View Full Version : Malware, Virus and more
Hi i believe i have multiple problems and have no idea where to begin.
I am unsure how or where became infected. My security centre no longer works, and am bombarded with Anti-Virus Messages.
Any assistance would be welcome.
I will be upgrading my software to Microsoft 2007 shortly but would like a clean computer before then, i am unable to reload all the windows platforms as all my software is packaged away somewhere in boxes as i am on a laptop and not in my normal residence.
Here is my HJT log.
Logfile of HijackThis v1.99.1
Scan saved at 00:27:54, on 2006-11-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\Webroot\Washer\Formdata.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Webroot\Washer\Formdata.exe
C:\Program Files\Webroot\Washer\Formdata.exe
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.spray.se/sok/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comhem.se/portal/comhem/ettan
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvfeb.dll,startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: X-Micro WLAN 11g USB Utility.lnk = C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program\ieSpell\wikipedia.HTM
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.spray.se/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - http://www.zonline.se/ClientDownloads/fcplugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\GAREN~1\LOKALA~1\Temp\hpdj.exe (file missing)
O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
Hi Honda
Rename HijackThis.exe to HJT.exe
Also do this:
Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
IMPORTANT: Do NOT run any other options until you are asked to do so!
Send:
- a fresh HijackThis log
- smitfraudfix report
Hi Shaba and thnx,
I have changed the HJT.exe, and followed the link you posted on the smitfraudFix... However when i go in and double click the smitfraudfix.cmd
it opens up and responds thus:-
SmitFraudFix v2.126
Process.exe file missing !
Unzip all the archive in a folder.
Tryck på valfri tangent för att fortsätta...
Hi
Re-download smitfraudfix to desktop, don't unzip it yet.
Boot in safe mode
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
IMPORTANT: Do NOT run any other options until you are asked to do so!
Reboot to normal mode
Send:
- a fresh HijackThis log
- smitfraudfix report
Shaba's, as requested:
Logfile of HijackThis v1.99.1
Scan saved at 22:04:28, on 2006-11-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\Formdata.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Norton Internet Security\Norton AntiVirus\NAVW32.exe
C:\HJT\HJT.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.spray.se/sok/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comhem.se/portal/comhem/ettan
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\wcebgncf.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - (no file)
O2 - BHO: (no name) - {7F42E33D-1733-442C-A2DB-451483702C35} - C:\WINDOWS\system32\mljgf.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvpuw.dll,startup
O4 - HKLM\..\RunOnce: [RemoveModule] command /c del C:\WINDOWS\system32\drvfeb.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: X-Micro WLAN 11g USB Utility.lnk = C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program\ieSpell\wikipedia.HTM
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.spray.se/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - http://www.zonline.se/ClientDownloads/fcplugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: mljgf - C:\WINDOWS\system32\mljgf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wingdm32 - C:\WINDOWS\SYSTEM32\wingdm32.dll
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\GAREN~1\LOKALA~1\Temp\hpdj.exe (file missing)
O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
Smitfraudfix rapport:
SmitFraudFix v2.126
Scan done at 21:55:04,94, 2006-11-30
Run from C:\Documents and Settings\Žgaren\Skrivbord\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\adw.htm FOUND !
C:\WINDOWS\secure32.html FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\ishost.exe FOUND !
C:\WINDOWS\system32\ismini.exe FOUND !
C:\WINDOWS\system32\issearch.exe FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\drvpuw.dll FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Žgaren
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Žgaren\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\GAREN~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Min aktuella startsida"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
"DllName"="C:\\WINDOWS\\system32\\mljgf.dll"
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Hi
Uninstall via add/remove programs (control panel)
Vs-Add in for internet explorer
Open HijackThis, click do a system scan only and checkmark these:
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\wcebgncf.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - (no file)
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvpuw.dll,startup
O4 - HKLM\..\RunOnce: [RemoveModule] command /c del C:\WINDOWS\system32\drvfeb.dll
O20 - Winlogon Notify: wingdm32 - C:\WINDOWS\SYSTEM32\wingdm32.dll
Close all windows including browser and press fix checked
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________
Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.
______________________________
Delete if present:
C:\WINDOWS\system32\wcebgncf.dll
C:\Program\VSAdd-in
C:\WINDOWS\SYSTEM32\wingdm32.dll
Empty Recycle Bin
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________
Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.
Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.
Clean out your Temporary Internet files. Proceed like this:
Quit Internet Explorer and quit any instances of Windows Explorer.
Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
______________________________
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter.
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.
Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
______________________________
Please post:
c:\rapport.txt
c:\vundofix.txt
Ewido log
A new HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off.
Hi shaba, well i believe i did everything as asked and correctly but i guess i'll find out from you shortly....:red:
as requested:
c:\rapport.txt
SmitFraudFix v2.126
Scan done at 14:54:35,72, 2006-12-01
Run from C:\Documents and Settings\Žgaren\Skrivbord\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\adw.htm Deleted
C:\WINDOWS\secure32.html Deleted
C:\WINDOWS\system32\ishost.exe Deleted
C:\WINDOWS\system32\ismini.exe Deleted
C:\WINDOWS\system32\issearch.exe Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\components\flx?.dll Deleted
C:\WINDOWS\system32\components\flx??.dll Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
c:\ vundofix.txt
VundoFix V6.2.13
Checking Java version...
Sun Java not detected
Scan started at 13:43:38 2006-12-01
Listing files found while scanning....
C:\WINDOWS\SYSTEM32\mljgf.dll
C:\WINDOWS\SYSTEM32\fgjlm.ini
C:\WINDOWS\SYSTEM32\fgjlm.bak1
C:\WINDOWS\SYSTEM32\fgjlm.bak2
C:\WINDOWS\SYSTEM32\fgjlm.ini2
C:\WINDOWS\SYSTEM32\fgjlm.tmp
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\SYSTEM32\fgjlm.ini
C:\WINDOWS\SYSTEM32\fgjlm.bak1
C:\WINDOWS\SYSTEM32\fgjlm.bak2
C:\WINDOWS\SYSTEM32\fgjlm.ini2
C:\WINDOWS\SYSTEM32\fgjlm.tmp
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\fgjlm.bak1
C:\WINDOWS\system32\fgjlm.bak2
C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\system32\fgjlm.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\SYSTEM32\mljgf.dll
C:\WINDOWS\SYSTEM32\mljgf.dll Could not be deleted.
Attempting to delete C:\WINDOWS\SYSTEM32\fgjlm.ini
C:\WINDOWS\SYSTEM32\fgjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\fgjlm.bak1
C:\WINDOWS\SYSTEM32\fgjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\fgjlm.bak2
C:\WINDOWS\SYSTEM32\fgjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\fgjlm.ini2
C:\WINDOWS\SYSTEM32\fgjlm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\fgjlm.tmp
C:\WINDOWS\SYSTEM32\fgjlm.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mljgf.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.13
Checking Java version...
Sun Java not detected
Scan started at 14:03:14 2006-12-01
Listing files found while scanning....
No infected files were found.
Ewido log
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 21:51:00 2006-12-01
+ Scan result:
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP482\A0346934.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP482\A0346936.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP482\A0346937.dll -> Adware.Virtumonde : Cleaned.
C:\WINDOWS\SYSTEM32\pmnmnlm.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP483\A0346956.exe -> Downloader.Zlob.bar : Cleaned.
:mozilla.41:C:\Documents and Settings\Ägaren\Application Data\Mozilla\Firefox\Profiles\l71zgd6p.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.42:C:\Documents and Settings\Ägaren\Application Data\Mozilla\Firefox\Profiles\l71zgd6p.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.6:C:\Documents and Settings\Ägaren\Application Data\Mozilla\Firefox\Profiles\l71zgd6p.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.7:C:\Documents and Settings\Ägaren\Application Data\Mozilla\Firefox\Profiles\l71zgd6p.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.56:C:\Documents and Settings\Ägaren\Application Data\Mozilla\Firefox\Profiles\l71zgd6p.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP481\A0345916.dll -> Trojan.Mezzia : Cleaned.
::Report end
a new hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 22:15:34, on 2006-12-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\snmp.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program\Internet Explorer\iexplore.exe
C:\HJT\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\cmrijjvb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O2 - BHO: (no name) - {D56E39D4-3743-4510-BD0B-1510EB5BC316} - C:\WINDOWS\system32\mljgf.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: X-Micro WLAN 11g USB Utility.lnk = C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program\ieSpell\wikipedia.HTM
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.spray.se/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - http://www.zonline.se/ClientDownloads/fcplugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\GAREN~1\LOKALA~1\Temp\hpdj.exe (file missing)
O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
Hi
Open HijackThis, click do a system scan only and checkmark these:
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\cmrijjvb.dll
O2 - BHO: (no name) - {D56E39D4-3743-4510-BD0B-1510EB5BC316} - C:\WINDOWS\system32\mljgf.dll (file missing)
O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)
Close all windows including browser and press fix checked
Reboot
Delete if present:
C:\WINDOWS\system32\cmrijjvb.dll
Empty Recycle Bin
Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
+ Extended (If available otherwise Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.
Scan this file -> C:\WINDOWS\Downloaded Program Files\fcplugin.dll in VirusTotal (http://www.virustotal.com/en/indexf.html) and send results here
Send:
- a fresh HijackThis log
- VirusTotal results
- kaspersky report
Shabas, as requested the associated reports....how come the Kaspersky says it found so many viruses yet my program and every other says nothing?
Highjack log:
Logfile of HijackThis v1.99.1
Scan saved at 18:11:39, on 2006-12-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\snmp.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Washer\Formdata.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\HJT\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: X-Micro WLAN 11g USB Utility.lnk = C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program\ieSpell\wikipedia.HTM
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.spray.se/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - http://www.zonline.se/ClientDownloads/fcplugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\GAREN~1\LOKALA~1\Temp\hpdj.exe (file missing)
O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
virustotal log:
STATUS: FINISHEDComplete scanning result of "fcplugin.dll", received in VirusTotal at 12.02.2006, 18:05:29 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.46 12.02.2006 no virus found
Authentium 4.93.8 12.01.2006 no virus found
Avast 4.7.892.0 12.01.2006 no virus found
AVG 386 12.02.2006 no virus found
BitDefender 7.2 12.02.2006 no virus found
CAT-QuickHeal 8.00 12.02.2006 no virus found
ClamAV devel-20060426 12.01.2006 no virus found
DrWeb 4.33 12.02.2006 no virus found
eSafe 7.0.14.0 11.30.2006 no virus found
eTrust-InoculateIT 23.73.74 12.02.2006 no virus found
eTrust-Vet 30.3.3225 12.01.2006 no virus found
Ewido 4.0 12.02.2006 no virus found
Fortinet 2.82.0.0 12.02.2006 no virus found
F-Prot 3.16f 12.01.2006 no virus found
F-Prot4 4.2.1.29 12.01.2006 no virus found
Ikarus 0.2.65.0 12.01.2006 no virus found
Kaspersky 4.0.2.24 12.02.2006 no virus found
McAfee 4909 12.01.2006 no virus found
Microsoft 1.1804 12.02.2006 no virus found
NOD32v2 1897 12.02.2006 no virus found
Norman 5.80.02 12.01.2006 no virus found
Panda 9.0.0.4 12.02.2006 no virus found
Prevx1 V2 12.02.2006 no virus found
Sophos 4.12.0 12.02.2006 no virus found
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.127 12.01.2006 no virus found
UNA 1.83 12.01.2006 no virus found
VBA32 3.11.1 12.01.2006 no virus found
VirusBuster 4.3.15:9 12.02.2006 no virus found
Aditional Information
File size: 7232842 bytes
MD5: c42c8a6398ba91185c8531425287d0e1
SHA1: 8f3facc4965e1e5c6b89df2c2bdefdcccf8e3700
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contactar En Español
--------------------------------------------------------------------------------
www.virustotal.com :: ©Hispasec Sistemas 2004-06:: e-mail info
Kaspersky report:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 02, 2006 3:25:08 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 2/12/2006
Kaspersky Anti-Virus database records: 247459
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 49693
Number of viruses found: 11
Number of infected objects: 38 / 0
Number of suspicious objects: 2
Duration of the scan process: 01:01:29
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC17.zip/ishost.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC17.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-12-02_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\7D88C7C1.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Tidigare\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ägaren\.housecall6.6\Quarantine\deldaits.dll.bac_a01948 Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\Ägaren\.housecall6.6\Quarantine\estxrrkt.dll.bac_a01948 Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\Ägaren\.housecall6.6\Quarantine\evvgwphc.dll.bac_a01948 Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\Ägaren\.housecall6.6\Quarantine\frhgqmko.dll.bac_a01948 Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\Ägaren\.housecall6.6\Quarantine\grosnkwv.dll.bac_a01948 Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\Ägaren\.housecall6.6\Quarantine\nventqjc.dll.bac_a01948 Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\Ägaren\.housecall6.6\Quarantine\sujyfppa.dll.bac_a01948 Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\Ägaren\.housecall6.6\Quarantine\wnllwvpo.dll.bac_a01948 Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\Ägaren\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\~DF774.tmp Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\~DF829.tmp Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Tidigare\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Tidigare\History.IE5\MSHist012006120220061203\index.dat Object is locked skipped
C:\Documents and Settings\Ägaren\ntuser.dat Object is locked skipped
C:\Documents and Settings\Ägaren\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ägaren\Skrivbord\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Ägaren\Skrivbord\SmitfraudFix\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Ägaren\Skrivbord\SmitfraudFix\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Program\Delade filer\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program\Delade filer\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344828.exe Infected: Trojan-Downloader.Win32.Zlob.bbi skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344848.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344849.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344850.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344851.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344852.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344854.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344855.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344859.exe Infected: Trojan-Downloader.Win32.Zlob.bbi skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP481\A0345895.exe Infected: Trojan-Downloader.Win32.Zlob.bbq skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP481\A0345921.dll Infected: Packed.Win32.Klone.t skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP481\A0345926.exe Infected: Trojan-Downloader.Win32.Zlob.bbq skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP482\A0346921.exe Infected: Trojan-Downloader.Win32.Zlob.bbq skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP482\A0346935.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP482\A0346939.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fj skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP482\A0346944.exe Infected: Trojan-Downloader.Win32.Zlob.bbq skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP483\A0346951.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP483\A0346954.exe Infected: Trojan-Downloader.Win32.Zlob.bbq skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP483\A0346955.exe Infected: Trojan-Downloader.Win32.Zlob.bbq skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP483\A0346982.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dr skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP483\A0346991.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP484\A0346994.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP485\A0347007.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP485\A0347013.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP485\change.log Object is locked skipped
C:\VundoFix Backups\mljgf.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fj skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{528F88CC-F697-49CA-9BEA-8C94DB018581}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\desktop.html Infected: not-virus:Hoax.Win32.Renos.ci skipped
C:\WINDOWS\SYSTEM32\guytdxfg.dll Infected: Trojan.Win32.BHO.o skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_4a0.dat Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP485\change.log Object is locked skipped
Scan process completed.
Hi
First of all, kaspersky is an excellent antivirus (one of the best)
Secondly, no av can find all viruses
Thirdly, most of your viruses are in system restore or in av quarantine, so they're basically quite harmless at the moment :)
Empty these folders:
C:\Documents and Settings\Ägaren\.housecall6.6\Quarantine
C:\VundoFix Backups
Delete these:
C:\WINDOWS\SYSTEM32\desktop.html
C:\WINDOWS\SYSTEM32\guytdxfg.dll
Empty Recycle Bin
Re-scan with kaspersky
Send:
- a fresh HijackThis log
- kaspersky report
Shaba, i was in complete panic, thanks for the asurances.... ;)
as requested, a fresh hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 21:33:23, on 2006-12-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\snmp.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Washer\Formdata.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Washer\Formdata.exe
C:\Program\Internet Explorer\iexplore.exe
C:\HJT\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: X-Micro WLAN 11g USB Utility.lnk = C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program\ieSpell\wikipedia.HTM
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.spray.se/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - http://www.zonline.se/ClientDownloads/fcplugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\GAREN~1\LOKALA~1\Temp\hpdj.exe (file missing)
O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 02, 2006 9:32:38 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 2/12/2006
Kaspersky Anti-Virus database records: 247382
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 49572
Number of viruses found: 10
Number of infected objects: 28 / 0
Number of suspicious objects: 2
Duration of the scan process: 01:00:17
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC17.zip/ishost.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC17.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-12-02_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\0C096BF6.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\7D88C7C1.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Tidigare\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ägaren\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\~DF630F.tmp Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\~DF632A.tmp Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Tidigare\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Tidigare\History.IE5\MSHist012006120220061203\index.dat Object is locked skipped
C:\Documents and Settings\Ägaren\ntuser.dat Object is locked skipped
C:\Documents and Settings\Ägaren\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ägaren\Skrivbord\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Ägaren\Skrivbord\SmitfraudFix\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Ägaren\Skrivbord\SmitfraudFix\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program\Delade filer\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program\Delade filer\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344828.exe Infected: Trojan-Downloader.Win32.Zlob.bbi skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344848.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344849.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344850.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344851.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344852.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344854.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344855.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344859.exe Infected: Trojan-Downloader.Win32.Zlob.bbi skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP481\A0345895.exe Infected: Trojan-Downloader.Win32.Zlob.bbq skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP481\A0345921.dll Infected: Packed.Win32.Klone.t skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP481\A0345926.exe Infected: Trojan-Downloader.Win32.Zlob.bbq skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP482\A0346921.exe Infected: Trojan-Downloader.Win32.Zlob.bbq skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP482\A0346935.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP482\A0346939.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fj skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP482\A0346944.exe Infected: Trojan-Downloader.Win32.Zlob.bbq skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP483\A0346951.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP483\A0346954.exe Infected: Trojan-Downloader.Win32.Zlob.bbq skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP483\A0346955.exe Infected: Trojan-Downloader.Win32.Zlob.bbq skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP483\A0346982.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dr skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP483\A0346991.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP484\A0346994.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP485\A0347007.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP485\A0347013.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP485\A0347028.dll Infected: Trojan.Win32.BHO.o skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP485\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_4a0.dat Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP485\change.log Object is locked skipped
Scan process completed.
Hi
Logs look good.
How are things running now?
System seems to be working ok now, however, i ran a sybot check and it told me i had several problems.
My security centre still isn't working, is this due to the nortons program?
Apart from tose problems everything seems to be running ok!!!!
Hi
Right-click this link (http://www.kellys-korner-xp.com/regs_edits/enablenotify.reg)
and choose save as/save target as (depends on your browser) and save it to desktop. Doubleclick enablenotify.reg, click Yes and ok.
Reboot
Scan with spybot and send its report here
Does security center work now?
Ok security centre still not working.
Copy of spybot report.
--- Search result list ---
Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-11-24 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-12-01 Includes\Cookies.sbi (*)
2006-10-13 Includes\Dialer.sbi (*)
2006-12-01 Includes\DialerC.sbi (*)
2006-11-24 Includes\Hijackers.sbi (*)
2006-12-01 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-12-01 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-10-13 Includes\Malware.sbi (*)
2006-12-01 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-12-01 Includes\PUPSC.sbi (*)
2006-12-01 Includes\Revision.sbi (*)
2006-10-13 Includes\Security.sbi (*)
2006-12-01 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-12-01 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-12-01 Includes\Trojans.sbi (*)
2006-12-01 Includes\TrojansC.sbi (*)
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB889293
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Player: Korrigering för Windows Media Player [Mer information finns i Q828026]
/ Windows Media Player / SP0: Korrigering för Windows Media Player [Mer information finns i Q828026]
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player 10: Säkerhetsuppdatering för Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Säkerhetsuppdatering för Windows Media Player 10 (KB917734)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Uppdatering för Windows XP (KB894391)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB896358)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB896422)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB896423)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB896424)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB896428)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB896688)
/ Windows XP / SP3: Uppdatering för Windows XP (KB896727)
/ Windows XP / SP3: Uppdatering för Windows XP (KB898461)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB899587)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB899588)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB899591)
/ Windows XP / SP3: Uppdatering för Windows XP (KB900485)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB900725)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB901017)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB901190)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB901214)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB902400)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB903235)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB904706)
/ Windows XP / SP3: Uppdatering för Windows XP (KB904942)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB905414)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB905749)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB905915)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB908519)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB908531)
/ Windows XP / SP3: Uppdatering för Windows XP (KB910437)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB911280)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB911562)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB911567)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB911927)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB912812)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB912919)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB913446)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB913580)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB914388)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB914389)
/ Windows XP / SP3: Snabbkorrigering för Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB916281)
/ Windows XP / SP3: Uppdatering för Windows XP (KB916595)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB917159)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB917344)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB917422)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB917953)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB918439)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB918899)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB919007)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB920213)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB920214)
/ Windows XP / SP3: Uppdatering för Windows XP (KB920342)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB920670)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB920683)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB920685)
/ Windows XP / SP3: Uppdatering för Windows XP (KB920872)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB921398)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB921883)
/ Windows XP / SP3: Uppdatering för Windows XP (KB922582)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB922616)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB922760)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB922819)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB923191)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB923414)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB923980)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB924191)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB924270)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB924496)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB925486)
--- Startup entries list ---
Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
file: C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
size: 57344
MD5: 617fa5be646b5e8d6670fd4710acd2d3
Located: HK_LM:Run, ccApp
command: "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
file: C:\Program\Delade filer\Symantec Shared\ccApp.exe
size: 84640
MD5: 61937bfdf7e4d169461a547acd09974c
Located: HK_LM:Run, osCheck
command: "C:\Program\Norton Internet Security\osCheck.exe"
file: C:\Program\Norton Internet Security\osCheck.exe
size: 26248
MD5: 3602c14e8b2bf31e7b4f14c162178945
Located: HK_LM:Run, PCTVOICE
command: pctspk.exe
file: C:\WINDOWS\system32\pctspk.exe
size: 163840
MD5: 039e34057d43aec106a05bcddacf664c
Located: HK_LM:Run, QuickTime Task
command: "C:\Program\QuickTime\qttask.exe" -atboottime
file: C:\Program\QuickTime\qttask.exe
size: 77824
MD5: 5d22b4258489575412f6d18affc847a2
Located: HK_LM:Run, StorageGuard
command: "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
file: C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe
size: 155648
MD5: 4d04efdcb8548fdb3b29ab9154480b7b
Located: HK_LM:Run, SynTPEnh
command: C:\Program\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program\Synaptics\SynTP\SynTPEnh.exe
size: 569344
MD5: 2c8dd635cec467a577f58b751dfb1cd1
Located: HK_LM:Run, SynTPLpr
command: C:\Program\Synaptics\SynTP\SynTPLpr.exe
file: C:\Program\Synaptics\SynTP\SynTPLpr.exe
size: 126976
MD5: 334fcf77162c78cba1ee59168b2c9387
Located: HK_LM:Run, TkBellExe
command: "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
file: C:\Program\Delade filer\Real\Update_OB\realsched.exe
size: 180269
MD5: b8e684df9a97497edd2f87444a6307fb
Located: HK_LM:Run, VTTimer
command: VTTimer.exe
file: C:\WINDOWS\system32\VTTimer.exe
size: 36864
MD5: 5050a1d947bd1db8e3f8b1334d098663
Located: HK_CU:Run, CTFMON.EXE
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: febe82a289a6645e26b27f3a0a4d2b84
Located: HK_CU:Run, MsnMsgr
command: "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
file: C:\Program\MSN Messenger\MsnMsgr.Exe
size: 5354792
MD5: c1ee2387ede907599ee3a6de9493f672
Located: HK_CU:Run, Window Washer
command: C:\Program Files\Webroot\Washer\wwDisp.exe
file: C:\Program Files\Webroot\Washer\wwDisp.exe
size: 196096
MD5: c2e79a5420d0ab8f5d66979d3228a2a5
Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0
Located: Startup (common), X-Micro WLAN 11g USB Utility.lnk
command: C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
file: C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
size: 438272
MD5: 23042666a9a6a572f46440e84cb1fd8b
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
--- Browser helper object list ---
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
BHO name:
CLSID name:
Path: C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\
Long name: NppBHO.dll
Short name:
Date (created): 2006-09-05 22:18:24
Date (last access): 2006-12-03 13:21:20
Date (last write): 2006-09-05 22:18:24
Filesize: 93400
Attributes: readonly archive
MD5: 28D6CF8C2E156EF8AB3E049246C22B70
CRC32: C688A3B8
Version: 2007.1.0.133
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program\Delade filer\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 2006-07-07 12:29:52
Date (last access): 2006-12-03 12:09:54
Date (last write): 2006-07-07 12:29:52
Filesize: 324416
Attributes: archive
MD5: 52A70C80A446FA3BBCDAF59A9AB26AF4
CRC32: B1456034
Version: 4.0.249.1
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
BHO name:
CLSID name: ST
Path: C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\
Long name: stmain.dll
Short name:
Date (created): 2005-05-27 07:31:06
Date (last access): 2006-12-03 12:09:56
Date (last write): 2004-08-13 17:42:00
Filesize: 155648
Attributes: archive
MD5: 0DA1349495955CB41A5899047C5A1267
CRC32: C050EECD
Version: 1.2.3000.1001
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
BHO name:
CLSID name: MSNToolBandBHO
Path: C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\
Long name: msntb.dll
Short name:
Date (created): 2006-02-13 15:53:02
Date (last access): 2006-12-03 12:10:00
Date (last write): 2006-01-17 16:04:16
Filesize: 282624
Attributes: archive
MD5: 6B3B0C6657B3DFEAD7ABC5BFEE45B347
CRC32: 1DF31317
Version: 1.2.5000.1021
--- ActiveX list ---
{215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6)
DPF name:
CLSID name: Trend Micro ActiveX Scan Agent 6.6
Installer: C:\WINDOWS\Downloaded Program Files\hcImpl.inf
Codebase: http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: Housecall_ActiveX.dll
Short name: HOUSEC~1.DLL
Date (created): 2006-10-25 12:18:06
Date (last access): 2006-12-03 13:08:06
Date (last write): 2006-10-25 12:18:06
Filesize: 385536
Attributes: archive
MD5: 3EBA1F8FA899A08811B05F9D9D957C7B
CRC32: 83530E1E
Version: 6.51.0.1016
{9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control)
DPF name:
CLSID name: FirstClass® Control
Installer: C:\WINDOWS\Downloaded Program Files\fcplugin.inf
Codebase: http://www.zonline.se/ClientDownloads/fcplugin.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: fcplugin.dll
Short name:
Date (created): 2005-05-02 10:13:48
Date (last access): 2006-12-03 12:47:50
Date (last write): 2005-05-02 10:13:48
Filesize: 7232842
Attributes: archive
MD5: C42C8A6398BA91185C8531425287D0E1
CRC32: FAF9BBB3
Version: 8.0.4.3
--- Process list ---
PID: 0 ( 0) [System]
PID: 700 ( 4) \SystemRoot\System32\smss.exe
PID: 772 ( 700) \??\C:\WINDOWS\system32\csrss.exe
PID: 804 ( 700) \??\C:\WINDOWS\system32\winlogon.exe
PID: 848 ( 804) C:\WINDOWS\system32\services.exe
size: 108032
MD5: 0DF00535E2F5AEFAEAD3A800F75137AF
PID: 860 ( 804) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BA428312D9A0726E4C07C2037E882520
PID: 1028 ( 848) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 22D8A75754B7B9ECC4753E3C09A56B18
PID: 1132 ( 848) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 22D8A75754B7B9ECC4753E3C09A56B18
PID: 1244 ( 848) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 22D8A75754B7B9ECC4753E3C09A56B18
PID: 1452 ( 848) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 22D8A75754B7B9ECC4753E3C09A56B18
PID: 1568 ( 848) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 22D8A75754B7B9ECC4753E3C09A56B18
PID: 1884 ( 848) C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
size: 105632
MD5: 15C40B3E236C98C3C31F802881713064
PID: 332 ( 848) C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
size: 46736
MD5: CE045B180D34404FF3017C18D308E9C1
PID: 444 ( 848) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1848 ( 848) C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
size: 198336
MD5: 0FCFBD0EDAA188B3D652DDCE6D16D866
PID: 176 ( 848) C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
size: 204800
MD5: E8FBDCC8D618D1BB84B828F247A6244B
PID: 476 ( 848) C:\WINDOWS\System32\snmp.exe
size: 32256
MD5: 405AE01764981407AFCDC71FC152337B
PID: 1484 ( 848) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: AB0A7CA90D9E3D6A193905DC1715DED0
PID: 1736 ( 848) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 674AD0546272F9ADB8028B9CA0D0658F
PID: 1372 (3792) C:\WINDOWS\Explorer.EXE
size: 1032704
MD5: 87A3C8EAD27CF3591713D629D8BCB990
PID: 3780 (1372) C:\WINDOWS\system32\pctspk.exe
size: 163840
MD5: 039E34057D43AEC106A05BCDDACF664C
PID: 3972 (1372) C:\Program\Synaptics\SynTP\SynTPLpr.exe
size: 126976
MD5: 334FCF77162C78CBA1EE59168B2C9387
PID: 4008 (1372) C:\Program\Synaptics\SynTP\SynTPEnh.exe
size: 569344
MD5: 2C8DD635CEC467A577F58B751DFB1CD1
PID: 4088 (1372) C:\Program\Delade filer\Real\Update_OB\realsched.exe
size: 180269
MD5: B8E684DF9A97497EDD2F87444A6307FB
PID: 1392 (1372) C:\Program\QuickTime\qttask.exe
size: 77824
MD5: 5D22B4258489575412F6D18AFFC847A2
PID: 2992 (1372) C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
size: 57344
MD5: 617FA5BE646B5E8D6670FD4710ACD2D3
PID: 1052 (1372) C:\Program\Delade filer\Symantec Shared\ccApp.exe
size: 84640
MD5: 61937BFDF7E4D169461A547ACD09974C
PID: 1384 (1372) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: FEBE82A289A6645E26B27F3A0A4D2B84
PID: 852 (1372) C:\Program\MSN Messenger\MsnMsgr.Exe
size: 5354792
MD5: C1EE2387EDE907599EE3A6DE9493F672
PID: 2008 (1372) C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
size: 438272
MD5: 23042666A9A6A572F46440E84CB1FD8B
PID: 2068 (1372) C:\Program\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 3332 ( 848) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 22D8A75754B7B9ECC4753E3C09A56B18
PID: 4056 ( 848) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 22D8A75754B7B9ECC4753E3C09A56B18
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 2006-12-03 13:27:21
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\Program\Lavasoft\AD-AWA~1\UNWISE.EXE C:\Program\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com
(AddressBook)
Adobe Atmosphere Player for Acrobat and Adobe Reader (Adobe Atmosphere Player)
uninstall cmd: C:\WINDOWS\atmoUn.exe
Adobe SVG Viewer 3.0 3.0 (Adobe SVG Viewer)
version (major): 3
install location: C:\Program\Delade filer\Adobe\SVG Viewer 3.0
uninstall cmd: C:\Program\Delade filer\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program\Delade filer\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Program\Grisoft\AVG Anti-Spyware 7.5
uninstall cmd: C:\Program\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: http://www.grisoft.com
Basketball Playbook 009 (Basketball Playbook 009_is1)
install location: C:\Program\Jes-Soft\Basketball Playbook v009\
uninstall cmd: "C:\Program\Jes-Soft\Basketball Playbook v009\unins000.exe"
publisher: Jes-Soft
(Branding)
(Connection Manager)
(DirectAnimation)
(DirectDrawEx)
(expinst)
(Fontcore)
HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Hijackthis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.
hp deskjet 5100 series (hp deskjet 5100 series_Driver)
uninstall cmd: rundll32 hpzcon09.dll,VendorJettison hp deskjet 5100 series
hp print screen utility (hp print screen utility)
uninstall cmd: C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
(ICW)
Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs)
install date: 20061122
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
(IE40)
(IE4Data)
(IE5BAKEX)
Windows Internet Explorer 7 20061107.210142 (ie7)
install date: 20061126
uninstall cmd: "C:\WINDOWS\ie7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://www.microsoft.com/ie
(IEData)
(IEREADME)
ieSpell 2.5.1 (build 106) (ieSpell)
uninstall cmd: "C:\Program\ieSpell\uninst.exe"
publisher: Red Egg Software
HSP56 MR Drivers (Installing HSP56 MicroModem Drivers)
uninstall cmd: ptuninst.exe
install_FIBA_screensaver2 (install_FIBA_screensaver2.scr)
uninstall cmd: C:\WINDOWS\install_FIBA_screensaver2.scr /U
InterActual Player (InterActual Player)
uninstall cmd: C:\Program Files\InterActual\InterActual Player\inuninst.exe
Kaspersky Online Scanner 5.0.83.0 (Kaspersky Online Scanner)
estimated size: 6040
install location: C:\WINDOWS\system32\KASPER~1\KASPER~1
uninstall cmd: C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
publisher: Kaspersky Lab
contact: Customer Support Department
help link: http://www.kaspersky.com/support.asp
Windows XP Hotfix - KB834707 20040929.110854 (KB834707)
uninstall cmd: C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=834707
Windows XP Hotfix - KB867282 20050127.090417 (KB867282)
uninstall cmd: C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=867282
Microsoft Data Access Components KB870669 (KB870669)
uninstall cmd: C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB870669
Windows XP Hotfix - KB873333 20050114.005213 (KB873333)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873333
Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339
Säkerhetsuppdatering för Windows XP (KB883939) 1 (KB883939)
install date: 20050616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=883939
(KB884016)
Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250
Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835
Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836
Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185
Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472
Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742
Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113
Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302
Säkerhetsuppdatering för Windows XP (KB890046) 1 (KB890046)
install date: 20050616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046
Windows XP Hotfix - KB890047 20041221.124506 (KB890047)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890047
Windows XP Hotfix - KB890175 20041201.233338 (KB890175)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890175
Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20050413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859
Windows XP Hotfix - KB890923 1 (KB890923)
install date: 20050413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890923
Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781
Windows XP Hotfix - KB893066 1 (KB893066)
install date: 20050413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066
Windows XP Hotfix - KB893086 1 (KB893086)
install date: 20050413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893086
Säkerhetsuppdatering för Windows XP (KB893756) 1 (KB893756)
install date: 20050816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756
Windows Installer 3.1 (KB893803) 3.1 (KB893803)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467
Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467
Uppdatering för Windows XP (KB894391) 1 (KB894391)
install date: 20050816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391
Säkerhetsuppdatering för Windows XP (KB896358) 1 (KB896358)
install date: 20050616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358
Säkerhetsuppdatering för Windows XP (KB896422) 1 (KB896422)
install date: 20050616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422
Säkerhetsuppdatering för Windows XP (KB896423) 1 (KB896423)
install date: 20050816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423
Säkerhetsuppdatering för Windows XP (KB896424) 1 (KB896424)
install date: 20051109
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424
Säkerhetsuppdatering för Windows XP (KB896428) 1 (KB896428)
install date: 20050616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428
Säkerhetsuppdatering för Windows XP (KB896688) 1 (KB896688)
install date: 20051106
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896688
Uppdatering för Windows XP (KB896727) 1 (KB896727)
install date: 20050816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896727
Uppdatering för Windows XP (KB898461) 1 (KB898461)
install date: 20050717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461
Säkerhetsuppdatering för Windows XP (KB899587) 1 (KB899587)
install date: 20050816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587
Säkerhetsuppdatering för Windows XP (KB899588) 1 (KB899588)
install date: 20050816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899588
Säkerhetsuppdatering för Windows XP (KB899591) 1 (KB899591)
install date: 20050816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591
Uppdatering för Windows XP (KB900485) 2 (KB900485)
install date: 20060426
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485
Säkerhetsuppdatering för Windows XP (KB900725) 1 (KB900725)
install date: 20051106
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725
Säkerhetsuppdatering för Windows XP (KB901017) 1 (KB901017)
install date: 20051106
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017
Säkerhetsuppdatering för Windows XP (KB901190) 1 (KB901190)
install date: 20060709
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901190
Säkerhetsuppdatering för Windows XP (KB901214) 1 (KB901214)
install date: 20050717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214
Hotfix for Windows Media Format SDK (KB902344) (KB902344)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902344
Säkerhetsuppdatering för Windows XP (KB902400) 1 (KB902400)
install date: 20051106
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400
Säkerhetsuppdatering för Windows XP (KB903235) 1 (KB903235)
install date: 20050717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=903235
Säkerhetsuppdatering för Windows XP (KB904706) 1 (KB904706)
install date: 20051106
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706
Uppdatering för Windows XP (KB904942) 2 (KB904942)
install date: 20061122
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904942
Säkerhetsuppdatering för Windows XP (KB905414) 1 (KB905414)
install date: 20051106
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414
Säkerhetsuppdatering för Windows XP (KB905749) 1 (KB905749)
install date: 20051106
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749
Säkerhetsuppdatering för Windows XP (KB905915) 1 (KB905915)
install date: 20051220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905915
Säkerhetsuppdatering för Windows XP (KB908519) 1 (KB908519)
install date: 20060111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519
Säkerhetsuppdatering för Windows XP (KB908531) 1 (KB908531)
install date: 20060413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531
Uppdatering för Windows XP (KB910437) 1 (KB910437)
install date: 20051220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437
Säkerhetsuppdatering för Windows XP (KB911280) 1 (KB911280)
install date: 20060614
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280
Säkerhetsuppdatering för Windows XP (KB911562) 1 (KB911562)
install date: 20060413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562
Säkerhetsuppdatering för Windows Media Player (KB911564) (KB911564)
install date: 20060219
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564
Säkerhetsuppdatering för Windows Media Player 10 (KB911565) (KB911565)
install date: 20060219
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911565
Säkerhetsuppdatering för Windows XP (KB911567) 1 (KB911567)
install date: 20060413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567
Säkerhetsuppdatering för Windows XP (KB911927) 1 (KB911927)
install date: 20060219
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927
Hi
Right-click this (http://www.kellys-korner-xp.com/regs_edits/securitycenterrestore.reg) link
and choose save as/save target as (depends on your browser) and save it to desktop. Doubleclick securitycenterrestore.reg, click Yes and ok.
Reboot
How about now?
Shabas, thx for your help and patience.... ok, ran the through the steps, and it still isn't working.... ran a spybot test as well and it came back clean...
So now where do we go...
again thx for your time.
Hi
Go to start -> run -> services.msc -> ok
Find Security Center, doubleclick it, press start (if not already running) and make sure that startuptype is automatic.
Did it help?
Shaba, you have just been elevated to one of my smartest person alive catergories... yes the security center is up and running.
All seems good.
Do i need do anything else?
If not thankyou for your help outstanding!
Shaba, looks like i spoke too soon. After rebooting the computer it was turned off again, even after setting it to automatic, obviously i have some type of conflict there, but i haven't the foggiest idea obviously! :sad:
Hi
Is Norton running ok though security center isn't?
If so, you can ignore security center thing.
See more info about security center below.
FAQ, Why does Spybot-S&D flag changes in the Windows Security Center:
http://www.safer-networking.org/en/faq/46.html
"Windows Security Center"
Please see comment by md usa spybot fan here
http://forums.spybot.info/showthread.php?t=250
Due to the lack of feedback this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.