I need help to understand my Log.

miriam · 01-02-2008, 12:20 PM

Thank you!

/miriam

**Pancake** · 01-03-2008, 08:50 PM

Hi
You have a Trojan.And a bit of a cleanup would not go amiss either.....

This will help to identify malware on your system.
Please download Combofix from any of these locations:

Here
or
Here

Save ComboFix to the desktop and please ensure that you disable realtime security/virus programs that monitors your PC while CF is running.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Caution...Never run and remove files using ComboFix without being supervised by a security analyst.

miriam · 01-07-2008, 10:24 PM

ComboFix 08-01-07.5 - Annica Johansson 2008-01-08 6:11:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.246 [GMT 1:00]
Running from: C:\Documents and Settings\Annica Johansson\Skrivbord\ComboFix.exe
* Created a new restore point
.
ADS - system32: deleted 69550 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Annica Johansson\Application Data\adprotect nospam
C:\Documents and Settings\Annica Johansson\Application Data\adprotect nospam\learn.dat
C:\Documents and Settings\Annica Johansson\Application Data\adprotect nospam\Settings.xml
C:\Documents and Settings\Annica Johansson\Application Data\adprotect nospam\storage.dat
C:\Documents and Settings\Annica Johansson\Application Data\adprotect nospam\WhiteList.xml
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\components
C:\WINDOWS\system32\plugin1.dat
C:\WINDOWS\system32\SysPr.prx

.
((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 )))))))))))))))))))))))))))))))
.

2008-01-08 06:04 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 04:06 . 2008-01-08 05:06 <KAT> d-------- C:\Program\Free FLV Converter
2008-01-08 03:08 . 2008-01-08 03:08 <KAT> d-------- C:\Program\UnH Solutions
2008-01-03 05:17 . 2008-01-04 14:38 <KAT> d-------- C:\Program\X Plugin Manager
2008-01-02 23:10 . 2008-01-02 23:10 359,808 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS.ORIGINAL
2008-01-02 20:08 . 2008-01-02 20:08 <KAT> d-------- C:\Program\Trend Micro
2008-01-01 13:41 . 2008-01-01 13:41 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-01-01 13:41 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nmwcd.sys
2008-01-01 13:41 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\SYSTEM32\nmwcdcocls.dll
2008-01-01 13:41 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nmwcdcm.sys
2008-01-01 13:41 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nmwcdcj.sys
2008-01-01 13:41 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nmwcdc.sys
2008-01-01 12:52 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2007-12-29 16:57 . 2007-12-31 01:11 <KAT> d-------- C:\HammerAutosave
2007-12-27 17:22 . 2007-12-27 17:22 <KAT> d-------- C:\Program\Ubisoft
2007-12-27 17:22 . 2000-03-17 08:21 69,632 --a------ C:\WINDOWS\SYSTEM32\xmltok.dll
2007-12-27 17:22 . 2000-03-17 08:21 36,864 --a------ C:\WINDOWS\SYSTEM32\xmlparse.dll
2007-12-27 17:22 . 2002-04-24 12:43 35,840 --a------ C:\WINDOWS\SYSTEM32\comdlg32.oca
2007-12-27 17:22 . 2002-04-09 17:23 29,184 --a------ C:\WINDOWS\SYSTEM32\MSINET.oca
2007-12-27 17:22 . 2002-10-17 10:35 26,096 --a------ C:\WINDOWS\SYSTEM32\xmlinst.exe
2007-12-27 17:22 . 2002-01-07 16:30 24,576 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
2007-12-27 03:24 . 2007-12-27 03:24 <KAT> d-------- C:\Documents and Settings\Annica Johansson\Application Data\PC Tools
2007-12-27 03:17 . 2008-01-08 06:08 <KAT> d-------- C:\Program\PC Tools AntiVirus
2007-12-27 03:17 . 2007-12-27 03:17 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2007-12-27 03:17 . 2007-09-17 13:38 22,528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AVHook.sys
2007-12-27 03:17 . 2007-09-17 13:38 15,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AVRec.sys
2007-12-27 03:17 . 2007-09-17 13:38 15,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AVFilter.sys
2007-12-26 01:52 . 2007-12-27 12:43 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\dumb pure bind support
2007-12-26 01:49 . 2007-12-26 01:49 <KAT> d-------- C:\My Downloads
2007-12-21 22:44 . 2007-12-21 22:44 <KAT> d-------- C:\Program\Delade filer\logishrd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 23:23 --------- d--h--w C:\Program\InstallShield Installation Information
2008-01-02 22:59 --------- d-----w C:\Documents and Settings\Annica Johansson\Application Data\uTorrent
2008-01-02 22:10 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-01-02 22:10 359,808 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\TCPIP.SYS
2008-01-01 12:41 --------- d-----w C:\Program\Nokia
2008-01-01 12:39 --------- d-----w C:\Program\Delade filer\Nokia
2008-01-01 12:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-01-01 12:08 --------- d-----w C:\Documents and Settings\Annica Johansson\Application Data\Nokia
2008-01-01 11:52 --------- d-----w C:\Program\Java
2007-12-25 19:42 --------- d-----w C:\Documents and Settings\Annica Johansson\Application Data\mIRC
2007-12-25 19:35 --------- d-----w C:\Program\mIRC
2007-12-24 03:36 4 ----a-w C:\Documents and Settings\All Users\Application Data\913DD24.DAT
2007-12-23 08:20 --------- d-----w C:\Program\MilkShape 3D 1.8.0
2007-12-21 21:19 --------- d-----w C:\Program\QuickTime
2007-12-21 21:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-21 19:49 --------- d-----w C:\Program\Polygon Cruncher
2007-11-18 03:15 --------- d-----w C:\Documents and Settings\Annica Johansson\Application Data\Notepad++
2007-11-18 03:04 --------- d-----w C:\Program\Notepad++
2007-11-14 07:29 450,560 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 10:19 3,079,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-29 22:45 1,289,728 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:45 1,289,728 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-25 16:57 8,462,336 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-22 23:28 21,840 ----atw C:\WINDOWS\SYSTEM32\SIntfNT.dll
2007-10-22 23:28 17,212 ----atw C:\WINDOWS\SYSTEM32\SIntf32.dll
2007-10-22 23:28 12,067 ----atw C:\WINDOWS\SYSTEM32\SIntf16.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
2007-10-17 00:28 107,134 ----a-w C:\WINDOWS\UninstallFirefox.exe
2007-10-12 01:00 490,008 ----a-w C:\WINDOWS\SYSTEM32\LVUI2.dll
2007-10-12 01:00 465,432 ----a-w C:\WINDOWS\SYSTEM32\LVUI2RC.dll
2007-10-12 00:57 416,280 ----a-w C:\WINDOWS\SYSTEM32\lvcodec2.dll
2007-10-12 00:57 195,096 ----a-w C:\WINDOWS\SYSTEM32\lvci1150.dll
2007-10-12 00:18 21,138 ----a-w C:\WINDOWS\SYSTEM32\Repository.reg
2007-10-11 06:14 96,768 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
2007-10-11 06:14 659,968 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-10-11 06:14 615,424 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-10-11 06:14 55,808 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-10-11 06:14 532,480 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-10-11 06:14 474,112 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
2007-10-11 06:14 449,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-10-11 06:14 39,424 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2007-10-11 06:14 357,888 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2007-10-11 06:14 251,392 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
2007-10-11 06:14 205,312 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-10-11 06:14 16,384 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-10-11 06:14 151,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
2007-10-11 06:14 146,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-10-11 06:14 1,494,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
2007-10-11 06:14 1,055,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
2007-10-11 06:14 1,023,488 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
2007-10-10 11:16 18,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2005-04-09 20:17 5,532,719 ----a-w C:\Documents and Settings\Annica Johansson\Steam-Down(2005-01-18).exe
2003-08-27 13:19 36,963 ----a-r C:\Program\Delade filer\SM1updtr.dll
2003-12-16 16:41 32 --sha-w C:\WINDOWS\{B7147B22-654B-4CB9-86E9-A038E36FDF85}.dat
2007-09-22 02:07 118,564 --sh--r C:\WINDOWS\SYSTEM32\data.dat
2006-07-31 11:01 562,265 --sh--w C:\WINDOWS\SYSTEM32\ttvwa.bak2
2006-07-31 17:50 527 --sh--w C:\WINDOWS\SYSTEM32\ttvwa.ini2
2003-12-16 16:41 32 --sha-w C:\WINDOWS\SYSTEM32\{A7D13EE7-3435-46F7-8618-3054CA7526A3}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{202a961f-23ae-42b1-9505-ffe3c818d717}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{873eb32d-ae1a-4183-89bd-45a77f761be4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E14DCE67-8FB7-4721-8149-179BAA4D792C}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --a------ C:\Program\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 19:19 68856]
"catsrv"="C:\Documents and Settings\Annica Johansson\Policies\catsrv.exe" [2007-04-09 23:26 626176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]
"catsrv"="C:\Documents and Settings\Annica Johansson\Policies\catsrv.exe" [2007-04-09 23:26 626176]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
"nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920]
"PCTAVApp"="C:\Program\PC Tools AntiVirus\PCTAV.exe" [2007-10-04 15:44 1082664]
"UnlockerAssistant"="C:\Program\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19 15872]
"PCSuiteTrayApplication"="C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10 271360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:34 15360]
"Nokia.PCSync"="C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winccf32]
winccf32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 14:10 271360 C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 18:19 15872 C:\Program\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-11-21 18:38 35328 C:\Program\Winamp\winampa.exe

S3 Amps2prt;Trust Ami PS/2 Port Mouse Driver (6);C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2001-10-19 13:57]
S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2001-09-24 08:39]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\system32\DRIVERS\LV551AV.sys [2001-09-24 08:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autoplay.exe

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F1060000-CA50-BA05-C4B1-B1408D28E0E7}]
C:\WINDOWS\svchost.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-08 06:14:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-08 6:15:41
ComboFix-quarantined-files.txt 2008-01-08 05:15:33
.
2008-01-03 23:08:03 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:22:22, on 2008-01-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Documents and Settings\Annica Johansson\Policies\catsrv.exe
C:\Program\Java\jre1.6.0_03\bin\jusched.exe
C:\Program\PC Tools AntiVirus\PCTAV.exe
C:\Program\Unlocker\UnlockerAssistant.exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program\PC Connectivity Solution\ServiceLayer.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dansbandsdax.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login1.comhem.se
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {E14DCE67-8FB7-4721-8149-179BAA4D792C} - (no file)
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O3 - Toolbar: Protection Bar - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file)
O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [catsrv] C:\Documents and Settings\Annica Johansson\Policies\catsrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [catsrv] C:\Documents and Settings\Annica Johansson\Policies\catsrv.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.6.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.1.74.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ss...temsoappro.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1844dfc7645ce1e...p/RdxIE601.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab31267.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O21 - SSODL: coursings - {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - (no file)
O21 - SSODL: hemadynamometer - {6076d2b1-634c-4685-843b-f826045ea5dc} - (no file)
O22 - SharedTaskScheduler: {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - coursings - (no file)
O22 - SharedTaskScheduler: hemadynamometer - {6076d2b1-634c-4685-843b-f826045ea5dc} - (no file)
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10461 bytes

**Pancake** · 01-07-2008, 11:06 PM

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O2 - BHO: (no name) - {E14DCE67-8FB7-4721-8149-179BAA4D792C} - (no file)
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O3 - Toolbar: Protection Bar - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file)
O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O21 - SSODL: coursings - {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - (no file)
O21 - SSODL: hemadynamometer - {6076d2b1-634c-4685-843b-f826045ea5dc} - (no file)
O22 - SharedTaskScheduler: {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - coursings - (no file)
O22 - SharedTaskScheduler: hemadynamometer - {6076d2b1-634c-4685-843b-f826045ea5dc} - (no file)

miriam · 01-07-2008, 11:55 PM

How does it look

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:53:19, on 2008-01-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Documents and Settings\Annica Johansson\Policies\catsrv.exe
C:\Program\Java\jre1.6.0_03\bin\jusched.exe
C:\Program\PC Tools AntiVirus\PCTAV.exe
C:\Program\Unlocker\UnlockerAssistant.exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\explorer.exe
C:\Program\PC Connectivity Solution\ServiceLayer.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dansbandsdax.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login1.comhem.se
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [catsrv] C:\Documents and Settings\Annica Johansson\Policies\catsrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [catsrv] C:\Documents and Settings\Annica Johansson\Policies\catsrv.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.6.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.1.74.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ss...temsoappro.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1844dfc7645ce1e...p/RdxIE601.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab31267.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9623 bytes

**Pancake** · 01-08-2008, 01:15 AM

Just one more time.....and you are done.

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.6.cab

miriam · 01-08-2008, 12:01 PM

Okay here you go.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:40, on 2008-01-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program\DAEMON Tools\daemon.exe
C:\Documents and Settings\Annica Johansson\Policies\catsrv.exe
C:\Program\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\PC Tools AntiVirus\PCTAV.exe
C:\Program\Unlocker\UnlockerAssistant.exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program\TortoiseSVN\bin\TSVNCache.exe
C:\Program\MSN Messenger\usnsvc.exe
C:\Program\Notepad++\notepad++.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dansbandsdax.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login1.comhem.se
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [catsrv] C:\Documents and Settings\Annica Johansson\Policies\catsrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [catsrv] C:\Documents and Settings\Annica Johansson\Policies\catsrv.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.1.74.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ss...temsoappro.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1844dfc7645ce1e...p/RdxIE601.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab31267.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9339 bytes

Thank You!

**Pancake** · 01-08-2008, 03:02 PM

This will clear away any of the files and folders that were created by ComboFix.

Go to :
Start > Run then copy and paste the following highlighted text below and click OK.

Quote:

ComboFix /u

miriam · 01-08-2008, 03:06 PM

Thank You!!

01-03-2008, 08:50 PM	#2 (permalink)
Pancake Security Team (ret.) Join Date: Nov 2003 Location: Victoria.Australia Posts: 7,404 OS: XP Pro SP3	Re: I need help to understand my Log. Hi You have a Trojan.And a bit of a cleanup would not go amiss either..... This will help to identify malware on your system. Please download Combofix from any of these locations: Here or Here Save ComboFix to the desktop and please ensure that you disable realtime security/virus programs that monitors your PC while CF is running. 1. Double click on combo.exe & follow the prompts. 2. When finished, it will produce a logfile located at C:\ComboFix.txt. 3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for. Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang. Caution...Never run and remove files using ComboFix without being supervised by a security analyst. __________________ Eddy

01-07-2008, 10:24 PM	#3 (permalink)
miriam Registered User Join Date: Jan 2008 Posts: 6 OS: winxp sp2	Re: I need help to understand my Log. ComboFix 08-01-07.5 - Annica Johansson 2008-01-08 6:11:49.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.246 [GMT 1:00] Running from: C:\Documents and Settings\Annica Johansson\Skrivbord\ComboFix.exe * Created a new restore point . ADS - system32: deleted 69550 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Annica Johansson\Application Data\adprotect nospam C:\Documents and Settings\Annica Johansson\Application Data\adprotect nospam\learn.dat C:\Documents and Settings\Annica Johansson\Application Data\adprotect nospam\Settings.xml C:\Documents and Settings\Annica Johansson\Application Data\adprotect nospam\storage.dat C:\Documents and Settings\Annica Johansson\Application Data\adprotect nospam\WhiteList.xml C:\WINDOWS\svchost.exe C:\WINDOWS\system32\components C:\WINDOWS\system32\plugin1.dat C:\WINDOWS\system32\SysPr.prx . ((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 ))))))))))))))))))))))))))))))) . 2008-01-08 06:04 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-08 04:06 . 2008-01-08 05:06 <KAT> d-------- C:\Program\Free FLV Converter 2008-01-08 03:08 . 2008-01-08 03:08 <KAT> d-------- C:\Program\UnH Solutions 2008-01-03 05:17 . 2008-01-04 14:38 <KAT> d-------- C:\Program\X Plugin Manager 2008-01-02 23:10 . 2008-01-02 23:10 359,808 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS.ORIGINAL 2008-01-02 20:08 . 2008-01-02 20:08 <KAT> d-------- C:\Program\Trend Micro 2008-01-01 13:41 . 2008-01-01 13:41 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Nokia 2008-01-01 13:41 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nmwcd.sys 2008-01-01 13:41 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\SYSTEM32\nmwcdcocls.dll 2008-01-01 13:41 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nmwcdcm.sys 2008-01-01 13:41 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nmwcdcj.sys 2008-01-01 13:41 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nmwcdc.sys 2008-01-01 12:52 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl 2007-12-29 16:57 . 2007-12-31 01:11 <KAT> d-------- C:\HammerAutosave 2007-12-27 17:22 . 2007-12-27 17:22 <KAT> d-------- C:\Program\Ubisoft 2007-12-27 17:22 . 2000-03-17 08:21 69,632 --a------ C:\WINDOWS\SYSTEM32\xmltok.dll 2007-12-27 17:22 . 2000-03-17 08:21 36,864 --a------ C:\WINDOWS\SYSTEM32\xmlparse.dll 2007-12-27 17:22 . 2002-04-24 12:43 35,840 --a------ C:\WINDOWS\SYSTEM32\comdlg32.oca 2007-12-27 17:22 . 2002-04-09 17:23 29,184 --a------ C:\WINDOWS\SYSTEM32\MSINET.oca 2007-12-27 17:22 . 2002-10-17 10:35 26,096 --a------ C:\WINDOWS\SYSTEM32\xmlinst.exe 2007-12-27 17:22 . 2002-01-07 16:30 24,576 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll 2007-12-27 03:24 . 2007-12-27 03:24 <KAT> d-------- C:\Documents and Settings\Annica Johansson\Application Data\PC Tools 2007-12-27 03:17 . 2008-01-08 06:08 <KAT> d-------- C:\Program\PC Tools AntiVirus 2007-12-27 03:17 . 2007-12-27 03:17 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools 2007-12-27 03:17 . 2007-09-17 13:38 22,528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AVHook.sys 2007-12-27 03:17 . 2007-09-17 13:38 15,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AVRec.sys 2007-12-27 03:17 . 2007-09-17 13:38 15,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AVFilter.sys 2007-12-26 01:52 . 2007-12-27 12:43 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\dumb pure bind support 2007-12-26 01:49 . 2007-12-26 01:49 <KAT> d-------- C:\My Downloads 2007-12-21 22:44 . 2007-12-21 22:44 <KAT> d-------- C:\Program\Delade filer\logishrd . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-02 23:23 --------- d--h--w C:\Program\InstallShield Installation Information 2008-01-02 22:59 --------- d-----w C:\Documents and Settings\Annica Johansson\Application Data\uTorrent 2008-01-02 22:10 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS 2008-01-02 22:10 359,808 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\TCPIP.SYS 2008-01-01 12:41 --------- d-----w C:\Program\Nokia 2008-01-01 12:39 --------- d-----w C:\Program\Delade filer\Nokia 2008-01-01 12:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations 2008-01-01 12:08 --------- d-----w C:\Documents and Settings\Annica Johansson\Application Data\Nokia 2008-01-01 11:52 --------- d-----w C:\Program\Java 2007-12-25 19:42 --------- d-----w C:\Documents and Settings\Annica Johansson\Application Data\mIRC 2007-12-25 19:35 --------- d-----w C:\Program\mIRC 2007-12-24 03:36 4 ----a-w C:\Documents and Settings\All Users\Application Data\913DD24.DAT 2007-12-23 08:20 --------- d-----w C:\Program\MilkShape 3D 1.8.0 2007-12-21 21:19 --------- d-----w C:\Program\QuickTime 2007-12-21 21:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-21 19:49 --------- d-----w C:\Program\Polygon Cruncher 2007-11-18 03:15 --------- d-----w C:\Documents and Settings\Annica Johansson\Application Data\Notepad++ 2007-11-18 03:04 --------- d-----w C:\Program\Notepad++ 2007-11-14 07:29 450,560 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-30 10:19 3,079,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll 2007-10-29 22:45 1,289,728 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll 2007-10-29 22:45 1,289,728 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll 2007-10-25 16:57 8,462,336 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll 2007-10-22 23:28 21,840 ----atw C:\WINDOWS\SYSTEM32\SIntfNT.dll 2007-10-22 23:28 17,212 ----atw C:\WINDOWS\SYSTEM32\SIntf32.dll 2007-10-22 23:28 12,067 ----atw C:\WINDOWS\SYSTEM32\SIntf16.dll 2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll 2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll 2007-10-17 00:28 107,134 ----a-w C:\WINDOWS\UninstallFirefox.exe 2007-10-12 01:00 490,008 ----a-w C:\WINDOWS\SYSTEM32\LVUI2.dll 2007-10-12 01:00 465,432 ----a-w C:\WINDOWS\SYSTEM32\LVUI2RC.dll 2007-10-12 00:57 416,280 ----a-w C:\WINDOWS\SYSTEM32\lvcodec2.dll 2007-10-12 00:57 195,096 ----a-w C:\WINDOWS\SYSTEM32\lvci1150.dll 2007-10-12 00:18 21,138 ----a-w C:\WINDOWS\SYSTEM32\Repository.reg 2007-10-11 06:14 96,768 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll 2007-10-11 06:14 659,968 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll 2007-10-11 06:14 615,424 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll 2007-10-11 06:14 55,808 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll 2007-10-11 06:14 532,480 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll 2007-10-11 06:14 474,112 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll 2007-10-11 06:14 449,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll 2007-10-11 06:14 39,424 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll 2007-10-11 06:14 357,888 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll 2007-10-11 06:14 251,392 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll 2007-10-11 06:14 205,312 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll 2007-10-11 06:14 16,384 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll 2007-10-11 06:14 151,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll 2007-10-11 06:14 146,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll 2007-10-11 06:14 1,494,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll 2007-10-11 06:14 1,055,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll 2007-10-11 06:14 1,023,488 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll 2007-10-10 11:16 18,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe 2005-04-09 20:17 5,532,719 ----a-w C:\Documents and Settings\Annica Johansson\Steam-Down(2005-01-18).exe 2003-08-27 13:19 36,963 ----a-r C:\Program\Delade filer\SM1updtr.dll 2003-12-16 16:41 32 --sha-w C:\WINDOWS\{B7147B22-654B-4CB9-86E9-A038E36FDF85}.dat 2007-09-22 02:07 118,564 --sh--r C:\WINDOWS\SYSTEM32\data.dat 2006-07-31 11:01 562,265 --sh--w C:\WINDOWS\SYSTEM32\ttvwa.bak2 2006-07-31 17:50 527 --sh--w C:\WINDOWS\SYSTEM32\ttvwa.ini2 2003-12-16 16:41 32 --sha-w C:\WINDOWS\SYSTEM32\{A7D13EE7-3435-46F7-8618-3054CA7526A3}.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{202a961f-23ae-42b1-9505-ffe3c818d717}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{873eb32d-ae1a-4183-89bd-45a77f761be4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E14DCE67-8FB7-4721-8149-179BAA4D792C}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN] @={30351346-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN] @={30351347-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN] @={30351348-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN] @={3035134B-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN] @={3035134C-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN] @={3035134D-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN] @={3035134E-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 19:19 68856] "catsrv"="C:\Documents and Settings\Annica Johansson\Policies\catsrv.exe" [2007-04-09 23:26 626176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784] "catsrv"="C:\Documents and Settings\Annica Johansson\Policies\catsrv.exe" [2007-04-09 23:26 626176] "SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432] "nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920] "PCTAVApp"="C:\Program\PC Tools AntiVirus\PCTAV.exe" [2007-10-04 15:44 1082664] "UnlockerAssistant"="C:\Program\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19 15872] "PCSuiteTrayApplication"="C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10 271360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:34 15360] "Nokia.PCSync"="C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winccf32] winccf32.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2007-06-18 14:10 271360 C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] --a------ 2006-09-07 18:19 15872 C:\Program\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2006-11-21 18:38 35328 C:\Program\Winamp\winampa.exe S3 Amps2prt;Trust Ami PS/2 Port Mouse Driver (6);C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2001-10-19 13:57] S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2001-09-24 08:39] S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\system32\DRIVERS\LV551AV.sys [2001-09-24 08:42] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\autoplay.exe Newly Created Service - PROCEXP90 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F1060000-CA50-BA05-C4B1-B1408D28E0E7}] C:\WINDOWS\svchost.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-08 06:14:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-01-08 6:15:41 ComboFix-quarantined-files.txt 2008-01-08 05:15:33 . 2008-01-03 23:08:03 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:22:22, on 2008-01-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program\PC Tools AntiVirus\PCTAVSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program\DAEMON Tools\daemon.exe C:\Documents and Settings\Annica Johansson\Policies\catsrv.exe C:\Program\Java\jre1.6.0_03\bin\jusched.exe C:\Program\PC Tools AntiVirus\PCTAV.exe C:\Program\Unlocker\UnlockerAssistant.exe C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program\TortoiseSVN\bin\TSVNCache.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program\PC Connectivity Solution\ServiceLayer.exe C:\Program\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dansbandsdax.se/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login1.comhem.se R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {E14DCE67-8FB7-4721-8149-179BAA4D792C} - (no file) O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file) O3 - Toolbar: Protection Bar - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file) O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [catsrv] C:\Documents and Settings\Annica Johansson\Policies\catsrv.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PCTAVApp] "C:\Program\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [catsrv] C:\Documents and Settings\Annica Johansson\Policies\catsrv.exe -AutoStart O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.6.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.1.74.cab O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ss...temsoappro.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1844dfc7645ce1e...p/RdxIE601.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab31267.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing) O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file) O21 - SSODL: coursings - {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - (no file) O21 - SSODL: hemadynamometer - {6076d2b1-634c-4685-843b-f826045ea5dc} - (no file) O22 - SharedTaskScheduler: {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - coursings - (no file) O22 - SharedTaskScheduler: hemadynamometer - {6076d2b1-634c-4685-843b-f826045ea5dc} - (no file) O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program\PC Tools AntiVirus\PCTAVSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe -- End of file - 10461 bytes

01-07-2008, 11:06 PM	#4 (permalink)
Pancake Security Team (ret.) Join Date: Nov 2003 Location: Victoria.Australia Posts: 7,404 OS: XP Pro SP3	Re: I need help to understand my Log. Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT. O2 - BHO: (no name) - {E14DCE67-8FB7-4721-8149-179BAA4D792C} - (no file) O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file) O3 - Toolbar: Protection Bar - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file) O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file) O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing) O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file) O21 - SSODL: coursings - {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - (no file) O21 - SSODL: hemadynamometer - {6076d2b1-634c-4685-843b-f826045ea5dc} - (no file) O22 - SharedTaskScheduler: {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - coursings - (no file) O22 - SharedTaskScheduler: hemadynamometer - {6076d2b1-634c-4685-843b-f826045ea5dc} - (no file) __________________ Eddy

01-07-2008, 11:55 PM	#5 (permalink)
miriam Registered User Join Date: Jan 2008 Posts: 6 OS: winxp sp2	Re: I need help to understand my Log. How does it look Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:53:19, on 2008-01-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program\PC Tools AntiVirus\PCTAVSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program\DAEMON Tools\daemon.exe C:\Documents and Settings\Annica Johansson\Policies\catsrv.exe C:\Program\Java\jre1.6.0_03\bin\jusched.exe C:\Program\PC Tools AntiVirus\PCTAV.exe C:\Program\Unlocker\UnlockerAssistant.exe C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program\TortoiseSVN\bin\TSVNCache.exe C:\WINDOWS\explorer.exe C:\Program\PC Connectivity Solution\ServiceLayer.exe C:\Program\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dansbandsdax.se/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login1.comhem.se R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [catsrv] C:\Documents and Settings\Annica Johansson\Policies\catsrv.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PCTAVApp] "C:\Program\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [catsrv] C:\Documents and Settings\Annica Johansson\Policies\catsrv.exe -AutoStart O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.6.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.1.74.cab O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ss...temsoappro.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1844dfc7645ce1e...p/RdxIE601.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab31267.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program\PC Tools AntiVirus\PCTAVSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9623 bytes

01-08-2008, 01:15 AM	#6 (permalink)
Pancake Security Team (ret.) Join Date: Nov 2003 Location: Victoria.Australia Posts: 7,404 OS: XP Pro SP3	Re: I need help to understand my Log. Just one more time.....and you are done. Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - (no file) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.6.cab __________________ Eddy

01-08-2008, 12:01 PM	#7 (permalink)
miriam Registered User Join Date: Jan 2008 Posts: 6 OS: winxp sp2	Re: I need help to understand my Log. Okay here you go. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:00:40, on 2008-01-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program\DAEMON Tools\daemon.exe C:\Documents and Settings\Annica Johansson\Policies\catsrv.exe C:\Program\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program\PC Tools AntiVirus\PCTAV.exe C:\Program\Unlocker\UnlockerAssistant.exe C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\GEARSEC.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program\PC Tools AntiVirus\PCTAVSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program\TortoiseSVN\bin\TSVNCache.exe C:\Program\MSN Messenger\usnsvc.exe C:\Program\Notepad++\notepad++.exe C:\Program\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dansbandsdax.se/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login1.comhem.se R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [catsrv] C:\Documents and Settings\Annica Johansson\Policies\catsrv.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PCTAVApp] "C:\Program\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [catsrv] C:\Documents and Settings\Annica Johansson\Policies\catsrv.exe -AutoStart O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.1.74.cab O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ss...temsoappro.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1844dfc7645ce1e...p/RdxIE601.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab31267.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program\PC Tools AntiVirus\PCTAVSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9339 bytes Thank You!

01-08-2008, 03:06 PM	#9 (permalink)
miriam Registered User Join Date: Jan 2008 Posts: 6 OS: winxp sp2	Re: I need help to understand my Log. Thank You!!