1
Tech Clinic / also got veryeasysearch (and others?)
« on: April 18, 2005, 10:44:21 AM »
The dll. is still there. I'll be more carefull in the future and update as much as I can. Thanks again.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Tech Clinic / also got veryeasysearch (and others?)
« on: April 17, 2005, 06:58:48 PM »
Thank you so much. The system seems to run better now and there’s no popups. Whew, that was a nasty one.
Forgot to tell, I did use spybot 1.3. Among the files I found and removed javaen32.exe and d3kt32.dll. And about different AV, I kind of panicked and downloaded everything I found. I will probably continue with NAV (if I can get it to work again), since I did pay for it, and remove the others.
Again, a big thankyou. I will most definitely recommend you to others.
Forgot to tell, I did use spybot 1.3. Among the files I found and removed javaen32.exe and d3kt32.dll. And about different AV, I kind of panicked and downloaded everything I found. I will probably continue with NAV (if I can get it to work again), since I did pay for it, and remove the others.
Again, a big thankyou. I will most definitely recommend you to others.
3
Tech Clinic / also got veryeasysearch (and others?)
« on: April 17, 2005, 05:57:40 PM »
Ooookay. Here's the fresh hijack log.
Logfile of HijackThis v1.99.1
Scan saved at 00:43:53, on 2005-04-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program\Apoint2K\Apoint.exe
C:\Program\TOSHIBA\PadTouch\PadExe.exe
C:\Program\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program\TOSHIBA\TOSHIBAs kontroller\TFncKy.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Analog Devices\SoundMAX\SMTray.exe
C:\Program\Winamp\winampa.exe
C:\Program\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Apoint2K\Apntex.exe
C:\Program\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\AVPersonal\AVGUARD.EXE
C:\Program\AVPersonal\AVWUPSRV.EXE
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton AntiVirus\SAVScan.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Gustav Larsson\Skrivbord\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:\Program\TOSHIBA\Free Update Service\splash.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [smapp] C:\Program\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AVGCtrl] C:\Program\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program\TOSHIBA\Free Update Service\splash.html
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113359868578
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
**************************************************
And the AboutBuster said...
Scanned at: 23:54:21 on: 2005-04-17
-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 26
No ADS found on system
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!
-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 26
No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!
**************************************************
And, as for the Open Hosts File Manager
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
In other words, not much.
The evil, default homepage is gone but I haven't tried much else.
Maybe I will stick to firefox for a while.
Oh, and thank you for the quick response. You knightlyhood-of-internet-you.
Regards
G.
Logfile of HijackThis v1.99.1
Scan saved at 00:43:53, on 2005-04-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program\Apoint2K\Apoint.exe
C:\Program\TOSHIBA\PadTouch\PadExe.exe
C:\Program\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program\TOSHIBA\TOSHIBAs kontroller\TFncKy.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Analog Devices\SoundMAX\SMTray.exe
C:\Program\Winamp\winampa.exe
C:\Program\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Apoint2K\Apntex.exe
C:\Program\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\AVPersonal\AVGUARD.EXE
C:\Program\AVPersonal\AVWUPSRV.EXE
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton AntiVirus\SAVScan.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Gustav Larsson\Skrivbord\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:\Program\TOSHIBA\Free Update Service\splash.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [smapp] C:\Program\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AVGCtrl] C:\Program\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program\TOSHIBA\Free Update Service\splash.html
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113359868578
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
**************************************************
And the AboutBuster said...
Scanned at: 23:54:21 on: 2005-04-17
-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 26
No ADS found on system
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!
-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 26
No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!
**************************************************
And, as for the Open Hosts File Manager
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
In other words, not much.
The evil, default homepage is gone but I haven't tried much else.
Maybe I will stick to firefox for a while.
Oh, and thank you for the quick response. You knightlyhood-of-internet-you.
Regards
G.
4
Tech Clinic / also got veryeasysearch (and others?)
« on: April 17, 2005, 03:26:01 PM »
Alright. Here's the ServiceFilters log.
Oh, and since I live in Sweden there's some swedish in it. Sant=true and Flask being=false if you wonder...
The script did not recognize the services listed below.
This does not mean that they are a problem.
To copy the entire contents of this document for posting:
At the top of this window click "Edit" then "Select All"
Next click "Edit" again then "Copy"
Now right click in the forum post box then click "Paste"
########################################
ServiceFilter 1.1
by rand1038
Microsoft Windows XP Home Edition
Version: 5.1.2600 Service Pack 2
apr 17, 2005 22:16:39
---> Begin Service Listing <---
Unknown Service # 1
Service Name: AntiVirService
Display Name: AntiVir Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\program\avpersonal\avguard.exe
State: Running
Process ID: 3032
Started: Sant
Exit Code: 0
Accept Pause: Falskt
Accept Stop: Sant
Unknown Service # 2
Service Name: AVWUpSrv
Display Name: AntiVir Update
Start Mode: Auto
Start Name: LocalSystem
Description: Helpservice of AntiVir Personal ...
Service Type: Own Process
Path: "c:\program\avpersonal\avwupsrv.exe"
State: Running
Process ID: 1904
Started: Sant
Exit Code: 0
Accept Pause: Sant
Accept Stop: Sant
Unknown Service #3
Service Name: ccEvtMgr
Display Name: Symantec Event Manager
Start Mode: Auto
Start Name: LocalSystem
Description: Symantec Event ...
Service Type: Own Process
Path: "c:\program\delade filer\symantec shared\ccevtmgr.exe"
State: Running
Process ID: 1168
Started: Sant
Exit Code: 0
Accept Pause: Falskt
Accept Stop: Sant
Unknown Service #4
Service Name: ccPwdSvc
Display Name: Symantec Password Validation
Start Mode: Manual
Start Name: LocalSystem
Description: Symantec Password Validation ...
Service Type: Own Process
Path: "c:\program\delade filer\symantec shared\ccpwdsvc.exe"
State: Stopped
Process ID: 0
Started: Falskt
Exit Code: 1077
Accept Pause: Falskt
Accept Stop: Falskt
Unknown Service #5
Service Name: ccSetMgr
Display Name: Symantec Settings Manager
Start Mode: Auto
Start Name: LocalSystem
Description: Symantec Settings ...
Service Type: Own Process
Path: "c:\program\delade filer\symantec shared\ccsetmgr.exe"
State: Running
Process ID: 1844
Started: Sant
Exit Code: 0
Accept Pause: Falskt
Accept Stop: Sant
Unknown Service # 6
Service Name: CFSvcs
Display Name: ConfigFree Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\program\toshiba\configfree\cfsvcs.exe
State: Running
Process ID: 1960
Started: Sant
Exit Code: 0
Accept Pause: Falskt
Accept Stop: Sant
Unknown Service #7
Service Name: iPodService
Display Name: iPod Service
Start Mode: Manual
Start Name: LocalSystem
Description: iPod hardware management ...
Service Type: Own Process
Path: c:\program\ipod\bin\ipodservice.exe
State: Stopped
Process ID: 0
Started: Falskt
Exit Code: 1077
Accept Pause: Falskt
Accept Stop: Falskt
Unknown Service #8
Service Name: Macromedia Licensing Service
Display Name: Macromedia Licensing Service
Start Mode: Manual
Start Name: LocalSystem
Description: Provides authentication services for Macromedia ...
Service Type: Own Process
Path: "c:\program\delade filer\macromedia shared\service\macromedia licensing.exe"
State: Stopped
Process ID: 0
Started: Falskt
Exit Code: 1077
Accept Pause: Falskt
Accept Stop: Falskt
Unknown Service #9
Service Name: navapsvc
Display Name: Norton AntiVirus Auto Protect-tjänst
Start Mode: Auto
Start Name: LocalSystem
Description: Hanterar Auto-Protect-händelser i Norton ...
Service Type: Own Process
Path: "c:\program\norton antivirus\navapsvc.exe"
State: Running
Process ID: 216
Started: Sant
Exit Code: 0
Accept Pause: Falskt
Accept Stop: Sant
Unknown Service #10
Service Name: ose
Display Name: Office Source Engine
Start Mode: Manual
Start Name: LocalSystem
Description: Sparar installationsfiler som används för uppdateringar och reparationer och krävs för att hämta ...
Service Type: Own Process
Path: c:\program\delade filer\microsoft shared\source engine\ose.exe
State: Stopped
Process ID: 0
Started: Falskt
Exit Code: 1077
Accept Pause: Falskt
Accept Stop: Falskt
Unknown Service #11
Service Name: SAVScan
Display Name: SAVScan
Start Mode: Auto
Start Name: LocalSystem
Description: Handles Norton AntiVirus Auto-Protect Archive ...
Service Type: Own Process
Path: c:\program\norton antivirus\savscan.exe
State: Running
Process ID: 288
Started: Sant
Exit Code: 0
Accept Pause: Falskt
Accept Stop: Sant
Unknown Service #12
Service Name: SBService
Display Name: ScriptBlocking Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\program\delade~1\symant~1\script~1\sbserv.exe
State: Stopped
Process ID: 0
Started: Falskt
Exit Code: 0
Accept Pause: Falskt
Accept Stop: Falskt
Unknown Service #13
Service Name: SNDSrvc
Display Name: Symantec Network Drivers Service
Start Mode: Manual
Start Name: LocalSystem
Description: Symantec Network Drivers ...
Service Type: Own Process
Path: c:\program\delade filer\symantec shared\sndsrvc.exe
State: Stopped
Process ID: 0
Started: Falskt
Exit Code: 1077
Accept Pause: Falskt
Accept Stop: Falskt
Unknown Service #14
Service Name: SoundMAX Agent Service (default)
Display Name: SoundMAX Agent Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\program\analog devices\soundmax\smagent.exe
State: Running
Process ID: 976
Started: Sant
Exit Code: 0
Accept Pause: Sant
Accept Stop: Sant
Unknown Service #15
Service Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Start Mode: Manual
Start Name: LocalSystem
Description: Hanterar programvarubaserade ögonblicksbilder av volymer som tas av tjänsten Volume Shadow Copy. ...
Service Type: Own Process
Path: c:\windows\system32\dllhost.exe /processid:{1eef5944-7e53-4485-8ae1-7db8627be9f0}
State: Stopped
Process ID: 0
Started: Falskt
Exit Code: 1077
Accept Pause: Falskt
Accept Stop: Falskt
Unknown Service #16
Service Name: SymWSC
Display Name: SymWMI Service
Start Mode: Auto
Start Name: LocalSystem
Description: Symantec WMI ...
Service Type: Own Process
Path: c:\program\delade filer\symantec shared\security center\symwsc.exe
State: Running
Process ID: 1280
Started: Sant
Exit Code: 0
Accept Pause: Falskt
Accept Stop: Sant
---> End Service Listing <---
There are 92 Win32 services on this machine.
16 were unrecognized.
Script Execution Time: 42,25 seconds.
**********************************************************
And then here's the DLLcompare log. No files in the lower window.
* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________
O^E says: "There were no files found
http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'
\' />"
________________________________________________
1 242 items found: 1 242 files, 0 directories.
Total of file sizes: 254 248 927 bytes 242,47 M
Administrator Account = True
--------------------End log---------------------
Hope this helps.
G
Oh, and since I live in Sweden there's some swedish in it. Sant=true and Flask being=false if you wonder...
The script did not recognize the services listed below.
This does not mean that they are a problem.
To copy the entire contents of this document for posting:
At the top of this window click "Edit" then "Select All"
Next click "Edit" again then "Copy"
Now right click in the forum post box then click "Paste"
########################################
ServiceFilter 1.1
by rand1038
Microsoft Windows XP Home Edition
Version: 5.1.2600 Service Pack 2
apr 17, 2005 22:16:39
---> Begin Service Listing <---
Unknown Service # 1
Service Name: AntiVirService
Display Name: AntiVir Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\program\avpersonal\avguard.exe
State: Running
Process ID: 3032
Started: Sant
Exit Code: 0
Accept Pause: Falskt
Accept Stop: Sant
Unknown Service # 2
Service Name: AVWUpSrv
Display Name: AntiVir Update
Start Mode: Auto
Start Name: LocalSystem
Description: Helpservice of AntiVir Personal ...
Service Type: Own Process
Path: "c:\program\avpersonal\avwupsrv.exe"
State: Running
Process ID: 1904
Started: Sant
Exit Code: 0
Accept Pause: Sant
Accept Stop: Sant
Unknown Service #3
Service Name: ccEvtMgr
Display Name: Symantec Event Manager
Start Mode: Auto
Start Name: LocalSystem
Description: Symantec Event ...
Service Type: Own Process
Path: "c:\program\delade filer\symantec shared\ccevtmgr.exe"
State: Running
Process ID: 1168
Started: Sant
Exit Code: 0
Accept Pause: Falskt
Accept Stop: Sant
Unknown Service #4
Service Name: ccPwdSvc
Display Name: Symantec Password Validation
Start Mode: Manual
Start Name: LocalSystem
Description: Symantec Password Validation ...
Service Type: Own Process
Path: "c:\program\delade filer\symantec shared\ccpwdsvc.exe"
State: Stopped
Process ID: 0
Started: Falskt
Exit Code: 1077
Accept Pause: Falskt
Accept Stop: Falskt
Unknown Service #5
Service Name: ccSetMgr
Display Name: Symantec Settings Manager
Start Mode: Auto
Start Name: LocalSystem
Description: Symantec Settings ...
Service Type: Own Process
Path: "c:\program\delade filer\symantec shared\ccsetmgr.exe"
State: Running
Process ID: 1844
Started: Sant
Exit Code: 0
Accept Pause: Falskt
Accept Stop: Sant
Unknown Service # 6
Service Name: CFSvcs
Display Name: ConfigFree Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\program\toshiba\configfree\cfsvcs.exe
State: Running
Process ID: 1960
Started: Sant
Exit Code: 0
Accept Pause: Falskt
Accept Stop: Sant
Unknown Service #7
Service Name: iPodService
Display Name: iPod Service
Start Mode: Manual
Start Name: LocalSystem
Description: iPod hardware management ...
Service Type: Own Process
Path: c:\program\ipod\bin\ipodservice.exe
State: Stopped
Process ID: 0
Started: Falskt
Exit Code: 1077
Accept Pause: Falskt
Accept Stop: Falskt
Unknown Service #8
Service Name: Macromedia Licensing Service
Display Name: Macromedia Licensing Service
Start Mode: Manual
Start Name: LocalSystem
Description: Provides authentication services for Macromedia ...
Service Type: Own Process
Path: "c:\program\delade filer\macromedia shared\service\macromedia licensing.exe"
State: Stopped
Process ID: 0
Started: Falskt
Exit Code: 1077
Accept Pause: Falskt
Accept Stop: Falskt
Unknown Service #9
Service Name: navapsvc
Display Name: Norton AntiVirus Auto Protect-tjänst
Start Mode: Auto
Start Name: LocalSystem
Description: Hanterar Auto-Protect-händelser i Norton ...
Service Type: Own Process
Path: "c:\program\norton antivirus\navapsvc.exe"
State: Running
Process ID: 216
Started: Sant
Exit Code: 0
Accept Pause: Falskt
Accept Stop: Sant
Unknown Service #10
Service Name: ose
Display Name: Office Source Engine
Start Mode: Manual
Start Name: LocalSystem
Description: Sparar installationsfiler som används för uppdateringar och reparationer och krävs för att hämta ...
Service Type: Own Process
Path: c:\program\delade filer\microsoft shared\source engine\ose.exe
State: Stopped
Process ID: 0
Started: Falskt
Exit Code: 1077
Accept Pause: Falskt
Accept Stop: Falskt
Unknown Service #11
Service Name: SAVScan
Display Name: SAVScan
Start Mode: Auto
Start Name: LocalSystem
Description: Handles Norton AntiVirus Auto-Protect Archive ...
Service Type: Own Process
Path: c:\program\norton antivirus\savscan.exe
State: Running
Process ID: 288
Started: Sant
Exit Code: 0
Accept Pause: Falskt
Accept Stop: Sant
Unknown Service #12
Service Name: SBService
Display Name: ScriptBlocking Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\program\delade~1\symant~1\script~1\sbserv.exe
State: Stopped
Process ID: 0
Started: Falskt
Exit Code: 0
Accept Pause: Falskt
Accept Stop: Falskt
Unknown Service #13
Service Name: SNDSrvc
Display Name: Symantec Network Drivers Service
Start Mode: Manual
Start Name: LocalSystem
Description: Symantec Network Drivers ...
Service Type: Own Process
Path: c:\program\delade filer\symantec shared\sndsrvc.exe
State: Stopped
Process ID: 0
Started: Falskt
Exit Code: 1077
Accept Pause: Falskt
Accept Stop: Falskt
Unknown Service #14
Service Name: SoundMAX Agent Service (default)
Display Name: SoundMAX Agent Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\program\analog devices\soundmax\smagent.exe
State: Running
Process ID: 976
Started: Sant
Exit Code: 0
Accept Pause: Sant
Accept Stop: Sant
Unknown Service #15
Service Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Start Mode: Manual
Start Name: LocalSystem
Description: Hanterar programvarubaserade ögonblicksbilder av volymer som tas av tjänsten Volume Shadow Copy. ...
Service Type: Own Process
Path: c:\windows\system32\dllhost.exe /processid:{1eef5944-7e53-4485-8ae1-7db8627be9f0}
State: Stopped
Process ID: 0
Started: Falskt
Exit Code: 1077
Accept Pause: Falskt
Accept Stop: Falskt
Unknown Service #16
Service Name: SymWSC
Display Name: SymWMI Service
Start Mode: Auto
Start Name: LocalSystem
Description: Symantec WMI ...
Service Type: Own Process
Path: c:\program\delade filer\symantec shared\security center\symwsc.exe
State: Running
Process ID: 1280
Started: Sant
Exit Code: 0
Accept Pause: Falskt
Accept Stop: Sant
---> End Service Listing <---
There are 92 Win32 services on this machine.
16 were unrecognized.
Script Execution Time: 42,25 seconds.
**********************************************************
And then here's the DLLcompare log. No files in the lower window.
* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________
O^E says: "There were no files found
\' />"________________________________________________
1 242 items found: 1 242 files, 0 directories.
Total of file sizes: 254 248 927 bytes 242,47 M
Administrator Account = True
--------------------End log---------------------
Hope this helps.
G
5
Tech Clinic / also got veryeasysearch (and others?)
« on: April 17, 2005, 01:04:39 PM »
Hello there everyone on TechGuide. I’ve been trying out different ways to remove the nasty "veryeasysearch" from my computer. It got a bit out of hand. I’m not sure if it’s one who messed up my Norton Antivirus (the dreaded Auto-protect e-mail problem) but anyway, it’s still there. Saw on your threads that you been helping others with the same problem and I would really appreciate some hints on how to remove the damn thing. Does the virus/Trojan/worm/whatever have a name yet? Anyhow, here’s my hijackthis log.
Logfile of HijackThis v1.99.1
Scan saved at 19:37:23, on 2005-04-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program\Apoint2K\Apoint.exe
C:\Program\TOSHIBA\PadTouch\PadExe.exe
C:\Program\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program\TOSHIBA\TOSHIBAs kontroller\TFncKy.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Analog Devices\SoundMAX\SMTray.exe
C:\Program\Winamp\winampa.exe
C:\Program\AVPersonal\AVGNT.EXE
C:\Program\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\AVPersonal\AVWUPSRV.EXE
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton AntiVirus\SAVScan.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
C:\Program\Winamp\winamp.exe
C:\Program\Delade filer\Symantec Shared\NMain.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\msij.exe
C:\Program\AVPersonal\AVGUARD.EXE
C:\Program\NORTON~1\navw32.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\cgvmm.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\cgvmm.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\cgvmm.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\cgvmm.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\cgvmm.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {064B07E4-3062-F9A9-AD59-69604F8C8F77} - C:\WINDOWS\system32\mspl32.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D55EAE87-202A-3F55-F3F4-130CFFA66735} - C:\WINDOWS\system32\d3kt32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [smapp] C:\Program\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ipbm32.exe] C:\WINDOWS\system32\ipbm32.exe
O4 - HKLM\..\Run: [msij.exe] C:\WINDOWS\msij.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\RunOnce: [ntez.exe] C:\WINDOWS\system32\ntez.exe
O4 - HKLM\..\RunOnce: [javaen32.exe] C:\WINDOWS\javaen32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program\TOSHIBA\Free Update Service\splash.html
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/21b2b40ddc7b80...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113359868578
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
******************************************************
Oh, and I’m running on firefox now. Feels a bit safer, but who knows…
Hopefully.
Gustav
Logfile of HijackThis v1.99.1
Scan saved at 19:37:23, on 2005-04-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program\Apoint2K\Apoint.exe
C:\Program\TOSHIBA\PadTouch\PadExe.exe
C:\Program\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program\TOSHIBA\TOSHIBAs kontroller\TFncKy.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Analog Devices\SoundMAX\SMTray.exe
C:\Program\Winamp\winampa.exe
C:\Program\AVPersonal\AVGNT.EXE
C:\Program\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\AVPersonal\AVWUPSRV.EXE
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton AntiVirus\SAVScan.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
C:\Program\Winamp\winamp.exe
C:\Program\Delade filer\Symantec Shared\NMain.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\msij.exe
C:\Program\AVPersonal\AVGUARD.EXE
C:\Program\NORTON~1\navw32.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\cgvmm.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\cgvmm.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\cgvmm.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\cgvmm.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\cgvmm.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {064B07E4-3062-F9A9-AD59-69604F8C8F77} - C:\WINDOWS\system32\mspl32.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D55EAE87-202A-3F55-F3F4-130CFFA66735} - C:\WINDOWS\system32\d3kt32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [smapp] C:\Program\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ipbm32.exe] C:\WINDOWS\system32\ipbm32.exe
O4 - HKLM\..\Run: [msij.exe] C:\WINDOWS\msij.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\RunOnce: [ntez.exe] C:\WINDOWS\system32\ntez.exe
O4 - HKLM\..\RunOnce: [javaen32.exe] C:\WINDOWS\javaen32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program\TOSHIBA\Free Update Service\splash.html
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/21b2b40ddc7b80...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113359868578
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
******************************************************
Oh, and I’m running on firefox now. Feels a bit safer, but who knows…
Hopefully.
Gustav
Pages: [1]