Post by: Bokaj on June 11, 2008, 06:07:30 AM
My PC is shutting down all the time. It says it has a critical error and will close
within 60 seconds. It happens a lot. And also my Windows Security Center is
sending all these messages. See my attached images.
After a crash the Windows Security Center asks me to use Ultimate Fixer, but when
I press install - nothing happens.
It all happened after I went into a site that required some sort of QT codec/ application
to view its content. So I installed it - and from that point my PC has been extremely
unstable. I don't think it's a virus, but more of a registry fault or something...
But then again, I'm no Tech Guru...
It would be really great if some of you guys could take a look at the enclosed images
and send me a tip or two on how to get my system back on track.
Thanks for your time,
Bokaj
Post by: guestolo on June 11, 2008, 08:34:56 AM
Can you do the following for me please
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color] (http://\"http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe\")
For an alternate download location, you can try HERE (http://\"http://fileforum.betanews.com/detail/HijackThis/1071179190/1\")
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install
Hijackthis v2.0.2 will open
Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum----It is all important!
Post by: Bokaj on June 11, 2008, 02:47:11 PM
Thank you for the help!
Here's my HJT log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:32, on 11.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\stickies\stickies.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programfiler\Norton AntiVirus\OPScan.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENONO/SAOS01 (http://\"http://g.msn.no/0SENONO/SAOS01\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com (http://\"http://www.hp.com\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ (http://\"http://www.hp.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stickies.lnk = C:\Programfiler\stickies\stickies.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab\")
O20 - Winlogon Notify: kblcmchw - C:\WINDOWS\SYSTEM32\kblcmchw.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 8907 bytes
--------
That's it.
Best regard's
Bokaj.
[quote name=\'guestolo\' post=\'431138\' date=\'Jun 11 2008, 02:34 PM\']Hi Bokaj,
Can you do the following for me please
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color] (http://\"http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe\")
For an alternate download location, you can try HERE (http://\"http://fileforum.betanews.com/detail/HijackThis/1071179190/1\")
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install
Hijackthis v2.0.2 will open
Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum----It is all important![/quote]
Post by: guestolo on June 11, 2008, 04:17:48 PM
If you have previously downloaded ComboFix, I need you to delete your copy and download the latest
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop
Don't run it yet
Physically disconnect the internet cable connection to your computer
Temporarily disable your AntiVirus software
Double click on ComboFix.exe to run the program
Follow the prompts
normally this fix takes anywhere from 10 to 30 minutes
After reboot
ComboFix will run again, then continue to create a log, this can take a few minutes
Let it run uninterrupted please
I'll need to see this log later
Note:
[color=\"#4169E1\"]Do not mouseclick combofix's window while it's running. That may cause it to stall[/color]
After ComboFix runs, and after it's log opens
Connect Internet cable, if you have no Internet connection
Simply reboot your computer
By default, the location of the combofix log is located at this location
C:\combofix.txt
Post back the log from ComboFix and a Fresh hijiackthis log please
Post by: Bokaj on June 12, 2008, 06:30:37 AM
I've done the ComboFix scan, here's the log:
ComboFix 08-06-10.5 - Bruker 2008-06-12 13:23:48.2 - NTFSx86
Running from: C:\Documents and Settings\Bruker\Skrivebord\ComboFix.exe
[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Gjest\Lokale innstillinger\Programdata\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\kblcmchw.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
.
2008-06-12 03:04 . 2008-06-12 03:04 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-12 03:01 . 2008-06-12 03:02 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-11 10:20 . 2008-04-14 17:54 272,256 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 10:20 . 2008-04-14 17:54 272,256 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 12:20 . 2008-06-10 12:20 <DIR> d-------- C:\Programfiler\OKI driver
2008-06-10 11:42 . 2008-06-10 11:42 1,090,560 --a------ C:\Programfiler\w2kpcl6ES3640mfp.exe
2008-06-04 00:47 . 2008-06-12 13:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-04 00:47 . 2008-06-04 00:47 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-01 13:06 . 2008-06-12 12:35 <DIR> dr-h----- C:\Documents and Settings\Bruker\Siste
2008-06-01 12:25 . 2008-06-01 13:04 <DIR> d-------- C:\Programfiler\Free FLV Converter
2008-06-01 12:25 . 2007-06-19 01:22 364,544 --a------ C:\WINDOWS\system32\PropertyGrid.ocx
2008-06-01 12:25 . 2008-05-15 11:30 208,896 --a------ C:\WINDOWS\system32\TubeFinder.exe
2008-06-01 12:25 . 2005-10-13 15:42 208,500 --a------ C:\WINDOWS\system32\ReyXpBasics.tlb
2008-06-01 12:25 . 1998-07-13 01:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-06-01 12:25 . 2000-10-01 21:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2008-06-01 12:25 . 2000-07-15 07:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-06-01 12:25 . 2004-03-09 02:00 84,512 --a------ C:\WINDOWS\system32\PICCLP32.OCX
2008-06-01 12:25 . 1998-07-12 21:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2008-06-01 12:25 . 2005-09-28 03:31 24,576 --a------ C:\WINDOWS\system32\ControlSubX.ocx
2008-06-01 12:25 . 1998-07-13 02:00 9,728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL
2008-06-01 12:24 . 2008-06-01 12:24 5,164,815 --a------ C:\Programfiler\Setup_FreeFlvConverterN.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 01:10 --------- d-----w C:\Documents and Settings\Bruker\Programdata\uTorrent
2008-06-11 09:30 --------- d-----w C:\Documents and Settings\Bruker\Programdata\CoreFTP
2008-06-03 20:46 --------- d-----w C:\Documents and Settings\Bruker\Programdata\U3
2008-05-19 21:19 --------- d-----w C:\Documents and Settings\Bruker\Programdata\AdobeUM
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:16 1,290,752 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-02 14:16 --------- d-----w C:\Programfiler\Java
2008-04-17 10:52 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-04-03 21:34 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 166,688 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:11 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-21 13:43 11,768,139 ----a-w C:\Programfiler\blender-2.45-windows.zip
2007-05-07 16:35 12,934,148 ----a-w C:\Programfiler\quicktimealt181.exe
2007-02-27 17:20 1,230,520 ----a-w C:\Programfiler\Install_FastSend_Plug-in_3.exe
2006-12-05 12:58 382,431 ----a-w C:\Programfiler\MPEG_Streamclip_1[1].0.zip
2006-11-03 13:49 643,144 ----a-w C:\Programfiler\XviD-1.1.2-01112006.exe
2006-08-10 16:06 33,462,508 ----a-w C:\Programfiler\klmcodec156.exe
2006-03-13 14:33 31,488 ----a-w C:\Programfiler\unins000.dat
2006-03-13 14:32 689,497 ----a-w C:\Programfiler\unins000.exe
2006-03-13 14:27 3,971,184 ----a-w C:\Programfiler\rminstall.exe
2005-11-28 02:48 610,831 ----a-w C:\Programfiler\stickies.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-12_13.10.39.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 11:02:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-12 11:19:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-06 17:16 88267 C:\WINDOWS\AGRSMMSG.exe]
"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2004-03-01 14:05 200766]
"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-20 22:10 335872]
"UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 02:05 122939]
"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 19:15 98304]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 19:15 536576]
"HPHUPD05"="c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 21:03 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-22 20:58 483328]
"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-03-30 17:06 71304]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-23 20:46 100056]
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [ ]
"MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2003-04-07 18:09 118784]
"HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27 222208]
"QuickTime Task"="C:\Programfiler\QuickTime Alternative\qttask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:00 15360]
"PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]
C:\Documents and Settings\Bruker\Start-meny\Programmer\Oppstart\
Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-16 13:50:38 113664]
Stickies.lnk - C:\Programfiler\stickies\stickies.exe [2005-05-29 21:37:09 348160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kblcmchw]
kblcmchw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg30.dll
"VIDC.PIMJ"= pvljpg20.dll
"VIDC.PVW2"= PVWV220.dll
"VIDC.X264"= x264vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programfiler\\Messenger\\msmsgs.exe"=
"C:\\Programfiler\\Soulseek\\slsk.exe"=
"C:\\Programfiler\\StreamCast\\Morpheus\\MorphEXE.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Programfiler\\CoreFTP\\coreftp.exe"=
"C:\\Programfiler\\stickies\\stickies.exe"=
"C:\\Programfiler\\uTorrent\\utorrent.exe"=
"C:\\Programfiler\\eMule\\eMule0.47c\\eMule0.47c\\emule.exe"=
"C:\\Programfiler\\iTunes\\iTunes.exe"=
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS [2004-03-18 03:20]
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2002-11-25 05:46]
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 15:09]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 10:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe
"2008-05-09 18:34:22 C:\WINDOWS\Tasks\Norton AntiVirus - Søk på min datamaskin.job"
- C:\PROGRA~1\NORTON~1\Navw32.exec/task:
"2008-06-12 08:15:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Programfiler\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-06-12 13:27:34
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwEnumerateKey, ZwEnumerateValueKey, ZwQueryDirectoryFile, ZwQuerySystemInformation
scanning hidden processes ...
C:\WINDOWS\system32\.5796532d\5796532d.exe [2012] 0x862D0DA0
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe?????????7?8?0?9??????? ???B???????????????B????????
scanning hidden files ...
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp2F3.tmp.5796532d.tmp 249856 bytes executable
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp44.tmp.5796532d.tmp 249856 bytes executable
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp1BAB.tmp.5796532d.tmp 249856 bytes executable
C:\WINDOWS\system32\.5796532d
scan completed successfully
hidden files: 4
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\5796532d]
"ImagePath"="C:\WINDOWS\system32\.5796532d\5796532d.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\.5796532d\5796532d.core.dll
.
Completion time: 2008-06-12 13:30:44
ComboFix-quarantined-files.txt 2008-06-12 11:30:30
Pre-Run: 3,709,607,936 byte ledig
Post-Run: 3,699,453,952 byte ledig
171 --- E O F --- 2008-06-12 01:04:59
AND HERE'S THE FRESH HJT LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:32:23, on 12.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ (http://\"http://www.hp.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stickies.lnk = C:\Programfiler\stickies\stickies.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab\")
O20 - Winlogon Notify: kblcmchw - kblcmchw.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 8689 bytes
That's it.
Thanks,
Bokaj
Post by: guestolo on June 12, 2008, 07:25:53 AM
http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")
Copy and paste the following bold line to the space next to 'Upload a File'
C:\WINDOWS\system32\.5796532d\5796532d.exe
Then use the SEND FILE button
Let it finish scanning
Could you post back the results this scan back here please, or post the link to the results window
Do the same procedure for this file name
C:\WINDOWS\system32\.5796532d\5796532d.core.dll
Post by: Bokaj on June 12, 2008, 08:31:38 AM
Here's the permalink for C:\WINDOWS\system32\.5796532d\5796532d.exe
http://www.virustotal.com/analisis/994acbf...22b28f2bcc250ce (http://\"http://www.virustotal.com/analisis/994acbf286634da3e22b28f2bcc250ce\")
And the rest of text:
MD5: 6b2b5518ce11ab321cd5be83d25d0ac7
First received: 04.28.2008 02:02:51 (CET)
Date: 04.28.2008 02:02:51 (CET) [>45D]
Results: 15/32
Permalink: analisis/994acbf286634da3e22b28f2bcc250ce
Here's the other one - C:\WINDOWS\system32\.5796532d\5796532d.core.dll
Permalink: http://www.virustotal.com/analisis/c82a57b...d5a49e60074793b (http://\"http://www.virustotal.com/analisis/c82a57b06dffc1071d5a49e60074793b\")
And rest of the text:
MD5: b7d3d542706d6dc18f48c065ea606d74
First received: 05.30.2008 11:25:11 (CET)
Date: 05.30.2008 11:25:13 (CET) [>13D]
Results: 8/32
Permalink: analisis/c82a57b06dffc1071d5a49e60074793b
Best wishes,
Bokaj
Post by: guestolo on June 12, 2008, 08:46:20 AM
Download [color=\"#FF0000\"]ATF-Cleaner[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\") by Atribune.
Save it to your desktop
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Wait for the "Done Cleaning" prompt then click OK
Exit ATF-Cleaner from the Main menu
==Open notepad
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work
[color=\"#0000FF\"]Driver::
5796532d
File::
C:\WINDOWS\imsins.BAK
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp2F3.tmp.5796532d.tmp
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp44.tmp.5796532d.tmp
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp1BAB.tmp.5796532d.tmp
Folder::
C:\WINDOWS\system32\.5796532d
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kblcmchw]
[/color]
Save this as txtfile on your desktop
name it:
CFScript
Again, ensure Norton's software is temporarily disabled
(http://i184.photobucket.com/albums/x99/guestolo/CFScript.gif)
Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
When finished, it shall produce a log for you with the name C:\ComboFix.txt..
Can you post that log again
Afterwards you post that log
Can I have you do the following
Download Dr.Web CureIt to the desktop from this link
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe (http://\"ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe\")
Again, I suggest that you disable your AntiVirus software while this scan is running
Double click to run Dr.Web-cureit.exe from desktop
- Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, Click Options > Change settings
- Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
- Back at the main window, mark the drives that you want to scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow at the right, and the scan will start.
- Click 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, look if you can click next icon next to the files found: (http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif)
- If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
(http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif)
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. - After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
- Save the report to your desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit.
- Reboot your computer
Please post the log from Dr. Web in a seperate reply along with a fresh hijackthis log
Let me know how things are then running please
Post by: Bokaj on June 12, 2008, 09:54:45 AM
Here's the fresh CF log:
ComboFix 08-06-10.5 - Bruker 2008-06-12 16:45:29.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.617 [GMT 2:00]
Running from: C:\Documents and Settings\Bruker\Skrivebord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bruker\Skrivebord\CFScript.txt
* Created a new restore point
[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
FILE ::
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp1BAB.tmp.5796532d.tmp
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp2F3.tmp.5796532d.tmp
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp44.tmp.5796532d.tmp
C:\WINDOWS\imsins.BAK
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp1BAB.tmp.5796532d.tmp
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp2F3.tmp.5796532d.tmp
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp44.tmp.5796532d.tmp
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\.5796532d . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
.
2008-06-12 03:04 . 2008-06-12 03:04 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-11 10:20 . 2008-04-14 17:54 272,256 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 10:20 . 2008-04-14 17:54 272,256 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 12:20 . 2008-06-10 12:20 <DIR> d-------- C:\Programfiler\OKI driver
2008-06-10 11:42 . 2008-06-10 11:42 1,090,560 --a------ C:\Programfiler\w2kpcl6ES3640mfp.exe
2008-06-04 00:47 . 2008-06-12 16:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-04 00:47 . 2008-06-04 00:47 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-01 13:06 . 2008-06-12 16:40 <DIR> dr-h----- C:\Documents and Settings\Bruker\Siste
2008-06-01 12:25 . 2008-06-01 13:04 <DIR> d-------- C:\Programfiler\Free FLV Converter
2008-06-01 12:25 . 2007-06-19 01:22 364,544 --a------ C:\WINDOWS\system32\PropertyGrid.ocx
2008-06-01 12:25 . 2008-05-15 11:30 208,896 --a------ C:\WINDOWS\system32\TubeFinder.exe
2008-06-01 12:25 . 2005-10-13 15:42 208,500 --a------ C:\WINDOWS\system32\ReyXpBasics.tlb
2008-06-01 12:25 . 1998-07-13 01:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-06-01 12:25 . 2000-10-01 21:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2008-06-01 12:25 . 2000-07-15 07:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-06-01 12:25 . 2004-03-09 02:00 84,512 --a------ C:\WINDOWS\system32\PICCLP32.OCX
2008-06-01 12:25 . 1998-07-12 21:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2008-06-01 12:25 . 2005-09-28 03:31 24,576 --a------ C:\WINDOWS\system32\ControlSubX.ocx
2008-06-01 12:25 . 1998-07-13 02:00 9,728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL
2008-06-01 12:24 . 2008-06-01 12:24 5,164,815 --a------ C:\Programfiler\Setup_FreeFlvConverterN.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 12:45 --------- d-----w C:\Documents and Settings\Bruker\Programdata\uTorrent
2008-06-11 09:30 --------- d-----w C:\Documents and Settings\Bruker\Programdata\CoreFTP
2008-06-03 20:46 --------- d-----w C:\Documents and Settings\Bruker\Programdata\U3
2008-05-19 21:19 --------- d-----w C:\Documents and Settings\Bruker\Programdata\AdobeUM
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-02 14:16 --------- d-----w C:\Programfiler\Java
2008-04-03 21:34 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-21 13:43 11,768,139 ----a-w C:\Programfiler\blender-2.45-windows.zip
2007-05-07 16:35 12,934,148 ----a-w C:\Programfiler\quicktimealt181.exe
2007-02-27 17:20 1,230,520 ----a-w C:\Programfiler\Install_FastSend_Plug-in_3.exe
2006-12-05 12:58 382,431 ----a-w C:\Programfiler\MPEG_Streamclip_1[1].0.zip
2006-11-03 13:49 643,144 ----a-w C:\Programfiler\XviD-1.1.2-01112006.exe
2006-08-10 16:06 33,462,508 ----a-w C:\Programfiler\klmcodec156.exe
2006-03-13 14:33 31,488 ----a-w C:\Programfiler\unins000.dat
2006-03-13 14:32 689,497 ----a-w C:\Programfiler\unins000.exe
2006-03-13 14:27 3,971,184 ----a-w C:\Programfiler\rminstall.exe
2005-11-28 02:48 610,831 ----a-w C:\Programfiler\stickies.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-12_13.10.39.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 11:02:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-12 14:51:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-06 17:16 88267 C:\WINDOWS\AGRSMMSG.exe]
"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2004-03-01 14:05 200766]
"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-20 22:10 335872]
"UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 02:05 122939]
"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 19:15 98304]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 19:15 536576]
"HPHUPD05"="c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 21:03 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-22 20:58 483328]
"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-03-30 17:06 71304]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-23 20:46 100056]
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [ ]
"MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2003-04-07 18:09 118784]
"HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27 222208]
"QuickTime Task"="C:\Programfiler\QuickTime Alternative\qttask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:00 15360]
"PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]
C:\Documents and Settings\Bruker\Start-meny\Programmer\Oppstart\
Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-16 13:50:38 113664]
Stickies.lnk - C:\Programfiler\stickies\stickies.exe [2005-05-29 21:37:09 348160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg30.dll
"VIDC.PIMJ"= pvljpg20.dll
"VIDC.PVW2"= PVWV220.dll
"VIDC.X264"= x264vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programfiler\\Messenger\\msmsgs.exe"=
"C:\\Programfiler\\Soulseek\\slsk.exe"=
"C:\\Programfiler\\StreamCast\\Morpheus\\MorphEXE.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Programfiler\\CoreFTP\\coreftp.exe"=
"C:\\Programfiler\\stickies\\stickies.exe"=
"C:\\Programfiler\\uTorrent\\utorrent.exe"=
"C:\\Programfiler\\eMule\\eMule0.47c\\eMule0.47c\\emule.exe"=
"C:\\Programfiler\\iTunes\\iTunes.exe"=
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS [2004-03-18 03:20]
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2002-11-25 05:46]
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 15:09]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 10:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe
"2008-05-09 18:34:22 C:\WINDOWS\Tasks\Norton AntiVirus - Søk på min datamaskin.job"
Post by: guestolo on June 12, 2008, 10:06:56 AM
Can you post anything below the following lines
Contents of the 'Scheduled Tasks' folder
"2008-05-10 10:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe
"2008-05-09 18:34:22 C:\WINDOWS\Tasks\Norton AntiVirus - Søk på min datamaskin.job"
Remember, the default location of the log is at C:\ComboFix.txt
Post by: Bokaj on June 13, 2008, 07:26:15 AM
Can you post anything below the following lines
Contents of the 'Scheduled Tasks' folder
"2008-05-10 10:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe
"2008-05-09 18:34:22 C:\WINDOWS\Tasks\Norton AntiVirus - Søk på min datamaskin.job"
Remember, the default location of the log is at C:\ComboFix.txt[/quote]
Hi again Guestolo, sorry for my late reply.
There is actually nothing below that line in the ComboFix document. It ends there...
I followed your instructions very carefully, but perhaps I did something wrong.?
Dr.Web actually took away the ComboFix software...
This is from Dr.Web log (also see attached image from Excel):
psexesvc.exe;c:\windows;Program.PsExec.170;Moved.;
5796532d.exe;c:\windows\system32\.5796532d;Trojan.Virtumod.based.14;Urensbar.Flyttet.;
psexec.cfexe;C:\ComboFix;Program.PsExec.171;Moved.;
ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\Bruker\Skrivebord\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\Bruker\Skrivebord;Archive contains infected objects;Moved.;
A0021991.dll;C:\System Volume Information\_restore{41E741EB-AF3A-429F-A308-7C932868B485}\RP52;Trojan.Virtumod.based.14;Incurable.Moved.;
A0023063.EXE;C:\System Volume Information\_restore{41E741EB-AF3A-429F-A308-7C932868B485}\RP53;Program.PsExec.170;Moved.;
A0023132.exe;C:\System Volume Information\_restore{41E741EB-AF3A-429F-A308-7C932868B485}\RP54;Trojan.Virtumod.based.14;Incurable.Moved.;
A0023133.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{41E741EB-AF3A-429F-A308-7C932868B485}\RP54\A0023133.exe;Program.PsExec.171;;
A0023133.exe;C:\System Volume Information\_restore{41E741EB-AF3A-429F-A308-7C932868B485}\RP54;Archive contains infected objects;Moved.;
PSEXESVC.EXE;C:\WINDOWS;Program.PsExec.170;Invalid path to file ;
[attachment=4578:Dr.Web_log.JPG]
AND HERE'S THE FRESH HJT LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:22, on 2008-06-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\stickies\stickies.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ (http://\"http://www.hp.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stickies.lnk = C:\Programfiler\stickies\stickies.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab\")
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 8777 bytes
Things seems to be running a little smoother. The PC hasn't crashed since you started giving me
some first aid. But according to the Dr.Web my PC is infected with some Trojans.
But there's a problem with Norton Anti Virus 2004. The Live Update won't work. I just don't give me
the latest updates. When I push Live Update, it connects to the server, and the taskbar says everything
is good, but after I close Live Update - Norton says that my virus definitions are old and not updated.
I've tried to search on Symantec's pages, but haven't found any answers. Have you ever experienced
this problem?
Best wishes,
Bokaj
Post by: guestolo on June 13, 2008, 10:05:09 AM
I want to try Combofix again
I want to ensure you have the latest version anyways
So let's redownload it
Temporarily disable your AntiVirus
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop
Delete CFScript.txt from desktop, we are going to recreate it
==Open notepad
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work
[color=\"#0000FF\"]KILLALL::
Driver::
5796532d
File::
C:\WINDOWS\system32\.5796532d\5796532d.exe
C:\WINDOWS\system32\.5796532d\5796532d.core.dll
Folder::
C:\WINDOWS\system32\.5796532d
Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\5796532d]
[/color]
Save this as txtfile on your desktop
name it:
CFScript
(http://i184.photobucket.com/albums/x99/guestolo/CFScript.gif)
Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
When finished, it shall produce a log for you with the name C:\ComboFix.txt..
Can you post that log again
In addition, if you need a seperate reply to post these next logs, do so please
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] (http://\"http://deckard.geekstogo.com/dss.exe\") to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.
Post back just the Whole contents of Main.txt and Extra.txt
Post by: Bokaj on June 15, 2008, 05:17:18 PM
Thanks for the new advice and guidance.
Here's the log from ComboFix, it's was found inside the C:/Combofix (folder)
ComboFix 08-06-15.2 - Bruker 2008-06-15 23:45:22.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.646 [GMT 2:00]
Running from: C:\Documents and Settings\Bruker\Skrivebord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bruker\Skrivebord\CFScript.txt
* Created a new restore point
[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
FILE ::
C:\WINDOWS\system32\.5796532d\5796532d.core.dll
C:\WINDOWS\system32\.5796532d\5796532d.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\.5796532d
C:\WINDOWS\system32\.5796532d\5796532d.Aff.config
C:\WINDOWS\system32\.5796532d\5796532d.BR.config
C:\WINDOWS\system32\.5796532d\5796532d.core.dll
C:\WINDOWS\system32\.5796532d\5796532d.GR.config
C:\WINDOWS\system32\.5796532d\5796532d.Rdr.config
C:\WINDOWS\system32\.5796532d\5796532d.ServerPlugin.config
.
---- Previous Run -------
.
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp1BAB.tmp.5796532d.tmp
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp2F3.tmp.5796532d.tmp
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp44.tmp.5796532d.tmp
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\.5796532d . . . . failed to delete
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_5796532D
((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.
2008-06-12 17:19 . 2008-06-12 17:21 <DIR> d-------- C:\Documents and Settings\Bruker\DoctorWeb
2008-06-12 03:04 . 2008-06-12 03:04 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-11 10:20 . 2008-04-14 17:54 272,256 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 10:20 . 2008-04-14 17:54 272,256 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 12:20 . 2008-06-10 12:20 <DIR> d-------- C:\Programfiler\OKI driver
2008-06-10 11:42 . 2008-06-10 11:42 1,090,560 --a------ C:\Programfiler\w2kpcl6ES3640mfp.exe
2008-06-04 00:47 . 2008-06-15 23:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-04 00:47 . 2008-06-04 00:47 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-01 13:06 . 2008-06-15 23:42 <DIR> dr-h----- C:\Documents and Settings\Bruker\Siste
2008-06-01 12:25 . 2008-06-01 13:04 <DIR> d-------- C:\Programfiler\Free FLV Converter
2008-06-01 12:25 . 2007-06-19 01:22 364,544 --a------ C:\WINDOWS\system32\PropertyGrid.ocx
2008-06-01 12:25 . 2008-05-15 11:30 208,896 --a------ C:\WINDOWS\system32\TubeFinder.exe
2008-06-01 12:25 . 2005-10-13 15:42 208,500 --a------ C:\WINDOWS\system32\ReyXpBasics.tlb
2008-06-01 12:25 . 1998-07-13 01:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-06-01 12:25 . 2000-10-01 21:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2008-06-01 12:25 . 2000-07-15 07:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-06-01 12:25 . 2004-03-09 02:00 84,512 --a------ C:\WINDOWS\system32\PICCLP32.OCX
2008-06-01 12:25 . 1998-07-12 21:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2008-06-01 12:25 . 2005-09-28 03:31 24,576 --a------ C:\WINDOWS\system32\ControlSubX.ocx
2008-06-01 12:25 . 1998-07-13 02:00 9,728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL
2008-06-01 12:24 . 2008-06-01 12:24 5,164,815 --a------ C:\Programfiler\Setup_FreeFlvConverterN.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 12:45 --------- d-----w C:\Documents and Settings\Bruker\Programdata\uTorrent
2008-06-11 09:30 --------- d-----w C:\Documents and Settings\Bruker\Programdata\CoreFTP
2008-06-03 20:46 --------- d-----w C:\Documents and Settings\Bruker\Programdata\U3
2008-05-19 21:19 --------- d-----w C:\Documents and Settings\Bruker\Programdata\AdobeUM
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-02 14:16 --------- d-----w C:\Programfiler\Java
2008-04-03 21:34 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-21 13:43 11,768,139 ----a-w C:\Programfiler\blender-2.45-windows.zip
2007-05-07 16:35 12,934,148 ----a-w C:\Programfiler\quicktimealt181.exe
2007-02-27 17:20 1,230,520 ----a-w C:\Programfiler\Install_FastSend_Plug-in_3.exe
2006-12-05 12:58 382,431 ----a-w C:\Programfiler\MPEG_Streamclip_1[1].0.zip
2006-11-03 13:49 643,144 ----a-w C:\Programfiler\XviD-1.1.2-01112006.exe
2006-08-10 16:06 33,462,508 ----a-w C:\Programfiler\klmcodec156.exe
2006-03-13 14:33 31,488 ----a-w C:\Programfiler\unins000.dat
2006-03-13 14:32 689,497 ----a-w C:\Programfiler\unins000.exe
2006-03-13 14:27 3,971,184 ----a-w C:\Programfiler\rminstall.exe
2005-11-28 02:48 610,831 ----a-w C:\Programfiler\stickies.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-12_13.10.39.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 11:02:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-15 21:51:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-06 17:16 88267 C:\WINDOWS\AGRSMMSG.exe]
"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2004-03-01 14:05 200766]
"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-20 22:10 335872]
"UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 02:05 122939]
"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 19:15 98304]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 19:15 536576]
"HPHUPD05"="c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 21:03 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-22 20:58 483328]
"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-03-30 17:06 71304]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-23 20:46 100056]
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [ ]
"MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2003-04-07 18:09 118784]
"HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27 222208]
"QuickTime Task"="C:\Programfiler\QuickTime Alternative\qttask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:00 15360]
"PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]
C:\Documents and Settings\Bruker\Start-meny\Programmer\Oppstart\
Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-16 13:50:38 113664]
Stickies.lnk - C:\Programfiler\stickies\stickies.exe [2005-05-29 21:37:09 348160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg30.dll
"VIDC.PIMJ"= pvljpg20.dll
"VIDC.PVW2"= PVWV220.dll
"VIDC.X264"= x264vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\5796532d]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programfiler\\Messenger\\msmsgs.exe"=
"C:\\Programfiler\\Soulseek\\slsk.exe"=
"C:\\Programfiler\\StreamCast\\Morpheus\\MorphEXE.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Programfiler\\CoreFTP\\coreftp.exe"=
"C:\\Programfiler\\uTorrent\\utorrent.exe"=
"C:\\Programfiler\\iTunes\\iTunes.exe"=
"C:\\Programfiler\\Symantec\\LiveUpdate\\LUALL.EXE"=
"C:\\Programfiler\\eMule\\eMule0.47c\\eMule0.47c\\emule.exe"=
"C:\\Programfiler\\stickies\\stickies.exe"=
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS [2004-03-18 03:20]
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2002-11-25 05:46]
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 15:09]
.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 10:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe
"2008-06-13 18:04:53 C:\WINDOWS\Tasks\Norton AntiVirus - Søk på min datamaskin.job"
Best regard's
Bokaj
Post by: Bokaj on June 15, 2008, 05:19:18 PM
I only got the main.txt log, nothing called extra.txt was minimized.
Deckard's System Scanner v20071014.68
Run by Bruker on 2008-06-16 00:04:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------
[color=\"red\"]System Drive C: has 4.49 GiB (less than 15%) free.[/color]
-- HijackThis (run as Bruker.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:04, on 2008-06-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Documents and Settings\Bruker\Skrivebord\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Bruker.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ (http://\"http://www.hp.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stickies.lnk = C:\Programfiler\stickies\stickies.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab\")
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 8637 bytes
-- Files created between 2008-05-16 and 2008-06-16 -----------------------------
2008-06-15 23:48:41 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-06-12 17:19:30 0 d-------- C:\Documents and Settings\Bruker\DoctorWeb
2008-06-12 12:52:40 68096 --a------ C:\WINDOWS\zip.exe
2008-06-12 12:52:40 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-12 12:52:40 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-12 12:52:40 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-12 12:52:40 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-12 12:52:40 98816 --a------ C:\WINDOWS\sed.exe
2008-06-12 12:52:40 80412 --a------ C:\WINDOWS\grep.exe
2008-06-12 12:52:40 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-10 12:20:02 0 d-------- C:\Programfiler\OKI driver
2008-06-10 11:42:28 1090560 --a------ C:\Programfiler\w2kpcl6ES3640mfp.exe
2008-06-01 13:06:31 0 dr-h----- C:\Documents and Settings\Bruker\Siste
2008-06-01 12:25:52 208896 --a------ C:\WINDOWS\system32\TubeFinder.exe <Not Verified; Koyote Soft; Tube Finder>
2008-06-01 12:25:51 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-01 12:25:50 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2008-06-01 12:25:50 9728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL <Not Verified; Microsoft Corporation; PicClip>
2008-06-01 12:25:50 141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2008-06-01 12:25:46 32768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
2008-06-01 12:25:45 0 d-------- C:\Programfiler\Free FLV Converter
2008-06-01 12:24:11 5164815 --a------ C:\Programfiler\Setup_FreeFlvConverterN.exe <Not Verified; Koyote Soft; >
-- Find3M Report ---------------------------------------------------------------
2008-06-15 23:51:26 0 d-------- C:\Programfiler\Fellesfiler
2008-06-12 14:45:35 0 d-------- C:\Documents and Settings\Bruker\Programdata\uTorrent
2008-06-11 11:30:20 0 d-------- C:\Documents and Settings\Bruker\Programdata\CoreFTP
2008-06-03 22:46:45 0 d-------- C:\Documents and Settings\Bruker\Programdata\U3
2008-05-19 23:19:03 0 d-------- C:\Documents and Settings\Bruker\Programdata\AdobeUM
2008-05-02 16:16:14 0 d-------- C:\Programfiler\Java
2008-04-27 16:57:51 0 d-------- C:\Documents and Settings\Bruker\Programdata\Adobe
2008-04-06 10:27:35 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-03 23:37:53 2553 --a------ C:\WINDOWS\unins000.dat
2008-04-03 23:34:45 691545 --a------ C:\WINDOWS\unins000.exe
2008-03-31 16:28:51 387980 --a------ C:\WINDOWS\system32\perfh014.dat
2008-03-31 16:28:51 61698 --a------ C:\WINDOWS\system32\perfc014.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-06 17:16 C:\WINDOWS\AGRSMMSG.exe]
"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2004-03-01 14:05]
"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-20 22:10]
"UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 02:05]
"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 19:15]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 19:15]
"HPHUPD05"="c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 21:03]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-22 20:58]
"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-03-30 17:06]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-23 20:46]
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" []
"MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2003-04-07 18:09]
"HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27]
"QuickTime Task"="C:\Programfiler\QuickTime Alternative\qttask.exe" [2007-12-11 11:56]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 13:10]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\Documents and Settings\Bruker\Start-meny\Programmer\Oppstart\
Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-16 13:50:38]
Stickies.lnk - C:\Programfiler\stickies\stickies.exe [2005-05-29 21:37:09]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\5796532d]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
-- End of Deckard's System Scanner: finished at 2008-06-16 00:05:07 ------------
Hope this helps.?
Thank you,
Bokaj.
Post by: guestolo on June 15, 2008, 05:24:10 PM
Quote
But there's a problem with Norton Anti Virus 2004. The Live Update won't work. I just don't give me
the latest updates. When I push Live Update, it connects to the server, and the taskbar says everything
is good, but after I close Live Update - Norton says that my virus definitions are old and not updated.
I've tried to search on Symantec's pages, but haven't found any answers. Have you ever experienced
this problem?
Nope, never experienced it, but I don't use Norton's anymore
2 options, your version of Norton's is outdated, we can replace it with a free version of another AV that will update
Or try the following link and let me know if it resolves your problems please
http://service4.symantec.com/SUPPORT/nav.n...000030608314206 (http://\"http://service4.symantec.com/SUPPORT/nav.nsf/docid/2000030608314206\")
Post by: guestolo on June 15, 2008, 05:30:32 PM
Can you do the following
Download from [color=\"#FF0000\"]> HERE <[/color] (http://\"http://www.techsupportforum.com/sectools/sUBs/SafeBootKeyRepair.exe\") SafeBootKeyRepair.exe and save it to desktop
1. Close all programs/windows so that you have nothing open and are at your Desktop.
2. Double-click the SafeBootKeyRepair.exe file.
When finished, it shall produce a log for you.
3. Post the entire contents of C:\SafeBoot_Repair.txt in your next reply
EDIT>>If you can't download safebootkeyrepair.exe, the link appears dead
Safebootrepair should be incorporated in Combofix, but I still see one bad key
Can you do the following before you run dss.exe please
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as export.bat
ensure to use the .bat extension
Save this file on the desktop
Code: [Select]
regedit /e export.txt "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot"
export.txt Double click on export.bat a text file called export.txt should open
Can you copy>paste back here the Whole contents please
Hold off on the below in red if you can't download safebootkeyrepair.exe
[color=\"#FF0000\"]In addition, can you run dss.exe again and post the new log that opens please[/color]
Post by: Bokaj on June 16, 2008, 03:43:41 AM
That solved the issue with Norton.
[quote name=\'guestolo\' post=\'431853\' date=\'Jun 16 2008, 12:24 AM\']That's looking better
Nope, never experienced it, but I don't use Norton's anymore
2 options, your version of Norton's is outdated, we can replace it with a free version of another AV that will update
Or try the following link and let me know if it resolves your problems please
http://service4.symantec.com/SUPPORT/nav.n...000030608314206 (http://\"http://service4.symantec.com/SUPPORT/nav.nsf/docid/2000030608314206\")[/quote]
Post by: Bokaj on June 16, 2008, 03:54:56 AM
Heres the export.txt log:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\5796532d]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\5796532d]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SYMTDI]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"
Thank you - the Jedi night of malware fighting
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' /> Bokaj
Post by: guestolo on June 16, 2008, 03:31:59 PM
Go to START>>RUN>>copy and paste the next command below in bold
ComboFix /u
This will uninstall combofix and it's components
Do the following please
Download [color=\"blue\"]OTMoveIt2.exe[/color] (http://\"http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe\") by OldTimer:
- Save it to your desktop.
- Please double-click OTMoveIt2.exe to run it.
- Copy the Blue entries below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
================================================
[color=\"#0000FF\"]HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\5796532d
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\5796532d
C:\Documents and Settings\Bruker\DoctorWeb[/color]
====================================================== - Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
- Click the red "[color=\"red\"]MoveIt![/color]" button.
- Close OTMoveIt when it has completed.
OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log
I'll need to see it later
But first, can I have you verify if you can boot in Safe mode please
Use ONLY the instructions I supply
Temporarily disconnect the cable to your Internet connection
First do the following
Safe Mode
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
If you can enter safe mode
Can you next do the following
Safe Mode with Networking
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the option, to run Windows in Safe Mode with Networking, then press "Enter".
- Choose your usual account.
Shut down computer once you have verified you can enter both
Connect Internet cable>>boot back to Normal Windows
Run dss.exe again and post the fresh log
Also, please post the log from OTMoveit2
Post by: Bokaj on June 16, 2008, 04:30:02 PM
I could boot into both safemode and safemode with Network without any problems.
Here's the DSS log:
Deckard's System Scanner v20071014.68
Run by Bruker on 2008-06-16 23:34:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------
[color=\"red\"]System Drive C: has 5.92 GiB (less than 15%) free.[/color]
-- HijackThis (run as Bruker.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:34, on 2008-06-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\hphmon05.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Documents and Settings\Bruker\Skrivebord\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Bruker.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ (http://\"http://www.hp.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stickies.lnk = C:\Programfiler\stickies\stickies.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab\")
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 8758 bytes
-- Files created between 2008-05-16 and 2008-06-16 -----------------------------
2008-06-10 12:20:02 0 d-------- C:\Programfiler\OKI driver
2008-06-10 11:42:28 1090560 --a------ C:\Programfiler\w2kpcl6ES3640mfp.exe
2008-06-01 13:06:31 0 dr-h----- C:\Documents and Settings\Bruker\Siste
2008-06-01 12:25:52 208896 --a------ C:\WINDOWS\system32\TubeFinder.exe <Not Verified; Koyote Soft; Tube Finder>
2008-06-01 12:25:51 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-01 12:25:50 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2008-06-01 12:25:50 9728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL <Not Verified; Microsoft Corporation; PicClip>
2008-06-01 12:25:50 141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2008-06-01 12:25:46 32768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
2008-06-01 12:25:45 0 d-------- C:\Programfiler\Free FLV Converter
2008-06-01 12:24:11 5164815 --a------ C:\Programfiler\Setup_FreeFlvConverterN.exe <Not Verified; Koyote Soft; >
-- Find3M Report ---------------------------------------------------------------
2008-06-16 23:29:55 0 d-------- C:\Programfiler\Fellesfiler
2008-06-16 13:00:27 0 d-------- C:\Documents and Settings\Bruker\Programdata\uTorrent
2008-06-11 11:30:20 0 d-------- C:\Documents and Settings\Bruker\Programdata\CoreFTP
2008-06-03 22:46:45 0 d-------- C:\Documents and Settings\Bruker\Programdata\U3
2008-05-19 23:19:03 0 d-------- C:\Documents and Settings\Bruker\Programdata\AdobeUM
2008-05-02 16:16:14 0 d-------- C:\Programfiler\Java
2008-04-27 16:57:51 0 d-------- C:\Documents and Settings\Bruker\Programdata\Adobe
2008-04-06 10:27:35 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-03 23:37:53 2553 --a------ C:\WINDOWS\unins000.dat
2008-04-03 23:34:45 691545 --a------ C:\WINDOWS\unins000.exe
2008-03-31 16:28:51 387980 --a------ C:\WINDOWS\system32\perfh014.dat
2008-03-31 16:28:51 61698 --a------ C:\WINDOWS\system32\perfc014.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-06 17:16 C:\WINDOWS\AGRSMMSG.exe]
"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2004-03-01 14:05]
"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-20 22:10]
"UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 02:05]
"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 19:15]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 19:15]
"HPHUPD05"="c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 21:03]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-22 20:58]
"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-03-30 17:06]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-23 20:46]
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" []
"MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2003-04-07 18:09]
"HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27]
"QuickTime Task"="C:\Programfiler\QuickTime Alternative\qttask.exe" [2007-12-11 11:56]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 13:10]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\Documents and Settings\Bruker\Start-meny\Programmer\Oppstart\
Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-16 13:50:38]
Stickies.lnk - C:\Programfiler\stickies\stickies.exe [2005-05-29 21:37:09]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
-- End of Deckard's System Scanner: finished at 2008-06-16 23:34:58 ------------
And the log from OTMoveit2:
< HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\5796532d >
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\5796532d\\ deleted successfully.
< HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\5796532d >
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\5796532d\\ deleted successfully.
C:\Documents and Settings\Bruker\DoctorWeb\Quarantine moved successfully.
C:\Documents and Settings\Bruker\DoctorWeb moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06162008_231904
Thanks Guestolo!
Best wishes,
Bokaj.
Post by: guestolo on June 16, 2008, 04:38:17 PM
C:\Programfiler\w2kpcl6ES3640mfp.exe
If your not sure, can you scan it at Virustotal please\
In addition, can you do the following
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
Let we'll just do some final steps and you should be good to go
Post by: Bokaj on June 17, 2008, 04:11:26 AM
I don't know that file...sorry. Here's the link to Virustotal.
http://www.virustotal.com/analisis/a6943fc...e33c2b86bce0ad4 (http://\"http://www.virustotal.com/analisis/a6943fc8b32eaf3bce33c2b86bce0ad4\")
Here's the uninstall list from HJT:
ACDSee
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe After Effects 7.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe ExtendScript Toolkit 1.0
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Help Center 2.0
Adobe Premiere Pro
Adobe Reader 6.0.1 - Norsk
Adobe Stock Photos 1.0
Adobe Type Manager Deluxe 4.1
Agere Systems AC'97 Modem
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
CC_ccStart
ccCommon
CCleaner (remove only)
CleanUp!
Core FTP LE 1.3c
Creative Jukebox Driver
Creative MediaSource
HijackThis 2.0.2
HP Deskjet Preloaded Printer Drivers
HP Software Update
Image Grabber II
Indeo® XP Software
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java(tm) 6 Update 2
Java(tm) 6 Update 3
Java(tm) 6 Update 5
Java(tm) SE Runtime Environment 6 Update 1
K-Lite Mega Codec Pack 1.56
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Maxtor OneTouch
MediaJoin
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 Norwegian Language Pack
Microsoft Office Professional Edition 2003
Mozilla Firefox (2.0.0.14)
MSN-verktøylinjen
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MyFonts Order M729227
Nokia Connectivity Cable Driver
Nokia PC Suite
NOMAD Explorer
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton WMI Update
Oppdatering for Windows XP (KB894391)
Oppdatering for Windows XP (KB896727)
Oppdatering for Windows XP (KB898461)
Oppdatering for Windows XP (KB900485)
Oppdatering for Windows XP (KB910437)
Oppdatering for Windows XP (KB911280)
Oppdatering for Windows XP (KB916595)
Oppdatering for Windows XP (KB920872)
Oppdatering for Windows XP (KB922582)
Oppdatering for Windows XP (KB927891)
Oppdatering for Windows XP (KB929338)
Oppdatering for Windows XP (KB930916)
Oppdatering for Windows XP (KB931836)
Oppdatering for Windows XP (KB933360)
Oppdatering for Windows XP (KB936357)
Oppdatering for Windows XP (KB938828)
Oppdatering for Windows XP (KB942763)
Oppdatering for Windows XP (KB942840)
Oppdatering for Windows XP (KB946627)
PC Connectivity Solution
Pegasus Imaging's PICVideo 3
Photosmart 140,240,7200,7600,7700,7900 Series
QuickTime
QuickTime Alternative 1.81
RecordNow!
Sikkerhetsoppdatering for Windows Media Player (KB911564)
Sikkerhetsoppdatering for Windows Media Player 6.4 (KB925398)
Sikkerhetsoppdatering for Windows Media Player 9 (KB911565)
Sikkerhetsoppdatering for Windows Media Player 9 (KB917734)
Sikkerhetsoppdatering for Windows Media Player 9 (KB936782)
Sikkerhetsoppdatering for Windows XP (KB883939)
Sikkerhetsoppdatering for Windows XP (KB890046)
Sikkerhetsoppdatering for Windows XP (KB893756)
Sikkerhetsoppdatering for Windows XP (KB896358)
Sikkerhetsoppdatering for Windows XP (KB896422)
Sikkerhetsoppdatering for Windows XP (KB896423)
Sikkerhetsoppdatering for Windows XP (KB896424)
Sikkerhetsoppdatering for Windows XP (KB896428)
Sikkerhetsoppdatering for Windows XP (KB896688)
Sikkerhetsoppdatering for Windows XP (KB899587)
Sikkerhetsoppdatering for Windows XP (KB899588)
Sikkerhetsoppdatering for Windows XP (KB899591)
Sikkerhetsoppdatering for Windows XP (KB900725)
Sikkerhetsoppdatering for Windows XP (KB901017)
Sikkerhetsoppdatering for Windows XP (KB901214)
Sikkerhetsoppdatering for Windows XP (KB902400)
Sikkerhetsoppdatering for Windows XP (KB903235)
Sikkerhetsoppdatering for Windows XP (KB904706)
Sikkerhetsoppdatering for Windows XP (KB905414)
Sikkerhetsoppdatering for Windows XP (KB905749)
Sikkerhetsoppdatering for Windows XP (KB905915)
Sikkerhetsoppdatering for Windows XP (KB908519)
Sikkerhetsoppdatering for Windows XP (KB908531)
Sikkerhetsoppdatering for Windows XP (KB911562)
Sikkerhetsoppdatering for Windows XP (KB911567)
Sikkerhetsoppdatering for Windows XP (KB911927)
Sikkerhetsoppdatering for Windows XP (KB912812)
Sikkerhetsoppdatering for Windows XP (KB912919)
Sikkerhetsoppdatering for Windows XP (KB913446)
Sikkerhetsoppdatering for Windows XP (KB913580)
Sikkerhetsoppdatering for Windows XP (KB914388)
Sikkerhetsoppdatering for Windows XP (KB914389)
Sikkerhetsoppdatering for Windows XP (KB916281)
Sikkerhetsoppdatering for Windows XP (KB917159)
Sikkerhetsoppdatering for Windows XP (KB917344)
Sikkerhetsoppdatering for Windows XP (KB917422)
Sikkerhetsoppdatering for Windows XP (KB917953)
Sikkerhetsoppdatering for Windows XP (KB918118)
Sikkerhetsoppdatering for Windows XP (KB918439)
Sikkerhetsoppdatering for Windows XP (KB918899)
Sikkerhetsoppdatering for Windows XP (KB919007)
Sikkerhetsoppdatering for Windows XP (KB920213)
Sikkerhetsoppdatering for Windows XP (KB920214)
Sikkerhetsoppdatering for Windows XP (KB920670)
Sikkerhetsoppdatering for Windows XP (KB920683)
Sikkerhetsoppdatering for Windows XP (KB920685)
Sikkerhetsoppdatering for Windows XP (KB921398)
Sikkerhetsoppdatering for Windows XP (KB921503)
Sikkerhetsoppdatering for Windows XP (KB921883)
Sikkerhetsoppdatering for Windows XP (KB922616)
Sikkerhetsoppdatering for Windows XP (KB922760)
Sikkerhetsoppdatering for Windows XP (KB922819)
Sikkerhetsoppdatering for Windows XP (KB923191)
Sikkerhetsoppdatering for Windows XP (KB923414)
Sikkerhetsoppdatering for Windows XP (KB923689)
Sikkerhetsoppdatering for Windows XP (KB923694)
Sikkerhetsoppdatering for Windows XP (KB923980)
Sikkerhetsoppdatering for Windows XP (KB924191)
Sikkerhetsoppdatering for Windows XP (KB924270)
Sikkerhetsoppdatering for Windows XP (KB924496)
Sikkerhetsoppdatering for Windows XP (KB924667)
Sikkerhetsoppdatering for Windows XP (KB925454)
Sikkerhetsoppdatering for Windows XP (KB925486)
Sikkerhetsoppdatering for Windows XP (KB925902)
Sikkerhetsoppdatering for Windows XP (KB926255)
Sikkerhetsoppdatering for Windows XP (KB926436)
Sikkerhetsoppdatering for Windows XP (KB927779)
Sikkerhetsoppdatering for Windows XP (KB927802)
Sikkerhetsoppdatering for Windows XP (KB928090)
Sikkerhetsoppdatering for Windows XP (KB928255)
Sikkerhetsoppdatering for Windows XP (KB928843)
Sikkerhetsoppdatering for Windows XP (KB929123)
Sikkerhetsoppdatering for Windows XP (KB929969)
Sikkerhetsoppdatering for Windows XP (KB930178)
Sikkerhetsoppdatering for Windows XP (KB931261)
Sikkerhetsoppdatering for Windows XP (KB931768)
Sikkerhetsoppdatering for Windows XP (KB931784)
Sikkerhetsoppdatering for Windows XP (KB932168)
Sikkerhetsoppdatering for Windows XP (KB933566)
Sikkerhetsoppdatering for Windows XP (KB933729)
Sikkerhetsoppdatering for Windows XP (KB935839)
Sikkerhetsoppdatering for Windows XP (KB935840)
Sikkerhetsoppdatering for Windows XP (KB936021)
Sikkerhetsoppdatering for Windows XP (KB937143)
Sikkerhetsoppdatering for Windows XP (KB938127)
Sikkerhetsoppdatering for Windows XP (KB938829)
Sikkerhetsoppdatering for Windows XP (KB939653)
Sikkerhetsoppdatering for Windows XP (KB941202)
Sikkerhetsoppdatering for Windows XP (KB941568)
Sikkerhetsoppdatering for Windows XP (KB941569)
Sikkerhetsoppdatering for Windows XP (KB941644)
Sikkerhetsoppdatering for Windows XP (KB941693)
Sikkerhetsoppdatering for Windows XP (KB942615)
Sikkerhetsoppdatering for Windows XP (KB943055)
Sikkerhetsoppdatering for Windows XP (KB943460)
Sikkerhetsoppdatering for Windows XP (KB943485)
Sikkerhetsoppdatering for Windows XP (KB944338)
Sikkerhetsoppdatering for Windows XP (KB944533)
Sikkerhetsoppdatering for Windows XP (KB944653)
Sikkerhetsoppdatering for Windows XP (KB945553)
Sikkerhetsoppdatering for Windows XP (KB946026)
Sikkerhetsoppdatering for Windows XP (KB947864)
Sikkerhetsoppdatering for Windows XP (KB948590)
Sikkerhetsoppdatering for Windows XP (KB948881)
Sikkerhetsoppdatering for Windows XP (KB950749)
Sikkerhetsoppdatering for Windows XP (KB950759)
Sikkerhetsoppdatering for Windows XP (KB950760)
Sikkerhetsoppdatering for Windows XP (KB950762)
Sikkerhetsoppdatering for Windows XP (KB951376)
Sikkerhetsoppdatering for Windows XP (KB951698)
Sonic DLA
Sonic Express Labeler
Sonic Update Manager
Sony Sound Forge 7.0
SoulSeek Client 156c
SoundMAX
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Stickies 5.2a
Symantec Script Blocking Installer
Symantec Technical Support Web Controls
SymNet
Synaptics Pointing Device Driver
Syncrosoft's License Control
USB Storage Adapter FX (MXO)
Voxware Audio decoder 1.6
VUPlayer
Winamp (remove only)
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP hurtigreparasjon - KB873333
Windows XP hurtigreparasjon - KB873339
Windows XP hurtigreparasjon - KB885250
Windows XP hurtigreparasjon - KB885835
Windows XP hurtigreparasjon - KB885836
Windows XP hurtigreparasjon - KB886185
Windows XP hurtigreparasjon - KB887472
Windows XP hurtigreparasjon - KB887742
Windows XP hurtigreparasjon - KB888113
Windows XP hurtigreparasjon - KB888302
Windows XP hurtigreparasjon - KB890175
Windows XP hurtigreparasjon - KB890859
Windows XP hurtigreparasjon - KB890923
Windows XP hurtigreparasjon - KB891781
Windows XP hurtigreparasjon - KB893066
Windows XP hurtigreparasjon - KB893086
WinRAR archiver
Xerox Support Centre
Xvid 1.1.2 final uninstall
YV12 QuickTime Codec
Do you know if I can uninstall some of the old updates, or do everything need to be there?
Bokaj.
Post by: guestolo on June 17, 2008, 08:46:01 AM
Quote
Do you know if I can uninstall some of the old updates, or do everything need to be there?
I'm assuming your talking about Sun Java and adobe reader
Let's update those right now
Close down All browser windows
Access your Add and Remove programs
Remove all the following
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe Reader 6.0.1 - Norsk
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Javaâ„¢ 6 Update 2
Javaâ„¢ 6 Update 3
Javaâ„¢ 6 Update 5
Javaâ„¢ SE Runtime Environment 6 Update 1
Reboot the computer only after you have the last one removed
Back in Windows
Update your Version of Adobe reader from this link
http://www.adobe.com/products/acrobat/read...llversions.html (http://\"http://www.adobe.com/products/acrobat/readstep2_allversions.html\")
Take notice, you may have the option of downloading the Google Toolbar
I would UNCHECK this option unless is something you prefer
Save the download to desktop then install
Afterwards
[color=\"blue\"]Updating Java:[/color]
- Download the latest version of Java Runtime Environment (JRE) 6 (http://\"http://java.sun.com/javase/downloads/index.jsp\").
- Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6".
- Click the "Download" button to the right.
- In the Window that opens, select Windows, , check the "agree" box and click Continue.
- Click on the link to download Windows Offline Installation and save to your desktop.
- Then from your desktop double-click on jre-6u6-windows-i586-p.exe that you downloaded to install the newest version.
SpywareBlaster by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After updating, select "Protection Status" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection
Post by: Bokaj on June 17, 2008, 12:19:25 PM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Should I uninstall Lavasofts Ad Aware SE and Spybot when I use SpywareBlaster?
Thanks for everything. The PC hasn't shut down since you started giving me
first aid. Great work!
Best regard's
Bokaj
Post by: guestolo on June 17, 2008, 05:36:39 PM
Quote
Should I uninstall Lavasofts Ad Aware SE and Spybot when I use SpywareBlaster?
I don't see Ad-Aware SE installed? What version is it?
As far as Spybot, I see that when you updated through the program updater
It didn't completely remove the old version, same thing happened to me
what I would suggest with Spybot
Uninstall both
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
One may prompt it's no longer installed and remove it from the list
Then redownload and install it from this link
http://fileforum.betanews.com/detail/Spybo...oy/1043809773/1 (http://\"http://fileforum.betanews.com/detail/Spybot_Search_and_Destroy/1043809773/1\")
During installation, you will have to again uncheck TeaTimer if you don't want it running
After installing and updating
I would again Search for updates to ensure you have all of them
Then like SpywareBlaster, protection that doesn't run in the background
Use the Imumunization feature, once loaded, I choose to uncheck Global Hosts on the bottom, as I use another custom host file, your choice
Then click on Immunization again on the top green cross
Like with SpywareBlaster, check for updates every couple of weeks,
apply Immunization afterwards
Run a scan occasionally
Hope that helps
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />P.S Pureblood just informed us that Firefox 3 is final
As in the following link
http://www.thetechguide.com/forum/index.php?showtopic=76353 (http://\"http://www.thetechguide.com/forum/index.php?showtopic=76353\")
If you choose to update right now, download the latest version
Close firefox, uninstall your version from Add and Remove programs, then install latest version
All bookmarks should be intact
Other languages link for Firefox is located here
http://www.mozilla.com/en-US/firefox/all.html (http://\"http://www.mozilla.com/en-US/firefox/all.html\")
Give it time to load if it's busy with everyone updating
Post by: PHPsell on June 18, 2008, 02:21:51 AM
Post by: suns2remember on June 21, 2008, 04:24:04 AM
Post by: guestolo on June 21, 2008, 12:18:08 PM
I'll lock this topic
Take care Bokaj
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />