Sign in to follow this  
Brassovitski

HijackThis StartUpLogfile 22-04-2006 Brassovitski

Recommended Posts

Here is the startUp log as recuested at:

http://www.lavasoftsupport.com/index.php?s...&st=0entry348

 

I hope this is helpfull.

 

Kindly

Brassovitski

 

StartupList report, 22-04-2006, 16:26:50

StartupList version: 1.52.2

Started from : D:\Zipfiler\HijackThis 1-9-9-1\HijackThis.EXE

Detected: Windows XP SP1 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Logi_MwX.Exe

C:\Programmer\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Programmer\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe

C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe

C:\Programmer\Desktop Calendar\Desktop Calendar.exe

C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe

C:\WINDOWS\System32\ctfmon.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Programmer\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Programmer\Internet Explorer\iexplore.exe

C:\Programmer\Snagit50\SnagIt32.exe

C:\PROGRA~1\WINZIP\winzip32.exe

D:\Zipfiler\HijackThis 1-9-9-1\HijackThis.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\Per\Menuen Start\Programmer\Start]

Registration-PCTV.lnk = C:\Programmer\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users.WINDOWS\Menuen Start\Programmer\Start]

Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE

Pinnacle Scheduler.lnk = C:\Programmer\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

Logitech Utility = Logi_MwX.Exe

CTSysVol = C:\Programmer\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

CTDVDDet = C:\Programmer\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

RemoteControl = C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe

UpdReg = C:\WINDOWS\UpdReg.EXE

nwiz = nwiz.exe /install

CXMon = "E:\Programmer\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe

QuickTime Task = "C:\Programmer\QuickTime\qttask.exe" -atboottime

Zone Labs Client = C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

Desktop Calendar = C:\Programmer\Desktop Calendar\Desktop Calendar.exe

AWMON = "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"

CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry value not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

 

Enumerating Browser Helper Objects:

 

(no name) - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

(no name) - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[Rawflow ICD Client]

InProcServer32 = C:\WINDOWS\DOWNLO~1\Rawflow.ocx

CODEBASE = http://downol.dr.dk/download/netradio/Rawflow.cab

 

[Progetto1.int_ver32]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\int_ver32b.ocx

CODEBASE = http://advnt01.com/dialer/int_ver32n.CAB

 

[{11010101-1001-1111-1000-110112345678}]

CODEBASE = mk:@mSItSTORE:Mhtml:FiLE://C:\html.mHT!http://205.177.122.27/docs/xxx/html.chm::/html.exe

 

[{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}]

CODEBASE = http://static.windupdates.com/cab/MediaAcc...e/bridge-c2.cab

 

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll

CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

 

[Windows Genuine Advantage Validation Tool]

InProcServer32 = C:\WINDOWS\System32\LegitCheckControl.DLL

CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

 

[TegoSoft SmartLoader ActiveX Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\TegoLoad.OCX

CODEBASE = http://www.mybiorhythms.com/GActiveX/TegoLoad.cab

 

[CSMenu Class]

InProcServer32 = C:\WINDOWS\DOWNLO~1\menu.dll

CODEBASE = https://netbank.bgbank.dk/html/activex/BG/Menu.cab

 

[Office Update Installation Engine]

InProcServer32 = C:\WINDOWS\opuc.dll

CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab

 

[WUWebControl Class]

InProcServer32 = C:\WINDOWS\System32\wuweb.dll

CODEBASE = http://update.microsoft.com/windowsupdate/...b?1124742504437

 

[MUWebControl Class]

InProcServer32 = C:\WINDOWS\System32\muweb.dll

CODEBASE = http://update.microsoft.com/microsoftupdat...b?1135725913468

 

[{7C559105-9ECF-42B8-B3F7-832E75EDD959}]

CODEBASE = http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx

CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

 

[e-Safekey]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\e-Safekey.dll

CODEBASE = https://netbank.bgbank.dk/html/activex/e-Sa...G/e-Safekey.cab

 

[Get_ActiveX Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\IENETO~1.OCX

CODEBASE = http://apps.corel.com/nos_dl_manager/plugi...NetOpPlugin.ocx

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\System32\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll

 

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

wininet.dll = mscornet.exe

 

--------------------------------------------------

 

End of report, 7.808 bytes

Report generated in 0,031 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Share this post


Link to post
Share on other sites

Ok, that's the Startup List (which is helpful), but what we need is the HijackThis Scan log. Please do this: doubleclick on HijackThis.exe to open the program. On main page, Choose *Do a system scan and save a log*

 

When the scan finishes, you will get a popup to Save the logfile. Please make note of the location you will be saving it to and click *save*. This should save the file and open the log in Notepad. Copy the contents and post the results here.

Most of what it lists will be harmless or even essential, don't fix anything yet. Someone will be along to tell you what steps to take after you post the contents of the scan results.

Share this post


Link to post
Share on other sites

Hi

Here the runnign proces-logfile is attaced.

 

 

I can't see the attaced file in the previus tag, therefore i have pasted the log.txt here:

 

Logfile of HijackThis v1.99.1

Scan saved at 21:08:06, on 22-04-2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Logi_MwX.Exe

C:\Programmer\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Programmer\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Programmer\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Programmer\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe

C:\Programmer\Grisoft\AVG Free\avgcc.exe

C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Programmer\Internet Explorer\iexplore.exe

D:\Zipfiler\HijackThis 1-9-9-1\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/Web/VoresEgenSide/index.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks

O1 - Hosts: localhost 127.0.0.1

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [CTSysVol] C:\Programmer\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet] C:\Programmer\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CXMon] "E:\Programmer\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKCU\..\Run: [Desktop Calendar] C:\Programmer\Desktop Calendar\Desktop Calendar.exe

O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - Startup: Registration-PCTV.lnk = C:\Programmer\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Programmer\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Open PDF in Word - res://C:\Programmer\ScanSoft\OmniPagePro14.0\PdfCnv\IEShellExt.dll /100

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab

O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32n.CAB

O16 - DPF: {11010101-1001-1111-1000-110112345678} - mk:@mSItSTORE:Mhtml:FiLE://C:\html.mHT!http://205.177.122.27/docs/xxx/html.chm::/html.exe

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c2.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1C960AA3-FAEE-11D0-9262-00A0243D2412} (TegoSoft SmartLoader ActiveX Control) - http://www.mybiorhythms.com/GActiveX/TegoLoad.cab

O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.bgbank.dk/html/activex/BG/Menu.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124742504437

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135725913468

O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab

O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Sa...G/e-Safekey.cab

O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugi...NetOpPlugin.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{007E5F28-3B1C-4AB6-B11C-30540979B259}: NameServer = 85.255.114.91,85.255.112.102

O17 - HKLM\System\CCS\Services\Tcpip\..\{050E33E5-B752-4168-922B-1BC56D79E0F8}: NameServer = 85.255.114.91,85.255.112.102

O17 - HKLM\System\CCS\Services\Tcpip\..\{0B05642C-3F23-4269-91C6-4D992808CDFC}: NameServer = 85.255.114.91,85.255.112.102

O17 - HKLM\System\CCS\Services\Tcpip\..\{9A03AC09-AE44-4D87-A32D-2AD5E6CA56F9}: NameServer = 85.255.114.91,85.255.112.102

O17 - HKLM\System\CS1\Services\Tcpip\..\{007E5F28-3B1C-4AB6-B11C-30540979B259}: NameServer = 85.255.114.91,85.255.112.102

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

 

 

 

Hi

Here the runnign proces-logfile is attaced.

Share this post


Link to post
Share on other sites

Very good, that's what we needed.

 

Please make a copy of these instructions to have handy as we will need to do the next steps with all browser and any open windows closed.

 

Close all browsers and any open windows so that only Hijackthis is open.

 

Do a *scan only* with HijackThis and wait while it builds the list. When the list appears, place a checkmark next to these items, then press the *fix checked* button.

 

O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32n.CAB

 

O16 - DPF: {11010101-1001-1111-1000-110112345678} - mk:@mSItSTORE:Mhtml:FiLE://C:\html.mHT!http://205.177.122.27/docs/xxx/html.chm::/html.exe

 

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c2.cab

 

O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab

 

If this (85.255.114.91 85.255.112.102) is not your ISP, please also *fix checked* on these items.:

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{007E5F28-3B1C-4AB6-B11C-30540979B259}: NameServer = 85.255.114.91,85.255.112.102

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{050E33E5-B752-4168-922B-1BC56D79E0F8}: NameServer = 85.255.114.91,85.255.112.102

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{0B05642C-3F23-4269-91C6-4D992808CDFC}: NameServer = 85.255.114.91,85.255.112.102

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{9A03AC09-AE44-4D87-A32D-2AD5E6CA56F9}: NameServer = 85.255.114.91,85.255.112.102

 

O17 - HKLM\System\CS1\Services\Tcpip\..\{007E5F28-3B1C-4AB6-B11C-30540979B259}: NameServer = 85.255.114.91,85.255.112.102

 

Then reboot your PC. Scan again with HijackThis and post a fresh scan log please.

Share this post


Link to post
Share on other sites

Hi

Now I have performed all the steps as recomended, and here is the logfile performed afterwards:

 

Logfile of HijackThis v1.99.1

Scan saved at 22:38:15, on 22-04-2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Logi_MwX.Exe

C:\Programmer\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Programmer\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe

C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Programmer\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\MsPMSPSv.exe

D:\Zipfiler\HijackThis 1-9-9-1\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/Web/VoresEgenSide/index.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: localhost 127.0.0.1

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [CTSysVol] C:\Programmer\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet] C:\Programmer\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CXMon] "E:\Programmer\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKCU\..\Run: [Desktop Calendar] C:\Programmer\Desktop Calendar\Desktop Calendar.exe

O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - Startup: Registration-PCTV.lnk = C:\Programmer\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Programmer\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Open PDF in Word - res://C:\Programmer\ScanSoft\OmniPagePro14.0\PdfCnv\IEShellExt.dll /100

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1C960AA3-FAEE-11D0-9262-00A0243D2412} (TegoSoft SmartLoader ActiveX Control) - http://www.mybiorhythms.com/GActiveX/TegoLoad.cab

O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.bgbank.dk/html/activex/BG/Menu.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124742504437

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135725913468

O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Sa...G/e-Safekey.cab

O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugi...NetOpPlugin.ocx

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Share this post


Link to post
Share on other sites

Great, that looks good. Is this Window XP an English version? If so, there is another tool I would like for you to run. (If the OS in not english based, I don't think it will work)

 

Please download FixWareout from one of these sites:

 

http://downloads.subratam.org/Fixwareout.exe

 

http://www.bleepingcomputer.com/file...Fixwareout.exe

 

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.

The fix will begin; follow the prompts.

You will be asked to reboot your computer; please do so.

Your system may take longer than usual to load; this is normal.

Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log in the your next reply please.

Share this post


Link to post
Share on other sites
Sign in to follow this