Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - askburlefot

Pages: [1]

Tech Clinic / Problem with DVD-/CD-ROM player

« on: October 01, 2007, 06:46:33 AM »

[quote name=\'guestolo\' post=\'392765\' date=\'Oct 1 2007, 02:26 AM\']Have you restarted the computer since the problem occured
I'm seeing a few people with that drive having problems

Any new software that you installed recently??
think hard, eg.. Klite codec pack[/quote]

I went into the system and changed the DVD-ROM drive from D: to M: and that actually helped the player.
Now it both reads and burns again.

Thanks for your time and help Guestolo!

Best wishes :-)

Tech Clinic / Problem with DVD-/CD-ROM player

« on: September 30, 2007, 04:50:16 PM »

Hi!

I discovered that my DVD-/CD-ROM player/burner won't either play dvd's or cd's.
Neither burned nor "original" cd/dvd.

The problem started after I had burned a music-CD with Record Now, the first cd
went without any trouble, but the second wouldn't burn. When I inserted an empty
DVD-rom to try that. The player didn't even recognise that it was a plate in the player.

My PC is a HP laptop, compaq nx7010
The player is of type HL-DT-ST DVD RW GWA-4080N

Does anyone have some tips on how to fix this problem?
I would really appriciate some help on this, since I'm a real
novise on things like this.

Best regards,
Gaute

Tech Clinic / Could someone please take a look at my HJT-file?

« on: May 27, 2007, 10:30:47 AM »

[quote name=\'guestolo\' post=\'330059\' date=\'May 25 2007, 04:39 AM\']Looks good, Surething could just be CD labeler software
Are you experiencing any problems?[/quote]

I don't have any big problems...
Just became a bit afraid when I saw these files.
Thank you very much for your time Guestolo!
You're a real trooper:-)

Best wishes,

Gaute

Tech Clinic / Could someone please take a look at my HJT-file?

« on: May 24, 2007, 07:19:02 AM »

Hi!

I detected some strange folders in my program files called SureThing Shared.
I was wondering if someone had the time to take a quick look at the HJT file?

Logfile of HijackThis v1.99.1
Scan saved at 14:12:15, on 24.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\stickies\stickies.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Programfiler\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programfiler\uTorrent\uTorrent.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENONO/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stickies.lnk = C:\Programfiler\stickies\stickies.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

Thanks

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Tech Clinic / Trojan.Downloader

« on: November 13, 2006, 07:34:13 AM »

Hi Guestolo!
Thanks for all your great advice, support and help!
Everything seems to run smoother now!

Take care!

Best wishes,

Gaute

Tech Clinic / Trojan.Downloader

« on: November 10, 2006, 09:51:12 AM »

Hi Guestolo!
Thanks for all your time and help!

The AVG didn't find any infected files :-)

Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 15:41:52, on 10.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe
C:\Programfiler\Java\jre1.5.0_04\bin\jucheck.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\QuickTime\qttask.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\stickies\stickies.exe
C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe
C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe
C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\HJT\hijackthis\Gaute.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENONO/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stickies.lnk = C:\Programfiler\stickies\stickies.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

And the whole report from AVG:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:   15:23:29 10.11.2006

+ Scan result:

   Nothing found.

::Report end

BTW: Can I uninstall/delete AVG, AFT-Cleaner.exe (I use CleanUp) and Combofix,
or is it yet to early?

Best regard's
Gaute

Tech Clinic / Trojan.Downloader

« on: November 09, 2006, 11:34:10 AM »

Hi Guestolo!
Thank you for the help

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

The combofix-log:

Bruker - 06-11-09 17:11:01,82 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Bruker\Skrivebord"

((((((((((((((((((((((((((((((( Files Created from 2006-10-09 to 2006-11-09 ))))))))))))))))))))))))))))))))))

No new files created in this timespan

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-11-09 17:13   --------   d--------   C:\Documents and Settings\Bruker\Programdata\uTorrent
2006-11-08 19:35   --------   d--------   C:\Programfiler\eMule
2006-11-08 19:08   --------   d--------   C:\Programfiler\Fellesfiler
2006-11-08 17:16   --------   d--------   C:\Programfiler\Symantec Technical Support
2006-11-08 10:21   --------   d--------   C:\Programfiler\xerox
2006-11-03 14:50   --------   d--------   C:\Programfiler\Xvid
2006-11-03 14:49   643144   --a------   C:\Programfiler\XviD-1.1.2-01112006.exe
2006-11-03 12:31   --------   d---s----   C:\Documents and Settings\Bruker\Programdata\Microsoft
2006-11-03 12:30   --------   d--------   C:\Programfiler\YV12QTCodec10a2
2006-11-02 15:33   --------   d--------   C:\Documents and Settings\Bruker\Programdata\AdobeUM
2006-11-01 15:58   --------   d--------   C:\Programfiler\Soulseek
2006-11-01 14:54   180224   --a------   C:\WINDOWS\system32\xvidvfw.dll
2006-11-01 14:52   765952   --a------   C:\WINDOWS\system32\xvidcore.dll
2006-10-26 12:46   --------   d--------   C:\Documents and Settings\Bruker\Programdata\Adobe
2006-10-26 12:36   --------   d--------   C:\Documents and Settings\Bruker\Programdata\CoreFTP
2006-10-26 12:29   --------   d--------   C:\Programfiler\Lavasoft
2006-10-26 12:04   --------   d--------   C:\Programfiler\Adobe
2006-10-26 12:03   --------   d--------   C:\Programfiler\Fellesfiler\Adobe
2006-10-16 16:45   --------   d--------   C:\Programfiler\Sonic
2006-10-06 10:04   359808   --a------   C:\WINDOWS\system32\drivers\TCPIP.SYS
2006-09-28 17:12   --------   d--------   C:\Programfiler\Winamp
2006-09-25 09:46   --------   d--------   C:\Programfiler\Symantec
2006-09-17 12:56   --------   d--------   C:\Programfiler\Media Join
2006-09-15 21:52   91904   --a------   C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 21:52   124016   --a------   C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-13 06:07   1084416   --a------   C:\WINDOWS\system32\msxml3.dll
2006-09-12 14:25   --------   d--------   C:\Programfiler\uTorrent
2006-08-25 16:54   617472   --a------   C:\WINDOWS\system32\comctl32.dll
2006-08-21 13:28   16896   --a------   C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14   23040   --a------   C:\WINDOWS\system32\fltmc.exe
2006-08-16 13:00   100352   --a------   C:\WINDOWS\system32\6to4svc.dll
2006-08-10 17:06   33462508   --a------   C:\Programfiler\klmcodec156.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"RecordNow!"=""
"LemmingsRevolutionSetup.exe"="C:\\DOCUME~1\\Bruker\\SKRIVE~1\\LEMMIN~1.EXE /r"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIModeChange"="Ati2mdxx.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"Cpqset"="C:\\Programfiler\\HPQ\\Default Settings\\cpqset.exe"
"SunJavaUpdateSched"="C:\\Programfiler\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"ATIPTA"="C:\\Programfiler\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"UpdateManager"="\"C:\\Programfiler\\Fellesfiler\\Sonic\\Update Manager\\sgtray.exe\" /r"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"SynTPLpr"="C:\\Programfiler\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Programfiler\\Synaptics\\SynTP\\SynTPEnh.exe"
"HPHUPD05"="c:\\Programfiler\\Hewlett-Packard\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"HPHmon05"="C:\\WINDOWS\\system32\\hphmon05.exe"
"ccApp"="\"C:\\Programfiler\\Fellesfiler\\Symantec Shared\\ccApp.exe\""
"QuickTime Task"="\"C:\\Programfiler\\QuickTime\\qttask.exe\" -atboottime"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"MaxtorOneTouch"="C:\\PROGRA~1\\Maxtor\\OneTouch\\Utils\\OneTouch.exe"
"MXO Auto Loader"="C:\\WINDOWS\\MXOALDR.EXE"
"HP Software Update"="C:\\Programfiler\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"
"XeroxRegistation"="\"C:\\DOCUME~1\\Bruker\\LOKALE~1\\Temp\\Xerox\\EReg\\opbreg.exe\" /Startup"
@=""
"Sony Ericsson PC Suite"="\"C:\\Programfiler\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="file:///C:/DOCUME~1/Bruker/LOKALE~1/Temp/msohtml1/01/clip_image003.gif"
"SubscribedURL"="file:///C:/DOCUME~1/Bruker/LOKALE~1/Temp/msohtml1/01/clip_image003.gif"
"FriendlyName"=""
"Flags"=dword:00002001
"Position"=hex:2c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:dc,ff,0c,05,f3,99,83,7c,70,9a,80,7c,ff,ff,ff,ff,66,9a,\
80,7c,66,9a,80,7c

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Min gjeldende hjemmeside"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,20,03,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Sok pâ€ min datamaskin.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-11-09 17:13:36.49
C:\ComboFix.txt ... 06-11-09 17:13

Here's the fresh HJT (gaute.exe) log:

Logfile of HijackThis v1.99.1
Scan saved at 17:20:22, on 09.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Java\jre1.5.0_04\bin\jucheck.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\QuickTime\qttask.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe
C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programfiler\uTorrent\utorrent.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\Messenger\msmsgs.exe
C:\HJT\hijackthis\Gaute.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENONO/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [XeroxRegistation] "C:\DOCUME~1\Bruker\LOKALE~1\Temp\Xerox\EReg\opbreg.exe" /Startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LemmingsRevolutionSetup.exe] C:\DOCUME~1\Bruker\SKRIVE~1\LEMMIN~1.EXE /r
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stickies.lnk = C:\Programfiler\stickies\stickies.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

The steps I followed from Norton:
http://www.symantec.com/security_response/...-99&tabid=3

Info about the trojan:
http://www.symantec.com/security_response/...-99&tabid=1

It was found here:
C:\Documents and Settings\Bruker\Lokale innstillinger\Temporary Internet Files\Content.IE5\ODQFOPYZ\a678a071f7[1].js

Thank You!

Best regard's,
Gaute

Tech Clinic / Trojan.Downloader

« on: November 09, 2006, 05:18:49 AM »

Hi!

Yesterday my Norton Anti-Virus told me that my pc had been infected by Trojan.Downloader.
N.A.V couldn't either fix the file or delete it.
So I tried to take action by myself and followed the removal instructions by Norton:
1. Disabled system restore
2. Updated the virus definitions (using Intelligent Updater)
3. Restarting the PC in safe-mode
4. Scanning for and deleting the infected file
5. Editing the registry.

Everything up till number 4 went well

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' />
But N.A.V didn't find anything when scanning in safe-mode.
Therefore I didn't delete anything or fix number 5....

But my PC seems slower and hangs a bit. I've had trouble with trojans earlier and that
was the same symptoms.

Here's my HJT file:

Logfile of HijackThis v1.99.1
Scan saved at 11:04:45, on 09.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Java\jre1.5.0_04\bin\jucheck.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe
C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programfiler\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programfiler\uTorrent\utorrent.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENONO/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [XeroxRegistation] "C:\DOCUME~1\Bruker\LOKALE~1\Temp\Xerox\EReg\opbreg.exe" /Startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LemmingsRevolutionSetup.exe] C:\DOCUME~1\Bruker\SKRIVE~1\LEMMIN~1.EXE /r
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stickies.lnk = C:\Programfiler\stickies\stickies.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

It would be great if someone could take a look at this and guide me through some cleaning.
Perhaps the pc has some issues about to much starting up at the same time? Could something be disabled at start-up?
My PC also goes into blue-screen everytime I try to use Lavasoft Ad-aware...

Thank you!

Best regard's
Gaute

Tech Clinic / War of the Trojans

« on: September 02, 2005, 02:49:01 PM »

Hi Guestolo!
Sorry for my delay, been away with the school.
I disabled Avast and ran the Panda online scan.
It said my pc had two dialers and one other malware...(?)
Here's the result:

Incident Status Location

Adware:adware/wupd No disinfected Windows Registry
Dialer:Dialer.OK No disinfected C:\Programfiler\backup-20041015-155745-518.inf
Adware:Adware/WUpd No disinfected C:\Programfiler\backup-20041015-155745-670.inf

Are these dialers perhaps some of the reason that the pc is
a little slow?

Regard's
Gaute

Tech Clinic / War of the Trojans

« on: August 26, 2005, 10:50:47 AM »

Strange....
Just after I finished my latest reply to you I went to Panda's site
to do the online scan. After about 20 seconds the Avast told me that
Panda tried to infect my pc with a worm.

A VIRUS WAS FOUND
http:www.pandasoftware.com/activescan/as5free/motor.cab\...
Malware name: Win32.CTX
Malware type: Virus/ Worm

"Don't worry you haven' t been infected yet, just abort your connection
with the site and the malware download will be cancelled."

The same thing happened when I ran AdAware for the first time in a long time, then the Avast told me the pc was infected by the trojan.mitglieder.bi.
Isn't that strange? Doesn't Avast want me to scan with Panda?
It would be strange if Panda tried to infect my pc....
Any thoughts on this subject?
Should I still try to do a Panda scan, and ignore Avast? What do
you think?

Gaute

Tech Clinic / War of the Trojans

« on: August 26, 2005, 10:26:47 AM »

I'm sorry, I spelled it wrong It supposed to be trojan.mitglieder.bi

- Can you let me know what this is related too
Video perhaps?
C:\MOONS\MPROTECT\PMMODE.EXE

It's not video. I think it's some kind of network and virus software, it's called Moonscape.

I'll post the Panda report.

Thanks for everything Guestolo!

Here's the find1.bat:

Volumet i stasjon C er uten navn.
Volumserienummeret er 3839-B830

Innhold i C:\WINDOWS\Resources\Themes

06.08.2003 16:45 <DIR> .
06.08.2003 16:45 <DIR> ..
18.08.2005 22:34 <DIR> Luna
16.09.2002 14:00 1ÿ222 Luna.theme
16.09.2002 14:00 3ÿ025 Windows Classic.theme
2 fil(er) 4ÿ247 byte

Innhold i C:\WINDOWS\Resources\Themes\Luna

18.08.2005 22:34 <DIR> .
18.08.2005 22:34 <DIR> ..
06.08.2003 16:44 <DIR> Shell
0 fil(er) 0 byte

Innhold i C:\WINDOWS\Resources\Themes\Luna\Shell

06.08.2003 16:44 <DIR> .
06.08.2003 16:44 <DIR> ..
06.08.2003 16:45 <DIR> Homestead
06.08.2003 16:46 <DIR> Metallic
06.08.2003 16:44 <DIR> NormalColor
0 fil(er) 0 byte

Innhold i C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead

06.08.2003 16:45 <DIR> .
06.08.2003 16:45 <DIR> ..
16.09.2002 14:00 362ÿ496 shellstyle.dll
1 fil(er) 362ÿ496 byte

Innhold i C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic

06.08.2003 16:46 <DIR> .
06.08.2003 16:46 <DIR> ..
16.09.2002 14:00 362ÿ496 shellstyle.dll
1 fil(er) 362ÿ496 byte

Innhold i C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor

06.08.2003 16:44 <DIR> .
06.08.2003 16:44 <DIR> ..
16.09.2002 14:00 361ÿ472 shellstyle.dll
1 fil(er) 361ÿ472 byte

Totalt antall filer:
5 fil(er) 1ÿ090ÿ711 byte
17 mappe® 669ÿ212ÿ672 byte ledig

Here's the fresh HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 17:18:22, on 26.08.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\NOVELL\ZENRC\wuser32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Programfiler\D-Tools\daemon.exe
C:\WINDOWS\System32\dpmw32.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\MOONS\MPROTECT\PMMODE.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Telenor\ecc\ecc.exe
C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programfiler\Opera\Opera.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ZPMMode] C:\MOONS\MPROTECT\PMMODE.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124801763317
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124807107984
O17 - HKLM\System\CCS\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5CFF8CA-A6B0-425C-B019-871DEA59B464}: NameServer = 130.67.15.198
O17 - HKLM\System\CS1\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O17 - HKLM\System\CS2\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido\security suite\ewidoctrl.exe
O23 - Service: Remote management (Novell WUser Agent) - Novell, Inc. - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: WUOLservice (WUOLService) - Novell, Inc. - C:\NOVELL\ZENRC\WUOLService.exe

Tech Clinic / War of the Trojans

« on: August 23, 2005, 10:25:52 AM »

Hi Guestolo!
Thanks for taking time to help!

My computer didn't find the luna.msstyles, before nor after installation
of SP2. Strange.

And my computer actually seems works slower after the installation.
It feels that it is hanging much more. Strange...

Did my latest HJT log look ok?

Best,
Gaute

Tech Clinic / War of the Trojans

« on: August 22, 2005, 12:38:21 PM »

Hey Guestolo!

I'm in My Current Theme (translated from Norwegian...)

Under Themes tab I have these opportunities:
1. My current theme
2. Windows XP
3. Windows Standard
4. More themes on the internet
5. Search

What is servicepack 2? A Windows update?

Here's the Find.bat:
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000000

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"WCreatedUser"="1"
"ThemeActive"="0"

And the Find1.bat:

Volumet i stasjon C er uten navn.
Volumserienummeret er 3839-B830

Innhold i C:\WINDOWS\Resources\Themes

06.08.2003 16:45 <DIR> .
06.08.2003 16:45 <DIR> ..
18.08.2005 22:34 <DIR> Luna
16.09.2002 14:00 1ÿ222 Luna.theme
16.09.2002 14:00 3ÿ025 Windows Classic.theme
2 fil(er) 4ÿ247 byte

Innhold i C:\WINDOWS\Resources\Themes\Luna

18.08.2005 22:34 <DIR> .
18.08.2005 22:34 <DIR> ..
06.08.2003 16:44 <DIR> Shell
0 fil(er) 0 byte

Innhold i C:\WINDOWS\Resources\Themes\Luna\Shell

06.08.2003 16:44 <DIR> .
06.08.2003 16:44 <DIR> ..
06.08.2003 16:45 <DIR> Homestead
06.08.2003 16:46 <DIR> Metallic
06.08.2003 16:44 <DIR> NormalColor
0 fil(er) 0 byte

Innhold i C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead

06.08.2003 16:45 <DIR> .
06.08.2003 16:45 <DIR> ..
16.09.2002 14:00 362ÿ496 shellstyle.dll
1 fil(er) 362ÿ496 byte

Innhold i C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic

06.08.2003 16:46 <DIR> .
06.08.2003 16:46 <DIR> ..
16.09.2002 14:00 362ÿ496 shellstyle.dll
1 fil(er) 362ÿ496 byte

Innhold i C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor

06.08.2003 16:44 <DIR> .
06.08.2003 16:44 <DIR> ..
16.09.2002 14:00 361ÿ472 shellstyle.dll
1 fil(er) 361ÿ472 byte

Totalt antall filer:
5 fil(er) 1ÿ090ÿ711 byte
17 mappe® 1ÿ130ÿ815ÿ488 byte ledig

And the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 19:33:30, on 22.08.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\NOVELL\ZENRC\wuser32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\pctspk.exe
C:\Programfiler\D-Tools\daemon.exe
C:\WINDOWS\System32\dpmw32.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\MOONS\MPROTECT\PMMODE.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Telenor\ecc\ecc.exe
C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\explorer.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ZPMMode] C:\MOONS\MPROTECT\PMMODE.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5CFF8CA-A6B0-425C-B019-871DEA59B464}: NameServer = 130.67.15.198
O17 - HKLM\System\CS1\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O17 - HKLM\System\CS2\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido\security suite\ewidoctrl.exe
O23 - Service: Remote management (Novell WUser Agent) - Novell, Inc. - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: WUOLservice (WUOLService) - Novell, Inc. - C:\NOVELL\ZENRC\WUOLService.exe

Thanks for all your help! You do a great thing for all us novise users.

Gaute

Tech Clinic / War of the Trojans

« on: August 20, 2005, 05:30:51 AM »

Hi Guestsolo!

Just a small question;
I started my pc in safemode by using F8. That was no problem. But
when I restarted my pc again to go back to normal mode, the
"look" of XP had changed, the interface looked more like NT or
an older version of Windows. Hard edges, no shadow etc...

I've attached an image of the symatec internet site which has the look
my computer had, the "Old" look and the new design..

Perhaps its just something I need to uncheck or..

Thanks for doing a great job on the forum

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

All the best,
Gaute

Tech Clinic / War of the Trojans

« on: August 18, 2005, 06:23:42 PM »

Hi Guestsolo!
Thanks for taking the time to help out! Much appriciated!

I've done everything on your list, the ewido found 3 infections and
the Ad-aware scan was clean.

Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 01:13:38, on 19.08.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\NOVELL\ZENRC\wuser32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Programfiler\D-Tools\daemon.exe
C:\WINDOWS\System32\dpmw32.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\MOONS\MPROTECT\PMMODE.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Telenor\ecc\ecc.exe
C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ZPMMode] C:\MOONS\MPROTECT\PMMODE.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5CFF8CA-A6B0-425C-B019-871DEA59B464}: NameServer = 130.67.15.198
O17 - HKLM\System\CS1\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O17 - HKLM\System\CS2\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido\security suite\ewidoctrl.exe
O23 - Service: Remote management (Novell WUser Agent) - Novell, Inc. - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: WUOLservice (WUOLService) - Novell, Inc. - C:\NOVELL\ZENRC\WUOLService.exe

And here's the ewido scan report:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:         23:15:03, 18.08.2005
+ Report-Checksum:      289B7FA7

+ Scan result:

   HKLM\SOFTWARE\Classes\CLSID\{B825DEE4-D4B5-9286-E839-48249C3E89A6} -> Spyware.CoolWebSearch : Cleaned with backup
   C:\WINDOWS\system32\msbkf32.dat -> TrojanDownloader.Small.acv : Cleaned with backup
   C:\WINDOWS\system32\mswkcdx32.exe -> TrojanDownloader.Small.acv : Cleaned with backup

::Report End

Regard's
Gaute

Tech Clinic / War of the Trojans

« on: August 16, 2005, 04:30:49 PM »

Hi Guestsolo! Thanks for helping out!
When I ran an Avast check it found five or six entries of Trojans.

Regard's
Gaute

Here is the fresh HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 23:24:14, on 16.08.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\NOVELL\ZENRC\wuser32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Programfiler\D-Tools\daemon.exe
C:\WINDOWS\System32\dpmw32.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\MOONS\MPROTECT\PMMODE.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Telenor\ecc\ecc.exe
C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Soulseek\slsk.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ZPMMode] C:\MOONS\MPROTECT\PMMODE.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5CFF8CA-A6B0-425C-B019-871DEA59B464}: NameServer = 130.67.15.198
O17 - HKLM\System\CS1\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O17 - HKLM\System\CS2\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Remote management (Novell WUser Agent) - Novell, Inc. - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: WUOLservice (WUOLService) - Novell, Inc. - C:\NOVELL\ZENRC\WUOLService.exe

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - askburlefot

Tech Clinic / Problem with DVD-/CD-ROM player

Tech Clinic / Problem with DVD-/CD-ROM player

Tech Clinic / Could someone please take a look at my HJT-file?

Tech Clinic / Could someone please take a look at my HJT-file?

Tech Clinic / Trojan.Downloader

Tech Clinic / Trojan.Downloader

Tech Clinic / Trojan.Downloader

Tech Clinic / Trojan.Downloader

Tech Clinic / War of the Trojans

Tech Clinic / War of the Trojans

Tech Clinic / War of the Trojans

Tech Clinic / War of the Trojans

Tech Clinic / War of the Trojans

Tech Clinic / War of the Trojans

Tech Clinic / War of the Trojans

Tech Clinic / War of the Trojans