Solved: virus.. popup "Malware Wipe" "the spy guard" and alot of commercials

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Gozzar

Thread Starter
Joined
Jun 1, 2006
Messages
6
virus.. popup "Malware Wipe" "the spy guard" and alot of commercials like porn poker and more crap..
this is what I get when I start internetexplorer


Recommended Anti-Spyware Software: Pest Trap, Malware Wipe, Spy Guard Internet Security

TOP RATED
Pest Trap
Most popular spyware/adware cleaner software all over the world. Cleans all known viruses and worms.

• Visit Website • Free Scan


Malware Wipe
Became one of the most popular programs very fast. It`s really easy to use and at the same time very effective.

• Visit Website • Free Scan


The Spy Guard
Developed as the most efficient spyware cleaner with realtime protection.

• Visit Website • Free Scan


Brave Sentry
Award-winning spyware removal utility that will help you fighting all kinds of spyware including keyloggers, trojans and password thieves.

• Visit Website • Free Scan


AD Protect
World's leading software application that checks, protects and re-checks spyware and spam vulnerability in your home computer.

• Visit Website • Free Scan





WARNING! YOUR SYSTEM IS VULNERABLE TO HACKERS' ATTACKS AND BREAKDOWNS!
Attention! Your system is currently exposed. Any remote computer can easily browse following folders and files on your computer:
- \Windows\System32
- \Program Files\Internet Explorer
- \My Documents
- Drive C:\ files
Click here to download official intrusion detection system (IDS software)


YOUR PRIVATE INFORMATION IS IN OPEN ACCESS TO OTHER COMPUTERS
Your IP address: (my ip)
Your Country: SE, Sweden

Your Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)

Your Operation System: Windows XP SP2 VULNERABLE

System Security Status: CAUTION

Time of investigation: Thu Jun 1 13:36:46 PDT 2006


SOLUTION
Download and install one of the following approved software products:
Malware Wipe
• Over 40,000 threats in the database
• Exclusive algorythm of cleaning
• IE Safe Mode - simply cleans your browser!
• Manual / automatic update system
• Autostart items / IE Objects / Running Processes manager
• Dialer blocker, Popup blocker

• Visit Website • Free Download Pest Trap
• Daily updated threat databases
• Intelligent threat scanner
• Application advanced firewall
• IE security improvements
• Advanced system securty features
• Multiple scan options (fast / normal / deep)

• Visit Website • Free Download


:confused:
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi, Welcome to TSG!!

Click here to download HJTsetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Gozzar

Thread Starter
Joined
Jun 1, 2006
Messages
6
Logfile of HijackThis v1.99.1
Scan saved at 00:34:24, on 2006-06-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program\CPUCooL\CooLSrv.exe
D:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\oodag.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\Program\Logitech\MouseWare\system\em_exec.exe
D:\Program\Winamp\winampa.exe
D:\Program\DAEMON Tools\daemon.exe
D:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program\Messenger\msmsgs.exe
D:\Program\MSN Messenger\msnmsgr.exe
D:\WINDOWS\system32\svchost.exe
D:\Program\AntiVir PersonalEdition Classic\avguard.exe
D:\Program\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program\AntiVir PersonalEdition Classic\sched.exe
D:\Program\DC++\DCPlusPlus.exe
D:\WINDOWS\system32\atmclk.exe
D:\WINDOWS\system32\dcomcfg.exe
D:\Program\Internet Explorer\IEXPLORE.EXE
D:\Program\Internet Explorer\IEXPLORE.EXE
D:\Program\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - D:\WINDOWS\system32\hp100.tmp
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "D:\Program\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "D:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "D:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "D:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.fotogalleriet.se/static/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15021/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\Program\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - D:\Program\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - D:\Program\CPUCooL\CooLSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Please download suspicious file packer from http://www.safer-networking.org/en/tools/index.html and unzip it to desktop, open it & paste in D:\WINDOWS\system32\atmclk.exe and when it has created the archive on your desktop.

Please upload that to http://www.thespykiller.co.uk/forum/index.php?board=1.0 so it can by examined.

Just press new topic, fill in the needed details and post a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the window press send to upload the file.
 

Gozzar

Thread Starter
Joined
Jun 1, 2006
Messages
6
cybertech said:
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
SmitFraudFix v2.53

Scan done at 10:49:20,43, 2006-06-02
Run from D:\Documents and Settings\™hman\Skrivbord\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» D:\


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32

D:\WINDOWS\system32\atmclk.exe FOUND !
D:\WINDOWS\system32\dcomcfg.exe FOUND !
D:\WINDOWS\system32\hp???.tmp FOUND !
D:\WINDOWS\system32\hp????.tmp FOUND !
D:\WINDOWS\system32\ld????.tmp FOUND !
D:\WINDOWS\system32\ot.ico FOUND !
D:\WINDOWS\system32\regperf.exe FOUND !
D:\WINDOWS\system32\simpole.tlb FOUND !
D:\WINDOWS\system32\stdole3.tlb FOUND !
D:\WINDOWS\system32\ts.ico FOUND !
D:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\™hman\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\HMAN~1\FAVORI~1

D:\DOCUME~1\HMAN~1\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» D:\Program


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Min aktuella startsida"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

[HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="D:\WINDOWS\system32\imfdfcj.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="D:\WINDOWS\system32\imfdfcj.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.



Please post the C:\rapport.txt and a new HJT log in your next reply.
 

Gozzar

Thread Starter
Joined
Jun 1, 2006
Messages
6
my computer aint a animal... aint "beping" :p but I know about safe mode ^^
 

Gozzar

Thread Starter
Joined
Jun 1, 2006
Messages
6
cybertech said:
Hi, Welcome to TSG!!

Click here to download HJTsetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
SmitFraudFix v2.53

Scan done at 18:11:12,73, 2006-06-02
Run from D:\Documents and Settings\™hman\Skrivbord\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

[HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="D:\WINDOWS\system32\imfdfcj.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="D:\WINDOWS\system32\imfdfcj.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

D:\WINDOWS\system32\atmclk.exe Deleted
D:\WINDOWS\system32\dcomcfg.exe Deleted
D:\WINDOWS\system32\hp???.tmp Deleted
D:\WINDOWS\system32\ld????.tmp Deleted
D:\WINDOWS\system32\ot.ico Deleted
D:\WINDOWS\system32\regperf.exe Deleted
D:\WINDOWS\system32\simpole.tlb Deleted
D:\WINDOWS\system32\stdole3.tlb Deleted
D:\WINDOWS\system32\ts.ico Deleted
D:\WINDOWS\system32\1024\ Deleted
D:\DOCUME~1\HMAN~1\FAVORI~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

D:\WINDOWS\system32\imfdfcj.dll -> Missing File


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll



ITS GONE NOW.... thx for the help mate!
 

Gozzar

Thread Starter
Joined
Jun 1, 2006
Messages
6
cybertech said:
You should post one more follow up HJT log as some entries can be left behind.

and you should create a new System Restore point.
Click here to see how.

Logfile of HijackThis v1.99.1
Scan saved at 01:27:38, on 2006-06-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program\CPUCooL\CooLSrv.exe
D:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\oodag.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program\Winamp\winampa.exe
D:\Program\DAEMON Tools\daemon.exe
D:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program\Messenger\msmsgs.exe
D:\Program\MSN Messenger\msnmsgr.exe
D:\Program\Logitech\MouseWare\system\em_exec.exe
D:\Program\PowerStrip\pstrip.exe
D:\Program\Internet Explorer\IEXPLORE.EXE
D:\Program\SpeedFan\speedfan.exe
D:\WINDOWS\explorer.exe
D:\Program\Internet Explorer\iexplore.exe
D:\Program\AntiVir PersonalEdition Classic\avguard.exe
D:\Program\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program\AntiVir PersonalEdition Classic\sched.exe
D:\Program\Internet Explorer\IEXPLORE.EXE
D:\Program\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
D:\Program\Winamp\winamp.exe
D:\Program\Internet Explorer\IEXPLORE.EXE
D:\Program\Internet Explorer\IEXPLORE.EXE
D:\Program\Internet Explorer\IEXPLORE.EXE
D:\Program\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - D:\WINDOWS\system32\hp100.tmp (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "D:\Program\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "D:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "D:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "D:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.fotogalleriet.se/static/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15021/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\Program\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - D:\Program\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - D:\Program\CPUCooL\CooLSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Run HJT again and put a check in the following:

O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - D:\WINDOWS\system32\hp100.tmp (file missing)

Close all applications and browser windows before you click "fix checked".
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top