DELS3L3.DLL
C:\WINDOWS\system32\DELS3L3.SMT

If not:
Please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis:

C:\WINDOWS\system32\DELS3ci.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.


If Jotti is too busy you can try these.

http://www.kaspersky...anforvirus.html


http://www.virustota.../en/indexf.html

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

    Advertisements

Register to Remove


#32 TRITON79

TRITON79

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 28 April 2008 - 09:00 AM

Hello, It looks ok. What I feel is that the .VBS files and autorun.inf is part of the problem. Should I run the combofix again with a cfscript-file containing all the .vbs and all the .inf files?`Would that do something good?? Service load: 0% 100% File: DELS3ci.exe Status: OK MD5: 203434480c66c70f60aa622578fa6079 Packers detected: - Bit9 reports: No threat detected (more info) Scanner results Scan taken on 28 Apr 2008 14:57:17 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing

#33 TRITON79

TRITON79

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 28 April 2008 - 09:11 AM

Also, I have Norman Antivirus installed.

#34 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 28 April 2008 - 10:18 AM

I'll assume you're talking about these? I can't find any info on those either. C:\WINDOWS\system32\administrator.vbs C:\WINDOWS\administrator.vbs C:\administrator.vbs I'm at real work so I'll post something back in awhile :thumbup:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#35 TRITON79

TRITON79

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 28 April 2008 - 10:22 AM

Hi,
I mean e.g. c:\rogerca.vbs
C:\WINDOWS\rogerca.vbs
C:\WINDOWS\system32\rogerca.vbs
and so on...
I ran the first one on the http://virusscan.jotti.org and this is the result.....

File: rogerca.vbs_
Status: INFECTED/MALWARE
MD5: 0a67516eb5e7bfb798ef299ef6551865
Packers detected:
-
Bit9 reports: File not found
Scanner results
Scan taken on 28 Apr 2008 16:17:13 (GMT)
A-Squared Found nothing
AntiVir Found VBS/Changeset.A
ArcaVir Found nothing
Avast Found VBS:Agent-BC
AVG Antivirus Found VBS/Agent
BitDefender Found Win32.VBS.Agent.E
ClamAV Found VBS.HeadTail
CPsecure Found Worm.VBS.Headtail.A
Dr.Web Found VBS.Antipron
F-Prot Antivirus Found VBS/Nauj.A
F-Secure Anti-Virus Found VBS/Nauj.A, Worm.VBS.Headtail.a
Fortinet Found nothing
Ikarus Found Virus.VBS.Agent.L
Kaspersky Anti-Virus Found Worm.VBS.Headtail.a
NOD32 Found VBS/Invadesys.A
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found VBS/HeadTail-A
VirusBuster Found nothing
VBA32 Found nothing

Does the above tell you anything??

Best Regards
/Triton

#36 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 28 April 2008 - 11:38 AM

I beleive you have a usb device that caused part of the infection.

Download & run this file
http://www.techsuppo...Disinfector.exe

Be sure to insert any flash drives or USB devices that you use.



Any of these that you know that are OK, remove from the fix.

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\DELS3ci.exe
C:\WINDOWS\system32\DELS3ci.dll
C:\WINDOWS\system32\DELS3L3.DLL
C:\WINDOWS\system32\DELS3L3.SMT
C:\sqmdata05.sqm
C:\sqmnoopt05.sqm
C:\WINDOWS\system32\administrator.ini
C:\WINDOWS\system32\administrator.vbs
C:\WINDOWS\administrator.vbs
C:\administrator.vbs
C:\Documents and Settings\administrator.LNK
C:\Temp\snagit.exe
C:\rogerca.vbs
C:\Temp\xp_emergencyutil.exe
C:\Temp\xp_emergencyutil.zip
C:\sqmdata04.sqm
C:\sqmnoopt04.sqm
C:\00008NL.D
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
C:\sqmdata02.sqm
C:\sqmnoopt02.sqm
C:\Temp\ar6341
C:\Temp\Windows-KB890830-V1.39.exe
C:\Temp\Repl_explorer
C:\Temp\Update Helpfile.sql
C:\WINDOWS\system32\rogerca.vbs
C:\WINDOWS\rogerca.vbs

Folder::
C:\Temp\TORHAFNIA_DELIVERY
C:\Temp\cbm

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.43.4.53#gemensam]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.43.4.53#intranet]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.43.4.53#kunder]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22dd8f1a-70ef-11dc-a2eb-0016414c85eb}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2951483f-03ea-11dd-a3b8-00166f732749}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e9eb2f2-8b72-11dc-a2f9-444553544200}]


Save this as CFScript.txt


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

Then post the results log and a new HijackThis log.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#37 TRITON79

TRITON79

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 28 April 2008 - 12:55 PM

Hi,
Hmmm, well, something changed :)

When I run hijackthis to make a log file, it says it can not open the script file c:\windows\rogerca.vbs... So I can not present you with a log for this.


Here is the combofix log however...
ComboFix 08-04-26.5 - Rogerca 2008-04-28 20:12:06.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.311 [GMT 2:00]
Running from: C:\Documents and Settings\rogerca\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\rogerca\Desktop\cfscript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\00008NL.D
C:\administrator.vbs
C:\Documents and Settings\administrator.LNK
C:\rogerca.vbs
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\Temp\ar6341
C:\Temp\Repl_explorer
C:\Temp\snagit.exe
C:\Temp\Update Helpfile.sql
C:\Temp\Windows-KB890830-V1.39.exe
C:\Temp\xp_emergencyutil.exe
C:\Temp\xp_emergencyutil.zip
C:\WINDOWS\administrator.vbs
C:\WINDOWS\rogerca.vbs
C:\WINDOWS\system32\administrator.ini
C:\WINDOWS\system32\administrator.vbs
C:\WINDOWS\system32\DELS3ci.dll
C:\WINDOWS\system32\DELS3ci.exe
C:\WINDOWS\system32\DELS3L3.DLL
C:\WINDOWS\system32\DELS3L3.SMT
C:\WINDOWS\system32\rogerca.vbs
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\00008NL.D
C:\administrator.vbs
C:\Autorun.inf
C:\Documents and Settings\administrator.LNK
C:\rogerca.vbs
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\Temp\cbm
C:\Temp\cbm\Counter.dat
C:\Temp\cbm\CU-0313-B SW Rev History for RhComm.exe.doc
C:\Temp\cbm\RhComm.exe
C:\Temp\snagit.exe
C:\Temp\TORHAFNIA_DELIVERY
C:\Temp\TORHAFNIA_DELIVERY\Acceptance_Test_ HW_403.doc
C:\Temp\TORHAFNIA_DELIVERY\Jinling Acceptance Test AMOS MP_403.doc
C:\Temp\Update Helpfile.sql
C:\Temp\Windows-KB890830-V1.39.exe
C:\Temp\xp_emergencyutil.exe
C:\Temp\xp_emergencyutil.zip
C:\WINDOWS\administrator.vbs
C:\WINDOWS\rogerca.vbs
C:\WINDOWS\system32\administrator.ini
C:\WINDOWS\system32\administrator.vbs
C:\WINDOWS\system32\DELS3ci.dll
C:\WINDOWS\system32\DELS3ci.exe
C:\WINDOWS\system32\DELS3L3.DLL
C:\WINDOWS\system32\DELS3L3.SMT
C:\WINDOWS\system32\rogerca.vbs
.
---- Previous Run -------
.
C:\Autorun.inf
C:\Temp\ABS8515.zip
C:\Temp\Amos Replication Export Files Explorer.zip
C:\Temp\avg75free_519a1276.exe
C:\Temp\HJTInstall.exe
C:\Temp\Norman_Malware_Cleaner.exe
C:\Temp\putty.zip
C:\Temp\spybotsd152.exe
C:\Temp\TS-fix.bat
C:\Temp\uploaded-8407_update helpfile.zip
C:\Temp\vnc-4_1_2-x86_win32.exe
C:\WINDOWS\MS_Ext1.DLL
C:\WINDOWS\MS_VXD_Ext.DLL

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FAD
-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.

2008-04-28 18:40 . 2008-04-28 18:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-28 18:37 . 2008-04-28 18:37 <DIR> d-------- C:\Program Files\SpecTec
2008-04-28 18:34 . 2008-04-28 18:34 <DIR> d-------- C:\Program Files\Amos Pocket Server installation
2008-04-28 18:26 . 2008-04-28 19:18 <DIR> d-------- C:\Temp\200803 AMOS Pockewt
2008-04-21 08:43 . 2001-03-18 20:52 766 --------- C:\WINDOWS\Uninstall.ico
2008-04-15 15:32 . 2006-10-11 14:26 546,560 -ra------ C:\WINDOWS\system32\drivers\mos24ser.sys
2008-04-15 15:32 . 2006-10-11 14:36 299,008 -ra------ C:\WINDOWS\system32\Mos24Serial.EXE
2008-04-15 15:32 . 2006-10-11 14:35 258,048 -ra------ C:\WINDOWS\system32\MSUninst.exe
2008-04-15 15:32 . 2006-10-11 14:36 61,440 -ra------ C:\WINDOWS\system32\Mos24SerPropPage.dll
2008-04-15 15:28 . 2007-03-31 13:43 253,952 --a------ C:\WINDOWS\system32\MultiMP.exe
2008-04-15 15:28 . 2006-11-06 07:58 159 --a------ C:\WINDOWS\system32\MSConfig.ini
2008-04-15 15:27 . 2008-04-15 15:27 <DIR> d-------- C:\Mos24Ser
2008-04-15 14:17 . 2003-12-12 09:12 18,240 --a------ C:\WINDOWS\system32\drivers\DbgMsg.sys
2008-04-15 13:54 . 2008-04-15 13:54 <DIR> d-------- C:\Documents and Settings\administrator.SPECTECAB\WINDOWS
2008-04-15 13:54 . 2004-04-01 12:24 1,369,264 --a------ C:\WINDOWS\system32\FPSPR70.OCX
2008-04-15 13:54 . 1997-08-11 11:43 817,152 --a------ C:\WINDOWS\system32\VCF132.OCX
2008-04-15 13:54 . 1997-01-18 11:40 299,520 --a------ C:\WINDOWS\uninst.exe
2008-04-15 10:04 . 2008-04-15 10:04 <DIR> d-------- C:\ampo
2008-04-15 10:01 . 2008-04-15 10:01 <DIR> d-------- C:\Program Files\Xantic
2008-04-15 10:01 . 2003-01-17 22:13 688,128 --------- C:\WINDOWS\system32\PolarSpellChecker.dll
2008-04-15 10:01 . 2006-05-11 17:33 266,240 --a------ C:\WINDOWS\system32\mapitif.dll
2008-04-15 10:01 . 2006-05-11 17:41 81,920 --a------ C:\WINDOWS\system32\mssshl32.dll
2008-04-15 10:01 . 2005-04-06 14:56 22,016 --a------ C:\WINDOWS\system32\mssmonnt.dll
2008-04-15 08:43 . 2008-04-15 08:43 1,075,712 --a------ C:\Temp\AMOS Mail Vrs[1]. 5.1.xx Installation Guide.exe
2008-04-13 23:15 . 2008-04-13 23:15 <DIR> d-------- C:\fsaua.data
2008-04-13 22:54 . 2008-04-13 22:54 <DIR> d-------- C:\EmergencyUtils
2008-04-13 16:36 . 2008-04-13 16:36 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-13 16:36 . 2008-04-13 16:36 <DIR> d-------- C:\Documents and Settings\rogerca\Application Data\Malwarebytes
2008-04-13 16:36 . 2008-04-13 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-13 16:33 . 2008-04-13 16:33 50,688 --a------ C:\Temp\ATF-Cleaner.exe
2008-04-13 16:22 . 2008-04-13 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-13 13:08 . 2008-04-13 13:01 10,360,321 --a------ C:\Enterprise_LEV_080413.zip
2008-04-11 11:25 . 2004-05-05 18:40 414,720 -ra------ C:\WINDOWS\system32\ftcunin.exe
2008-04-11 11:25 . 2004-03-16 12:03 69,632 -ra------ C:\WINDOWS\system32\ftd2xx.dll
2008-04-11 11:25 . 2004-03-23 18:36 56,031 -ra------ C:\WINDOWS\system32\drivers\ftcser2k.sys
2008-04-11 11:25 . 2003-06-11 13:48 48,625 -ra------ C:\WINDOWS\system32\ftcsui2.dll
2008-04-11 11:25 . 2004-05-05 12:10 43,235 -ra------ C:\WINDOWS\system32\drivers\ftcusb.sys
2008-04-11 11:25 . 2004-05-06 13:47 20,198 -ra------ C:\WINDOWS\system32\ftcserco.dll
2008-04-11 11:25 . 2004-03-11 13:27 92 -ra------ C:\WINDOWS\system32\ftcun2k.ini
2008-04-11 11:14 . 2008-04-15 13:54 <DIR> d-------- C:\Program Files\Kockum Sonics
2008-04-11 11:14 . 2004-10-07 20:03 74,240 --a------ C:\Norcontrol_sim.exe
2008-04-10 16:10 . 2008-04-25 01:33 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-10 16:10 . 2008-04-11 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-07 11:28 . 2008-04-07 11:28 <DIR> d-------- C:\Temp\ar6341
2008-04-07 08:17 . 2008-04-07 08:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-04 14:01 . 2008-04-07 07:54 <DIR> d-------- C:\cbm
2008-04-04 09:15 . 2008-04-04 09:12 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-04 09:12 . 2008-04-04 12:41 <DIR> d-------- C:\Documents and Settings\rogerca\.housecall6.6
2008-04-01 12:03 . 2008-04-02 08:58 <DIR> d-------- C:\Temp\Repl_explorer
2008-04-01 08:30 . 2008-04-01 08:30 <DIR> d-------- C:\Program Files\RealVNC
2008-03-28 15:48 . 2008-03-28 15:57 <DIR> d-------- C:\Program Files\putty

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 18:22 --------- d-----w C:\Documents and Settings\rogerca\Application Data\Skype
2008-04-28 18:21 --------- d-----w C:\Program Files\Plaxo
2008-04-28 16:40 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-28 16:37 --------- d-----w C:\Program Files\AMOS Mobile
2008-04-28 14:02 --------- d-----w C:\Documents and Settings\rogerca\Application Data\skypePM
2008-04-21 06:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 06:41 --------- d-----w C:\Program Files\Dell
2008-04-10 12:05 --------- d-----w C:\Program Files\LOGIHOLD
2008-04-07 07:39 --------- d-----w C:\Program Files\DB Commander 2000 PRO
2008-04-04 14:54 --------- d-----w C:\Program Files\AMOS
2008-04-04 12:54 --------- d-----w C:\Program Files\Hourcnt
2008-03-28 14:03 --------- d-----w C:\Program Files\Wfwin
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 07:00 --------- d-----w C:\Program Files\Java
2008-03-13 07:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\X-Setup Pro
2008-03-10 07:14 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-10 07:13 --------- d-----w C:\Program Files\Skype
2008-03-10 07:13 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-07 13:04 --------- d-----w C:\Program Files\Oracle
2008-03-06 09:54 --------- d-----w C:\Program Files\TechSmith
2008-03-06 09:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-03-06 09:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 07:27 --------- d-----w C:\Program Files\Seiko Instruments USA Inc
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-11-09 15:10 30,288 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2007-11-09 15:10 79,440 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2007-11-09 15:10 75,344 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2007-11-09 15:10 140,880 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2007-11-09 15:10 42,576 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2007-11-09 15:10 50,768 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2007-11-09 15:10 34,384 ----a-w C:\Program Files\mozilla firefox\plugins\logging.dll
2007-06-21 17:39 685,640 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2007-11-09 15:11 30,288 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((( snapshot_2008-04-28_ 8.10.10.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-24 23:31:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-28 18:17:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2002-07-25 16:13:18 24,576 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.dll
+ 2002-07-25 16:13:12 196,608 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.exe
+ 2004-04-13 04:04:24 307,200 ----a-w C:\WINDOWS\Downloaded Program Files\isusweb.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"DBISQL9"="C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" [2008-01-17 21:38 144688]
"PlaxoUpdate"="C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe" [2007-12-11 18:21 227914]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"GoToMeeting"="C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe" [2007-12-19 11:15 31816]
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-26 17:13 1207080]
"SybaseCentral43"="C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" [2008-01-17 21:38 136496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norman ZANDA"="C:\program filesNorman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 09:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 15:09 63712]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2003-10-13 03:04 184320]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 14:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 14:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 14:50 114688]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 12:41 196608]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:56 15360]

C:\Documents and Settings\rogerca\Start Menu\Programs\Startup\
SmartCapture.lnk - C:\WINDOWS\Seiko\slpcap.exe [2006-07-12 03:29:00 123917]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 18:46:00 1724416]
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2007-05-01 12:11:48 6395464]
StartKSA.lnk - C:\Program Files\Kockum Sonics\KSL450\Archive\080415-135649\StartKSA.cmd [2005-03-03 16:12:42 14]
VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2008-02-18 09:49:44 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Sybase\\SQL Anywhere 9\\win32\\dbisqlg.exe"=
"C:\\Program Files\\Sybase\\Shared\\Sybase Central 4.3\\win32\\scjview.exe"=
"C:\\Program Files\\Sybase\\ASA 8.0\\win32\\dbeng8.exe"=
"C:\\Program Files\\Sybase\\SQL Anywhere 9\\win32\\dbeng9.exe"=
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Nortel Networks\\Extranet.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Star IPS\\Star.exe"=
"C:\\Program Files\\Xantic\\AMOS Mail\\winmss32.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1207:UDP"= 1207:UDP:Windows Media Format SDK (firefox.exe)
"1206:UDP"= 1206:UDP:Windows Media Format SDK (firefox.exe)
"1183:UDP"= 1183:UDP:Windows Media Format SDK (firefox.exe)
"1182:UDP"= 1182:UDP:Windows Media Format SDK (firefox.exe)
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 DbsRpcService;AMOS Mail Database;C:\Program Files\Xantic\AMOS Mail\dbssvc.exe [2006-05-11 17:31]
R2 Ndiskio;Ndiskio;C:\program filesNorman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2006-05-09 18:47]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2006-05-09 18:46]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
R3 nvcoas;Norman Virus Control on-access component;C:\program filesNorman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\program filesNorman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]
S3 ASANYm_mobil;MobiLink Synchronization - mobil;C:\Program Files\Sybase\SQL Anywhere 9\win32\dbmlsrv9.exe [2008-01-17 21:38]
S3 D100IB;D100IB;C:\WINDOWS\system32\DRIVERS\D100IB5.SYS [2001-08-17 12:12]
S3 Dell1110_FUService;Dell 1110 Status Monitor Service;"C:\Program Files\DELL\Dell Laser Printer 1110\LocalSM\ssmsrvc /Service []
S3 FTCSER2K;FTDI USB Dual Serial Port Driver;C:\WINDOWS\system32\drivers\ftcser2k.sys [2004-03-23 18:36]
S3 FTCUSB;FTCUSB.SYS FT2232C IO test driver;C:\WINDOWS\system32\drivers\ftcusb.sys [2004-05-05 12:10]
S3 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2006-05-09 18:46]
S3 mos24ser;MosChip High-Speed USB MultiSerial Device Service;C:\WINDOWS\system32\DRIVERS\mos24ser.sys [2006-10-11 14:26]
S3 NetWlan5;Symbol Based 802.11b Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\NetWlan5.sys [2004-08-04 07:31]
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache;C:\oracle\ora92\BIN\ONRSD.EXE [2002-04-26 20:34]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-03 12:33:08 C:\WINDOWS\Tasks\CKUtil.job"

Best Regards
/Triton

#38 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 28 April 2008 - 01:14 PM

Please delete any HijackThis Folders and Files you have now.

HijackThis.


Click the "Save" button.

Open HijackThis and select: Do a system scan and save a log file.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#39 TRITON79

TRITON79

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 28 April 2008 - 01:56 PM

Hi, I uninstalled the program, downloaded the setup file and installed it again, but It stitl complaining about the "Windows script host"... "Can not find the script file rogerca.vbs" Best Regards /Triton

#40 TRITON79

TRITON79

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 28 April 2008 - 02:30 PM

Hi,
I found hte hijackthis-log....

Logfile of HijackThis v1.99.1
Scan saved at 22:30, on 2008-04-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\program filesNorman\Npm\bin\ELOGSVC.EXE
C:\program filesNorman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Xantic\AMOS Mail\dbssvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\program filesNorman\Npm\bin\NJEEVES.EXE
C:\program filesNorman\Nvc\BIN\NVCSCHED.EXE
C:\program filesNorman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\program filesNorman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\program filesNorman\Nvc\BIN\NIP.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\program filesNorman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe
C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mcomm.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mlauncher.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\Seiko\slpcap.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.spec.../apps/login.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\program filesNorman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DBISQL9] "C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" -preload
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [SybaseCentral43] "C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" -preload
O4 - Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: StartKSA.lnk = C:\Program Files\Kockum Sonics\KSL450\Archive\080415-135649\StartKSA.cmd
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1189776875845
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SpecTecAB.local
O17 - HKLM\Software\..\Telephony: DomainName = SpecTecAB.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SpecTecAB.local
O18 - Protocol: dynascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: MobiLink Synchronization - mobil (ASANYm_mobil) - iAnywhere Solutions, Inc. - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbmlsrv9.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: AMOS Mail Database (DbsRpcService) - Unknown owner - C:\Program Files\Xantic\AMOS Mail\dbssvc.exe
O23 - Service: Dell 1110 Status Monitor Service (Dell1110_FUService) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\program filesNorman\Npm\bin\ELOGSVC.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\program filesNorman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\program filesNorman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\program filesNorman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\program filesNorman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Best Regards
/Triton

    Advertisements

Register to Remove


#41 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 29 April 2008 - 05:41 AM

http://www.sophos.co...icle/10359.html
Go down to: Windows 2000/Me/XP/2003

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#42 TRITON79

TRITON79

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 29 April 2008 - 06:20 AM

Hello, Does this disable the VBS-script from being runned? Beacuse I have some applications installed that requires this .vbs files... Best Regards /Triton

#43 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 29 April 2008 - 07:55 AM

Hello,
Does this disable the VBS-script from being runned?
Beacuse I have some applications installed that requires this .vbs files...
Best Regards
/Triton

It looks like it.

Try this:


Click "Start"> "Run"> type in Regedit tap Enter Key

Make sure "My Computer" is highlighted

Click "Edit"> "Find"
Type in rogerca.vbs tap Enter Key.
Right Click on the file if found and select "Delete"

Tap the "F3" Key to find the next entry of the file. Continue using the "F3" Key until it's finished searching.

Close Regedit.


Empty Recycle Bin

Reboot and "copy/paste" a new HijackThis log file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#44 TRITON79

TRITON79

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 29 April 2008 - 08:38 AM

Hi,
When I run the Hijackthis program now i get an error message. I made a screendump of it, but I do not know how to upload it here.
When I try to run a html-help function it says " This file does not have a program associated with it for performing this action. Create an association in the Folder Options control panel."

The taskmanager, regedit and msconfig does work however....

Here is the Hijackthislog:

Logfile of HijackThis v1.99.1
Scan saved at 16:35, on 2008-04-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\program filesNorman\Npm\bin\ELOGSVC.EXE
C:\program filesNorman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Xantic\AMOS Mail\dbssvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\program filesNorman\Npm\bin\NJEEVES.EXE
C:\program filesNorman\Nvc\BIN\NVCSCHED.EXE
C:\program filesNorman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\program filesNorman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\program filesNorman\Nvc\BIN\NIP.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\program filesNorman\Nvc\bin\cclaw.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe
C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mcomm.exe
C:\WINDOWS\Seiko\slpcap.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mlauncher.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.spec.../apps/login.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\program filesNorman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DBISQL9] "C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" -preload
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [SybaseCentral43] "C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" -preload
O4 - Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: StartKSA.lnk = C:\Program Files\Kockum Sonics\KSL450\Archive\080415-135649\StartKSA.cmd
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1189776875845
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SpecTecAB.local
O17 - HKLM\Software\..\Telephony: DomainName = SpecTecAB.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SpecTecAB.local
O18 - Protocol: dynascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: MobiLink Synchronization - mobil (ASANYm_mobil) - iAnywhere Solutions, Inc. - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbmlsrv9.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: AMOS Mail Database (DbsRpcService) - Unknown owner - C:\Program Files\Xantic\AMOS Mail\dbssvc.exe
O23 - Service: Dell 1110 Status Monitor Service (Dell1110_FUService) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\program filesNorman\Npm\bin\ELOGSVC.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\program filesNorman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\program filesNorman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\program filesNorman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\program filesNorman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Best REgards
/Triton

#45 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 29 April 2008 - 08:57 AM

We're out of my expertise. You can start a new topic about the HTML issues here:
http://forums.whatth...ndows_f119.html

Do this before anything else.

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Posted Image
  • If shown the disclaimer, Select "2"

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users