spyware + very slow computer

12345 · 02-15-2006, 05:56 AM

this is an windows ME 2000 computer, 4 years old. and its very slow, and got spy-ware.. i need help to:
- remove all spyware/prevent them for getting installed
- making computer faster

12345 · 02-15-2006, 07:31 AM

oh. i guess i need a hijacklog:

Scan saved at 15:30:50, on 18.04.2002
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
C:\WINNT\System32\svchost.exe
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINNT\system32\r?gsvr32.exe
C:\Programfiler\amsr\uatt.exe
C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Documents and Settings\terje\Skrivebord\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - URLSearchHook: (no name) - {B34B7765-9DA6-B80D-D62E-BF3EC60077BC} - C:\WINNT\system32\mojtnjn.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {07CCA093-4F07-61A7-22E2-63834DFFCCE9} - C:\WINNT\system32\wnyd.dll (file missing)
O2 - BHO: (no name) - {7957C768-77F9-5206-F7E8-01D5FA72E69D} - C:\WINNT\system32\rrqvkn.dll (file missing)
O2 - BHO: (no name) - {B07E3BCA-C935-ABCB-5570-AFC1ECD431A5} - C:\WINNT\system32\ekel.dll (file missing)
O2 - BHO: (no name) - {B34B7765-9DA6-B80D-D62E-BF3EC60077BC} - C:\WINNT\system32\mojtnjn.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [BeClean Start-Up Clean] C:\Programfiler\BeClean\BeClean.exe /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Djvasufs] C:\WINNT\system32\r?gsvr32.exe
O4 - HKCU\..\Run: [Raar] "C:\Programfiler\amsr\uatt.exe" -vt mt
O4 - HKCU\..\Run: [WinFixer2006] "C:\Programfiler\WinFixer_2006\uwfx6.exe" /min
O4 - Global Startup: BTTray.lnk = C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Programfiler\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/...er/Install.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/Ms...cab?10,0,910,0
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt03.com/dialer/internazionale_ver11.CAB
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spysp...cabinstall.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINNT\system32\btxppanel.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

sUBs · 02-15-2006, 11:51 AM

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *

Download & install - CleanUp.exe (not recommended for WinXP64)

Download & extract it to it's own folder - About Buster.zip.

Download the file attached - Purity.zip
Save it on your desktop. We shall be needing it in Safe Mode

Download and install Ewido Security Suite

When installing, under "Additional Options",
- uncheck - Install background guard
Have Ewido update itself & then exit the program.

If you are having problems with the updater, you can use this link to manually update Ewido

'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downlaoding.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

* * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *

Do a HijackThis scan & place a check next to these items and select "Fix checked":

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - {B34B7765-9DA6-B80D-D62E-BF3EC60077BC} - C:\WINNT\system32\mojtnjn.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {07CCA093-4F07-61A7-22E2-63834DFFCCE9} - C:\WINNT\system32\wnyd.dll (file missing)
O2 - BHO: (no name) - {7957C768-77F9-5206-F7E8-01D5FA72E69D} - C:\WINNT\system32\rrqvkn.dll (file missing)
O2 - BHO: (no name) - {B07E3BCA-C935-ABCB-5570-AFC1ECD431A5} - C:\WINNT\system32\ekel.dll (file missing)
O2 - BHO: (no name) - {B34B7765-9DA6-B80D-D62E-BF3EC60077BC} - C:\WINNT\system32\mojtnjn.dll
O4 - HKCU\..\Run: [Djvasufs] C:\WINNT\system32\r?gsvr32.exe
O4 - HKCU\..\Run: [Raar] "C:\Programfiler\amsr\uatt.exe" -vt mt
O4 - HKCU\..\Run: [WinFixer2006] "C:\Programfiler\WinFixer_2006\uwfx6.exe" /min
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/...er/Install.cab
O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt03.com/dialer/internazionale_ver11.CAB
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spysp...cabinstall.cab

* * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * *

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the option to run Windows in Safe Mode.

* * * * * * UN-INSTALLING PROGRAMS * * * * * * * * * * * * * *

Go to Start -> Control Panel -> Add or Remove Programs and uninstall the following programs:

WinFixer_2006

Please note any other programs that you dont recognize in that list in your next response

* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *

If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools -> Folder Options -> View tab.

Tick - 'Show hidden files and folder'
Untick - 'Hide file extensions for known types'
Untick - 'Hide protected operating system files'
Click Yes to confirm & then click OK

Locate and delete the following files/folders: (let me know if you fail to find/delete any)

C:\Programfiler\amsr\
C:\WINNT\system32\mojtnjn.dll
C:\WINNT\system32\wnyd.dll
C:\WINNT\system32\rrqvkn.dll
C:\WINNT\system32\ekel.dll
C:\WINNT\system32\mojtnjn.dll
C:\Programfiler\WinFixer_2006\

* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *

Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider initially to Standard CleanUp!
3. Uncheck the following:

Delete Newsgroup cache
Delete Newsgroup Subscriptions
Scan local drives for temporary files

4. Click OK
5. Press the CleanUp! button to start the program.
6. Do NOT reboot/logoff if prompted.

* CleanUp! will not create any backups!!

* * * * * * RUNNING ADDITIONAL SCANNERS * * * * * * * * * * *

From within Purity.zip, double click purity.bat & allow it to run
It shall produce a log (C:\G_Purity.txt) to post back here

* * * * * *

Run About Buster and click - Begin Removal.
Locate 'Ab LogFile.txt' (... in the same folder as AboutBuster) and post it in your next reply.

* * * * * *

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click Complete System Scan to begin scanning.
Click OK when prompted to clean files

With the first file it prompts to clean, select the option:

"Perform action on all infections"
.Choose clean and click OK.

Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.

* * * * * * REBOOT TO NORMAL MODE * * * * * * * * * * * * * *

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

* * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * *

In your next post, please include fresh logs from:

HiJackThis

C:\G_Purity.txt

Online scan

About Buster

Ewido

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

12345 · 02-15-2006, 03:11 PM

C:\Programfiler\amsr - found, deleted
C:\WINNT\system32\mojtnjn.dll - not found
C:\WINNT\system32\wnyd.dll - not found
C:\WINNT\system32\rrqvkn.dll - not found
C:\WINNT\system32\ekel.dll - not found
C:\WINNT\system32\mojtnjn.dll - not found
C:\Programfiler\WinFixer_2006\ - not found, but i searched for winfixer and it found a cookie and a folder winfixer 2005
( C:\Programfiler\Fellesfiler) i deleted both.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 21:38:53, 18.04.2002
+ Report-Checksum: 4CEBF6E8

+ Scan result:

HKLM\SOFTWARE\PowerScan -> Adware.PowerScan : Cleaned with backup
HKU\S-1-5-21-1229272821-1682526488-1957994488-1001\Software\PowerScan -> Adware.PowerScan : Cleaned with backup
C:\Documents and Settings\terje\Lokale innstillinger\Programdata\Microsoft\Internet Explorer\V0.26.dat -> Trojan.Dialer.fy : Cleaned with backup
:mozilla.22:C:\Documents and Settings\terje\Programdata\Mozilla\Firefox\Profiles\g6xmfzi6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.25:C:\Documents and Settings\terje\Programdata\Mozilla\Firefox\Profiles\g6xmfzi6.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.26:C:\Documents and Settings\terje\Programdata\Mozilla\Firefox\Profiles\g6xmfzi6.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\terje\Skrivebord\backups\backup-20020418-202237-427.dll -> Adware.PurityScan : Cleaned with backup
C:\Program Files\Znwvdq\Dxqx.exe -> Trojan.Small.cy : Cleaned with backup
C:\Programfiler\Fellesfiler\GMT\gtrawbm.fil -> Adware.Gator : Cleaned with backup
C:\Programfiler\Fellesfiler\tepjteaf\rlbnnpjd\lnpnepna.exe -> Adware.Gator : Cleaned with backup
C:\Programfiler\Fellesfiler\tepjteaf\tpenlceppn\dhppelhnn.exe -> Adware.Gator : Cleaned with backup
C:\Programfiler\WebSecureAlert\WebSecureAlert.exe -> Adware.Gator : Cleaned with backup
C:\Programfiler\WebSecureAlert\WSAHelper.dll -> Adware.DashBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00003907.dll -> Adware.PurityScan : Cleaned with backup
C:\RECYCLER\NPROTECT\00004052.rbf -> Logger.Agent.gk : Cleaned with backup
C:\RECYCLER\NPROTECT\00004112.dll -> Adware.DownloadWare : Cleaned with backup
:mozilla.16:C:\RECYCLER\NPROTECT\00004131.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.17:C:\RECYCLER\NPROTECT\00004131.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00004134.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.16:C:\RECYCLER\NPROTECT\00004134.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00004249.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.16:C:\RECYCLER\NPROTECT\00004249.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.17:C:\RECYCLER\NPROTECT\00004250.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00004250.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00004252.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.20:C:\RECYCLER\NPROTECT\00004252.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00004256.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.24:C:\RECYCLER\NPROTECT\00004256.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00004259.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.24:C:\RECYCLER\NPROTECT\00004259.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00004266.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.20:C:\RECYCLER\NPROTECT\00004266.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.21:C:\RECYCLER\NPROTECT\00004268.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00004268.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.21:C:\RECYCLER\NPROTECT\00004269.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00004269.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.6:C:\RECYCLER\NPROTECT\00004278.MOZ -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00004278.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00004278.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00004280.MOZ -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00004280.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00004280.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00004283.MOZ -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.26:C:\RECYCLER\NPROTECT\00004283.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.27:C:\RECYCLER\NPROTECT\00004283.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00004307.MOZ -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.26:C:\RECYCLER\NPROTECT\00004307.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.27:C:\RECYCLER\NPROTECT\00004307.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00004308.MOZ -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.25:C:\RECYCLER\NPROTECT\00004308.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.26:C:\RECYCLER\NPROTECT\00004308.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00004309.MOZ -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.25:C:\RECYCLER\NPROTECT\00004309.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.26:C:\RECYCLER\NPROTECT\00004309.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00004310.MOZ -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.25:C:\RECYCLER\NPROTECT\00004310.MOZ -> TrackingCookie.Com : Cleaned with backup
:mozilla.26:C:\RECYCLER\NPROTECT\00004310.MOZ -> TrackingCookie.Com : Cleaned with backup
C:\RECYCLER\NPROTECT\00004350.dll -> Adware.PurityScan : Cleaned with backup
C:\WINNT\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup
C:\WINNT\system32\oins.exe -> Adware.MediaTickets : Cleaned with backup

::Report End

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, April 18, 2002 11:01:24 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 3 (Build 2195)
Kaspersky On-line Scanner version: 5.0.78.0--- EXISTING FILES ---

--- POST RUN FILES ---

Kaspersky Anti-Virus database last update: 15/02/2006
Kaspersky Anti-Virus database records: 176939
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 32964
Number of viruses found: 11
Number of infected objects: 15
Number of suspicious objects: 0
Duration of the scan process: 01:03:36

Infected Object Name / Virus Name / Last Action
C:\Program Files\backups\backup-20050109-200150-139.dll Infected: Trojan-Downloader.Win32.Swizzor.bo skipped
C:\Programfiler\Norton AntiVirus\Quarantine\133807FE Infected: not-a-virus:AdWare.Win32.Lop skipped
C:\Programfiler\Norton AntiVirus\Quarantine\242F12D7.zip/Details.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Programfiler\Norton AntiVirus\Quarantine\242F12D7.zip ZIP: infected - 1 skipped
C:\Programfiler\Norton AntiVirus\Quarantine\242F12D7.zip CryptFF: infected - 1 skipped
C:\Programfiler\Norton AntiVirus\Quarantine\274E006D Infected: Trojan-Downloader.Win32.Apropo.u skipped
C:\Programfiler\Norton AntiVirus\Quarantine\3D4C547F Infected: not-a-virus:AdWare.Win32.SideFind skipped
C:\Programfiler\Norton AntiVirus\Quarantine\4F225AFA.htm Infected: Exploit.HTML.Mht skipped
C:\Programfiler\Norton AntiVirus\Quarantine\6FF878D5 Infected: Trojan-Downloader.Win32.Swizzor.at skipped
C:\Programfiler\Norton AntiVirus\Quarantine\74997D3C Infected: Trojan-Downloader.Win32.Dyfuca.dp skipped
C:\Programfiler\Norton AntiVirus\Quarantine\749C2738 Infected: Trojan-Downloader.Win32.Dyfuca.dp skipped
C:\Programfiler\Norton AntiVirus\Quarantine\749F5134 Infected: Trojan-Downloader.Win32.Dyfuca.dt skipped
C:\Programfiler\Norton AntiVirus\Quarantine\74F40091 Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\Programfiler\Norton AntiVirus\Quarantine\7E8927AC Infected: not-a-virus:AdWare.Win32.Gator.a skipped
C:\Programfiler\Norton AntiVirus\Quarantine\7E907BA5 Infected: not-a-virus:AdWare.Win32.Gator.a skipped

Scan process completed.

AboutBuster 6.0
Scan started on [18.04.2002] at [20:46:07]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
No Ads Found!
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 20:48:32

--- EXISTING FILES ---

Volumet i stasjon C er Lokal disk
Volumserienummeret er E08A-4FD0

Innhold i C:\WINNT\system32

14.02.2000 03:00 10ÿ000 regsvr32.exe
30.01.2006 16:19 405ÿ504 r?gsvr32.exe
2 fil(er) 415ÿ504 byte

Innhold i C:\WINNT\system32\dllcache

14.02.2000 03:00 10ÿ000 regsvr32.exe
1 fil(er) 10ÿ000 byte

Totalt antall filer:
3 fil(er) 425ÿ504 byte
0 mappe(r) 13ÿ222ÿ014ÿ976 byte ledig

--- POST RUN FILES ---

Volumet i stasjon C er Lokal disk
Volumserienummeret er E08A-4FD0

Innhold i C:\WINNT\system32

14.02.2000 03:00 10ÿ000 regsvr32.exe
1 fil(er) 10ÿ000 byte
0 mappe(r) 13ÿ222ÿ416ÿ384 byte ledig

Logfile of HijackThis v1.99.1
Scan saved at 23:09:33, on 18.04.2002
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
C:\WINNT\System32\svchost.exe
C:\Programfiler\ewido anti-malware\ewidoctrl.exe
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Documents and Settings\terje\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [BeClean Start-Up Clean] C:\Programfiler\BeClean\BeClean.exe /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: BTTray.lnk = C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Programfiler\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/Ms...cab?10,0,910,0
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt03.com/dialer/internazionale_ver11.CAB
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINNT\system32\btxppanel.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido anti-malware\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

sUBs · 02-15-2006, 03:19 PM

Please read this post completely before begining the fix.

Right click on this & choose "Save As..." DelO15Domains.inf - DelO15Domains.inf
Right click on DelO15Domains.inf and choose Install. It will run immediately (you won't be able to see anything happen). You may delete the file afterwards.

SpywareBlaster 3.5.1
Install & update SpywareBlaster with the latest definitions.
After you have updated, click the button - enable protection for all unprotected items

IE-SpyAD - Extract the contents to a new folder
From within the folder, double-click install.bat
Select Option #2 - Install the new IE-SPYAD list.
Then return to the main menu.
Select option #4 - Add the old porn sites domain

* * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *

Do a HijackThis scan & place a check next to these items and select "Fix checked":

O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt03.com/dialer/internazionale_ver11.CAB

* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *

If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools -> Folder Options -> View tab.

Tick - 'Show hidden files and folder'
Untick - 'Hide file extensions for known types'
Untick - 'Hide protected operating system files'
Click Yes to confirm & then click OK

Locate and delete the following files/folders: (let me know if you fail to find/delete any)

C:\Program Files\Znwvdq
C:\Program Files\backups\

Delete the contents of this folder, leaving it empty:

C:\Programfiler\Norton AntiVirus\Quarantine\

* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *

Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider initially to Standard CleanUp!
3. Uncheck the following:

Delete Newsgroup cache
Delete Newsgroup Subscriptions
Scan local drives for temporary files

4. Click OK
5. Press the CleanUp! button to start the program.

Reboot before posting a new HJTlog. Please tell me how your machine is behaving now.

12345 · 02-16-2006, 10:33 AM

i could delete both of the files in Program Files, here is hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 18:28:40, on 19.04.2002
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
C:\WINNT\System32\svchost.exe
C:\Programfiler\ewido anti-malware\ewidoctrl.exe
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\terje\Skrivebord\HijackThis.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [BeClean Start-Up Clean] C:\Programfiler\BeClean\BeClean.exe /s
O4 - Global Startup: BTTray.lnk = C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Programfiler\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/Ms...cab?10,0,910,0
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINNT\system32\btxppanel.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido anti-malware\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

oh and, when computer starts up i get this error from norton ; The Norton AntiVirus Auto-Protect Driver could not be loaded. Your system is not protected from viruses. Please restart your computer.

i try restart but it doesnt help..

sUBs · 02-16-2006, 11:04 AM

Quote:

when computer starts up i get this error from norton ; The Norton AntiVirus Auto-Protect Driver could not be loaded. Your system is not protected from viruses

Symantec has a guide for your problem. Please try that & let me know how it went.

12345 · 02-16-2006, 12:55 PM

ok, nvm on that last post. found out that our norton is expired.. is there any FREE anti-virus programs?

sUBs · 02-16-2006, 01:04 PM

Quote:

Originally Posted by 12345

.. is there any FREE anti-virus programs?

You can find some free antivirus programs by clicking on the link I provided for in item #4. Your system is clean. Kindly follow these simple steps in order to keep your computer clean and secure:

CLEAR & RESET SYSTEM RESTORE'S CACHE - (System Volume Information folder)
Go to Start >> Run - type control sysdm.cpl,,4 & press Enter
- Tick on the checkbox - Turn off System Restore on all drives
- Click Apply
Turn it back 'On' by unticking the same checkbox & click OK
DISABLE THE VIEWING OF SYSTEM FILES
From Windows Explorer, go to Tools>Folder Options> View tab.
- Untick - Show hidden files and folder
- Tick - Hide file extensions for known types
- Tick - Hide protected operating system files
Click Yes to confirm & then click OK
SECURING INTERNET EXPLORER
From within Internet Explorer click on the Tools menu and then click on Internet Options.
- Select the Security tab
  - Click once on the Internet icon so it becomes highlighted.
  - Select Custom Level .
    - Change 'Download signed ActiveX controls' to Prompt
    - Change 'Download unsigned ActiveX controls' to Disable
    - Change 'Initialize and script ActiveX controls not marked as safe' to Disable
    - Change 'Installation of desktop items' to Prompt
    - Change 'Launching programs and files in an IFRAME' to Prompt
    - Change 'Navigate sub-frames across different domains' to Prompt
    - When all these changes have been made, click on the OK button.
  - If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Select OK to exit the Internet Properties page.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
FIREWALL
Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here.
Microsoft Windows Update
Visit windowsupdate.com regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
SPYBOT - SEARCH & DESTROY
Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
AD-AWARE
Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
SPYWAREBLASTER
SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.

Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here
IE-SPYAD
IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. It can be downloaded here - MVPS Hosts file

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.

Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
Google Toolbar - Get the free google toolbar to help stop pop up windows.
CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.
Winpatrol - Download and install the free version of Winpatrol.
A tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Please respond to this thread one more time so we can mark this thread as resolved.

12345 · 10-31-2006, 12:19 PM

umm its resolved looong time ago.. :P didnt notice i needed to reply once more

02-15-2006, 05:56 AM	#1 (permalink)
12345 Registered User Join Date: Nov 2004 Location: Norway Posts: 161 OS: Windows XP home edition	spyware + very slow computer this is an windows ME 2000 computer, 4 years old. and its very slow, and got spy-ware.. i need help to: - remove all spyware/prevent them for getting installed - making computer faster

02-15-2006, 11:51 AM	#3 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,473 OS: N/A	Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. * * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * * Download & install - CleanUp.exe (not recommended for WinXP64) Download & extract it to it's own folder - About Buster.zip. Download the file attached - Purity.zip Save it on your desktop. We shall be needing it in Safe Mode Download and install Ewido Security Suite When installing, under "Additional Options", uncheck - Install background guard Have Ewido update itself & then exit the program. If you are having problems with the updater, you can use this link to manually update Ewido 'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downlaoding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. * * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * * Do a HijackThis scan & place a check next to these items and select "Fix checked": R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - URLSearchHook: (no name) - {B34B7765-9DA6-B80D-D62E-BF3EC60077BC} - C:\WINNT\system32\mojtnjn.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {07CCA093-4F07-61A7-22E2-63834DFFCCE9} - C:\WINNT\system32\wnyd.dll (file missing) O2 - BHO: (no name) - {7957C768-77F9-5206-F7E8-01D5FA72E69D} - C:\WINNT\system32\rrqvkn.dll (file missing) O2 - BHO: (no name) - {B07E3BCA-C935-ABCB-5570-AFC1ECD431A5} - C:\WINNT\system32\ekel.dll (file missing) O2 - BHO: (no name) - {B34B7765-9DA6-B80D-D62E-BF3EC60077BC} - C:\WINNT\system32\mojtnjn.dll O4 - HKCU\..\Run: [Djvasufs] C:\WINNT\system32\r?gsvr32.exe O4 - HKCU\..\Run: [Raar] "C:\Programfiler\amsr\uatt.exe" -vt mt O4 - HKCU\..\Run: [WinFixer2006] "C:\Programfiler\WinFixer_2006\uwfx6.exe" /min O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/...er/Install.cab O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt03.com/dialer/internazionale_ver11.CAB O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spysp...cabinstall.cab * * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * * 1. Restart your computer 2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3. Instead of Windows loading as normal, a menu should appear 4. Select the option to run Windows in Safe Mode. * * * * * * UN-INSTALLING PROGRAMS * * * * * * * * * * * * * * Go to Start -> Control Panel -> Add or Remove Programs and uninstall the following programs: WinFixer_2006 Please note any other programs that you dont recognize in that list in your next response * * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * * If you have not done so already, please enable the viewing of Hidden files From Windows Explorer, go to Tools -> Folder Options -> View tab. Tick - 'Show hidden files and folder' Untick - 'Hide file extensions for known types' Untick - 'Hide protected operating system files' Click Yes to confirm & then click OK Locate and delete the following files/folders: (let me know if you fail to find/delete any) C:\Programfiler\amsr\ C:\WINNT\system32\mojtnjn.dll C:\WINNT\system32\wnyd.dll C:\WINNT\system32\rrqvkn.dll C:\WINNT\system32\ekel.dll C:\WINNT\system32\mojtnjn.dll C:\Programfiler\WinFixer_2006\ * * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * * Run Cleanup! using the following configuration: 1. Click Options... 2. Set the slider initially to Standard CleanUp! 3. Uncheck the following: Delete Newsgroup cache Delete Newsgroup Subscriptions Scan local drives for temporary files 4. Click OK 5. Press the CleanUp! button to start the program. 6. Do NOT reboot/logoff if prompted. * CleanUp! will not create any backups!! * * * * * * RUNNING ADDITIONAL SCANNERS * * * * * * * * * * * From within Purity.zip, double click purity.bat & allow it to run It shall produce a log (C:\G_Purity.txt) to post back here * * * * * * Run About Buster and click - Begin Removal. Locate 'Ab LogFile.txt' (... in the same folder as AboutBuster) and post it in your next reply. * * * * * * Run Ewido with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click Complete System Scan to begin scanning. Click OK when prompted to clean files With the first file it prompts to clean, select the option: "Perform action on all infections" .Choose clean and click OK. Once finished, click the Save report button & save the report to your desktop ** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete. * * * * * * REBOOT TO NORMAL MODE * * * * * * * * * * * * * * Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan * * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * * In your next post, please include fresh logs from: HiJackThis C:\G_Purity.txt Online scan About Buster Ewido Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now __________________ Question - what have you done for the community today? Last edited by sUBs; 02-22-2006 at 05:08 PM.

02-15-2006, 03:19 PM	#5 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,473 OS: N/A	Please read this post completely before begining the fix. Right click on this & choose "Save As..." DelO15Domains.inf - DelO15Domains.inf Right click on DelO15Domains.inf and choose Install. It will run immediately (you won't be able to see anything happen). You may delete the file afterwards. SpywareBlaster 3.5.1 Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items IE-SpyAD - Extract the contents to a new folder From within the folder, double-click install.bat Select Option #2 - Install the new IE-SPYAD list. Then return to the main menu. Select option #4 - Add the old porn sites domain * * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * * Do a HijackThis scan & place a check next to these items and select "Fix checked": O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt03.com/dialer/internazionale_ver11.CAB * * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * * If you have not done so already, please enable the viewing of Hidden files From Windows Explorer, go to Tools -> Folder Options -> View tab. Tick - 'Show hidden files and folder' Untick - 'Hide file extensions for known types' Untick - 'Hide protected operating system files' Click Yes to confirm & then click OK Locate and delete the following files/folders: (let me know if you fail to find/delete any) C:\Program Files\Znwvdq C:\Program Files\backups\ Delete the contents of this folder, leaving it empty: C:\Programfiler\Norton AntiVirus\Quarantine\ * * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * * Run Cleanup! using the following configuration: 1. Click Options... 2. Set the slider initially to Standard CleanUp! 3. Uncheck the following: Delete Newsgroup cache Delete Newsgroup Subscriptions Scan local drives for temporary files 4. Click OK 5. Press the CleanUp! button to start the program. Reboot before posting a new HJTlog. Please tell me how your machine is behaving now. __________________ Question - what have you done for the community today?

02-15-2006, 07:31 AM	#2 (permalink)
12345 Registered User Join Date: Nov 2004 Location: Norway Posts: 161 OS: Windows XP home edition	oh. i guess i need a hijacklog: Scan saved at 15:30:50, on 18.04.2002 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\WINNT\System32\svchost.exe C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINNT\system32\regsvc.exe C:\Programfiler\Norton AntiVirus\SAVScan.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\WINNT\system32\r?gsvr32.exe C:\Programfiler\amsr\uatt.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\terje\Skrivebord\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {B34B7765-9DA6-B80D-D62E-BF3EC60077BC} - C:\WINNT\system32\mojtnjn.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {07CCA093-4F07-61A7-22E2-63834DFFCCE9} - C:\WINNT\system32\wnyd.dll (file missing) O2 - BHO: (no name) - {7957C768-77F9-5206-F7E8-01D5FA72E69D} - C:\WINNT\system32\rrqvkn.dll (file missing) O2 - BHO: (no name) - {B07E3BCA-C935-ABCB-5570-AFC1ECD431A5} - C:\WINNT\system32\ekel.dll (file missing) O2 - BHO: (no name) - {B34B7765-9DA6-B80D-D62E-BF3EC60077BC} - C:\WINNT\system32\mojtnjn.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing) O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [BeClean Start-Up Clean] C:\Programfiler\BeClean\BeClean.exe /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [Djvasufs] C:\WINNT\system32\r?gsvr32.exe O4 - HKCU\..\Run: [Raar] "C:\Programfiler\amsr\uatt.exe" -vt mt O4 - HKCU\..\Run: [WinFixer2006] "C:\Programfiler\WinFixer_2006\uwfx6.exe" /min O4 - Global Startup: BTTray.lnk = C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe O4 - Global Startup: CAMEDIA Master.lnk = C:\Programfiler\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/...er/Install.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/Ms...cab?10,0,910,0 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt03.com/dialer/internazionale_ver11.CAB O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spysp...cabinstall.cab O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINNT\system32\btxppanel.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

02-15-2006, 03:11 PM	#4 (permalink)
12345 Registered User Join Date: Nov 2004 Location: Norway Posts: 161 OS: Windows XP home edition	C:\Programfiler\amsr - found, deleted C:\WINNT\system32\mojtnjn.dll - not found C:\WINNT\system32\wnyd.dll - not found C:\WINNT\system32\rrqvkn.dll - not found C:\WINNT\system32\ekel.dll - not found C:\WINNT\system32\mojtnjn.dll - not found C:\Programfiler\WinFixer_2006\ - not found, but i searched for winfixer and it found a cookie and a folder winfixer 2005 ( C:\Programfiler\Fellesfiler) i deleted both. --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 21:38:53, 18.04.2002 + Report-Checksum: 4CEBF6E8 + Scan result: HKLM\SOFTWARE\PowerScan -> Adware.PowerScan : Cleaned with backup HKU\S-1-5-21-1229272821-1682526488-1957994488-1001\Software\PowerScan -> Adware.PowerScan : Cleaned with backup C:\Documents and Settings\terje\Lokale innstillinger\Programdata\Microsoft\Internet Explorer\V0.26.dat -> Trojan.Dialer.fy : Cleaned with backup :mozilla.22:C:\Documents and Settings\terje\Programdata\Mozilla\Firefox\Profiles\g6xmfzi6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.25:C:\Documents and Settings\terje\Programdata\Mozilla\Firefox\Profiles\g6xmfzi6.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.26:C:\Documents and Settings\terje\Programdata\Mozilla\Firefox\Profiles\g6xmfzi6.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\terje\Skrivebord\backups\backup-20020418-202237-427.dll -> Adware.PurityScan : Cleaned with backup C:\Program Files\Znwvdq\Dxqx.exe -> Trojan.Small.cy : Cleaned with backup C:\Programfiler\Fellesfiler\GMT\gtrawbm.fil -> Adware.Gator : Cleaned with backup C:\Programfiler\Fellesfiler\tepjteaf\rlbnnpjd\lnpnepna.exe -> Adware.Gator : Cleaned with backup C:\Programfiler\Fellesfiler\tepjteaf\tpenlceppn\dhppelhnn.exe -> Adware.Gator : Cleaned with backup C:\Programfiler\WebSecureAlert\WebSecureAlert.exe -> Adware.Gator : Cleaned with backup C:\Programfiler\WebSecureAlert\WSAHelper.dll -> Adware.DashBar : Cleaned with backup C:\RECYCLER\NPROTECT\00003907.dll -> Adware.PurityScan : Cleaned with backup C:\RECYCLER\NPROTECT\00004052.rbf -> Logger.Agent.gk : Cleaned with backup C:\RECYCLER\NPROTECT\00004112.dll -> Adware.DownloadWare : Cleaned with backup :mozilla.16:C:\RECYCLER\NPROTECT\00004131.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.17:C:\RECYCLER\NPROTECT\00004131.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.15:C:\RECYCLER\NPROTECT\00004134.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.16:C:\RECYCLER\NPROTECT\00004134.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.15:C:\RECYCLER\NPROTECT\00004249.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.16:C:\RECYCLER\NPROTECT\00004249.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.17:C:\RECYCLER\NPROTECT\00004250.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.18:C:\RECYCLER\NPROTECT\00004250.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.19:C:\RECYCLER\NPROTECT\00004252.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.20:C:\RECYCLER\NPROTECT\00004252.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.23:C:\RECYCLER\NPROTECT\00004256.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.24:C:\RECYCLER\NPROTECT\00004256.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.23:C:\RECYCLER\NPROTECT\00004259.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.24:C:\RECYCLER\NPROTECT\00004259.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.19:C:\RECYCLER\NPROTECT\00004266.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.20:C:\RECYCLER\NPROTECT\00004266.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.21:C:\RECYCLER\NPROTECT\00004268.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.22:C:\RECYCLER\NPROTECT\00004268.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.21:C:\RECYCLER\NPROTECT\00004269.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.22:C:\RECYCLER\NPROTECT\00004269.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.6:C:\RECYCLER\NPROTECT\00004278.MOZ -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.22:C:\RECYCLER\NPROTECT\00004278.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.23:C:\RECYCLER\NPROTECT\00004278.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.18:C:\RECYCLER\NPROTECT\00004280.MOZ -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.22:C:\RECYCLER\NPROTECT\00004280.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.23:C:\RECYCLER\NPROTECT\00004280.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.22:C:\RECYCLER\NPROTECT\00004283.MOZ -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.26:C:\RECYCLER\NPROTECT\00004283.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.27:C:\RECYCLER\NPROTECT\00004283.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.22:C:\RECYCLER\NPROTECT\00004307.MOZ -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.26:C:\RECYCLER\NPROTECT\00004307.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.27:C:\RECYCLER\NPROTECT\00004307.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.22:C:\RECYCLER\NPROTECT\00004308.MOZ -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.25:C:\RECYCLER\NPROTECT\00004308.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.26:C:\RECYCLER\NPROTECT\00004308.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.22:C:\RECYCLER\NPROTECT\00004309.MOZ -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.25:C:\RECYCLER\NPROTECT\00004309.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.26:C:\RECYCLER\NPROTECT\00004309.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.22:C:\RECYCLER\NPROTECT\00004310.MOZ -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.25:C:\RECYCLER\NPROTECT\00004310.MOZ -> TrackingCookie.Com : Cleaned with backup :mozilla.26:C:\RECYCLER\NPROTECT\00004310.MOZ -> TrackingCookie.Com : Cleaned with backup C:\RECYCLER\NPROTECT\00004350.dll -> Adware.PurityScan : Cleaned with backup C:\WINNT\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup C:\WINNT\system32\oins.exe -> Adware.MediaTickets : Cleaned with backup ::Report End ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Thursday, April 18, 2002 11:01:24 PM Operating System: Microsoft Windows 2000 Professional, Service Pack 3 (Build 2195) Kaspersky On-line Scanner version: 5.0.78.0--- EXISTING FILES --- --- POST RUN FILES --- Kaspersky Anti-Virus database last update: 15/02/2006 Kaspersky Anti-Virus database records: 176939 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ Scan Statistics: Total number of scanned objects: 32964 Number of viruses found: 11 Number of infected objects: 15 Number of suspicious objects: 0 Duration of the scan process: 01:03:36 Infected Object Name / Virus Name / Last Action C:\Program Files\backups\backup-20050109-200150-139.dll Infected: Trojan-Downloader.Win32.Swizzor.bo skipped C:\Programfiler\Norton AntiVirus\Quarantine\133807FE Infected: not-a-virus:AdWare.Win32.Lop skipped C:\Programfiler\Norton AntiVirus\Quarantine\242F12D7.zip/Details.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped C:\Programfiler\Norton AntiVirus\Quarantine\242F12D7.zip ZIP: infected - 1 skipped C:\Programfiler\Norton AntiVirus\Quarantine\242F12D7.zip CryptFF: infected - 1 skipped C:\Programfiler\Norton AntiVirus\Quarantine\274E006D Infected: Trojan-Downloader.Win32.Apropo.u skipped C:\Programfiler\Norton AntiVirus\Quarantine\3D4C547F Infected: not-a-virus:AdWare.Win32.SideFind skipped C:\Programfiler\Norton AntiVirus\Quarantine\4F225AFA.htm Infected: Exploit.HTML.Mht skipped C:\Programfiler\Norton AntiVirus\Quarantine\6FF878D5 Infected: Trojan-Downloader.Win32.Swizzor.at skipped C:\Programfiler\Norton AntiVirus\Quarantine\74997D3C Infected: Trojan-Downloader.Win32.Dyfuca.dp skipped C:\Programfiler\Norton AntiVirus\Quarantine\749C2738 Infected: Trojan-Downloader.Win32.Dyfuca.dp skipped C:\Programfiler\Norton AntiVirus\Quarantine\749F5134 Infected: Trojan-Downloader.Win32.Dyfuca.dt skipped C:\Programfiler\Norton AntiVirus\Quarantine\74F40091 Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped C:\Programfiler\Norton AntiVirus\Quarantine\7E8927AC Infected: not-a-virus:AdWare.Win32.Gator.a skipped C:\Programfiler\Norton AntiVirus\Quarantine\7E907BA5 Infected: not-a-virus:AdWare.Win32.Gator.a skipped Scan process completed. AboutBuster 6.0 Scan started on [18.04.2002] at [20:46:07] ------------------------------------------------------------- Internet Explorer Instances Terminated! HomeSearch Service stopped if present ------------------------------------------------------------- No Ads Found! ------------------------------------------------------------- No Files Found! ------------------------------------------------------------- Scan was COMPLETED SUCCESSFULLY at 20:48:32 --- EXISTING FILES --- Volumet i stasjon C er Lokal disk Volumserienummeret er E08A-4FD0 Innhold i C:\WINNT\system32 14.02.2000 03:00 10ÿ000 regsvr32.exe 30.01.2006 16:19 405ÿ504 r?gsvr32.exe 2 fil(er) 415ÿ504 byte Innhold i C:\WINNT\system32\dllcache 14.02.2000 03:00 10ÿ000 regsvr32.exe 1 fil(er) 10ÿ000 byte Totalt antall filer: 3 fil(er) 425ÿ504 byte 0 mappe(r) 13ÿ222ÿ014ÿ976 byte ledig --- POST RUN FILES --- Volumet i stasjon C er Lokal disk Volumserienummeret er E08A-4FD0 Innhold i C:\WINNT\system32 14.02.2000 03:00 10ÿ000 regsvr32.exe 1 fil(er) 10ÿ000 byte 0 mappe(r) 13ÿ222ÿ416ÿ384 byte ledig Logfile of HijackThis v1.99.1 Scan saved at 23:09:33, on 18.04.2002 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\WINNT\System32\svchost.exe C:\Programfiler\ewido anti-malware\ewidoctrl.exe C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINNT\system32\regsvc.exe C:\Programfiler\Norton AntiVirus\SAVScan.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\terje\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing) O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [BeClean Start-Up Clean] C:\Programfiler\BeClean\BeClean.exe /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - Global Startup: BTTray.lnk = C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe O4 - Global Startup: CAMEDIA Master.lnk = C:\Programfiler\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/Ms...cab?10,0,910,0 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt03.com/dialer/internazionale_ver11.CAB O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINNT\system32\btxppanel.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido anti-malware\ewidoctrl.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

02-16-2006, 10:33 AM	#6 (permalink)
12345 Registered User Join Date: Nov 2004 Location: Norway Posts: 161 OS: Windows XP home edition	i could delete both of the files in Program Files, here is hijackthis log Logfile of HijackThis v1.99.1 Scan saved at 18:28:40, on 19.04.2002 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\WINNT\System32\svchost.exe C:\Programfiler\ewido anti-malware\ewidoctrl.exe C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINNT\system32\regsvc.exe C:\Programfiler\Norton AntiVirus\SAVScan.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe C:\Documents and Settings\terje\Skrivebord\HijackThis.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing) O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [BeClean Start-Up Clean] C:\Programfiler\BeClean\BeClean.exe /s O4 - Global Startup: BTTray.lnk = C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe O4 - Global Startup: CAMEDIA Master.lnk = C:\Programfiler\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/Ms...cab?10,0,910,0 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINNT\system32\btxppanel.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido anti-malware\ewidoctrl.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe oh and, when computer starts up i get this error from norton ; The Norton AntiVirus Auto-Protect Driver could not be loaded. Your system is not protected from viruses. Please restart your computer. i try restart but it doesnt help..

02-16-2006, 12:55 PM	#8 (permalink)
12345 Registered User Join Date: Nov 2004 Location: Norway Posts: 161 OS: Windows XP home edition	ok, nvm on that last post. found out that our norton is expired.. is there any FREE anti-virus programs?

10-31-2006, 12:19 PM	#10 (permalink)
12345 Registered User Join Date: Nov 2004 Location: Norway Posts: 161 OS: Windows XP home edition	umm its resolved looong time ago.. :P didnt notice i needed to reply once more