It's Cyber Monday - fantastic 70% discount

Buy Now

Limited time offer:

03

Days

/

00

Hrs

/

04

Min

/

04

Sec

Explorer.exe (?) shuts down after windows start

Posted 12/9/2007 12:54 PM
#57302
User avatar

kHaoS Advanced member

Date Joined Nov 2016
Total Posts: 47
I made a very stupid mistake by clicking on a downloaded program. Spybot resident went crazy blocking reg changes and Norton deleted 2 progs. After rebooting windows started normally, but just when desktop is loading it's like explorer.exe shuts down and the desktop goes blank. I can still see the desktop wallpaper but nothing else, and the PC is just "idle".

I tried starting in safe mode, and did a system restore from cmd but the only restore point available was about an hour before it all went haywire.

What to do?
Posted 12/9/2007 1:01 PM
#57304
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello


See if You can get explorer running again.

Start Task manager (ctrl+alt+del)

On the Applications tab, click New Task.

In the Open box, type: explorer exe, and then click OK.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/9/2007 1:24 PM
#57310
User avatar

kHaoS Advanced member

Date Joined Nov 2016
Total Posts: 47
Hello, thank you for the fast reply.

Yes I managed to start explorer.exe, but it shuts right back down. This repeats itself for like 6-7 times then stays down. This time however, spybot (which is on autostart) kicked in and is scanning as I type. I'll wait and see if something turns up.
Posted 12/9/2007 1:30 PM
#57312
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Ok :smile:




If You get a chance, see if You can do this -






Click here - ->> [color=#800080>Before posting a log[/b]





After You have run the scan tools -



Reboot normally



Post Hijackthis log along with AVG Anti-Spyware log, C: Rootlog TXT, C: combofix txt in this topic



[3] [/3]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/9/2007 2:45 PM
#57317
User avatar

kHaoS Advanced member

Date Joined Nov 2016
Total Posts: 47
Running all the scan tools now (not simultaneously), looks like it might be a while. I'll post (hopefully) results later, or tomorrow if it takes too long.

Thanks.
Posted 12/9/2007 2:53 PM
#57320
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Just take the time You need, I´ll be here tomorrow as well :smilewinkgrin:




If You can´t download combofix, use this link:

http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/9/2007 9:32 PM
#57335
User avatar

kHaoS Advanced member

Date Joined Nov 2016
Total Posts: 47
Hmm..after I ran the combofix and reboot it wouldn't even reboot properly...
I'll leave it resting over night and try booting it tomorrow.
Posted 12/10/2007 3:55 AM
#57347
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Leave combofix and run this, it just scan and don´t have to reboot -




[3][color=#0000ff>Deckard's][/color][3] [/3]








[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/10/2007 2:17 PM
#57365
User avatar

kHaoS Advanced member

Date Joined Nov 2016
Total Posts: 47
I think combofix did the job, it rebooted normally (after I unplugged a crappy USB-keyboard *doh*) and windowes seem to be running fine.
I'll run dss.exe and hijackthis and post the results just to be sure.
Be right back.
Posted 12/10/2007 2:27 PM
#57367
User avatar

kHaoS Advanced member

Date Joined Nov 2016
Total Posts: 47
Deckard's System Scanner v20071014.68
Run by JockE on 2007-12-10 15:18:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
84: 2007-12-10 14:18:10 UTC - RP316 - Deckard's System Scanner Restore Point
83: 2007-12-09 14:40:50 UTC - RP315 - ComboFix created restore point
82: 2007-12-09 13:37:05 UTC - RP314 - Spybot-S&D Spyware removal
81: 2007-12-08 16:47:47 UTC - RP313 - Återställningsåtgärd
80: 2007-12-08 15:48:47 UTC - RP312 - Last known good configuration


-- First Restore Point --
1: 2007-12-08 15:47:45 UTC - RP233 - Systemkontrollpunkt


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as JockE.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:20, on 2007-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Symantec AntiVirus\DefWatch.exe
C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program\Symantec\Symantec System Center\NSCTOP.EXE
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program\Symantec AntiVirus\Rtvscan.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program\Unlocker\UnlockerAssistant.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program\AVG Anti-Spyware 7.5\avgas.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\svchost.exe
C:\Program\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\PC Connectivity Solution\ServiceLayer.exe
C:\windows\system32\notepad.exe
C:\Documents and Settings\JockE\Mina dokument\DC\virus help\dss.exe
C:\DOCUME~1\JockE\MINADO~1\DC\virus help\JockE.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /waitstart
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: PrcView.lnk = C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Process Viewer 5.2.15.1\PrcView.exe
O4 - Startup: VPTray.lnk = C:\Program\Symantec AntiVirus\VPTray.exe
O4 - Global Startup: Personal.lnk.disabled
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\system32\shdocvw.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-10574d4585007be1.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O22 - SharedTaskScheduler: grassily - {4233ac08-a2c4-4742-a0b4-83719613d62c} - C:\WINDOWS\system32\ilmpjy.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec AntiVirus\DefWatch.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program\Cheetah\NMSAccess.exe (file missing)
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\Program\Symantec\Symantec System Center\NSCTOP.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7405 bytes

-- File Associations -----------------------------------------------------------

[COLOR=red].txt - Notepad++_file - DefaultIcon - unable to read value[/COLOR]
[COLOR=red].txt - Notepad++_file - shell\open\command - "C:\Program\Notepad++\notepad++.exe" "%1"[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AFS2K - c:\windows\system32\drivers\afs2k.sys
R1 GhPciScan (GhostPciScanner) - c:\program\symantec\norton ghost 2003\ghpciscan.sys
R1 prcmondrv - c:\windows\system32\drivers\prcmondrv1041.sys
R3 catchme - c:\docume~1\jocke\lokala~1\temp\catchme.sys (file missing)

S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing)
S3 SE27bus (Sony Ericsson Device 039 Driver driver (WDM)) - c:\windows\system32\drivers\se27bus.sys
S3 SE27mdfl (Sony Ericsson Device 039 USB WMC Modem Filter) - c:\windows\system32\drivers\se27mdfl.sys
S3 SE27mdm (Sony Ericsson Device 039 USB WMC Modem Driver) - c:\windows\system32\drivers\se27mdm.sys
S3 SE27mgmt (Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\se27mgmt.sys
S3 se27nd5 (Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)) - c:\windows\system32\drivers\se27nd5.sys
S3 SE27obex (Sony Ericsson Device 039 USB WMC OBEX Interface) - c:\windows\system32\drivers\se27obex.sys
S3 se27unic (Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)) - c:\windows\system32\drivers\se27unic.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 GhostStartService - c:\program\symantec\norton~1\ghosts~2.exe
R2 O&O Defrag - c:\windows\system32\oodag.exe
R3 ServiceLayer - "c:\program\pc connectivity solution\servicelayer.exe"

S2 NMSAccess - c:\program\cheetah\nmsaccess.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Videostyrenhet för multimedia
Device ID: PCI\VEN_4444&DEV_0016&SUBSYS_48010070&REV_01\3&61AAA01&0&50
Manufacturer:
Name: Videostyrenhet för multimedia
PNP Device ID: PCI\VEN_4444&DEV_0016&SUBSYS_48010070&REV_01\3&61AAA01&0&50
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-10-03 15:30:00 262 --a------ C:\windows\Tasks\Advanced WindowsCare.job
2007-10-03 13:37:00 330 --a------ C:\windows\Tasks\HP Usg Daily.job
2007-10-03 08:00:00 294 --a------ C:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2007-10-02 19:00:00 274 --a------ C:\windows\Tasks\AwcUpdate.job
2007-09-29 09:11:01 272 --a------ C:\windows\Tasks\AppleSoftwareUpdate.job
2007-09-12 13:38:07 308 --a------ C:\windows\Tasks\HP DArC Task #Hewlett-Packard#7600#MY37I211FXD4.job


-- Files created between 2007-11-10 and 2007-12-10 -----------------------------

2007-12-10 15:11:10 0 d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar
2007-12-10 15:11:10 0 d-------- C:\Documents and Settings\LocalService\Lokala instõllningar
2007-12-10 15:11:10 0 d-------- C:\Documents and Settings\JockE\Lokala instõllningar
2007-12-10 15:11:10 0 d-------- C:\Documents and Settings\Default User\Lokala instõllningar
2007-12-09 15:20:45 0 dr-h----- C:\Documents and Settings\JockE\Recent
2007-12-09 15:06:17 0 d-------- C:\Documents and Settings\JockE\Application Data\Grisoft
2007-12-09 15:05:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-09 15:05:26 0 d-------- C:\Program\AVG Anti-Spyware 7.5
2007-12-09 15:04:08 0 d-------- C:\Program\CCleaner
2007-12-08 17:32:48 0 d-------- C:\Documents and Settings\Administratör\Cookies
2007-12-08 17:32:48 0 d-------- C:\Documents and Settings\Administratör\Application Data
2007-12-08 17:32:48 0 d-------- C:\Documents and Settings\Administratör\Application Data\Microsoft
2007-12-08 17:32:47 262144 --ah----- C:\Documents and Settings\Administratör\NTUSER.DAT
2007-12-08 17:32:47 0 d-------- C:\Documents and Settings\Administratör\Mallar
2007-12-08 17:32:47 0 d-------- C:\Documents and Settings\Administratör\Lokala inställningar
2007-12-08 16:48:42 8126464 --a------ C:\Documents and Settings\JockE\ntuser.dat
2007-12-08 16:48:41 524288 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-12-08 16:22:15 22528 --a------ C:\windows\system32\winkve32.dll
2007-12-06 15:18:42 43520 --a------ C:\windows\system32\CmdLineExt03.dll
2007-12-05 17:15:56 286720 --a------ C:\windows\system32\NCTWMAFile2.dll
2007-12-05 17:14:15 696320 --a------ C:\windows\system32\NCTAudioInformation2.dll
2007-12-05 17:11:45 1024000 --a------ C:\windows\system32\3ivx.dll
2007-12-05 17:09:48 0 d-------- C:\Program\Audio Converter
2007-12-05 17:07:27 73216 --a------ C:\windows\ST6UNST.EXE
2007-11-24 16:18:57 0 d-------- C:\Program\Blade Runner
2007-11-24 16:17:29 299520 --a------ C:\windows\uninst.exe


-- Find3M Report ---------------------------------------------------------------

2007-12-10 15:09:14 0 d-------- C:\Program\Symantec AntiVirus
2007-12-09 15:39:25 0 d-------- C:\Program\CzDc
2007-12-07 14:27:38 0 d-------- C:\Program\Billy
2007-12-06 18:13:03 0 d-------- C:\Documents and Settings\JockE\Application Data\uTorrent
2007-12-04 21:38:34 0 d-------- C:\Documents and Settings\JockE\Application Data\Adobe
2007-11-06 16:01:37 0 d-------- C:\Program\Steam
2007-10-29 14:36:09 386268 --a------ C:\windows\system32\perfh01D.dat
2007-10-29 14:36:08 63848 --a------ C:\windows\system32\perfc01D.dat
2007-10-01 15:23:07 38437 --a------ C:\Documents and Settings\JockE\Application Data\Semikolonavgränsade värden (Windows).ADR


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2005-10-04 11:42]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 20:56]
"HPHUPD05"="C:\Program\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 04:03]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-23 04:00]
"SpybotSnD"="C:\Program\Spybot - Search & Destroy\SpybotSD.exe" [2005-04-13 00:04]
"UnlockerAssistant"="C:\Program\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 15:16]
"nwiz"="nwiz.exe" [2005-04-01 15:16 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 15:16]
"PCSuiteTrayApplication"="C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 10:19]
"!AVG Anti-Spyware"="C:\Program\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-09-02 17:20]
"Start WingMan Profiler"="C:\Program\Logitech\Profiler\lwemon.exe" [2005-04-18 11:16]
"SpybotSD TeaTimer"="C:\Program\Spybot - Search & Destroy\TeaTimer.exe" [2005-04-13 00:04]
"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2007-04-03 23:29]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\JockE\Start-meny\Program\Autostart\
PrcView.lnk - C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Process Viewer 5.2.15.1\PrcView.exe [2006-08-25 16:42:49]
VPTray.lnk - C:\Program\Symantec AntiVirus\VPTray.exe [2005-11-15 12:28:04]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Personal.lnk.disabled [2007-04-23 18:26:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)
"DisableCAD"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableCAD"=1 (0x1)
"NoRemoteRecursiveEvents"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableCAD"=0 (0x0)
"NoLogoff"=0 (0x0)
"NoRecentDocsMenu"=01000000
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4233ac08-a2c4-4742-a0b4-83719613d62c}"= C:\WINDOWS\system32\ilmpjy.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4E3F2B22-B004-4A32-B94C-48B71855BE93}"= C:\windows\system32\qommjih.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^JockE^Start-meny^Program^Autostart^VPTray.lnk]
backup=C:\WINDOWS\pss\VPTray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FilmLoop]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GhostStartTrayApp"=C:\Program\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

*Newly Created Service* - AVGASCLN



-- End of Deckard's System Scanner: finished at 2007-12-10 15:21:39 ------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:23, on 2007-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Symantec AntiVirus\DefWatch.exe
C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program\Symantec\Symantec System Center\NSCTOP.EXE
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program\Symantec AntiVirus\Rtvscan.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program\Unlocker\UnlockerAssistant.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program\AVG Anti-Spyware 7.5\avgas.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\svchost.exe
C:\Program\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\PC Connectivity Solution\ServiceLayer.exe
C:\windows\notepad.exe
C:\windows\notepad.exe
C:\Documents and Settings\JockE\Mina dokument\DC\virus help\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /waitstart
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: PrcView.lnk = C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Process Viewer 5.2.15.1\PrcView.exe
O4 - Startup: VPTray.lnk = C:\Program\Symantec AntiVirus\VPTray.exe
O4 - Global Startup: Personal.lnk.disabled
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\system32\shdocvw.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-10574d4585007be1.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O22 - SharedTaskScheduler: grassily - {4233ac08-a2c4-4742-a0b4-83719613d62c} - C:\WINDOWS\system32\ilmpjy.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec AntiVirus\DefWatch.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program\Cheetah\NMSAccess.exe (file missing)
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\Program\Symantec\Symantec System Center\NSCTOP.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7375 bytes
Posted 12/10/2007 2:42 PM
#57372
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Seems to :smile:





Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.
Click fix checked:

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)








Open notepad and copy/paste the text in the quote box below into it:

Quote:

-----------------------------------------------------

KILLALL::



File::

C:\windows\system32\winkve32.dll

C:\windows\system32\qommjih.dll





Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4E3F2B22-B004-4A32-B94C-48B71855BE93}"=-


----------------------------------------------



Save this as CFScript.txt



http://www.fromsej.saknet.dk/billeder/cfscript.gif



Referring to the picture above, drag CFScript.txt into ComboFix.exe.

ComboFix will now run a scan on your system.

It may reboot your system when it finishes. This is normal.





Post new hijackthis log along with fresh combofix log



[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/10/2007 3:20 PM
#57376
User avatar

kHaoS Advanced member

Date Joined Nov 2016
Total Posts: 47
Ok, here goes:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:13, on 2007-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Symantec AntiVirus\DefWatch.exe
C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program\Symantec\Symantec System Center\NSCTOP.EXE
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program\Symantec AntiVirus\Rtvscan.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program\Unlocker\UnlockerAssistant.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program\AVG Anti-Spyware 7.5\avgas.exe
C:\windows\system32\ctfmon.exe
C:\Program\Logitech\Profiler\lwemon.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Process Viewer 5.2.15.1\PrcView.exe
C:\Program\Symantec AntiVirus\VPTray.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\PC Connectivity Solution\ServiceLayer.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\notepad.exe
C:\Documents and Settings\JockE\Mina dokument\DC\virus help\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /waitstart
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: PrcView.lnk = C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Process Viewer 5.2.15.1\PrcView.exe
O4 - Startup: VPTray.lnk = C:\Program\Symantec AntiVirus\VPTray.exe
O4 - Global Startup: Personal.lnk.disabled
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\system32\shdocvw.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-10574d4585007be1.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O22 - SharedTaskScheduler: grassily - {4233ac08-a2c4-4742-a0b4-83719613d62c} - C:\WINDOWS\system32\ilmpjy.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec AntiVirus\DefWatch.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program\Cheetah\NMSAccess.exe (file missing)
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\Program\Symantec\Symantec System Center\NSCTOP.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7561 bytes

ComboFix 07-12-09.1 - JockE 2007-12-10 16:05:01.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.1443 [GMT 1:00]
Running from: C:\Documents and Settings\JockE\Mina dokument\DC\virus help\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\JockE\Mina dokument\CFScript.txt
* Created a new restore point

FILE
C:\windows\system32\qommjih.dll
C:\windows\system32\winkve32.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\windows\system32\winkve32.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-10 to 2007-12-10 )))))))))))))))))))))))))))))))
.

2007-12-10 15:34 . 2007-12-10 15:35 d-------- C:\Program\Process Viewer
2007-12-10 15:17 . 2007-12-10 15:17 d-------- C:\Deckard
2007-12-10 15:11 . 2007-12-10 15:11 d-------- C:\WINDOWS\system32\config\systemprofile\Lokala inställningar
2007-12-10 15:11 . 2007-12-10 15:11 d-------- C:\Documents and Settings\NetworkService\Lokala inställningar
2007-12-10 15:11 . 2007-12-10 15:11 d-------- C:\Documents and Settings\LocalService\Lokala inställningar
2007-12-10 15:11 . 2007-12-10 15:11 d-------- C:\Documents and Settings\JockE\Lokala inställningar
2007-12-10 15:11 . 2007-12-10 15:11 d-------- C:\Documents and Settings\Default User\Lokala inställningar
2007-12-10 15:11 . C:\Documents and Settings\Administrat÷r\Lokala inställningar
2007-12-09 15:06 . 2007-12-09 15:06 d-------- C:\Documents and Settings\JockE\Application Data\Grisoft
2007-12-09 15:05 . 2007-12-09 15:11 d-------- C:\Program\AVG Anti-Spyware 7.5
2007-12-09 15:05 . 2007-12-09 15:05 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-09 15:05 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-09 15:04 . 2007-12-09 15:04 d-------- C:\Program\CCleaner
2007-12-09 14:07 . 2004-08-04 01:33 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-06 15:18 . 2007-12-06 15:19 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-05 17:15 . 2007-12-05 17:15 286,720 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll
2007-12-05 17:14 . 2007-12-05 17:14 696,320 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll
2007-12-05 17:12 . 2007-12-05 17:12 315,392 --a------ C:\WINDOWS\system32\3ivxDSEncoder.ax
2007-12-05 17:11 . 2007-12-05 17:11 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
2007-12-05 17:09 . 2007-12-05 17:18 d-------- C:\Program\Audio Converter
2007-12-05 17:07 . 2007-05-02 17:43 11,482,995 --------- C:\WINDOWS\AudioConverter.CAB
2007-12-05 17:07 . 2007-12-05 17:07 245,760 --------- C:\WINDOWS\Setup1.exe
2007-12-05 17:07 . 2007-12-05 17:07 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-12-05 17:07 . 2007-12-05 17:19 11,583 --a------ C:\WINDOWS\ST6UNST.000
2007-12-05 17:07 . 2007-12-05 17:10 9,474 --a------ C:\WINDOWS\SETUP.LST
2007-11-24 16:18 . 2007-11-24 17:54 d-------- C:\Program\Blade Runner
2007-11-24 16:17 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-10 15:07 --------- d-----w C:\Program\Symantec AntiVirus
2007-12-10 14:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-09 14:39 --------- d-----w C:\Program\CzDc
2007-12-07 13:27 --------- d-----w C:\Program\Billy
2007-12-06 17:13 --------- d-----w C:\Documents and Settings\JockE\Application Data\uTorrent
2007-11-06 15:01 --------- d-----w C:\Program\Steam
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-09-02 17:20]
"Start WingMan Profiler"="C:\Program\Logitech\Profiler\lwemon.exe" [2005-04-18 11:16]
"SpybotSD TeaTimer"="C:\Program\Spybot - Search & Destroy\TeaTimer.exe" [2005-04-13 00:04]
"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2007-04-03 23:29]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2005-10-04 11:42]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 20:56]
"HPHUPD05"="C:\Program\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 04:03]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-23 04:00]
"SpybotSnD"="C:\Program\Spybot - Search & Destroy\SpybotSD.exe" [2005-04-13 00:04]
"UnlockerAssistant"="C:\Program\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]
"NvCplDaemon"="RUNDLL32.exe" [2004-09-02 17:20 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-04-01 15:16 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-09-02 17:20 C:\WINDOWS\system32\rundll32.exe]
"PCSuiteTrayApplication"="C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 10:19]
"!AVG Anti-Spyware"="C:\Program\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 16:15]

C:\Documents and Settings\JockE\Start-meny\Program\Autostart\
PrcView.lnk - C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Process Viewer 5.2.15.1\PrcView.exe [2006-08-25 16:42:49]
VPTray.lnk - C:\Program\Symantec AntiVirus\VPTray.exe [2005-11-15 12:28:04]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Personal.lnk.disabled [2007-04-23 18:26:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableCAD"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableCAD"= 0 (0x0)
"NoLogoff"= 0 (0x0)
"NoRecentDocsMenu"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{4233ac08-a2c4-4742-a0b4-83719613d62c}"= C:\WINDOWS\system32\ilmpjy.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^JockE^Start-meny^Program^Autostart^VPTray.lnk]
backup=C:\WINDOWS\pss\VPTray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FilmLoop]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-11-09 15:07 49263 --a------ C:\Program\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GhostStartTrayApp"=C:\Program\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

R1 GhPciScan;GhostPciScanner;\??\C:\Program\Symantec\Norton Ghost 2003\ghpciscan.sys
R1 prcmondrv;prcmondrv;\??\C:\WINDOWS\system32\drivers\prcmondrv1041.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\windows\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\windows\system32\drivers\WmXlCore.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\windows\system32\drivers\WmFilter.sys
S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\windows\system32\drivers\WmHidLo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\windows\system32\drivers\WmVirHid.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-03 14:30:00 C:\windows\Tasks\Advanced WindowsCare.job"
- C:\Program\Advanced WindowsCare V2\AutoCare.exe
"2007-09-29 08:11:01 C:\windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program\Apple Software Update\SoftwareUpdate.exe
"2007-10-02 18:00:00 C:\windows\Tasks\AwcUpdate.job"
- C:\Program\Advanced WindowsCare V2\AutoUpdate.exe
"2007-09-12 12:38:07 C:\windows\Tasks\HP DArC Task #Hewlett-Packard#7600#MY37I211FXD4.job"
- C:\Program\HP\hpcoretech\comp\hpdarc.exe
"2007-10-03 12:37:00 C:\windows\Tasks\HP Usg Daily.job"
- C:\Program\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2007-10-03 07:00:00 C:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program\Spybot - Search & Destroy\SpybotSD.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\windows\Explorer.EXE [6.00.2900.3156]
-> C:\Program\Unlocker\UnlockerHook.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 16:09:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-10 16:12:14 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-10 15:10
.
--- E O F ---
:confused:
Posted 12/11/2007 8:27 AM
#57398
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.
Click fix checked:

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


O22 - SharedTaskScheduler: grassily - {4233ac08-a2c4-4742-a0b4-83719613d62c} - C:\WINDOWS\system32\ilmpjy.dll (file missing)





And You´re done :smile:







How are things running now ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/12/2007 2:23 PM
#57449
User avatar

kHaoS Advanced member

Date Joined Nov 2016
Total Posts: 47
Ok, will do it now. No need to repost fresh Hijackthis-log I gather.

Things are running as they did before my idi0tic mistake, a bit sluggish maybe...

I have a couple of off-off-topic questions however:
To protect myself (I.e. my files and progz) in the future I've decided to partition my drive and install windows separate.
* What might be a preferred size on that partition?
* Is it even possible to uninstall windows from the "old" partition once I've installed it on the new one without fu**ing up the PC?

Thanx a million for your help, I value it greatly.
Posted 12/13/2007 6:04 AM
#57478
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
See if these tips can improve performance -

http://www.tweakhound.com/xp/xptweaks/supertweaks12.htm



I don´t quite understand why You will do this - ? "To protect myself"

As it seems to be a mess :smile:

I think the best thing to do is, buy new HD, then install windows there

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/13/2007 2:25 PM
#57487
User avatar

kHaoS Advanced member

Date Joined Nov 2016
Total Posts: 47
Well for one thing, I'm lazy.
I have a micro sized PC with room for only one HDD, and I don't want to reinstall all my appz and so on.
If Windows is on a separate partition, I theoretically could do a clean install when ever I need due to...
...well lets say "mistakes" :D

But nevermind that, I'll just have to take your advise and then do it right from the start.

However, the problems are not over yet, after getting through all the virus/malware removal, I:
* lost access to internet
* keep getting warnings from spybot resident that a AVG key has been deleted
Posted 12/13/2007 2:51 PM
#57489
User avatar

kHaoS Advanced member

Date Joined Nov 2016
Total Posts: 47
Oookay...so I rebooted, and the good news is that my internet connection is back online (or is it bad news maybe..hmm), apparently I have some stability issues.

Bad news is I still keep getting pop-ups from spybot resident, c/p from log follows:

2007-12-09 15:38:34 Allowed value "AutoRun" (new data: "") deleted in Command processor!
2007-12-09 15:39:00 Denied value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") changed in Browser page!
2007-12-09 15:39:03 Allowed value "Search Bar" (new data: "") deleted in Browser page!
2007-12-09 15:39:07 Allowed value "load" (new data: "") deleted in NT startup!
2007-12-09 15:50:10 Allowed value "combofix" (new data: ""C:\windows\system32\cmd.exe" /c "cd /d C:\ComboFix\ & Combobatch.bat"") added in System Startup global entry!
2007-12-09 15:50:12 Allowed value "combofix" (new data: "C:\windows\system32\cmd.exe /c C:\ComboFix\Combobatch.bat") added in System Startup global entry!
2007-12-10 15:08:55 Allowed value "" (new data: "") deleted in System Startup global entry!
2007-12-10 15:09:19 Denied value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") changed in Browser page!
2007-12-10 15:09:32 Allowed value "Search Bar" (new data: "") deleted in Browser page!
2007-12-10 15:09:37 Denied value "SearchAssistant" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm") changed in Browser page!
2007-12-10 15:09:46 Allowed value "AutoRun" (new data: "") deleted in Command processor!
2007-12-10 15:11:18 Denied value "load" (new data: "") deleted in NT startup!
2007-12-10 16:10:30 Denied value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") changed in Browser page!
2007-12-10 16:10:32 Denied value "SearchAssistant" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm") changed in Browser page!
2007-12-10 16:12:26 Denied value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") changed in Browser page!
2007-12-10 16:12:31 Denied value "SearchAssistant" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm") changed in Browser page!
2007-12-10 17:08:19 Allowed value "!AVG Anti-Spyware" (new data: "") deleted in System Startup global entry!
2007-12-10 17:23:31 Allowed value "RegistryMechanic" (new data: "") added in System Startup global entry!
2007-12-10 17:36:53 Allowed value "RegistryMechanic" (new data: "") deleted in System Startup global entry!
2007-12-10 17:38:37 Allowed value "RegistryMechanic" (new data: "") added in System Startup global entry!
2007-12-10 17:41:55 Allowed value "RegistryMechanic" (new data: "") deleted in System Startup global entry!
2007-12-10 17:49:24 Allowed value "!AVG Anti-Spyware" (new data: "") deleted in System Startup global entry!
2007-12-12 15:08:40 Allowed value "!AVG Anti-Spyware" (new data: "") deleted in System Startup global entry!
2007-12-12 15:27:55 Allowed value "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" (new data: "") deleted in Browser Helper Object!
2007-12-12 15:27:57 Allowed value "{7E853D72-626A-48EC-A868-BA8D5E23E045}" (new data: "") deleted in Browser Helper Object!
2007-12-12 15:38:41 Allowed value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") added in Browser Helper Object!
2007-12-12 16:34:09 Allowed value "!AVG Anti-Spyware" (new data: "") deleted in System Startup global entry!
2007-12-12 19:15:11 Allowed value "{8AD9C840-044E-11D1-B3E9-00805F499D93}" (new data: "") deleted in ActiveX Distribution Unit!
2007-12-12 19:15:14 Allowed value "{C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3}" (new data: "") deleted in ActiveX Distribution Unit!
2007-12-12 19:15:14 Allowed value "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}" (new data: "") deleted in ActiveX Distribution Unit!
2007-12-12 19:15:16 Allowed value "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" (new data: "") deleted in ActiveX Distribution Unit!
2007-12-12 19:15:21 Allowed value "{D27CDB6E-AE6D-11CF-96B8-444553540000}" (new data: "") deleted in ActiveX Distribution Unit!
2007-12-13 15:02:03 Allowed value "!AVG Anti-Spyware" (new data: "") deleted in System Startup global entry!
2007-12-13 15:02:14 Allowed value "SpybotSnD" (new data: ""C:\Program\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart") added in System Startup global entry!
2007-12-13 15:02:21 Allowed value "SpybotSnD" (new data: ""C:\Program\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart") changed in System Startup global entry!
2007-12-13 15:02:42 Denied value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") changed in Browser page!
2007-12-13 15:02:43 Denied value "SearchAssistant" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm") changed in Browser page!
2007-12-13 15:04:51 Denied value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") changed in Browser page!
2007-12-13 15:04:51 Denied value "SearchAssistant" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm") changed in Browser page!
2007-12-13 15:34:40 Denied value "SpybotSnD" (new data: ""C:\Program\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart") changed in System Startup global entry!
2007-12-13 15:35:04 Allowed value "!AVG Anti-Spyware" (new data: "") deleted in System Startup global entry!

Can I fix this with Combofix? Maybe this should be in a new thread, seeing as the original issue is solved?
Posted 12/14/2007 7:55 AM
#57516
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
To tell the truth, am I not good when it comes to Spybot´Teatimer. I have Spybot on My Machine, but I don´t have Teatimer activated, as I think it´s quite annoying :rolleyes:




I´ll therefore suggest You ask in Spybot´s own forum:

http://forums.spybot.info/index.php

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/14/2007 1:53 PM
#57527
User avatar

kHaoS Advanced member

Date Joined Nov 2016
Total Posts: 47
No worries.
I uninstalled SpyBot and downloaded SuperAntiSpyWare, did a full sweep and it fixed a bunch of stuff for me.
I also ran the latest Registry Mechanic and it fixed roughly 400 registryproblems.
Now things are running very smoothly, but to be absolutely sure I'll run hijackthis and combofix and post fresh logs here, and maybe you can reassure me that all is well?
Posted 12/14/2007 2:50 PM
#57530
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Just post the log´s and I´ll check them

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/14/2007 7:15 PM
#57536
User avatar

kHaoS Advanced member

Date Joined Nov 2016
Total Posts: 47
I also abandoned firefox and went over to Opera, but been having some DNS issues.
Ok, here goes.
__________________________________________________________________________
ComboFix 07-12-09.1 - JockE 2007-12-14 19:59:15.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.1469 [GMT 1:00]
Running from: C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Virus Removal Tools\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-14 to 2007-12-14 )))))))))))))))))))))))))))))))
.

2007-12-13 18:03 . 2007-12-13 19:39 d-------- C:\Program\SUPERAntiSpyware
2007-12-13 18:03 . 2007-12-13 18:03 d-------- C:\Program\Delade filer\Wise Installation Wizard
2007-12-13 18:03 . 2007-12-13 18:03 d-------- C:\Documents and Settings\JockE\Application Data\SUPERAntiSpyware.com
2007-12-13 18:03 . 2007-12-13 18:03 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-13 03:00 . 2007-12-13 03:03 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-12-10 15:34 . 2007-12-10 15:35 d-------- C:\Program\Process Viewer
2007-12-10 15:17 . 2007-12-10 15:17 d-------- C:\Deckard
2007-12-10 15:11 . 2007-12-10 16:12 d-------- C:\WINDOWS\system32\config\systemprofile\Lokala instõllningar
2007-12-10 15:11 . 2007-12-10 16:12 d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar
2007-12-10 15:11 . 2007-12-10 16:12 d-------- C:\Documents and Settings\LocalService\Lokala instõllningar
2007-12-10 15:11 . 2007-12-10 16:12 d-------- C:\Documents and Settings\JockE\Lokala instõllningar
2007-12-10 15:11 . 2007-12-10 16:12 d-------- C:\Documents and Settings\Default User\Lokala instõllningar
2007-12-10 15:11 . 2007-12-10 16:12 d-------- C:\Documents and Settings\Administrat÷r\Lokala instõllningar
2007-12-09 15:05 . 2007-12-09 15:05 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-09 15:04 . 2007-12-09 15:04 d-------- C:\Program\CCleaner
2007-12-09 14:07 . 2004-08-04 01:33 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-08 17:32 . 2007-12-08 17:48 d-------- C:\Documents and Settings\Administratör\Mallar
2007-12-08 17:32 . 2007-12-13 15:04 d-------- C:\Documents and Settings\Administratör\Lokala inställningar
2007-12-06 15:18 . 2007-12-06 15:19 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-05 17:15 . 2007-12-05 17:15 286,720 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll
2007-12-05 17:14 . 2007-12-05 17:14 696,320 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll
2007-12-05 17:12 . 2007-12-05 17:12 315,392 --a------ C:\WINDOWS\system32\3ivxDSEncoder.ax
2007-12-05 17:11 . 2007-12-05 17:11 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
2007-12-05 17:09 . 2007-12-05 17:18 d-------- C:\Program\Audio Converter
2007-12-05 17:07 . 2007-05-02 17:43 11,482,995 --------- C:\WINDOWS\AudioConverter.CAB
2007-12-05 17:07 . 2007-12-05 17:07 245,760 --------- C:\WINDOWS\Setup1.exe
2007-12-05 17:07 . 2007-12-05 17:07 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-12-05 17:07 . 2007-12-05 17:19 11,583 --a------ C:\WINDOWS\ST6UNST.000
2007-12-05 17:07 . 2007-12-05 17:10 9,474 --a------ C:\WINDOWS\SETUP.LST
2007-11-24 16:18 . 2007-11-24 17:54 d-------- C:\Program\Blade Runner
2007-11-24 16:17 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-14 13:49 --------- d-----w C:\Program\Symantec AntiVirus
2007-12-13 20:10 --------- d-----w C:\Program\DivX
2007-12-13 18:35 --------- d-----w C:\Program\CzDc
2007-12-13 18:24 --------- d-----w C:\Documents and Settings\JockE\Application Data\uTorrent
2007-12-13 17:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-07 13:27 --------- d-----w C:\Program\Billy
2007-11-13 10:25 20,480 ----a-w C:\windows\system32\drivers\secdrv.sys
2007-11-06 15:01 --------- d-----w C:\Program\Steam
2007-10-29 22:45 1,289,728 ----a-w C:\windows\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\windows\system32\wmasf.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-09-02 17:20]
"Start WingMan Profiler"="C:\Program\Logitech\Profiler\lwemon.exe" [2005-04-18 11:16]
"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
"SUPERAntiSpyware"="C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-25 22:52]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2005-10-04 11:42]
"UnlockerAssistant"="C:\Program\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]
"NvCplDaemon"="RUNDLL32.exe" [2004-09-02 17:20 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-04-01 15:16 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-09-02 17:20 C:\WINDOWS\system32\rundll32.exe]
"RegistryMechanic"="C:\Program\Registry Mechanic\RegMech.exe" [2007-08-20 11:58]

C:\Documents and Settings\JockE\Start-meny\Program\Autostart\
PrcView.lnk - C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Process Viewer 5.2.15.1\PrcView.exe [2006-08-25 16:42:49]
VPTray.lnk - C:\Program\Symantec AntiVirus\VPTray.exe [2005-11-15 12:28:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableCAD"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableCAD"= 0 (0x0)
"NoLogoff"= 0 (0x0)
"NoRecentDocsMenu"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FilmLoop]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-05-07 20:56 188416 --a------ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2003-05-23 04:00 483328 -ra------ C:\WINDOWS\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2003-05-23 04:03 49152 -ra--c--- C:\Program\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-11-09 15:07 49263 --a--c--- C:\Program\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GhostStartTrayApp"=C:\Program\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

R1 GhPciScan;GhostPciScanner;\??\C:\Program\Symantec\Norton Ghost 2003\ghpciscan.sys
R1 prcmondrv;prcmondrv;\??\C:\WINDOWS\system32\drivers\prcmondrv1041.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\windows\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\windows\system32\drivers\WmXlCore.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\windows\system32\drivers\WmFilter.sys
S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\windows\system32\drivers\WmHidLo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\windows\system32\drivers\WmVirHid.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-03 14:30:00 C:\windows\Tasks\Advanced WindowsCare.job"
- C:\Program\Advanced WindowsCare V2\AutoCare.exe
"2007-09-29 08:11:01 C:\windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program\Apple Software Update\SoftwareUpdate.exe
"2007-10-02 18:00:00 C:\windows\Tasks\AwcUpdate.job"
- C:\Program\Advanced WindowsCare V2\AutoUpdate.ex
"2007-09-12 12:38:07 C:\windows\Tasks\HP DArC Task #Hewlett-Packard#7600#MY37I211FXD4.job"
- C:\Program\HP\hpcoretech\comp\hpdarc.exe
"2007-10-03 12:37:00 C:\windows\Tasks\HP Usg Daily.job"
- C:\Program\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2007-12-12 14:35:55 C:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program\Spybot - Search & Destroy\SpybotSD.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\windows\explorer.exe [6.00.2900.3156]
-> C:\Program\Unlocker\UnlockerHook.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-14 20:00:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-14 20:01:32
C:\ComboFix2.txt ... 2007-12-13 15:04
C:\ComboFix3.txt ... 2007-12-10 16:12
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:58, on 2007-12-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program\Symantec AntiVirus\DefWatch.exe
C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program\Symantec\Symantec System Center\NSCTOP.EXE
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program\Unlocker\UnlockerAssistant.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\windows\system32\ctfmon.exe
C:\Program\Logitech\Profiler\lwemon.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Process Viewer 5.2.15.1\PrcView.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program\Symantec AntiVirus\Rtvscan.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\PC Connectivity Solution\ServiceLayer.exe
C:\Program\Symantec AntiVirus\VPTray.exe
C:\Program\Registry Mechanic\RegMech.exe
C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Virus Removal Tools\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PrcView.lnk = C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Process Viewer 5.2.15.1\PrcView.exe
O4 - Startup: VPTray.lnk = C:\Program\Symantec AntiVirus\VPTray.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\system32\shdocvw.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-10574d4585007be1.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_10) -
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec AntiVirus\DefWatch.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\Program\Symantec\Symantec System Center\NSCTOP.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6667 bytes
Posted 12/14/2007 7:17 PM
#57537
User avatar

kHaoS Advanced member

Date Joined Nov 2016
Total Posts: 47
I got this error message after ComboFix had run:
"nircmd.cfexe - Unable to find a component" "This application couldn't be started due to ConnAPI.DLL is missing. This problem may be fixed by re-installing the application" (Translated from Swedish by me, so the actual message may read otherwise in its original)

Ok, here goes.
__________________________________________________________________________
ComboFix 07-12-09.1 - JockE 2007-12-14 19:59:15.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.1469 [GMT 1:00]
Running from: C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Virus Removal Tools\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-14 to 2007-12-14 )))))))))))))))))))))))))))))))
.

2007-12-13 18:03 . 2007-12-13 19:39 d-------- C:\Program\SUPERAntiSpyware
2007-12-13 18:03 . 2007-12-13 18:03 d-------- C:\Program\Delade filer\Wise Installation Wizard
2007-12-13 18:03 . 2007-12-13 18:03 d-------- C:\Documents and Settings\JockE\Application Data\SUPERAntiSpyware.com
2007-12-13 18:03 . 2007-12-13 18:03 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-13 03:00 . 2007-12-13 03:03 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-12-10 15:34 . 2007-12-10 15:35 d-------- C:\Program\Process Viewer
2007-12-10 15:17 . 2007-12-10 15:17 d-------- C:\Deckard
2007-12-10 15:11 . 2007-12-10 16:12 d-------- C:\WINDOWS\system32\config\systemprofile\Lokala instõllningar
2007-12-10 15:11 . 2007-12-10 16:12 d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar
2007-12-10 15:11 . 2007-12-10 16:12 d-------- C:\Documents and Settings\LocalService\Lokala instõllningar
2007-12-10 15:11 . 2007-12-10 16:12 d-------- C:\Documents and Settings\JockE\Lokala instõllningar
2007-12-10 15:11 . 2007-12-10 16:12 d-------- C:\Documents and Settings\Default User\Lokala instõllningar
2007-12-10 15:11 . 2007-12-10 16:12 d-------- C:\Documents and Settings\Administrat÷r\Lokala instõllningar
2007-12-09 15:05 . 2007-12-09 15:05 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-09 15:04 . 2007-12-09 15:04 d-------- C:\Program\CCleaner
2007-12-09 14:07 . 2004-08-04 01:33 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-08 17:32 . 2007-12-08 17:48 d-------- C:\Documents and Settings\Administratör\Mallar
2007-12-08 17:32 . 2007-12-13 15:04 d-------- C:\Documents and Settings\Administratör\Lokala inställningar
2007-12-06 15:18 . 2007-12-06 15:19 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-05 17:15 . 2007-12-05 17:15 286,720 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll
2007-12-05 17:14 . 2007-12-05 17:14 696,320 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll
2007-12-05 17:12 . 2007-12-05 17:12 315,392 --a------ C:\WINDOWS\system32\3ivxDSEncoder.ax
2007-12-05 17:11 . 2007-12-05 17:11 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
2007-12-05 17:09 . 2007-12-05 17:18 d-------- C:\Program\Audio Converter
2007-12-05 17:07 . 2007-05-02 17:43 11,482,995 --------- C:\WINDOWS\AudioConverter.CAB
2007-12-05 17:07 . 2007-12-05 17:07 245,760 --------- C:\WINDOWS\Setup1.exe
2007-12-05 17:07 . 2007-12-05 17:07 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-12-05 17:07 . 2007-12-05 17:19 11,583 --a------ C:\WINDOWS\ST6UNST.000
2007-12-05 17:07 . 2007-12-05 17:10 9,474 --a------ C:\WINDOWS\SETUP.LST
2007-11-24 16:18 . 2007-11-24 17:54 d-------- C:\Program\Blade Runner
2007-11-24 16:17 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-14 13:49 --------- d-----w C:\Program\Symantec AntiVirus
2007-12-13 20:10 --------- d-----w C:\Program\DivX
2007-12-13 18:35 --------- d-----w C:\Program\CzDc
2007-12-13 18:24 --------- d-----w C:\Documents and Settings\JockE\Application Data\uTorrent
2007-12-13 17:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-07 13:27 --------- d-----w C:\Program\Billy
2007-11-13 10:25 20,480 ----a-w C:\windows\system32\drivers\secdrv.sys
2007-11-06 15:01 --------- d-----w C:\Program\Steam
2007-10-29 22:45 1,289,728 ----a-w C:\windows\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\windows\system32\wmasf.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-09-02 17:20]
"Start WingMan Profiler"="C:\Program\Logitech\Profiler\lwemon.exe" [2005-04-18 11:16]
"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
"SUPERAntiSpyware"="C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-25 22:52]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2005-10-04 11:42]
"UnlockerAssistant"="C:\Program\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]
"NvCplDaemon"="RUNDLL32.exe" [2004-09-02 17:20 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-04-01 15:16 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-09-02 17:20 C:\WINDOWS\system32\rundll32.exe]
"RegistryMechanic"="C:\Program\Registry Mechanic\RegMech.exe" [2007-08-20 11:58]

C:\Documents and Settings\JockE\Start-meny\Program\Autostart\
PrcView.lnk - C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Process Viewer 5.2.15.1\PrcView.exe [2006-08-25 16:42:49]
VPTray.lnk - C:\Program\Symantec AntiVirus\VPTray.exe [2005-11-15 12:28:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableCAD"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableCAD"= 0 (0x0)
"NoLogoff"= 0 (0x0)
"NoRecentDocsMenu"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FilmLoop]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-05-07 20:56 188416 --a------ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2003-05-23 04:00 483328 -ra------ C:\WINDOWS\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2003-05-23 04:03 49152 -ra--c--- C:\Program\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-11-09 15:07 49263 --a--c--- C:\Program\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GhostStartTrayApp"=C:\Program\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

R1 GhPciScan;GhostPciScanner;\??\C:\Program\Symantec\Norton Ghost 2003\ghpciscan.sys
R1 prcmondrv;prcmondrv;\??\C:\WINDOWS\system32\drivers\prcmondrv1041.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\windows\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\windows\system32\drivers\WmXlCore.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\windows\system32\drivers\WmFilter.sys
S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\windows\system32\drivers\WmHidLo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\windows\system32\drivers\WmVirHid.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-03 14:30:00 C:\windows\Tasks\Advanced WindowsCare.job"
- C:\Program\Advanced WindowsCare V2\AutoCare.exe
"2007-09-29 08:11:01 C:\windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program\Apple Software Update\SoftwareUpdate.exe
"2007-10-02 18:00:00 C:\windows\Tasks\AwcUpdate.job"
- C:\Program\Advanced WindowsCare V2\AutoUpdate.ex
"2007-09-12 12:38:07 C:\windows\Tasks\HP DArC Task #Hewlett-Packard#7600#MY37I211FXD4.job"
- C:\Program\HP\hpcoretech\comp\hpdarc.exe
"2007-10-03 12:37:00 C:\windows\Tasks\HP Usg Daily.job"
- C:\Program\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2007-12-12 14:35:55 C:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program\Spybot - Search & Destroy\SpybotSD.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\windows\explorer.exe [6.00.2900.3156]
-> C:\Program\Unlocker\UnlockerHook.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-14 20:00:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-14 20:01:32
C:\ComboFix2.txt ... 2007-12-13 15:04
C:\ComboFix3.txt ... 2007-12-10 16:12
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:58, on 2007-12-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program\Symantec AntiVirus\DefWatch.exe
C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program\Symantec\Symantec System Center\NSCTOP.EXE
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program\Unlocker\UnlockerAssistant.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\windows\system32\ctfmon.exe
C:\Program\Logitech\Profiler\lwemon.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Process Viewer 5.2.15.1\PrcView.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program\Symantec AntiVirus\Rtvscan.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\PC Connectivity Solution\ServiceLayer.exe
C:\Program\Symantec AntiVirus\VPTray.exe
C:\Program\Registry Mechanic\RegMech.exe
C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Virus Removal Tools\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PrcView.lnk = C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Process Viewer 5.2.15.1\PrcView.exe
O4 - Startup: VPTray.lnk = C:\Program\Symantec AntiVirus\VPTray.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\system32\shdocvw.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-10574d4585007be1.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_10) -
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec AntiVirus\DefWatch.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\Program\Symantec\Symantec System Center\NSCTOP.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6667 bytes
Posted 12/15/2007 3:18 PM
#57576
User avatar

Free Antivirus Experts Member

Date Joined Nov 2016
Total Posts: 3
I think you have threat on your computer you can try
http://www.free-antivirus-experts.com/online_scan.html

I think it will help you lot.
" Up till now no one has offered on their website Free Internet Security Expert, with whom you can talk in real time and get your problems solved, and get information about from which URL to download, or how to Remove Certain Virus which has infected your system.

Http://www.Free-Antivirus-Experts.com
Posted 12/16/2007 7:10 AM
#57610
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Looks clean.






How are things running now ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/16/2007 7:01 PM
#57614
User avatar

kHaoS Advanced member

Date Joined Nov 2016
Total Posts: 47
Good to hear.
Well I switched from Mozilla to Opera and that really shortened the loading times.
System is running smooth again, so thank you very much for all your help.
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Sunday, December 4, 2016, 5:05 AM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 3 new threads and 4 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.