View Full Version : infected by KERNELS88.EXE!
Hi!
I've been infected by kernels88.exe, and I don't know how to remove it. I've found this thread http://forums.spybot.info/showthread.php?t=10086 but I don't know wheter it applies to me.
If it possible then I would also like to get rid of the CA (etrust) registrations, since I'm using Avast.
This is my Hijackthis log file. Fresh and new done rigth after rebooting:
Logfile of HijackThis v1.99.1
Scan saved at 01:02:05, on 07-03-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\CNYHKey.exe
C:\Programmer\Home Cinema\PowerCinema\PCMService.exe
C:\Programmer\Western Digital Technologies\Spindown\ExSpinDn.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Visagesoft\eXPert PDF\vspdfprsrv.exe
C:\WINDOWS\system32\kernels88.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Programmer\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Programmer\GetRight\getright.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmer\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://politiken.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Genvej til egenskabsside for High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [WD Spindown Utility] "C:\Programmer\Western Digital Technologies\Spindown\ExSpinDn.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Programmer\Visagesoft\eXPert PDF\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels88.exe
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmer\GetRight\getright.exe
O4 - Global Startup: Hurtig start af Microsoft Office OneNote 2003.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmer\Fælles filer\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Programmer\PlotSoft\PDFill\\DownloadPDF.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171224878453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171307347859
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
I'va tried using Adaware, but the problem continue coming back.
Hope you can and will help me.
Aidan
pskelley
2007-03-07, 14:01
Good morning Aiden and welcome to the forum, the hackers are hiding from HJT more and more which is why we request a second opinion from a good online anti-virus scan. Since I do not see that scan results, I have to assume you missed this information:
"BEFORE you POST" Mandatory Steps Before Requesting Assistance
http://forums.spybot.info/showthread.php?t=288
I have had a look at your HJT log and I can give you this information:
It looks very much like you are running two antivirus programs at once, see this information:
http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000031316555206
"Microsoft recommends that you have only one anti-virus program installed on your computer."
http://www.washingtonpost.com/wp-dyn/content/article/2005/12/03/AR2005120300087.html
C:\Programmer\Alwil Software\
C:\Programmer\CA\
Your Java program is badly out of date >>> C:\Programmer\Java\j2re1.4.2_05\ see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
If you don't have a Vundo infection, it is a wonder. You would know by the popups directing you to Winfixer and other rouge spyware junk.
Here is a worm: C:\WINDOWS\system32\kernels88.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels88.exe
http://www.sysinfo.org/startuplist.php?letter=K&filter=&count=50&offset=100
http://www.sophos.com/virusinfo/analyses/trojtibspp.html
Read all information under all tabs.
Troj/Tibs-PP attempts to use netsh to bypass the Windows firewall.
We will start like this and see what happens, you may hold the antivirus scan unless I ask for it.
1) resolve the Anti-virus issue, post the next log with only one running.
2) Rename HijackThis.exe, call it Aidan.exe or whatever. After a reboot, Vundo should show in the HJT log if it is present.
3) Remind me to discuss some realtime spyware protection, you appear to have none?
4) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.
5) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
6) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels88.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
Close all programs but HJT and all browser windows, then click on "Fix Checked"
7) RIGHT Click on Start then click on Explore. Locate and delete these items:
C:\WINDOWS\system32\kernels88.exe <<< delete that file
8) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart the computer and post a new HJT log and any comments you think will help. Use Post Reply, stay in this topic.
Thanks
Hi Pskelly!
I've updated my java re and done an online virus scan.
I have tried using Adaware and Spybot S&D in safe mode and this seem to have worked. But I dont know really.
As far as I know, am not runing with to anti-virus programs. The second, CA, has I uninstalled, but there still some files that I can't delete.
This is the log from the online scan:
Incident Status Location
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[.com.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[.go.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[.microsoftwga.112.2o7.net/]
Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[.mp3search.ru/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[.tickle.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[as1.falkag.de/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[server.iad.liveperson.net/hc/25384062]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Nicklas Ackey\Application Data\Mozilla\Firefox\Profiles\d6zf7rhn.default\cookies.txt[server.iad.liveperson.net/hc/91904080]
This is the new and fresh hijackthis log, and as I wrote above am I only using one anti-virus (Avast 4.7):
Logfile of HijackThis v1.99.1
Scan saved at 20:41:18, on 07-03-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Programmer\Home Cinema\PowerCinema\PCMService.exe
C:\Programmer\Western Digital Technologies\Spindown\ExSpinDn.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Visagesoft\eXPert PDF\vspdfprsrv.exe
C:\Programmer\Java\jre1.6.0\bin\jusched.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmer\GetRight\getright.exe
C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmer\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\Aidan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://politiken.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Genvej til egenskabsside for High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [WD Spindown Utility] "C:\Programmer\Western Digital Technologies\Spindown\ExSpinDn.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Programmer\Visagesoft\eXPert PDF\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmer\GetRight\getright.exe
O4 - Global Startup: Hurtig start af Microsoft Office OneNote 2003.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmer\Fælles filer\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Programmer\PlotSoft\PDFill\\DownloadPDF.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171224878453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171307347859
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
I'll continue with step 4
pskelley
2007-03-07, 22:04
I don't know what you are reading, I don't need to see a HJT log until you have finished all of the instructions.
Thanks
So, I've gone through all the step, and this is how the newest log file looks like:
Logfile of HijackThis v1.99.1
Scan saved at 21:10:32, on 07-03-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Programmer\Home Cinema\PowerCinema\PCMService.exe
C:\Programmer\Western Digital Technologies\Spindown\ExSpinDn.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Visagesoft\eXPert PDF\vspdfprsrv.exe
C:\Programmer\Java\jre1.6.0\bin\jusched.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmer\GetRight\getright.exe
C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Fælles filer\Logitech\WebColct\webcolct.exe
C:\hijackthis\HijackThis.exe
C:\WINDOWS\system32\ZoneLabs\UpdClient.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://politiken.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Genvej til egenskabsside for High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [WD Spindown Utility] "C:\Programmer\Western Digital Technologies\Spindown\ExSpinDn.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Programmer\Visagesoft\eXPert PDF\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmer\GetRight\getright.exe
O4 - Global Startup: Hurtig start af Microsoft Office OneNote 2003.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmer\Fælles filer\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Programmer\PlotSoft\PDFill\\DownloadPDF.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171224878453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171307347859
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
There seems to be no signs of this kernels88.exe file anymore and there is no problems as far as I can see, but I would like to get rid of the CA files.
And I would also like to know about a realtime spyware protection program.
pskelley
2007-03-07, 23:05
Thanks, first here is information about how to control cookies you accumulate in Firefox:
http://privacy.getnetwise.org/browsing/tools/firefox1/ffdisablecookies
http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html
The same information for Internet Explorer:http://www.mvps.org/winhelp2002/cookies.htm
http://www.microsoft.com/windows/ie/using/howto/privacy/config.mspx
Before we finish I will post links from several experts, after you review that information if you still have any questions, post them.
This member has asked to have CA removed from his computer, proceed like this.
Disable the Service
Click Start > Run and type services.msc
Scroll down to CA License Client and right click on it.
Click Properties and under Service Status click Stop, then under Startup Type change it to Disabled.
Also disable these:
CA License Server
Event Log Watch
I can show you how to remove them from the computer if you wish, but they can not run if they are disabled.
Follow the instructions to use Process Manager:
http://www.bleepingcomputer.com/tutorials/tutorial42.html#HTProcessManager
Kill Process for this item:
C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
Close all programs but HJT and all browser windows, then click on "Fix Checked"
RIGHT Click on Start then click on Explore. Locate and delete these items:
C:\Programmer\CA\ <<< delete this folder
Restart the computer and post a new HJT log for a final look. Post any comments you think will help.
Thanks
Thanx a lot! I finally got rid of the CA files! :bigthumb:
This is the new log:
Logfile of HijackThis v1.99.1
Scan saved at 22:59:28, on 07-03-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Programmer\Home Cinema\PowerCinema\PCMService.exe
C:\Programmer\Western Digital Technologies\Spindown\ExSpinDn.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Visagesoft\eXPert PDF\vspdfprsrv.exe
C:\Programmer\Java\jre1.6.0\bin\jusched.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Programmer\GetRight\getright.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Alwil Software\Avast4\setup\avast.setup
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\FLLESF~1\MICROS~1\DW\DW20.EXE
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://politiken.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Genvej til egenskabsside for High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [WD Spindown Utility] "C:\Programmer\Western Digital Technologies\Spindown\ExSpinDn.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Programmer\Visagesoft\eXPert PDF\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmer\GetRight\getright.exe
O4 - Global Startup: Hurtig start af Microsoft Office OneNote 2003.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmer\Fælles filer\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Programmer\PlotSoft\PDFill\\DownloadPDF.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171224878453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171307347859
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
You mentioned something about a realtime spyware protection program. Is that the same as the on-access scan or is it a differnet type of program?
pskelley
2007-03-08, 03:51
Take a look at what the experts have to say first, then if you need a free realtime Spyware program, Microsoft is giving this one away:
http://www.microsoft.com/athome/security/spyware/software/default.mspx
I may have a few more suggestions that will help you if you will post your uninstall list like this:
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Because some of this junk may have infected your System Restore files, let's do this:
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot
Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
Here is some great information to help youur computer run better:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
I've deactivated System Restore, rebooted and then reactivated the system restore. I have also made an unisall log:
Ad-Aware SE Personal
Adobe Flash Player 9
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.9 - Dansk
AFPL Ghostscript 8.53
AFPL Ghostscript Fonts
Altiris Philips SmartManage Agent
Apple Software Update
avast! Antivirus
BlueSoleil
Click'N Design 3D (V5)
C-Media High Definition Audio Driver
Creatix V.92 Data Fax Modem
DivX Player
DivX Pro
EPSON CardMonitor
EPSON PhotoStarter3.1
EPSON Print CD
EPSON PRINT Image Framer Tool2.1
EPSON-printersoftware
ESPR200 Brugervejledning
ESPR200-softwaremanual
eXPert PDF 4
Generic USB CardReader 2.0
GetRight
Google Earth
High Definition Audio Driver Package - KB835221
HighMAT-udvidelse til Guiden Cd-skrivning til Microsoft Windows XP
HijackThis 1.99.1
Home Cinema
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix til Windows XP (KB914440)
Java(TM) SE Runtime Environment 6
KhalSetup
Logitech Desktop Messenger
Logitech SetPoint
Macromedia Shockwave Player
MediaShow 3.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Danish Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft AutoRoute 2005
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Photo Premium 10
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Microsoft Works
Microsoft Works Suite-tilføjelsesprogram til Microsoft Word
Mozilla Firefox (2.0.0.2)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
Musicmatch® Jukebox
Nero Suite
NVIDIA Drivers
Opdatering til Windows XP (KB894391)
Opdatering til Windows XP (KB898461)
Opdatering til Windows XP (KB900485)
Opdatering til Windows XP (KB904942)
Opdatering til Windows XP (KB908531)
Opdatering til Windows XP (KB910437)
Opdatering til Windows XP (KB911280)
Opdatering til Windows XP (KB916595)
Opdatering til Windows XP (KB920872)
Opdatering til Windows XP (KB922582)
Opdatering til Windows XP (KB931836)
Panda ActiveScan
PartyPoker
PC'en
PDFill PDF Editor 4.1 with Writer and Tools (Unicode)
PDFill PDF Writer
PhotoNow! 1.0
PIF DESIGNER2.1
PowerCinema 3.0
PowerDirector
PowerDVD
PowerProducer
QuickTime
RT2500 USB Wireless LAN Card
SAS Private JRE (J2SE(tm) Java Runtime Environment 1.4.2_09)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update til Microsoft .NET Framework 2.0 (KB917283)
Shockwave
Sikkerhedskopiering til Windows
Sikkerhedsopdatering til Windows Media Player (KB911564)
Sikkerhedsopdatering til Windows Media Player 10 (KB917734)
Sikkerhedsopdatering til Windows Media Player 6.4 (KB925398)
Sikkerhedsopdatering til Windows XP (KB893756)
Sikkerhedsopdatering til Windows XP (KB896358)
Sikkerhedsopdatering til Windows XP (KB896423)
Sikkerhedsopdatering til Windows XP (KB896424)
Sikkerhedsopdatering til Windows XP (KB896428)
Sikkerhedsopdatering til Windows XP (KB899587)
Sikkerhedsopdatering til Windows XP (KB899591)
Sikkerhedsopdatering til Windows XP (KB900725)
Sikkerhedsopdatering til Windows XP (KB901017)
Sikkerhedsopdatering til Windows XP (KB901214)
Sikkerhedsopdatering til Windows XP (KB902400)
Sikkerhedsopdatering til Windows XP (KB904706)
Sikkerhedsopdatering til Windows XP (KB905414)
Sikkerhedsopdatering til Windows XP (KB905749)
Sikkerhedsopdatering til Windows XP (KB908519)
Sikkerhedsopdatering til Windows XP (KB911562)
Sikkerhedsopdatering til Windows XP (KB911927)
Sikkerhedsopdatering til Windows XP (KB912919)
Sikkerhedsopdatering til Windows XP (KB913580)
Sikkerhedsopdatering til Windows XP (KB914388)
Sikkerhedsopdatering til Windows XP (KB914389)
Sikkerhedsopdatering til Windows XP (KB917422)
Sikkerhedsopdatering til Windows XP (KB917953)
Sikkerhedsopdatering til Windows XP (KB918118)
Sikkerhedsopdatering til Windows XP (KB918439)
Sikkerhedsopdatering til Windows XP (KB919007)
Sikkerhedsopdatering til Windows XP (KB920213)
Sikkerhedsopdatering til Windows XP (KB920670)
Sikkerhedsopdatering til Windows XP (KB920683)
Sikkerhedsopdatering til Windows XP (KB920685)
Sikkerhedsopdatering til Windows XP (KB921398)
Sikkerhedsopdatering til Windows XP (KB922616)
Sikkerhedsopdatering til Windows XP (KB922819)
Sikkerhedsopdatering til Windows XP (KB923191)
Sikkerhedsopdatering til Windows XP (KB923414)
Sikkerhedsopdatering til Windows XP (KB923689)
Sikkerhedsopdatering til Windows XP (KB923694)
Sikkerhedsopdatering til Windows XP (KB923980)
Sikkerhedsopdatering til Windows XP (KB924191)
Sikkerhedsopdatering til Windows XP (KB924270)
Sikkerhedsopdatering til Windows XP (KB924496)
Sikkerhedsopdatering til Windows XP (KB924667)
Sikkerhedsopdatering til Windows XP (KB926255)
Sikkerhedsopdatering til Windows XP (KB926436)
Sikkerhedsopdatering til Windows XP (KB927779)
Sikkerhedsopdatering til Windows XP (KB927802)
Sikkerhedsopdatering til Windows XP (KB928255)
Sikkerhedsopdatering til Windows XP (KB928843)
Smart Manager
Spybot - Search & Destroy 1.4
Startprogram til Microsoft Works 2005 Installation
SyncToy
USB Wireless Keyboard Driver
videon
W83L518D
WD Spindown or Stop Utility for External Drive, v1.00
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
X10 Hardware(TM)
Yahoo! Toolbar
ZoneAlarm
My computer seems to run fine except that windows froze once after rebooting after deactivating the system restore. But after doing another reboot, there has been no problems so far.
pskelley
2007-03-08, 16:44
Thanks for a look at the list, it's not unusual for a freeze to occur like that but it should not continue. Make sure you run your maintenance programs, your computer just had a nasty infection.
I suggest you look over the uninstall list and get rid of anything you no longer use. I also suggest:
PartyPoker <<< unless you own it, uninstall it. These "free" downloaded programs are rarely "free"
Logitech Desktop Messenger <<< Optional resource waster downloaded along with another Logitech program because the EULA was not read. I would consider removing it were I you. Google for more information if needed.
This is an outdated version of Java and hackers use those to place exploits on your computer, all you have to do is visit the wrong site to get infected. Making sure you have the newest version of Java, uninstall this old one.
SAS Private JRE (J2SE(tm) Java Runtime Environment 1.4.2_09)
Not sure about the "SAS Private" perhaps SuperAntiSpyware placed it during an old usage of their program?
SAS Private is not a antispyware program but this: http://www.sas.com/.
I don't know wheter i can update the JRE without harming the SAS program.
pskelley
2007-03-10, 17:06
Thanks for the feedback, I may have posted this information before:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
We know the hackers are using exploits in Java to infect computers, especially with the Vundo trojan that tries to sell rouge spyware products like Winfixer:
http://www.networkworld.com/news/2007/030807-mystery-around-winfixer-slowly-unravels.html
What exactly you are going to do about the situation on your computer, I suggest you discuss that with the technical people who placed the item.
Thanks
I really appreciate all you help. Thank you very much :laugh:
Aidan
pskelley
2007-03-16, 22:38
As the problem appears to be resolved this topic has been closed.
If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.
Anyone else with similar problems please start a new topic.