1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: virus.. popup "Malware Wipe" "the spy guard" and alot of commercials

Discussion in 'Virus & Other Malware Removal' started by Gozzar, Jun 1, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Gozzar

    Gozzar Thread Starter

    Joined:
    Jun 1, 2006
    Messages:
    6
    virus.. popup "Malware Wipe" "the spy guard" and alot of commercials like porn poker and more crap..
    this is what I get when I start internetexplorer


    Recommended Anti-Spyware Software: Pest Trap, Malware Wipe, Spy Guard Internet Security

    TOP RATED
    Pest Trap
    Most popular spyware/adware cleaner software all over the world. Cleans all known viruses and worms.

    • Visit Website • Free Scan


    Malware Wipe
    Became one of the most popular programs very fast. It`s really easy to use and at the same time very effective.

    • Visit Website • Free Scan


    The Spy Guard
    Developed as the most efficient spyware cleaner with realtime protection.

    • Visit Website • Free Scan


    Brave Sentry
    Award-winning spyware removal utility that will help you fighting all kinds of spyware including keyloggers, trojans and password thieves.

    • Visit Website • Free Scan


    AD Protect
    World's leading software application that checks, protects and re-checks spyware and spam vulnerability in your home computer.

    • Visit Website • Free Scan





    WARNING! YOUR SYSTEM IS VULNERABLE TO HACKERS' ATTACKS AND BREAKDOWNS!
    Attention! Your system is currently exposed. Any remote computer can easily browse following folders and files on your computer:
    - \Windows\System32
    - \Program Files\Internet Explorer
    - \My Documents
    - Drive C:\ files
    Click here to download official intrusion detection system (IDS software)


    YOUR PRIVATE INFORMATION IS IN OPEN ACCESS TO OTHER COMPUTERS
    Your IP address: (my ip)
    Your Country: SE, Sweden

    Your Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)

    Your Operation System: Windows XP SP2 VULNERABLE

    System Security Status: CAUTION

    Time of investigation: Thu Jun 1 13:36:46 PDT 2006


    SOLUTION
    Download and install one of the following approved software products:
    Malware Wipe
    • Over 40,000 threats in the database
    • Exclusive algorythm of cleaning
    • IE Safe Mode - simply cleans your browser!
    • Manual / automatic update system
    • Autostart items / IE Objects / Running Processes manager
    • Dialer blocker, Popup blocker

    • Visit Website • Free Download Pest Trap
    • Daily updated threat databases
    • Intelligent threat scanner
    • Application advanced firewall
    • IE security improvements
    • Advanced system securty features
    • Multiple scan options (fast / normal / deep)

    • Visit Website • Free Download


    :confused:
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!

    Click here to download HJTsetup.exe
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. Gozzar

    Gozzar Thread Starter

    Joined:
    Jun 1, 2006
    Messages:
    6
    Logfile of HijackThis v1.99.1
    Scan saved at 00:34:24, on 2006-06-02
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program\CPUCooL\CooLSrv.exe
    D:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\oodag.exe
    D:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\wscntfy.exe
    D:\Program\Logitech\MouseWare\system\em_exec.exe
    D:\Program\Winamp\winampa.exe
    D:\Program\DAEMON Tools\daemon.exe
    D:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    D:\Program\Zone Labs\ZoneAlarm\zlclient.exe
    D:\WINDOWS\SOUNDMAN.EXE
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program\Messenger\msmsgs.exe
    D:\Program\MSN Messenger\msnmsgr.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program\AntiVir PersonalEdition Classic\avguard.exe
    D:\Program\AntiVir PersonalEdition Classic\avgnt.exe
    D:\Program\AntiVir PersonalEdition Classic\sched.exe
    D:\Program\DC++\DCPlusPlus.exe
    D:\WINDOWS\system32\atmclk.exe
    D:\WINDOWS\system32\dcomcfg.exe
    D:\Program\Internet Explorer\IEXPLORE.EXE
    D:\Program\Internet Explorer\IEXPLORE.EXE
    D:\Program\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - D:\WINDOWS\system32\hp100.tmp
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [WinampAgent] D:\Program\Winamp\winampa.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avgnt] "D:\Program\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "D:\WINDOWS\system32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] D:\Program\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.fotogalleriet.se/static/ImageUploader3.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15021/CTPID.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\Program\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - D:\Program\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - D:\Program\CPUCooL\CooLSrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please download suspicious file packer from http://www.safer-networking.org/en/tools/index.html and unzip it to desktop, open it & paste in D:\WINDOWS\system32\atmclk.exe and when it has created the archive on your desktop.

    Please upload that to http://www.thespykiller.co.uk/forum/index.php?board=1.0 so it can by examined.

    Just press new topic, fill in the needed details and post a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the window press send to upload the file.
     
  6. Gozzar

    Gozzar Thread Starter

    Joined:
    Jun 1, 2006
    Messages:
    6
    SmitFraudFix v2.53

    Scan done at 10:49:20,43, 2006-06-02
    Run from D:\Documents and Settings\™hman\Skrivbord\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» D:\


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32

    D:\WINDOWS\system32\atmclk.exe FOUND !
    D:\WINDOWS\system32\dcomcfg.exe FOUND !
    D:\WINDOWS\system32\hp???.tmp FOUND !
    D:\WINDOWS\system32\hp????.tmp FOUND !
    D:\WINDOWS\system32\ld????.tmp FOUND !
    D:\WINDOWS\system32\ot.ico FOUND !
    D:\WINDOWS\system32\regperf.exe FOUND !
    D:\WINDOWS\system32\simpole.tlb FOUND !
    D:\WINDOWS\system32\stdole3.tlb FOUND !
    D:\WINDOWS\system32\ts.ico FOUND !
    D:\WINDOWS\system32\1024\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\™hman\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\HMAN~1\FAVORI~1

    D:\DOCUME~1\HMAN~1\FAVORI~1\Antivirus Test Online.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» D:\Program


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Min aktuella startsida"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

    [HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
    @="D:\WINDOWS\system32\imfdfcj.dll"

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
    @="D:\WINDOWS\system32\imfdfcj.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.



    Please post the C:\rapport.txt and a new HJT log in your next reply.
     
  8. Gozzar

    Gozzar Thread Starter

    Joined:
    Jun 1, 2006
    Messages:
    6
    my computer aint a animal... aint "beping" :p but I know about safe mode ^^
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Can you run the fix or not?
     
  10. Gozzar

    Gozzar Thread Starter

    Joined:
    Jun 1, 2006
    Messages:
    6
    SmitFraudFix v2.53

    Scan done at 18:11:12,73, 2006-06-02
    Run from D:\Documents and Settings\™hman\Skrivbord\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

    [HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
    @="D:\WINDOWS\system32\imfdfcj.dll"

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
    @="D:\WINDOWS\system32\imfdfcj.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    D:\WINDOWS\system32\atmclk.exe Deleted
    D:\WINDOWS\system32\dcomcfg.exe Deleted
    D:\WINDOWS\system32\hp???.tmp Deleted
    D:\WINDOWS\system32\ld????.tmp Deleted
    D:\WINDOWS\system32\ot.ico Deleted
    D:\WINDOWS\system32\regperf.exe Deleted
    D:\WINDOWS\system32\simpole.tlb Deleted
    D:\WINDOWS\system32\stdole3.tlb Deleted
    D:\WINDOWS\system32\ts.ico Deleted
    D:\WINDOWS\system32\1024\ Deleted
    D:\DOCUME~1\HMAN~1\FAVORI~1\Antivirus Test Online.url Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    D:\WINDOWS\system32\imfdfcj.dll -> Missing File


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll



    ITS GONE NOW.... thx for the help mate!
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    You should post one more follow up HJT log as some entries can be left behind.

    and you should create a new System Restore point.
    Click here to see how.
     
  12. Gozzar

    Gozzar Thread Starter

    Joined:
    Jun 1, 2006
    Messages:
    6

    Logfile of HijackThis v1.99.1
    Scan saved at 01:27:38, on 2006-06-07
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program\CPUCooL\CooLSrv.exe
    D:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\oodag.exe
    D:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\Program\Winamp\winampa.exe
    D:\Program\DAEMON Tools\daemon.exe
    D:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    D:\Program\Zone Labs\ZoneAlarm\zlclient.exe
    D:\WINDOWS\SOUNDMAN.EXE
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program\Messenger\msmsgs.exe
    D:\Program\MSN Messenger\msnmsgr.exe
    D:\Program\Logitech\MouseWare\system\em_exec.exe
    D:\Program\PowerStrip\pstrip.exe
    D:\Program\Internet Explorer\IEXPLORE.EXE
    D:\Program\SpeedFan\speedfan.exe
    D:\WINDOWS\explorer.exe
    D:\Program\Internet Explorer\iexplore.exe
    D:\Program\AntiVir PersonalEdition Classic\avguard.exe
    D:\Program\AntiVir PersonalEdition Classic\avgnt.exe
    D:\Program\AntiVir PersonalEdition Classic\sched.exe
    D:\Program\Internet Explorer\IEXPLORE.EXE
    D:\Program\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    D:\Program\Winamp\winamp.exe
    D:\Program\Internet Explorer\IEXPLORE.EXE
    D:\Program\Internet Explorer\IEXPLORE.EXE
    D:\Program\Internet Explorer\IEXPLORE.EXE
    D:\Program\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - D:\WINDOWS\system32\hp100.tmp (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [WinampAgent] D:\Program\Winamp\winampa.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avgnt] "D:\Program\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "D:\WINDOWS\system32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] D:\Program\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.fotogalleriet.se/static/ImageUploader3.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15021/CTPID.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\Program\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - D:\Program\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - D:\Program\CPUCooL\CooLSrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - D:\WINDOWS\system32\hp100.tmp (file missing)

    Close all applications and browser windows before you click "fix checked".
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/471943

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice