PDA

View Full Version : Malware, Virus and more



Honda
2006-11-30, 01:37
Hi i believe i have multiple problems and have no idea where to begin.

I am unsure how or where became infected. My security centre no longer works, and am bombarded with Anti-Virus Messages.

Any assistance would be welcome.

I will be upgrading my software to Microsoft 2007 shortly but would like a clean computer before then, i am unable to reload all the windows platforms as all my software is packaged away somewhere in boxes as i am on a laptop and not in my normal residence.

Here is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 00:27:54, on 2006-11-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\Webroot\Washer\Formdata.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Webroot\Washer\Formdata.exe
C:\Program Files\Webroot\Washer\Formdata.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.spray.se/sok/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comhem.se/portal/comhem/ettan
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvfeb.dll,startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: X-Micro WLAN 11g USB Utility.lnk = C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program\ieSpell\wikipedia.HTM
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.spray.se/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - http://www.zonline.se/ClientDownloads/fcplugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\GAREN~1\LOKALA~1\Temp\hpdj.exe (file missing)
O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

Shaba
2006-11-30, 09:25
Hi Honda

Rename HijackThis.exe to HJT.exe

Also do this:

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

Send:

- a fresh HijackThis log
- smitfraudfix report

Honda
2006-11-30, 17:20
Hi Shaba and thnx,

I have changed the HJT.exe, and followed the link you posted on the smitfraudFix... However when i go in and double click the smitfraudfix.cmd
it opens up and responds thus:-

SmitFraudFix v2.126
Process.exe file missing !
Unzip all the archive in a folder.

Tryck på valfri tangent för att fortsätta...

Shaba
2006-11-30, 17:42
Hi

Re-download smitfraudfix to desktop, don't unzip it yet.

Boot in safe mode

Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

Reboot to normal mode

Send:

- a fresh HijackThis log
- smitfraudfix report

Honda
2006-11-30, 23:09
Shaba's, as requested:

Logfile of HijackThis v1.99.1
Scan saved at 22:04:28, on 2006-11-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\Formdata.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Norton Internet Security\Norton AntiVirus\NAVW32.exe
C:\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.spray.se/sok/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comhem.se/portal/comhem/ettan
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\wcebgncf.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - (no file)
O2 - BHO: (no name) - {7F42E33D-1733-442C-A2DB-451483702C35} - C:\WINDOWS\system32\mljgf.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvpuw.dll,startup
O4 - HKLM\..\RunOnce: [RemoveModule] command /c del C:\WINDOWS\system32\drvfeb.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: X-Micro WLAN 11g USB Utility.lnk = C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program\ieSpell\wikipedia.HTM
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.spray.se/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - http://www.zonline.se/ClientDownloads/fcplugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: mljgf - C:\WINDOWS\system32\mljgf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wingdm32 - C:\WINDOWS\SYSTEM32\wingdm32.dll
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\GAREN~1\LOKALA~1\Temp\hpdj.exe (file missing)
O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

Smitfraudfix rapport:

SmitFraudFix v2.126

Scan done at 21:55:04,94, 2006-11-30
Run from C:\Documents and Settings\Žgaren\Skrivbord\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\adw.htm FOUND !
C:\WINDOWS\secure32.html FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ishost.exe FOUND !
C:\WINDOWS\system32\ismini.exe FOUND !
C:\WINDOWS\system32\issearch.exe FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\drvpuw.dll FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Žgaren


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Žgaren\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\GAREN~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Min aktuella startsida"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
"DllName"="C:\\WINDOWS\\system32\\mljgf.dll"


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Shaba
2006-12-01, 09:08
Hi

Uninstall via add/remove programs (control panel)

Vs-Add in for internet explorer

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\wcebgncf.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - (no file)
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvpuw.dll,startup
O4 - HKLM\..\RunOnce: [RemoveModule] command /c del C:\WINDOWS\system32\drvfeb.dll
O20 - Winlogon Notify: wingdm32 - C:\WINDOWS\SYSTEM32\wingdm32.dll

Close all windows including browser and press fix checked


Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.
______________________________

Delete if present:

C:\WINDOWS\system32\wcebgncf.dll
C:\Program\VSAdd-in
C:\WINDOWS\SYSTEM32\wingdm32.dll

Empty Recycle Bin

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Proceed like this:
Quit Internet Explorer and quit any instances of Windows Explorer.
Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
______________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter.
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
______________________________

Please post:
c:\rapport.txt
c:\vundofix.txt
Ewido log
A new HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off.

Honda
2006-12-01, 23:24
Hi shaba, well i believe i did everything as asked and correctly but i guess i'll find out from you shortly....:red:

as requested:

c:\rapport.txt

SmitFraudFix v2.126

Scan done at 14:54:35,72, 2006-12-01
Run from C:\Documents and Settings\Žgaren\Skrivbord\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\adw.htm Deleted
C:\WINDOWS\secure32.html Deleted
C:\WINDOWS\system32\ishost.exe Deleted
C:\WINDOWS\system32\ismini.exe Deleted
C:\WINDOWS\system32\issearch.exe Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\components\flx?.dll Deleted
C:\WINDOWS\system32\components\flx??.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Honda
2006-12-01, 23:27
c:\ vundofix.txt


VundoFix V6.2.13

Checking Java version...

Sun Java not detected
Scan started at 13:43:38 2006-12-01

Listing files found while scanning....

C:\WINDOWS\SYSTEM32\mljgf.dll
C:\WINDOWS\SYSTEM32\fgjlm.ini
C:\WINDOWS\SYSTEM32\fgjlm.bak1
C:\WINDOWS\SYSTEM32\fgjlm.bak2
C:\WINDOWS\SYSTEM32\fgjlm.ini2
C:\WINDOWS\SYSTEM32\fgjlm.tmp
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\SYSTEM32\fgjlm.ini
C:\WINDOWS\SYSTEM32\fgjlm.bak1
C:\WINDOWS\SYSTEM32\fgjlm.bak2
C:\WINDOWS\SYSTEM32\fgjlm.ini2
C:\WINDOWS\SYSTEM32\fgjlm.tmp
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\fgjlm.bak1
C:\WINDOWS\system32\fgjlm.bak2
C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\system32\fgjlm.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\mljgf.dll
C:\WINDOWS\SYSTEM32\mljgf.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\fgjlm.ini
C:\WINDOWS\SYSTEM32\fgjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\fgjlm.bak1
C:\WINDOWS\SYSTEM32\fgjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\fgjlm.bak2
C:\WINDOWS\SYSTEM32\fgjlm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\fgjlm.ini2
C:\WINDOWS\SYSTEM32\fgjlm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\fgjlm.tmp
C:\WINDOWS\SYSTEM32\fgjlm.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mljgf.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.13

Checking Java version...

Sun Java not detected
Scan started at 14:03:14 2006-12-01

Listing files found while scanning....

No infected files were found.

Honda
2006-12-01, 23:28
Ewido log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:51:00 2006-12-01

+ Scan result:



C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP482\A0346934.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP482\A0346936.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP482\A0346937.dll -> Adware.Virtumonde : Cleaned.
C:\WINDOWS\SYSTEM32\pmnmnlm.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP483\A0346956.exe -> Downloader.Zlob.bar : Cleaned.
:mozilla.41:C:\Documents and Settings\Ägaren\Application Data\Mozilla\Firefox\Profiles\l71zgd6p.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.42:C:\Documents and Settings\Ägaren\Application Data\Mozilla\Firefox\Profiles\l71zgd6p.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.6:C:\Documents and Settings\Ägaren\Application Data\Mozilla\Firefox\Profiles\l71zgd6p.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.7:C:\Documents and Settings\Ägaren\Application Data\Mozilla\Firefox\Profiles\l71zgd6p.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.56:C:\Documents and Settings\Ägaren\Application Data\Mozilla\Firefox\Profiles\l71zgd6p.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP481\A0345916.dll -> Trojan.Mezzia : Cleaned.


::Report end

Honda
2006-12-01, 23:30
a new hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 22:15:34, on 2006-12-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\snmp.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program\Internet Explorer\iexplore.exe
C:\HJT\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\cmrijjvb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O2 - BHO: (no name) - {D56E39D4-3743-4510-BD0B-1510EB5BC316} - C:\WINDOWS\system32\mljgf.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: X-Micro WLAN 11g USB Utility.lnk = C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program\ieSpell\wikipedia.HTM
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.spray.se/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - http://www.zonline.se/ClientDownloads/fcplugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\GAREN~1\LOKALA~1\Temp\hpdj.exe (file missing)
O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

Shaba
2006-12-02, 11:44
Hi

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\cmrijjvb.dll
O2 - BHO: (no name) - {D56E39D4-3743-4510-BD0B-1510EB5BC316} - C:\WINDOWS\system32\mljgf.dll (file missing)
O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)

Close all windows including browser and press fix checked

Reboot

Delete if present:

C:\WINDOWS\system32\cmrijjvb.dll

Empty Recycle Bin

Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:

o Scan using the following Anti-Virus database:

+ Extended (If available otherwise Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.

Scan this file -> C:\WINDOWS\Downloaded Program Files\fcplugin.dll in VirusTotal (http://www.virustotal.com/en/indexf.html) and send results here

Send:

- a fresh HijackThis log
- VirusTotal results
- kaspersky report

Honda
2006-12-02, 19:15
Shabas, as requested the associated reports....how come the Kaspersky says it found so many viruses yet my program and every other says nothing?

Highjack log:

Logfile of HijackThis v1.99.1
Scan saved at 18:11:39, on 2006-12-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\snmp.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Washer\Formdata.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\HJT\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: X-Micro WLAN 11g USB Utility.lnk = C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program\ieSpell\wikipedia.HTM
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.spray.se/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - http://www.zonline.se/ClientDownloads/fcplugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\GAREN~1\LOKALA~1\Temp\hpdj.exe (file missing)
O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

Honda
2006-12-02, 19:16
virustotal log:

STATUS: FINISHEDComplete scanning result of "fcplugin.dll", received in VirusTotal at 12.02.2006, 18:05:29 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.46 12.02.2006 no virus found
Authentium 4.93.8 12.01.2006 no virus found
Avast 4.7.892.0 12.01.2006 no virus found
AVG 386 12.02.2006 no virus found
BitDefender 7.2 12.02.2006 no virus found
CAT-QuickHeal 8.00 12.02.2006 no virus found
ClamAV devel-20060426 12.01.2006 no virus found
DrWeb 4.33 12.02.2006 no virus found
eSafe 7.0.14.0 11.30.2006 no virus found
eTrust-InoculateIT 23.73.74 12.02.2006 no virus found
eTrust-Vet 30.3.3225 12.01.2006 no virus found
Ewido 4.0 12.02.2006 no virus found
Fortinet 2.82.0.0 12.02.2006 no virus found
F-Prot 3.16f 12.01.2006 no virus found
F-Prot4 4.2.1.29 12.01.2006 no virus found
Ikarus 0.2.65.0 12.01.2006 no virus found
Kaspersky 4.0.2.24 12.02.2006 no virus found
McAfee 4909 12.01.2006 no virus found
Microsoft 1.1804 12.02.2006 no virus found
NOD32v2 1897 12.02.2006 no virus found
Norman 5.80.02 12.01.2006 no virus found
Panda 9.0.0.4 12.02.2006 no virus found
Prevx1 V2 12.02.2006 no virus found
Sophos 4.12.0 12.02.2006 no virus found
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.127 12.01.2006 no virus found
UNA 1.83 12.01.2006 no virus found
VBA32 3.11.1 12.01.2006 no virus found
VirusBuster 4.3.15:9 12.02.2006 no virus found


Aditional Information
File size: 7232842 bytes
MD5: c42c8a6398ba91185c8531425287d0e1
SHA1: 8f3facc4965e1e5c6b89df2c2bdefdcccf8e3700

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contactar En Español
--------------------------------------------------------------------------------
www.virustotal.com :: ©Hispasec Sistemas 2004-06:: e-mail info

Honda
2006-12-02, 19:17
Kaspersky report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 02, 2006 3:25:08 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 2/12/2006
Kaspersky Anti-Virus database records: 247459
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 49693
Number of viruses found: 11
Number of infected objects: 38 / 0
Number of suspicious objects: 2
Duration of the scan process: 01:01:29

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC17.zip/ishost.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC17.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-12-02_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\7D88C7C1.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Tidigare\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ägaren\.housecall6.6\Quarantine\deldaits.dll.bac_a01948 Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\Ägaren\.housecall6.6\Quarantine\estxrrkt.dll.bac_a01948 Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\Ägaren\.housecall6.6\Quarantine\evvgwphc.dll.bac_a01948 Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\Ägaren\.housecall6.6\Quarantine\frhgqmko.dll.bac_a01948 Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\Ägaren\.housecall6.6\Quarantine\grosnkwv.dll.bac_a01948 Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\Ägaren\.housecall6.6\Quarantine\nventqjc.dll.bac_a01948 Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\Ägaren\.housecall6.6\Quarantine\sujyfppa.dll.bac_a01948 Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\Ägaren\.housecall6.6\Quarantine\wnllwvpo.dll.bac_a01948 Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\Ägaren\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\~DF774.tmp Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\~DF829.tmp Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Tidigare\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Tidigare\History.IE5\MSHist012006120220061203\index.dat Object is locked skipped
C:\Documents and Settings\Ägaren\ntuser.dat Object is locked skipped
C:\Documents and Settings\Ägaren\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ägaren\Skrivbord\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Ägaren\Skrivbord\SmitfraudFix\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Ägaren\Skrivbord\SmitfraudFix\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Program\Delade filer\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program\Delade filer\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344828.exe Infected: Trojan-Downloader.Win32.Zlob.bbi skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344848.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344849.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344850.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344851.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344852.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344854.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344855.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344859.exe Infected: Trojan-Downloader.Win32.Zlob.bbi skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP481\A0345895.exe Infected: Trojan-Downloader.Win32.Zlob.bbq skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP481\A0345921.dll Infected: Packed.Win32.Klone.t skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP481\A0345926.exe Infected: Trojan-Downloader.Win32.Zlob.bbq skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP482\A0346921.exe Infected: Trojan-Downloader.Win32.Zlob.bbq skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP482\A0346935.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP482\A0346939.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fj skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP482\A0346944.exe Infected: Trojan-Downloader.Win32.Zlob.bbq skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP483\A0346951.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP483\A0346954.exe Infected: Trojan-Downloader.Win32.Zlob.bbq skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP483\A0346955.exe Infected: Trojan-Downloader.Win32.Zlob.bbq skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP483\A0346982.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dr skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP483\A0346991.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP484\A0346994.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP485\A0347007.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP485\A0347013.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP485\change.log Object is locked skipped
C:\VundoFix Backups\mljgf.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fj skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{528F88CC-F697-49CA-9BEA-8C94DB018581}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\desktop.html Infected: not-virus:Hoax.Win32.Renos.ci skipped
C:\WINDOWS\SYSTEM32\guytdxfg.dll Infected: Trojan.Win32.BHO.o skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_4a0.dat Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP485\change.log Object is locked skipped

Scan process completed.

Shaba
2006-12-02, 19:23
Hi

First of all, kaspersky is an excellent antivirus (one of the best)

Secondly, no av can find all viruses

Thirdly, most of your viruses are in system restore or in av quarantine, so they're basically quite harmless at the moment :)

Empty these folders:

C:\Documents and Settings\Ägaren\.housecall6.6\Quarantine
C:\VundoFix Backups

Delete these:

C:\WINDOWS\SYSTEM32\desktop.html
C:\WINDOWS\SYSTEM32\guytdxfg.dll

Empty Recycle Bin

Re-scan with kaspersky

Send:

- a fresh HijackThis log
- kaspersky report

Honda
2006-12-02, 22:36
Shaba, i was in complete panic, thanks for the asurances.... ;)

as requested, a fresh hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 21:33:23, on 2006-12-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\snmp.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Washer\Formdata.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Washer\Formdata.exe
C:\Program\Internet Explorer\iexplore.exe
C:\HJT\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: X-Micro WLAN 11g USB Utility.lnk = C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program\ieSpell\wikipedia.HTM
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.spray.se/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - http://www.zonline.se/ClientDownloads/fcplugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\GAREN~1\LOKALA~1\Temp\hpdj.exe (file missing)
O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

Honda
2006-12-02, 22:38
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 02, 2006 9:32:38 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 2/12/2006
Kaspersky Anti-Virus database records: 247382
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 49572
Number of viruses found: 10
Number of infected objects: 28 / 0
Number of suspicious objects: 2
Duration of the scan process: 01:00:17

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC17.zip/ishost.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC17.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-12-02_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\0C096BF6.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\7D88C7C1.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Tidigare\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ägaren\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\~DF630F.tmp Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\~DF632A.tmp Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Tidigare\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Ägaren\Lokala inställningar\Tidigare\History.IE5\MSHist012006120220061203\index.dat Object is locked skipped
C:\Documents and Settings\Ägaren\ntuser.dat Object is locked skipped
C:\Documents and Settings\Ägaren\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ägaren\Skrivbord\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Ägaren\Skrivbord\SmitfraudFix\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Ägaren\Skrivbord\SmitfraudFix\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program\Delade filer\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program\Delade filer\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344828.exe Infected: Trojan-Downloader.Win32.Zlob.bbi skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344848.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344849.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344850.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344851.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344852.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344854.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344855.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP479\A0344859.exe Infected: Trojan-Downloader.Win32.Zlob.bbi skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP481\A0345895.exe Infected: Trojan-Downloader.Win32.Zlob.bbq skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP481\A0345921.dll Infected: Packed.Win32.Klone.t skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP481\A0345926.exe Infected: Trojan-Downloader.Win32.Zlob.bbq skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP482\A0346921.exe Infected: Trojan-Downloader.Win32.Zlob.bbq skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP482\A0346935.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP482\A0346939.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fj skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP482\A0346944.exe Infected: Trojan-Downloader.Win32.Zlob.bbq skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP483\A0346951.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP483\A0346954.exe Infected: Trojan-Downloader.Win32.Zlob.bbq skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP483\A0346955.exe Infected: Trojan-Downloader.Win32.Zlob.bbq skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP483\A0346982.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dr skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP483\A0346991.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP484\A0346994.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP485\A0347007.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP485\A0347013.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP485\A0347028.dll Infected: Trojan.Win32.BHO.o skipped
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP485\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_4a0.dat Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP485\change.log Object is locked skipped

Scan process completed.

Shaba
2006-12-03, 11:32
Hi

Logs look good.

How are things running now?

Honda
2006-12-03, 12:46
System seems to be working ok now, however, i ran a sybot check and it told me i had several problems.

My security centre still isn't working, is this due to the nortons program?

Apart from tose problems everything seems to be running ok!!!!

Shaba
2006-12-03, 12:53
Hi

Right-click this link (http://www.kellys-korner-xp.com/regs_edits/enablenotify.reg)
and choose save as/save target as (depends on your browser) and save it to desktop. Doubleclick enablenotify.reg, click Yes and ok.

Reboot

Scan with spybot and send its report here

Does security center work now?

Honda
2006-12-03, 14:52
Ok security centre still not working.

Copy of spybot report.


--- Search result list ---
Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-11-24 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-12-01 Includes\Cookies.sbi (*)
2006-10-13 Includes\Dialer.sbi (*)
2006-12-01 Includes\DialerC.sbi (*)
2006-11-24 Includes\Hijackers.sbi (*)
2006-12-01 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-12-01 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-10-13 Includes\Malware.sbi (*)
2006-12-01 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-12-01 Includes\PUPSC.sbi (*)
2006-12-01 Includes\Revision.sbi (*)
2006-10-13 Includes\Security.sbi (*)
2006-12-01 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-12-01 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-12-01 Includes\Trojans.sbi (*)
2006-12-01 Includes\TrojansC.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB889293
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Player: Korrigering för Windows Media Player [Mer information finns i Q828026]
/ Windows Media Player / SP0: Korrigering för Windows Media Player [Mer information finns i Q828026]
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player 10: Säkerhetsuppdatering för Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Säkerhetsuppdatering för Windows Media Player 10 (KB917734)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Uppdatering för Windows XP (KB894391)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB896358)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB896422)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB896423)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB896424)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB896428)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB896688)
/ Windows XP / SP3: Uppdatering för Windows XP (KB896727)
/ Windows XP / SP3: Uppdatering för Windows XP (KB898461)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB899587)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB899588)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB899591)
/ Windows XP / SP3: Uppdatering för Windows XP (KB900485)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB900725)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB901017)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB901190)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB901214)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB902400)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB903235)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB904706)
/ Windows XP / SP3: Uppdatering för Windows XP (KB904942)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB905414)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB905749)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB905915)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB908519)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB908531)
/ Windows XP / SP3: Uppdatering för Windows XP (KB910437)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB911280)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB911562)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB911567)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB911927)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB912812)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB912919)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB913446)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB913580)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB914388)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB914389)
/ Windows XP / SP3: Snabbkorrigering för Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB916281)
/ Windows XP / SP3: Uppdatering för Windows XP (KB916595)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB917159)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB917344)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB917422)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB917953)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB918439)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB918899)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB919007)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB920213)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB920214)
/ Windows XP / SP3: Uppdatering för Windows XP (KB920342)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB920670)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB920683)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB920685)
/ Windows XP / SP3: Uppdatering för Windows XP (KB920872)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB921398)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB921883)
/ Windows XP / SP3: Uppdatering för Windows XP (KB922582)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB922616)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB922760)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB922819)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB923191)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB923414)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB923980)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB924191)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB924270)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB924496)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB925486)


--- Startup entries list ---
Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
file: C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
size: 57344
MD5: 617fa5be646b5e8d6670fd4710acd2d3

Located: HK_LM:Run, ccApp
command: "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
file: C:\Program\Delade filer\Symantec Shared\ccApp.exe
size: 84640
MD5: 61937bfdf7e4d169461a547acd09974c

Located: HK_LM:Run, osCheck
command: "C:\Program\Norton Internet Security\osCheck.exe"
file: C:\Program\Norton Internet Security\osCheck.exe
size: 26248
MD5: 3602c14e8b2bf31e7b4f14c162178945

Located: HK_LM:Run, PCTVOICE
command: pctspk.exe
file: C:\WINDOWS\system32\pctspk.exe
size: 163840
MD5: 039e34057d43aec106a05bcddacf664c

Located: HK_LM:Run, QuickTime Task
command: "C:\Program\QuickTime\qttask.exe" -atboottime
file: C:\Program\QuickTime\qttask.exe
size: 77824
MD5: 5d22b4258489575412f6d18affc847a2

Located: HK_LM:Run, StorageGuard
command: "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
file: C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe
size: 155648
MD5: 4d04efdcb8548fdb3b29ab9154480b7b

Located: HK_LM:Run, SynTPEnh
command: C:\Program\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program\Synaptics\SynTP\SynTPEnh.exe
size: 569344
MD5: 2c8dd635cec467a577f58b751dfb1cd1

Located: HK_LM:Run, SynTPLpr
command: C:\Program\Synaptics\SynTP\SynTPLpr.exe
file: C:\Program\Synaptics\SynTP\SynTPLpr.exe
size: 126976
MD5: 334fcf77162c78cba1ee59168b2c9387

Located: HK_LM:Run, TkBellExe
command: "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
file: C:\Program\Delade filer\Real\Update_OB\realsched.exe
size: 180269
MD5: b8e684df9a97497edd2f87444a6307fb

Located: HK_LM:Run, VTTimer
command: VTTimer.exe
file: C:\WINDOWS\system32\VTTimer.exe
size: 36864
MD5: 5050a1d947bd1db8e3f8b1334d098663

Located: HK_CU:Run, CTFMON.EXE
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: febe82a289a6645e26b27f3a0a4d2b84

Located: HK_CU:Run, MsnMsgr
command: "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
file: C:\Program\MSN Messenger\MsnMsgr.Exe
size: 5354792
MD5: c1ee2387ede907599ee3a6de9493f672

Located: HK_CU:Run, Window Washer
command: C:\Program Files\Webroot\Washer\wwDisp.exe
file: C:\Program Files\Webroot\Washer\wwDisp.exe
size: 196096
MD5: c2e79a5420d0ab8f5d66979d3228a2a5

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0

Located: Startup (common), X-Micro WLAN 11g USB Utility.lnk
command: C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
file: C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
size: 438272
MD5: 23042666a9a6a572f46440e84cb1fd8b

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

Honda
2006-12-03, 14:55
--- Browser helper object list ---
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
BHO name:
CLSID name:
Path: C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\
Long name: NppBHO.dll
Short name:
Date (created): 2006-09-05 22:18:24
Date (last access): 2006-12-03 13:21:20
Date (last write): 2006-09-05 22:18:24
Filesize: 93400
Attributes: readonly archive
MD5: 28D6CF8C2E156EF8AB3E049246C22B70
CRC32: C688A3B8
Version: 2007.1.0.133

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program\Delade filer\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 2006-07-07 12:29:52
Date (last access): 2006-12-03 12:09:54
Date (last write): 2006-07-07 12:29:52
Filesize: 324416
Attributes: archive
MD5: 52A70C80A446FA3BBCDAF59A9AB26AF4
CRC32: B1456034
Version: 4.0.249.1

{9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
BHO name:
CLSID name: ST
Path: C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\
Long name: stmain.dll
Short name:
Date (created): 2005-05-27 07:31:06
Date (last access): 2006-12-03 12:09:56
Date (last write): 2004-08-13 17:42:00
Filesize: 155648
Attributes: archive
MD5: 0DA1349495955CB41A5899047C5A1267
CRC32: C050EECD
Version: 1.2.3000.1001

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
BHO name:
CLSID name: MSNToolBandBHO
Path: C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\
Long name: msntb.dll
Short name:
Date (created): 2006-02-13 15:53:02
Date (last access): 2006-12-03 12:10:00
Date (last write): 2006-01-17 16:04:16
Filesize: 282624
Attributes: archive
MD5: 6B3B0C6657B3DFEAD7ABC5BFEE45B347
CRC32: 1DF31317
Version: 1.2.5000.1021



--- ActiveX list ---
{215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6)
DPF name:
CLSID name: Trend Micro ActiveX Scan Agent 6.6
Installer: C:\WINDOWS\Downloaded Program Files\hcImpl.inf
Codebase: http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: Housecall_ActiveX.dll
Short name: HOUSEC~1.DLL
Date (created): 2006-10-25 12:18:06
Date (last access): 2006-12-03 13:08:06
Date (last write): 2006-10-25 12:18:06
Filesize: 385536
Attributes: archive
MD5: 3EBA1F8FA899A08811B05F9D9D957C7B
CRC32: 83530E1E
Version: 6.51.0.1016

{9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control)
DPF name:
CLSID name: FirstClass® Control
Installer: C:\WINDOWS\Downloaded Program Files\fcplugin.inf
Codebase: http://www.zonline.se/ClientDownloads/fcplugin.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: fcplugin.dll
Short name:
Date (created): 2005-05-02 10:13:48
Date (last access): 2006-12-03 12:47:50
Date (last write): 2005-05-02 10:13:48
Filesize: 7232842
Attributes: archive
MD5: C42C8A6398BA91185C8531425287D0E1
CRC32: FAF9BBB3
Version: 8.0.4.3

Honda
2006-12-03, 14:57
--- Process list ---
PID: 0 ( 0) [System]
PID: 700 ( 4) \SystemRoot\System32\smss.exe
PID: 772 ( 700) \??\C:\WINDOWS\system32\csrss.exe
PID: 804 ( 700) \??\C:\WINDOWS\system32\winlogon.exe
PID: 848 ( 804) C:\WINDOWS\system32\services.exe
size: 108032
MD5: 0DF00535E2F5AEFAEAD3A800F75137AF
PID: 860 ( 804) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BA428312D9A0726E4C07C2037E882520
PID: 1028 ( 848) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 22D8A75754B7B9ECC4753E3C09A56B18
PID: 1132 ( 848) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 22D8A75754B7B9ECC4753E3C09A56B18
PID: 1244 ( 848) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 22D8A75754B7B9ECC4753E3C09A56B18
PID: 1452 ( 848) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 22D8A75754B7B9ECC4753E3C09A56B18
PID: 1568 ( 848) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 22D8A75754B7B9ECC4753E3C09A56B18
PID: 1884 ( 848) C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
size: 105632
MD5: 15C40B3E236C98C3C31F802881713064
PID: 332 ( 848) C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
size: 46736
MD5: CE045B180D34404FF3017C18D308E9C1
PID: 444 ( 848) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1848 ( 848) C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
size: 198336
MD5: 0FCFBD0EDAA188B3D652DDCE6D16D866
PID: 176 ( 848) C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
size: 204800
MD5: E8FBDCC8D618D1BB84B828F247A6244B
PID: 476 ( 848) C:\WINDOWS\System32\snmp.exe
size: 32256
MD5: 405AE01764981407AFCDC71FC152337B
PID: 1484 ( 848) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: AB0A7CA90D9E3D6A193905DC1715DED0
PID: 1736 ( 848) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 674AD0546272F9ADB8028B9CA0D0658F
PID: 1372 (3792) C:\WINDOWS\Explorer.EXE
size: 1032704
MD5: 87A3C8EAD27CF3591713D629D8BCB990
PID: 3780 (1372) C:\WINDOWS\system32\pctspk.exe
size: 163840
MD5: 039E34057D43AEC106A05BCDDACF664C
PID: 3972 (1372) C:\Program\Synaptics\SynTP\SynTPLpr.exe
size: 126976
MD5: 334FCF77162C78CBA1EE59168B2C9387
PID: 4008 (1372) C:\Program\Synaptics\SynTP\SynTPEnh.exe
size: 569344
MD5: 2C8DD635CEC467A577F58B751DFB1CD1
PID: 4088 (1372) C:\Program\Delade filer\Real\Update_OB\realsched.exe
size: 180269
MD5: B8E684DF9A97497EDD2F87444A6307FB
PID: 1392 (1372) C:\Program\QuickTime\qttask.exe
size: 77824
MD5: 5D22B4258489575412F6D18AFFC847A2
PID: 2992 (1372) C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
size: 57344
MD5: 617FA5BE646B5E8D6670FD4710ACD2D3
PID: 1052 (1372) C:\Program\Delade filer\Symantec Shared\ccApp.exe
size: 84640
MD5: 61937BFDF7E4D169461A547ACD09974C
PID: 1384 (1372) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: FEBE82A289A6645E26B27F3A0A4D2B84
PID: 852 (1372) C:\Program\MSN Messenger\MsnMsgr.Exe
size: 5354792
MD5: C1EE2387EDE907599EE3A6DE9493F672
PID: 2008 (1372) C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
size: 438272
MD5: 23042666A9A6A572F46440E84CB1FD8B
PID: 2068 (1372) C:\Program\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 3332 ( 848) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 22D8A75754B7B9ECC4753E3C09A56B18
PID: 4056 ( 848) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 22D8A75754B7B9ECC4753E3C09A56B18
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 2006-12-03 13:27:21

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---


--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\Program\Lavasoft\AD-AWA~1\UNWISE.EXE C:\Program\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

Adobe Atmosphere Player for Acrobat and Adobe Reader (Adobe Atmosphere Player)
uninstall cmd: C:\WINDOWS\atmoUn.exe

Adobe SVG Viewer 3.0 3.0 (Adobe SVG Viewer)
version (major): 3
install location: C:\Program\Delade filer\Adobe\SVG Viewer 3.0
uninstall cmd: C:\Program\Delade filer\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program\Delade filer\Adobe\SVG Viewer 3.0\Uninstall\Install.log

AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Program\Grisoft\AVG Anti-Spyware 7.5
uninstall cmd: C:\Program\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: http://www.grisoft.com

Basketball Playbook 009 (Basketball Playbook 009_is1)
install location: C:\Program\Jes-Soft\Basketball Playbook v009\
uninstall cmd: "C:\Program\Jes-Soft\Basketball Playbook v009\unins000.exe"
publisher: Jes-Soft

(Branding)

(Connection Manager)

(DirectAnimation)

(DirectDrawEx)

(expinst)

(Fontcore)

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Hijackthis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

hp deskjet 5100 series (hp deskjet 5100 series_Driver)
uninstall cmd: rundll32 hpzcon09.dll,VendorJettison hp deskjet 5100 series

hp print screen utility (hp print screen utility)
uninstall cmd: C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe

(ICW)

Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs)
install date: 20061122
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

(IE40)

(IE4Data)

(IE5BAKEX)

Windows Internet Explorer 7 20061107.210142 (ie7)
install date: 20061126
uninstall cmd: "C:\WINDOWS\ie7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://www.microsoft.com/ie

(IEData)

(IEREADME)

ieSpell 2.5.1 (build 106) (ieSpell)
uninstall cmd: "C:\Program\ieSpell\uninst.exe"
publisher: Red Egg Software

HSP56 MR Drivers (Installing HSP56 MicroModem Drivers)
uninstall cmd: ptuninst.exe

install_FIBA_screensaver2 (install_FIBA_screensaver2.scr)
uninstall cmd: C:\WINDOWS\install_FIBA_screensaver2.scr /U

InterActual Player (InterActual Player)
uninstall cmd: C:\Program Files\InterActual\InterActual Player\inuninst.exe

Honda
2006-12-03, 14:58
Kaspersky Online Scanner 5.0.83.0 (Kaspersky Online Scanner)
estimated size: 6040
install location: C:\WINDOWS\system32\KASPER~1\KASPER~1
uninstall cmd: C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
publisher: Kaspersky Lab
contact: Customer Support Department
help link: http://www.kaspersky.com/support.asp

Windows XP Hotfix - KB834707 20040929.110854 (KB834707)
uninstall cmd: C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=834707

Windows XP Hotfix - KB867282 20050127.090417 (KB867282)
uninstall cmd: C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=867282

Microsoft Data Access Components KB870669 (KB870669)
uninstall cmd: C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB870669

Windows XP Hotfix - KB873333 20050114.005213 (KB873333)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873333

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

Säkerhetsuppdatering för Windows XP (KB883939) 1 (KB883939)
install date: 20050616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=883939

(KB884016)

Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250

Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742

Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113

Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

Säkerhetsuppdatering för Windows XP (KB890046) 1 (KB890046)
install date: 20050616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Windows XP Hotfix - KB890047 20041221.124506 (KB890047)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890047

Windows XP Hotfix - KB890175 20041201.233338 (KB890175)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890175

Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20050413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

Windows XP Hotfix - KB890923 1 (KB890923)
install date: 20050413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890923

Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Windows XP Hotfix - KB893066 1 (KB893066)
install date: 20050413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066

Windows XP Hotfix - KB893086 1 (KB893086)
install date: 20050413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893086

Säkerhetsuppdatering för Windows XP (KB893756) 1 (KB893756)
install date: 20050816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

Windows Installer 3.1 (KB893803) 3.1 (KB893803)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Uppdatering för Windows XP (KB894391) 1 (KB894391)
install date: 20050816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

Säkerhetsuppdatering för Windows XP (KB896358) 1 (KB896358)
install date: 20050616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Säkerhetsuppdatering för Windows XP (KB896422) 1 (KB896422)
install date: 20050616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422

Säkerhetsuppdatering för Windows XP (KB896423) 1 (KB896423)
install date: 20050816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Säkerhetsuppdatering för Windows XP (KB896424) 1 (KB896424)
install date: 20051109
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424

Säkerhetsuppdatering för Windows XP (KB896428) 1 (KB896428)
install date: 20050616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

Säkerhetsuppdatering för Windows XP (KB896688) 1 (KB896688)
install date: 20051106
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896688

Uppdatering för Windows XP (KB896727) 1 (KB896727)
install date: 20050816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896727

Uppdatering för Windows XP (KB898461) 1 (KB898461)
install date: 20050717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

Säkerhetsuppdatering för Windows XP (KB899587) 1 (KB899587)
install date: 20050816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587

Säkerhetsuppdatering för Windows XP (KB899588) 1 (KB899588)
install date: 20050816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899588

Säkerhetsuppdatering för Windows XP (KB899591) 1 (KB899591)
install date: 20050816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591

Uppdatering för Windows XP (KB900485) 2 (KB900485)
install date: 20060426
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485

Säkerhetsuppdatering för Windows XP (KB900725) 1 (KB900725)
install date: 20051106
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725

Säkerhetsuppdatering för Windows XP (KB901017) 1 (KB901017)
install date: 20051106
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017

Säkerhetsuppdatering för Windows XP (KB901190) 1 (KB901190)
install date: 20060709
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901190

Säkerhetsuppdatering för Windows XP (KB901214) 1 (KB901214)
install date: 20050717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

Hotfix for Windows Media Format SDK (KB902344) (KB902344)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902344

Säkerhetsuppdatering för Windows XP (KB902400) 1 (KB902400)
install date: 20051106
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400

Säkerhetsuppdatering för Windows XP (KB903235) 1 (KB903235)
install date: 20050717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=903235

Säkerhetsuppdatering för Windows XP (KB904706) 1 (KB904706)
install date: 20051106
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706

Uppdatering för Windows XP (KB904942) 2 (KB904942)
install date: 20061122
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904942

Säkerhetsuppdatering för Windows XP (KB905414) 1 (KB905414)
install date: 20051106
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414

Säkerhetsuppdatering för Windows XP (KB905749) 1 (KB905749)
install date: 20051106
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749

Säkerhetsuppdatering för Windows XP (KB905915) 1 (KB905915)
install date: 20051220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905915

Säkerhetsuppdatering för Windows XP (KB908519) 1 (KB908519)
install date: 20060111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519

Säkerhetsuppdatering för Windows XP (KB908531) 1 (KB908531)
install date: 20060413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531

Uppdatering för Windows XP (KB910437) 1 (KB910437)
install date: 20051220
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437

Säkerhetsuppdatering för Windows XP (KB911280) 1 (KB911280)
install date: 20060614
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280

Säkerhetsuppdatering för Windows XP (KB911562) 1 (KB911562)
install date: 20060413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562

Säkerhetsuppdatering för Windows Media Player (KB911564) (KB911564)
install date: 20060219
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564

Säkerhetsuppdatering för Windows Media Player 10 (KB911565) (KB911565)
install date: 20060219
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911565

Säkerhetsuppdatering för Windows XP (KB911567) 1 (KB911567)
install date: 20060413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567

Säkerhetsuppdatering för Windows XP (KB911927) 1 (KB911927)
install date: 20060219
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927

Shaba
2006-12-03, 15:20
Hi

Right-click this (http://www.kellys-korner-xp.com/regs_edits/securitycenterrestore.reg) link
and choose save as/save target as (depends on your browser) and save it to desktop. Doubleclick securitycenterrestore.reg, click Yes and ok.

Reboot

How about now?

Honda
2006-12-04, 02:59
Shabas, thx for your help and patience.... ok, ran the through the steps, and it still isn't working.... ran a spybot test as well and it came back clean...

So now where do we go...

again thx for your time.

Shaba
2006-12-04, 09:15
Hi

Go to start -> run -> services.msc -> ok

Find Security Center, doubleclick it, press start (if not already running) and make sure that startuptype is automatic.

Did it help?

Honda
2006-12-04, 13:47
Shaba, you have just been elevated to one of my smartest person alive catergories... yes the security center is up and running.

All seems good.

Do i need do anything else?

If not thankyou for your help outstanding!

Honda
2006-12-04, 14:39
Shaba, looks like i spoke too soon. After rebooting the computer it was turned off again, even after setting it to automatic, obviously i have some type of conflict there, but i haven't the foggiest idea obviously! :sad:

Shaba
2006-12-04, 18:02
Hi

Is Norton running ok though security center isn't?

If so, you can ignore security center thing.

See more info about security center below.

FAQ, Why does Spybot-S&D flag changes in the Windows Security Center:
http://www.safer-networking.org/en/faq/46.html
"Windows Security Center"
Please see comment by md usa spybot fan here
http://forums.spybot.info/showthread.php?t=250

Shaba
2006-12-12, 17:40
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.