Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Toyen

11 Posts

961

December 12th, 2008 01:00

Malwarebytes' report - everything clean now?

Hi,

I've just run a Malwarebytes' removal with the help of Bugbatter's advice on this forum.

I had problems with google searches, got up bediddle sites and other fake sites.

Searching now seems to work fine again. Can anyone please look at the Malwarebyte log below so that I can be sure that nothing is infected anymore? Thanks!

 

Malwarebytes' Anti-Malware 1.31
Database version: 1492
Windows 5.1.2600 Service Pack 3

12.12.2008 10:34:09
mbam-log-2008-12-12 (10-34-09).txt

Scan type: Quick Scan
Objects scanned: 62501
Time elapsed: 11 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\sysaudio.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Bugbatter

4 Apprentice

 • 

20.5K Posts

December 12th, 2008 05:00

Hi, Toyen,

You had a rootkit component in there, so I would like to take a deeper look, as well as check for any vulnerabilities.

While I am arranging how to deal with this, you can help me by addressing the following:

* Have you have posted this issue on another forum? If so, please provide a link to the topic.

* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly.

* If you are using any cracked software, please remove it. Definition of cracked software: http://en.wikipedia.org/wiki/Software_cracking

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.  The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. There is a list here:    http://en.community.dell.com/forums/p/19241146/19367569.aspx#19367569

* If this computer belongs to someone else, do you have authority to apply the fixes we will use?

* Have you already fixed entries using HijackThis? If so, please restore all the backups and then post another log.

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

* During the course of our cleanup please do not do any online work or surfing until we have verified that your system is clean.

* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

Please download DDS and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following logs by copying and pasting the text of each into your next reply:

DDS.txt
Attach.txt

* If your replies do not fit in one post while we are handling your issue, please reply to yourself until all text is submitted. It may take several posts.

Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a HijackThis log at the top of this board to start a new forum topic.

 

Toyen

11 Posts

December 13th, 2008 12:00

Hi,

Thank you so much.

Will I need to empty my computer for the clean-up? If, so I must move my stuff over to another hard-disk first.

I've only previously posted this on http://en.community.dell.com/forums/t/19246440.aspx.

I haven't run HiJackThis after entry.

As far as I know, I don't have any cracked software but it's somewhat unclear to me what it is even after reading the wikipedia entry. Is it something I would have actively installed?

I've downloaded DDS now.

I did not know how to disable any script blocking protection. Report is below. Please let me know if I will need to disable script blocking - and if so how - or if it is fine as long as I got the two texts (DDS and Attach). 

I was not prompted to do an optional scan, but thies is perhaps also among the two that came up automatically.

 

DDS:


DDS (Version 1.0.1) - NTFSx86 
Run by Brit at 21:16:46,25 on 13.12.2008
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition  5.1.2600.3.1252.47.1044.18.1014.437 [GMT 1:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programfiler\Dell Network Assistant\hnm_svc.exe
C:\Programfiler\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\programfiler\fellesfiler\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Programfiler\McAfee\MPF\MPFSrv.exe
C:\Programfiler\McAfee\MSK\MskSrver.exe
C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Dell\QuickSet\quickset.exe
C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe
C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programfiler\Dell\MediaDirect\PCMService.exe
C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Programfiler\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Updater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\NetWaiting\netwaiting.exe
C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe
C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Dell Network Assistant\ezi_hnm2.exe
C:\Programfiler\Olympus\DeviceDetector\DevDtct2.exe
C:\Programfiler\Digital Line Detect\DLG.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe
C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Brit\Skrivebord\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.no/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=3070213
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=3070213
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\programfiler\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\programfiler\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\programfiler\java\jre1.6.0_07\bin\ssv.dll
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\programfiler\mcafee\virusscan\scriptsn.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\programfiler\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\programfiler\bae\BAE.dll
TB: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [ModemOnHold] c:\programfiler\netwaiting\netwaiting.exe
uRun: [swg] c:\programfiler\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MsnMsgr] "c:\programfiler\msn messenger\MsnMsgr.Exe" /background
uRun: [QuickTime Task] "c:\programfiler\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\programfiler\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] c:\programfiler\synaptics\syntp\SynTPEnh.exe
mRun: [Dell QuickSet] c:\programfiler\dell\quickset\quickset.exe
mRun: [IntelZeroConfig] "c:\programfiler\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\programfiler\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\felles~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\programfiler\fellesfiler\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\programfiler\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\programfiler\dell\mediadirect\PCMService.exe"
mRun: [SSBkgdUpdate] "c:\programfiler\fellesfiler\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\programfiler\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [QuickTime Task] "c:\programfiler\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\programfiler\itunes\iTunesHelper.exe"
mRun: [Corel Photo Downloader] c:\programfiler\corel\corel snapfire plus\Corel Photo Downloader.exe
mRun: [mcagent_exe] c:\programfiler\mcafee.com\agent\mcagent.exe /runkey
mRun: [ ]
mRun: [Sony Ericsson PC Suite] "c:\programfiler\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [iRiver Updater] \Updater.exe
mRun: [LXCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCFtime.dll,_RunDLLEntry@16
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\adober~1.lnk - c:\programfiler\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\device~1.lnk - c:\programfiler\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\digita~1.lnk - c:\programfiler\digital line detect\DLG.exe
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programfiler\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\programfiler\java\jre1.6.0_07\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\programfiler\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programfiler\messenger\msmsgs.exe
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\felles~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brit\progra~1\mozilla\firefox\profiles\31rdaze8.default\

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-25 201320]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\programfiler\mcafee\siteadvisor\McSACore.exe" [2008-10-14 203280]
R2 McProxy;McAfee Proxy Service;c:\progra~1\felles~1\mcafee\mcproxy\mcproxy.exe [2007-2-25 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-2-25 144704]
R2 aawservice;Lavasoft Ad-Aware Service;c:\programfiler\lavasoft\ad-aware\aawservice.exe [2008-8-19 611664]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-2-25 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-25 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-25 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-25 40488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-25 33832]

=============== Created Last 30 ================

2008-12-12 09:56   

    --d-----    c:\docume~1\brit\progra~1\Malwarebytes
2008-12-12 09:56    15,504    a-------    c:\windows\system32\drivers\mbam.sys
2008-12-12 09:56    38,496    a-------    c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-12 09:56        --d-----    c:\docume~1\alluse~1\progra~1\Malwarebytes
2008-12-12 09:56        --d-----    c:\programfiler\Malwarebytes' Anti-Malware
2008-12-06 15:39        --d-----    c:\programfiler\filezilla
2008-12-03 22:24        --d-----    c:\programfiler\Kodak

==================== Find3M  ====================

2008-12-11 21:59    5,642    a--sh---    c:\windows\system32\KGyGaAvL.sys
2008-11-03 09:58    389,242    a-------    c:\windows\system32\perfh014.dat
2008-11-03 09:58    62,530    a-------    c:\windows\system32\perfc014.dat
2008-10-24 12:21    455,296    a-------    c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 12:21    455,296    --------    c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:43    286,720    a-------    c:\windows\system32\gdi32.dll
2008-10-23 13:43    286,720    --------    c:\windows\system32\dllcache\gdi32.dll
2008-10-17 02:03    3,593,216    --------    c:\windows\system32\dllcache\mshtml.dll
2008-10-16 14:15    70,656    --------    c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 14:13    1,809,944    a-------    c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13    202,776    a-------    c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12    323,608    a-------    c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12    561,688    a-------    c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:11    13,824    --------    c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 14:09    92,696    a-------    c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09    51,224    a-------    c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08    34,328    a-------    c:\windows\system32\dllcache\wups.dll
2008-10-15 17:38    337,408    --------    c:\windows\system32\dllcache\netapi32.dll
2008-10-15 08:06    633,632    --------    c:\windows\system32\dllcache\iexplore.exe
2008-10-15 08:04    161,792    --------    c:\windows\system32\dllcache\ieakui.dll
2008-10-03 11:04    247,326    a-------    c:\windows\system32\strmdll.dll
2008-10-03 11:04    247,326    --------    c:\windows\system32\dllcache\strmdll.dll
2008-09-30 16:43    1,286,152    a-------    c:\windows\system32\msxml4.dll
2008-09-15 16:29    1,846,400    a-------    c:\windows\system32\win32k.sys
2008-09-15 16:29    1,846,400    --------    c:\windows\system32\dllcache\win32k.sys
2008-09-06 23:55    32,768    a--sh---    c:\windows\system32\config\systemprofile\lokale innstillinger\logg\history.ie5\mshist012008090720080908\index.dat

============= FINISH: 21:17:48,37 ===============

I got the message that the Attach message should be attached to this. However, when I go to Options to add file to this message, Im told that it has to be in certain formats such as txt etc. But it is in txt. Is it fine if I paste it to the message instead. Just double-checking!

Thanks so much again!

Toyen

 

 

 

Bugbatter

4 Apprentice

 • 

20.5K Posts

December 13th, 2008 15:00

If you had cracked software, you would have intentionally installed it, so you'd know it.

No, you will not need to empty your computer, unless we run into an unforeseeable problem. We cannot attach files yet with the new Dell forum software, so that is why I asked you to copy/paste. Everything looks good so far, except that your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run.

Before updating Java, please run Disk Cleanup in each user's profile: Click "Start > Programs > Accessories > System Tools > Disk Cleanup" Please make sure only the following are checked:

-- Downloaded Program Files

-- Temporary Internet Files

-- Recycle Bin

-- Temporary Files

Click "OK" and Disk Cleanup will delete those files for you.

Reboot.

Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says Java SE Runtime Environment (JRE) 6 Update 11 .
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • NOTE: As always during installations, beware of any pre-checked option to install a toolbar. If you do not want it, UNcheck it.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each of the Java versions.
    Close Add/Remove.

  • * In Windows Explorer, navigate to C:\Program Files\Java =this folder. Delete any subfolders.
    * Do NOT delete C:\Program Files\ JavaVM =this folder, if found!
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.

Official JAVA Installation Instructions if needed.

Finally, please delete DDS and its two logs. Please post a fresh HijackThis log and let me know how things are running. If all is well, we'll flush System Restore, and you'll be good to go. If you are still having any problems, we'll keep looking.

 

Toyen

11 Posts

December 14th, 2008 05:00

Ok, before I start - do I also delete WebClient/Publisher Temporary files on the Disk Cleanup?

 

Below, the attach file:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 25.02.2007 02:52:54
System Uptime: 13.12.2008 21:06:50 (0 hours ago)

Motherboard: Dell Inc. |  | 0MG532
Processor: Genuine Intel(R) CPU           T2050  @ 1.60GHz | Microprocessor | 1596/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 69 GiB total, 51,777 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP180: 10.09.2008 10:02:42 - Software Distribution Service 3.0
RP181: 10.09.2008 15:00:22 - Software Distribution Service 3.0
RP182: 12.09.2008 18:23:22 - Software Distribution Service 3.0
RP183: 13.09.2008 03:19:18 - Software Distribution Service 3.0
RP184: 14.09.2008 11:58:42 - Kontrollpunkt for system
RP185: 16.09.2008 07:57:35 - Installed Olympus Digital Wave Player
RP186: 16.09.2008 08:02:23 - Installering av usignert driver
RP187: 16.09.2008 11:32:55 - Installering av usignert driver
RP188: 21.09.2008 22:55:08 - Kontrollpunkt for system
RP189: 22.09.2008 10:06:20 - Installering av usignert driver
RP190: 24.09.2008 13:16:59 - Kontrollpunkt for system
RP191: 28.09.2008 00:29:20 - Kontrollpunkt for system
RP192: 30.09.2008 10:02:56 - Kontrollpunkt for system
RP193: 05.10.2008 21:03:22 - Kontrollpunkt for system
RP194: 07.10.2008 09:28:43 - Kontrollpunkt for system
RP195: 09.10.2008 20:16:36 - Kontrollpunkt for system
RP196: 11.10.2008 16:57:25 - Kontrollpunkt for system
RP197: 12.10.2008 18:40:09 - Kontrollpunkt for system
RP198: 17.10.2008 08:48:54 - Software Distribution Service 3.0
RP199: 19.10.2008 19:53:29 - Kontrollpunkt for system
RP200: 21.10.2008 11:49:40 - Kontrollpunkt for system
RP201: 25.10.2008 03:57:26 - Software Distribution Service 3.0
RP202: 26.10.2008 11:53:50 - Kontrollpunkt for system
RP203: 30.10.2008 16:51:26 - Kontrollpunkt for system
RP204: 03.11.2008 15:49:27 - Kontrollpunkt for system
RP205: 05.11.2008 10:19:50 - Kontrollpunkt for system
RP206: 06.11.2008 10:23:39 - Kontrollpunkt for system
RP207: 07.11.2008 19:16:19 - Installed iriver Music Manager
RP208: 10.11.2008 16:25:42 - Kontrollpunkt for system
RP209: 12.11.2008 15:30:50 - Software Distribution Service 3.0
RP210: 18.11.2008 13:42:26 - Kontrollpunkt for system
RP211: 23.11.2008 19:26:06 - Kontrollpunkt for system
RP212: 27.11.2008 12:33:05 - Kontrollpunkt for system
RP213: 01.12.2008 15:22:21 - Removed iriver Music Manager
RP214: 03.12.2008 22:24:20 - Installed KODAK Gallery Upload Software.
RP215: 06.12.2008 12:53:57 - Kontrollpunkt for system
RP216: 08.12.2008 09:37:31 - Kontrollpunkt for system
RP217: 11.12.2008 19:39:49 - Software Distribution Service 3.0
RP218: 11.12.2008 19:59:20 - Software Distribution Service 3.0

==== Installed Programs ======================

Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
AudibleManager
Broadcom Management Programs
Brukerregistrering for Canon MP600
Canon MP Navigator 3.0
Canon MP600
Canon Utilities Easy-PhotoPrint
CD-LabelPrint
Clue 7.3
Conexant HDA D110 MDC V.92 Modem
Corel Paint Shop Pro Photo XI
Corel Snapfire Plus
Creative MediaSource 5
Creative System Information
Dell Driver Reset Tool
Dell Network Assistant
Dell System Restore
Digital Line Detect
Flickr Uploadr 3.0.5
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hurtigreparasjon for Windows Internet Explorer 7 (KB947864)
Hurtigreparasjon for Windows Media Player 10 - KB895316
Hurtigreparasjon for Windows Media Player 11 (KB939683)
Hurtigreparasjon for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless-programvare
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 5
Java(TM) 6 Update 7
KODAK EASYSHARE Gallery Upload ActiveX Control
KODAK Gallery Upload Software
Lexmark 730 Series
Malwarebytes' Anti-Malware
McAfee-avinstallasjonsprogram
McAfee SecurityCenter
mCore
MCU
mDrWiFi
MediaDirect
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 Norwegian Language Pack
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0.4)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting
Olympus Digital Wave Player
OpenOffice.org Installer 1.0
Oppdatering for Windows XP (KB951072-v2)
Oppdatering for Windows XP (KB951978)
Oppdatering for Windows XP (KB955839)
OutlookAddinSetup
QuickSet
QuickTime
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
ScanSoft OmniPage SE 4.0
SearchAssist
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB938127)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB942615)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB944533)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB950759)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB953838)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB956390)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB958215)
Sikkerhetsoppdatering for Windows Media Player (KB911564)
Sikkerhetsoppdatering for Windows Media Player (KB952069)
Sikkerhetsoppdatering for Windows Media Player 11 (KB936782)
Sikkerhetsoppdatering for Windows Media Player 11 (KB954154)
Sikkerhetsoppdatering for Windows Media Player 6.4 (KB925398)
Sikkerhetsoppdatering for Windows Media Player 9 (KB917734)
Sikkerhetsoppdatering for Windows XP (KB923689)
Sikkerhetsoppdatering for Windows XP (KB938464)
Sikkerhetsoppdatering for Windows XP (KB941569)
Sikkerhetsoppdatering for Windows XP (KB946648)
Sikkerhetsoppdatering for Windows XP (KB950760)
Sikkerhetsoppdatering for Windows XP (KB950762)
Sikkerhetsoppdatering for Windows XP (KB950974)
Sikkerhetsoppdatering for Windows XP (KB951066)
Sikkerhetsoppdatering for Windows XP (KB951376-v2)
Sikkerhetsoppdatering for Windows XP (KB951376)
Sikkerhetsoppdatering for Windows XP (KB951698)
Sikkerhetsoppdatering for Windows XP (KB951748)
Sikkerhetsoppdatering for Windows XP (KB952954)
Sikkerhetsoppdatering for Windows XP (KB953839)
Sikkerhetsoppdatering for Windows XP (KB954211)
Sikkerhetsoppdatering for Windows XP (KB954459)
Sikkerhetsoppdatering for Windows XP (KB954600)
Sikkerhetsoppdatering for Windows XP (KB955069)
Sikkerhetsoppdatering for Windows XP (KB956391)
Sikkerhetsoppdatering for Windows XP (KB956802)
Sikkerhetsoppdatering for Windows XP (KB956803)
Sikkerhetsoppdatering for Windows XP (KB956841)
Sikkerhetsoppdatering for Windows XP (KB957095)
Sikkerhetsoppdatering for Windows XP (KB957097)
Sikkerhetsoppdatering for Windows XP (KB958644)
Skype™ 3.2
Sonic Activation Module
Sonic Update Manager
Sony Ericsson PC Suite 1.20.224
Synaptics Pointing Device Driver
TweakNow RegCleaner Standard
URL Assistant
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Toolbar

==== Event Viewer Messages ===================

11.12.2008 19:44:36, Informasjon: Windows File Protection [64002]  - Filerstatning ble forsøkt på den beskyttede systemfilen setup.exe. Denne filen ble gjenopprettet til den opprinnelige versjonen for å opprettholde systemstabilitet. Filversjonen for systemfilen er 5.1.2600.5512.
12.12.2008 09:48:17, Informasjon: Windows File Protection [64002]  - Filerstatning ble forsøkt på den beskyttede systemfilen c:\windows\system32\setup.exe. Denne filen ble gjenopprettet til den opprinnelige versjonen for å opprettholde systemstabilitet. Filversjonen for systemfilen er 5.1.2600.5512.

==== End Of File ===========================

 

Thanks,

Toyen

Bugbatter

4 Apprentice

 • 

20.5K Posts

December 14th, 2008 07:00

It is up to you whether you want to delete WebClient temp files. You probably do not need them unless you are a web site developer.
More info here:
http://www.help2go.com/Tutorials/Windows_Errors/WebClient_Publisher_Temporary_Files_:_How_to_delete_them.html

Before you install Java these are the old versions to remove:

J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 5
Java(TM) 6 Update 7

Toyen

11 Posts

December 15th, 2008 04:00

Hi,

I've followed the instructions and things seem to run normally.

Here's the last HijackThis Report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:11, on 15.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe
C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programfiler\Dell Network Assistant\hnm_svc.exe
C:\Programfiler\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\programfiler\fellesfiler\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Programfiler\McAfee\MPF\MPFSrv.exe
C:\Programfiler\McAfee\MSK\MskSrver.exe
C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Dell\QuickSet\quickset.exe
C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe
C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programfiler\Dell\MediaDirect\PCMService.exe
C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Programfiler\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Updater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\NetWaiting\netwaiting.exe
C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe
C:\Programfiler\Dell Network Assistant\ezi_hnm2.exe
C:\Programfiler\Olympus\DeviceDetector\DevDtct2.exe
C:\Programfiler\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=3070213
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=3070213
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=3070213
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programfiler\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programfiler\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Programfiler\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Programfiler\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Programfiler\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Programfiler\NetWaiting\netwaiting.exe
O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Programfiler\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Programfiler\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Programfiler\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programfiler\fellesfiler\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programfiler\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Programfiler\McAfee\MSK\MskSrver.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12731 bytes

 

Toyen

Bugbatter

4 Apprentice

 • 

20.5K Posts

December 15th, 2008 17:00

 

If you have not done so already, please delete DDS and its logs.

Please launch HijackThis and place a checkmark next to the following:
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Close all other windows and click "Fix Checked". Close HijackThis. REBOOT.

Let me know how things are running after that, if all is well, we'll flush System Restore, and you'll be good to go.

Toyen

11 Posts

December 16th, 2008 02:00

Hi, Have done this now (included removing DDS and its logs from desktop, could not find it anywhere else -)

Things seem to be working normally.

Toyen

Toyen

11 Posts

December 16th, 2008 04:00

ps - only thing is that Internet Explorer now rund without add-ons. How do I enable them?

 

(first message:

Hi, Have done this now (included removing DDS and its logs from desktop, could not find it anywhere else -)

Things seem to be working normally.

Toyen)

Bugbatter

4 Apprentice

 • 

20.5K Posts

December 16th, 2008 06:00

Glad to hear all is running well.

Here is information regarding Add-ons:

http://www.microsoft.com/windowsxp/using/web/sp2_addonmanager.mspx

If everything is still running well....

To flush the XP System Restore Points: (Using XP, you must be logged in as Administrator to do this.)

Go to Start>Run and type msconfig Press enter.

When msconfig opens, click the Launch System Restore Button.

On the next page, click the System Restore Settings Link on the left.

Check the box labeled Turn Off System Restore.

Reboot. Go back in and turn System Restore ON. A new Restore Point will be created.

Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.

If you have installed Malwarebytes' Anti-Malware as part of your cleaning procedures, keep it updated and use it to scan every so often for malware, or upgrade to the paid version for realtime scanning and auto updating.

The following suggestions are general prevention and are not customized for your computer. You may have already taken some of these steps, and depending on your current security, you may not need to implement all of these:


1. Visit Microsoft Update: Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS. Microsoft's widows Update: http://v4.windowsupdate.microsoft.com/en/default.asp

2. Please use a firewall and realtime anti-virus. Keep the anti-virus software and firewall software up to date. Note: Zone Alarm Firewall (by Checkpoint) has a free version http://www.zonelabs.com/store/content/company/products/trial_zaFamily/trial_zaFamily.jsp?lid=home_freedownloads

3.You might consider installing Mozilla / Firefox.
http://www.mozilla.com/en-US/

4. Do not use file sharing. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

5. Before using or purchasing any Spyware/Malware protection/removal program, always check the following Rogue/Suspect Spyware Lists. http://www.spywarewarrior.com/rogue_anti-spyware.htm http://www.malwarebytes.org/database.php

6. If you have not already done so, you might want to install CCleaner and run it in each user's profile: http://www.ccleaner.com/ ** UNcheck the option to install the Yahoo toolbar that is checked by default for the Standard version, or download the toolbar-free versions (Slim or Basic) when given the option for those.

7. Practice Safe Surfing with with TrendProtect by Trend Micro. This is not compatible with Firefox 3.0 yet. TrendProtect is a browser plugin that assigns a safety rating to domains listed in your search engine. TrendProtect also adds a new button to your browser's toolbar area. The icon and color of the button changes to indicate whether the page currently open is safe, unsafe, trusted, or unrated, or whether it contains unwanted content. The following color codes are used by TrendProtect to indicate the safety of each site.

  • Red for Warning
  • Yellow for Use Caution
  • Green for Safe
  • Grey for Unknown

 

For Firefox, you can use Web Of Trust.  It uses colored alerts to warn about risky websites that try to scam visitors, deliver malware, or send spam.

 

8. You might consider installing SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
It will:
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
Restrict the actions of potentially unwanted sites in Internet Explorer.
Tutorial here:http://www.bleepingcomputer.com/forums/tutorial49.html
Periodically check for updates

9. Here are some helpful articles:
"How did I get infected?"
http://www.bleepingcomputer.com/forums/topic2520.html


"I'm not pulling your leg, honest"
by Sandi Hardmeier
http://www.microsoft.com/windows/IE/community/columns/pulling.mspx



Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing!

 

Toyen

11 Posts

December 17th, 2008 02:00

Thank you so much! Ill install the works!

Toyen

Bugbatter

4 Apprentice

 • 

20.5K Posts

December 17th, 2008 08:00

You are most welcome. Happy Holidays!

Was this post helpful?

View All

No Events found!

Top