HiJack log

tweaker

tweaker

VIP Member
I'm a member at a Swedish forum which isnt computer related. I know a user there who has problems with popups etc on her machine. I also believe the startpage is changed, redirects to some "errorsafe" site or something like that, popups when surfing and whatnot. (errorsafe.se)?

Anyway here is her log:


Logfile of HijackThis v1.99.1
Scan saved at 17:37:28, on 2006-07-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program\ASUS\Power4 Gear\BatteryLife.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Norman\bin\ZLH.EXE
C:\Program\QuickTime\qttask.exe
C:\Program\HP\Digital Imaging\Promotions\HPpromo.exe
C:\Program\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\HP\hpcoretech\hpcmpmgr.exe
C:\Program\Java\jre1.5.0_06\bin\jusched.exe
C:\Program\Winamp\winampa.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Creative\MediaSource\Detector\CTDetect.exe
C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\Smartscaps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Norman\Npf\BIN\npfmsg2.exe
C:\Norman\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program\Winamp\winamp.exe
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dgc.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.dgc.se
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPpromo psc 2500 series] "C:\Program\HP\Digital Imaging\Promotions\HPpromo.exe" /N "psc 2500 series" -r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Certificate Mover.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http:\\www.dgc.se
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab?url=http://www.eroz.wezelius.se/Galleri1/ThumbnailFrame.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/03a4e4d501eba3545718/netzip/RdxIE601.cab
O16 - DPF: {83873F92-B99B-400A-9E36-52B5F4970FB7} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/sv/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe
 
Last edited:
Have them run Ewido in safemode.

Download, install, update and scan your system with the free version of Ewido Security Suite:
1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display "Update successful"), exit Ewido and boot into safe mode:

Restart your computer, and begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.


Now open Ewido, click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file. Please restart normally, then paste the contents of the text file to this thread, along with a new HijackThis log.
 
Ok thanks Buzz, I have forwarded your post and will report back here when she's gone through the steps.
 
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 01:29:21 2006-07-06

+ Scan result:



C:\Documents and Settings\Christian\Mina dokument\Downloads\TrojanHunter.v4.5.Build.924.WinAll.Cracked-CRD\TrojanHunter.v4.5.Build.924.WinAll\c9f0055a.rar/Crack.zip/Crack/THGuard.exe -> Backdoor.Rbot : No action taken.
C:\Documents and Settings\Christian\Mina dokument\Downloads\TrojanHunter.v4.5.Build.924.WinAll.Cracked-CRD\TrojanHunter.v4.5.Build.924.WinAll\c9f0055a\Crack.zip/Crack/THGuard.exe -> Backdoor.Rbot : No action taken.
C:\Documents and Settings\Christian\Mina dokument\Downloads\TrojanHunter.v4.5.Build.924.WinAll.Cracked-CRD\TrojanHunter.v4.5.Build.924.WinAll\c9f0055a\c9f0055a\Crack\THGuard.exe -> Backdoor.Rbot : No action taken.
C:\Documents and Settings\Christian\Mina dokument\Downloads\TrojanHunter.v4.5.Build.924.WinAll.Cracked-CRD\c9f0055a.zip/c9f0055a.rar/Crack.zip/Crack/THGuard.exe -> Backdoor.Rbot : No action taken.
C:\Documents and Settings\Christian\Lokala inställningar\Temporary Internet Files\Content.IE5\OFZZEG1H\tzd[1].htm -> Not-A-Virus.Exploit.HTML.Mht : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.8:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.9:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Maria\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.364:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Adition : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.362:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.363:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\Maria\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : No action taken.
:mozilla.26:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.27:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Maria\Cookies\maria@adtech[1].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Ulla\Cookies\ulla@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Maria\Cookies\maria@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Ulla\Cookies\ulla@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Maria\Cookies\maria@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Ulla\Cookies\ulla@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Belstat : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Maria\Cookies\maria@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Maria\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.56:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.57:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.58:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.59:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.60:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.61:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.62:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Maria\Cookies\maria@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.63:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Centrport : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@centrport[2].txt -> TrackingCookie.Centrport : No action taken.
C:\Documents and Settings\Maria\Cookies\maria@centrport[1].txt -> TrackingCookie.Centrport : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@clickbank[1].txt -> TrackingCookie.Clickbank : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Clickhype : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Maria\Cookies\maria@commission-junction[1].txt -> TrackingCookie.Commission-junction : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Counted : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][2].txt -> TrackingCookie.Dbbsrv : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Maria\Cookies\maria@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Ulla\Cookies\ulla@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@estat[1].txt -> TrackingCookie.Estat : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.377:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.37:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.38:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Maria\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Maria\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Ulla\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Maria\Cookies\maria@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Maria\Cookies\maria@gator[2].txt -> TrackingCookie.Gator : No action taken.
C:\Documents and Settings\Ulla\Cookies\ulla@gator[1].txt -> TrackingCookie.Gator : No action taken.
:mozilla.298:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.299:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.300:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
C:\Documents and Settings\Maria\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Maria\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Maria\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Maria\Cookies\maria@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@hotlog[1].txt -> TrackingCookie.Hotlog : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Itrack : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@ivwbox[1].txt -> TrackingCookie.Ivwbox : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@kmpads[2].txt -> TrackingCookie.Kmpads : No action taken.
C:\Documents and Settings\Maria\Cookies\maria@linksynergy[2].txt -> TrackingCookie.Linksynergy : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Maria\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Maria\Cookies\maria@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Ulla\Cookies\ulla@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\Maria\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.224:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.225:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Onestat : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@overture[2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@paycounter[2].txt -> TrackingCookie.Paycounter : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Paypopup : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Maria\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@pro-market[2].txt -> TrackingCookie.Pro-market : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@qksrv[1].txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.182:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Maria\Cookies\maria@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Ulla\Cookies\ulla@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Realcastmedia : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Realtracker : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@revenue[1].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\Maria\Cookies\maria@revenue[1].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.214:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.215:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.216:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.217:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.55:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Maria\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Maria\Cookies\maria@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.221:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Spylog : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@spylog[1].txt -> TrackingCookie.Spylog : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@starware[2].txt -> TrackingCookie.Starware : No action taken.
:mozilla.226:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.227:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.228:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.229:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.230:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Maria\Cookies\maria@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.246:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.247:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.248:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.249:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.250:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.251:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.252:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.253:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Maria\Cookies\maria@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Ulla\Cookies\ulla@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.254:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.255:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.256:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.257:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Maria\Cookies\maria@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@trafic[1].txt -> TrackingCookie.Trafic : No action taken.
:mozilla.261:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.262:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Maria\Cookies\maria@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.22:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.23:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.24:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@valueclick[2].txt -> TrackingCookie.Valueclick : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][2].txt -> TrackingCookie.Web-stat : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@webstat[1].txt -> TrackingCookie.Web-stat : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@weborama[1].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Maria\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][2].txt -> TrackingCookie.Wegcash : No action taken.
:mozilla.357:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\bk2ecssx.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@yadro[2].txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\Christian\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Christian\Cookies\christian@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Maria\Cookies\maria@zedo[2].txt -> TrackingCookie.Zedo : No action taken.


::Report end
 
New HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 01:43:55, on 2006-07-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program\ewido anti-spyware 4.0\guard.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\Smartscaps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\Norman\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program\ASUS\Power4 Gear\BatteryLife.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Norman\bin\ZLH.EXE
C:\Program\QuickTime\qttask.exe
C:\Program\HP\Digital Imaging\Promotions\HPpromo.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\HP\hpcoretech\hpcmpmgr.exe
C:\Program\Java\jre1.5.0_06\bin\jusched.exe
C:\Program\Winamp\winampa.exe
C:\Program\ewido anti-spyware 4.0\ewido.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Creative\MediaSource\Detector\CTDetect.exe
C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\Nikon\PictureProject\NkbMonitor.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Norman\Npf\BIN\npfmsg2.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dgc.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.dgc.se
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPpromo psc 2500 series] "C:\Program\HP\Digital Imaging\Promotions\HPpromo.exe" /N "psc 2500 series" -r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Certificate Mover.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http:\\www.dgc.se
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab?url=http://www.eroz.wezelius.se/Galleri1/ThumbnailFrame.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/03a4e4d501eba3545718/netzip/RdxIE601.cab
O16 - DPF: {83873F92-B99B-400A-9E36-52B5F4970FB7} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/sv/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program\ewido anti-spyware 4.0\guard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe
 
She chose to take no action when running Ewido, she needs to run it again and choose "remove" and "perform action on all infections" (or words to that effect). Her cracked vesion of TrojanHunter will stop working, tho. :o
Tell her to download and run Ccleaner before Ewido to delete all those cookies.
It's a strange one, looks like Vundo but no sign in the log.
Try Vundofix, just post the log from that, no need for another Hijackthis log.

Download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
 
Ok thanks, I have forwarded this as well. Lets see what is happening later on. I'll be out of town for a while though so my CF browsing may decrease somewhat the upcoming week/s.

I'll keep her progress posted.
 
You must log in or register to reply here.
Back
Top