Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Removed ErrorSafe ???

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Removed ErrorSafe ???

Unread postby t_nypan » April 11th, 2007, 12:43 am

Hi !
Thanks for your site !
I followed (quite successfully I think) your instructions in "Please read this BEFORE posting to this board." (topic 39).

And I have posted my HiJack log below.
Do I still have some problems ?
It seems to me to still be some ShopperReports stuff left, but You are the experts !

Thanks in advance !

Logfile of HijackThis v1.99.1
Scan saved at 06:35:22, on 2007-04-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program\Network Associates\Common Framework\FrameworkService.exe
C:\Program\Network Associates\VirusScan\Mcshield.exe
C:\Program\Network Associates\VirusScan\VsTskMgr.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program\MioNet\MioNetManager.exe
C:\WINDOWS\system32\Smartscaps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program\Dell\Media Experience\PCMService.exe
C:\Program\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe
C:\Program\QuickTime\qttask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program\Network Associates\VirusScan\SHSTAT.EXE
C:\Program\Network Associates\Common Framework\UpdaterUI.exe
C:\Program\Delade filer\Network Associates\TalkBack\TBMon.exe
C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\VM_STI.EXE
C:\Program\TrojanHunter 4.6\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
C:\Program\Philips\SPC 300NC PC Camera\TrayMin300.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/s ... efault.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dn.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/s ... efault.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/se/s ... efault.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/se/s ... efault.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program\ShoppingReport\Bin\2.0.21\ShoppingReport.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program\Delade filer\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 300NC PC Camera
O4 - HKLM\..\Run: [THGuard] "C:\Program\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Certificate Mover.lnk = ?
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: TrayMin300.exe.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program\ShoppingReport\Bin\2.0.21\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program\ShoppingReport\Bin\2.0.21\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://ave.cvc.cervantes.es/home/asiste ... wswaxd.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f007.mail.spray.se/app/uploader/FileUploader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program\MioNet\MioNetManager.exe
O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
t_nypan
Active Member
 
Posts: 3
Joined: April 10th, 2007, 2:14 pm
Advertisement
Register to Remove

Unread postby chryssi2001 » April 11th, 2007, 11:54 am

Hello, and Image to Malware Removal Forums.
I will be assisting you with your malware issues.
Please be patient as I need some time to review your Hijackthis log and i will post back recommendations for repairs.

As I am still a trainee, everything that I post to you, must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long.

  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please bookmark or favourite this page. In case you need it as reference or etc.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Unread postby chryssi2001 » April 12th, 2007, 6:50 am

Hello t_nypan,

I can't see any firewall in your HijackThis log, so i assume you use windows firewall.

WINDOWS FIREWALL
Windows firewall is not recommended. It doesn't block everything that may try to get in, it doesn't block anything at all outbound, and the entire firewall is written to the registry.
Since most malware accesses the registry and can disable the Windows firewall, it's preferable to install one of the suggested firewalls.

FREE FIREWALLS

Tutorial about Firewalls can be found here
You can choose a free firewall from here
----------------------------------------
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java(TM) SE Runtime Environment 6u1.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
----------------------------------------
Please download ATF cleaner
This program is for XP and Windows 2000 only
Make sure that all browser windows are closed.

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
----------------------------------------
Please download AVG anti-spyware to your Desktop or to your usual Download Folder, from HERE
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update AVG.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Don't run a scan yet.
----------------------------------------
LIST OF PROGRAMS USING HIJACKTHIS


    Start HijackThis
    Click on the Config button
    Click on the Misc Tools button
    Click on the Open Uninstall Manager button.

You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into a reply in this topic.
----------------------------------------
Disable Trojan Hunter Guard
Go to TrojanHunter Guard icon in the lower right corner of your screen. It is a light blue icon with a magnifying glass that can be difficult to see, but the handle is red. Right click it and select settings. Uncheck "Load at startup" and "Enabled".
----------------------------------------
Now Go to Start-Settings-Control Panel, click on Add remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on remove. Then close the Control Panel.

    ShoppingReport
----------------------------------------
Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program\ShoppingReport\Bin\2.0.21\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program\ShoppingReport\Bin\2.0.21\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program\ShoppingReport\Bin\2.0.21\ShoppingReport.dll


Then close all windows except Hijackthis and click Fix Checked
----------------------------------------
Safe Mode

You can go in Safe Mode by restarting your computer, then continually tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
Print out these instructions or save them into a notepad on your desktop, because you will not have internet access while in Safe Mode.

How to view Hidden files/folders.
http://www.bleepingcomputer.com/tutorials/tutorial62.html
don't forget to hide files/folders when this is finished

Search and find these files/folders in red below and delete them:
Don't worry for files/folders not found

FOLDERS
C:\Program\ShoppingReport << this folder

FILES
C:\Program\ShoppingReport\Bin\2.0.21\ShoppingReport.dll << this file
----------------------------------------
AVG Anti-Spyware-2nd Part
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
----------------------------------------
Post Programs list created with HijackThis.
AVG Anti-spyware report.
A new HijackThis log.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

My first response

Unread postby t_nypan » April 12th, 2007, 6:44 pm

Hi, and thanks for your help so far !

1. I have a HW firewall named Zyxel Prestige 300 series.

2. First HijackThis log :
Ad-Aware SE Personal
Adobe Acrobat 7.0.9 Standard
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 2.0 (endast avinstallation)
Adobe Flash Player 9 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.7 - Svenska
Adobe Shockwave Player
ArcSoft PhotoBase 3
ATI Control Panel
ATI Display Driver
AVG Anti-Spyware 7.5
Backpacker 3
Bonniers Compact 98
Broadcom Advanced Control Suite 2
Carnet d'activités À plus! 1
Chomper3D
CoffeeCup Free FTP
Dell Media Experience
Dell Photo Printer 720
Dell Solution Center
Den fantastiska kroppen
Den Försvunna Staden
DN Skärmslackare Screen Saver
Dual Mode Camera 8008 VGA+
eDrawings 2006
Fantastiska djur
Flygande start tyska
Google Earth
Google Toolbar for Internet Explorer
greenstreet Picture Browser
HijackThis 1.99.1
Hjärnkontoret
In The Groove (Nur entfernen)
Intel Application Accelerator
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java(TM) SE Runtime Environment 6 Update 1
Krakels ABC, 7-9 år
Leif and The American Viking
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Marratech 6.0
McAfee VirusScan Enterprise
Microsoft Office Standard Edition 2003
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Works 7.0
MioNet
MSN Messenger 7.5
MSN Verktygslåda
MSXML 4.0 SP2 (KB927978)
Musicmatch® Jukebox
Nero - Burning Rom
Norton Internet Security
Norton WMI Update
Philips SPC 300NC PC Camera
Philips VLounge
PowerDVD 5.3
QuickTime
QuickTime 3.0
RealPlayer
RollerCoaster Tycoon® 3
ShopperReports
SIPPS
Skype 3.0
Skype Plugin Manager
SmartTrust Personal 3.4.6
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Spybot - Search & Destroy 1.4
Sunes sportlov
Säkerhetsuppdatering för Step by Step Interactive Training (KB898458)
Säkerhetsuppdatering för Step by Step Interactive Training (KB923723)
Säkerhetsuppdatering för Windows Media Player (KB911564)
Säkerhetsuppdatering för Windows Media Player 10 (KB911565)
Säkerhetsuppdatering för Windows Media Player 10 (KB917734)
Säkerhetsuppdatering för Windows Media Player 6.4 (KB925398)
Säkerhetsuppdatering för Windows XP (KB883939)
Säkerhetsuppdatering för Windows XP (KB890046)
Säkerhetsuppdatering för Windows XP (KB893756)
Säkerhetsuppdatering för Windows XP (KB896358)
Säkerhetsuppdatering för Windows XP (KB896422)
Säkerhetsuppdatering för Windows XP (KB896423)
Säkerhetsuppdatering för Windows XP (KB896424)
Säkerhetsuppdatering för Windows XP (KB896428)
Säkerhetsuppdatering för Windows XP (KB896688)
Säkerhetsuppdatering för Windows XP (KB899587)
Säkerhetsuppdatering för Windows XP (KB899588)
Säkerhetsuppdatering för Windows XP (KB899591)
Säkerhetsuppdatering för Windows XP (KB900725)
Säkerhetsuppdatering för Windows XP (KB901017)
Säkerhetsuppdatering för Windows XP (KB901214)
Säkerhetsuppdatering för Windows XP (KB902400)
Säkerhetsuppdatering för Windows XP (KB903235)
Säkerhetsuppdatering för Windows XP (KB904706)
Säkerhetsuppdatering för Windows XP (KB905414)
Säkerhetsuppdatering för Windows XP (KB905749)
Säkerhetsuppdatering för Windows XP (KB905915)
Säkerhetsuppdatering för Windows XP (KB908519)
Säkerhetsuppdatering för Windows XP (KB908531)
Säkerhetsuppdatering för Windows XP (KB911562)
Säkerhetsuppdatering för Windows XP (KB911567)
Säkerhetsuppdatering för Windows XP (KB911927)
Säkerhetsuppdatering för Windows XP (KB912812)
Säkerhetsuppdatering för Windows XP (KB912919)
Säkerhetsuppdatering för Windows XP (KB913446)
Säkerhetsuppdatering för Windows XP (KB913580)
Säkerhetsuppdatering för Windows XP (KB914388)
Säkerhetsuppdatering för Windows XP (KB914389)
Säkerhetsuppdatering för Windows XP (KB916281)
Säkerhetsuppdatering för Windows XP (KB917159)
Säkerhetsuppdatering för Windows XP (KB917344)
Säkerhetsuppdatering för Windows XP (KB917422)
Säkerhetsuppdatering för Windows XP (KB917953)
Säkerhetsuppdatering för Windows XP (KB918118)
Säkerhetsuppdatering för Windows XP (KB918439)
Säkerhetsuppdatering för Windows XP (KB918899)
Säkerhetsuppdatering för Windows XP (KB919007)
Säkerhetsuppdatering för Windows XP (KB920213)
Säkerhetsuppdatering för Windows XP (KB920214)
Säkerhetsuppdatering för Windows XP (KB920670)
Säkerhetsuppdatering för Windows XP (KB920683)
Säkerhetsuppdatering för Windows XP (KB920685)
Säkerhetsuppdatering för Windows XP (KB921398)
Säkerhetsuppdatering för Windows XP (KB921883)
Säkerhetsuppdatering för Windows XP (KB922616)
Säkerhetsuppdatering för Windows XP (KB922760)
Säkerhetsuppdatering för Windows XP (KB922819)
Säkerhetsuppdatering för Windows XP (KB923191)
Säkerhetsuppdatering för Windows XP (KB923414)
Säkerhetsuppdatering för Windows XP (KB923689)
Säkerhetsuppdatering för Windows XP (KB923694)
Säkerhetsuppdatering för Windows XP (KB923980)
Säkerhetsuppdatering för Windows XP (KB924191)
Säkerhetsuppdatering för Windows XP (KB924270)
Säkerhetsuppdatering för Windows XP (KB924496)
Säkerhetsuppdatering för Windows XP (KB924667)
Säkerhetsuppdatering för Windows XP (KB925454)
Säkerhetsuppdatering för Windows XP (KB925486)
Säkerhetsuppdatering för Windows XP (KB925902)
Säkerhetsuppdatering för Windows XP (KB926255)
Säkerhetsuppdatering för Windows XP (KB926436)
Säkerhetsuppdatering för Windows XP (KB927779)
Säkerhetsuppdatering för Windows XP (KB927802)
Säkerhetsuppdatering för Windows XP (KB928090)
Säkerhetsuppdatering för Windows XP (KB928255)
Säkerhetsuppdatering för Windows XP (KB928843)
Säkerhetsuppdatering för Windows XP (KB929969)
Säkerhetsuppdatering för Windows XP (KB930178)
Säkerhetsuppdatering för Windows XP (KB931261)
Säkerhetsuppdatering för Windows XP (KB931784)
Säkerhetsuppdatering för Windows XP (KB932168)
The Sims 2
TrojanHunter 4.6
Uppdatering för Windows XP (KB894391)
Uppdatering för Windows XP (KB896727)
Uppdatering för Windows XP (KB898461)
Uppdatering för Windows XP (KB900485)
Uppdatering för Windows XP (KB910437)
Uppdatering för Windows XP (KB911280)
Uppdatering för Windows XP (KB916595)
Uppdatering för Windows XP (KB920872)
Uppdatering för Windows XP (KB922582)
Uppdatering för Windows XP (KB929338)
Uppdatering för Windows XP (KB931836)
weiss_uhr_klein Screen Saver
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Toolbar

3. AWG log :
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 00:35:31 2007-04-13

+ Scan result:



C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP612\A0039717.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP613\A0039733.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP612\A0039704.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP612\A0039705.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP612\A0039706.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP612\A0039711.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP612\A0039712.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP612\A0039713.exe -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP613\A0039735.dll -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Enum\USB\Vid_0000&Pid_0000\6&30ae3867&0&4\\UINumber -> Dialer.Generic : Error during cleaning.
C:\Documents and Settings\Thomas\Cookies\thomas@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Thomas\Cookies\thomas@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.


::Report end

4. New HiJackThis log :
Logfile of HijackThis v1.99.1
Scan saved at 00:43:57, on 2007-04-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program\Network Associates\Common Framework\FrameworkService.exe
C:\Program\Network Associates\VirusScan\Mcshield.exe
C:\Program\Network Associates\VirusScan\VsTskMgr.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program\MioNet\MioNetManager.exe
C:\WINDOWS\system32\Smartscaps.exe
C:\Program\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program\Dell\Media Experience\PCMService.exe
C:\Program\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program\Network Associates\VirusScan\SHSTAT.EXE
C:\Program\Network Associates\Common Framework\UpdaterUI.exe
C:\Program\Delade filer\Network Associates\TalkBack\TBMon.exe
C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\VM_STI.EXE
C:\Program\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
C:\Program\Philips\SPC 300NC PC Camera\TrayMin300.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/s ... efault.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dn.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/s ... efault.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/se/s ... efault.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/se/s ... efault.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program\Delade filer\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 300NC PC Camera
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Certificate Mover.lnk = ?
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: TrayMin300.exe.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://ave.cvc.cervantes.es/home/asiste ... wswaxd.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f007.mail.spray.se/app/uploader/FileUploader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program\MioNet\MioNetManager.exe
O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe


Best Regards,
/Thomas
t_nypan
Active Member
 
Posts: 3
Joined: April 10th, 2007, 2:14 pm

Unread postby chryssi2001 » April 13th, 2007, 2:35 pm

Hi,

I need to have a look at a file.

Copy/paste the following quote box into a new notepad (not wordpad) document.

regedit /e USBreg.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\Vid_0000&Pid_0000\6&30ae3867&0&4"
notepad USBreg.txt
del /q USBreg.txt

Save it to your Desktop as look.bat. Save it as File Type: All Files (not as a text document or it wont work).
Save it as filename: look.bat

Locate look.bat on your Desktop and double-click it.
When Notepad opens, copy/paste the content in your reply.
When you close Notepad, the CMD window will close automatically and the text file will be deleted.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Result of Look.bat

Unread postby t_nypan » April 17th, 2007, 2:36 pm

Hello again !
Here it is :
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\Vid_0000&Pid_0000\6&30ae3867&0&4]
"DeviceDesc"="Okänd enhet"
"LocationInformation"="USB Device"
"Capabilities"=dword:00000000
"UINumber"=dword:00000000
"HardwareID"=hex(7):55,00,53,00,42,00,5c,00,55,00,4e,00,4b,00,4e,00,4f,00,57,\
00,4e,00,00,00,00,00
"CompatibleIDs"=hex(7):55,00,53,00,42,00,5c,00,55,00,4e,00,4b,00,4e,00,4f,00,\
57,00,4e,00,00,00,00,00
"ClassGUID"="{36FC9E60-C465-11CF-8056-444553540000}"
"Class"="USB"
"Driver"="{36FC9E60-C465-11CF-8056-444553540000}\\0022"
"Mfg"="(USB-standardvärdstyrenhet)"
"ConfigFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\Vid_0000&Pid_0000\6&30ae3867&0&4\Device Parameters]
"ExtPropDescSemaphore"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\Vid_0000&Pid_0000\6&30ae3867&0&4\LogConf]



Best Regards,
/Thomas
t_nypan
Active Member
 
Posts: 3
Joined: April 10th, 2007, 2:14 pm

Unread postby chryssi2001 » April 18th, 2007, 6:46 am

Hi n_typan,

Stop, Disable A Service
Go to Start, Run OR Start, Programs, Accessories, Command Prompt and type Services.msc and click OK.
Under the Extended Tab, Scroll down and find the service shown below.

SymWSC

Click once on the service to highlight it.
Right-Click on the service. Select Properties
Select the General tab.
Next to Service Status, click Stop.
Click the Arrow-down tab on the right-hand side at the Start-up Type box.
From the drop-down menu, click on Disabled
Click Apply, then OK
-----------------------------------
Enable Trojan Hunter Guard
Go to TrojanHunter Guard icon in the lower right corner of your screen. It is a light blue icon with a magnifying glass that can be difficult to see, but the handle is red. Right click it and select settings. Check "Load at startup" and "Enabled".
-----------------------------------
Other than that your log looks clean now.
Do you have any particular problems?
-----------------------------------
This is my normal post for when you are clear - which you now are - or seem to be. Please advise of any problems you still have :-

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

    a. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
    You can find instructions on how to enable and re enable system restore here:
    Managing Windows Millennium System Restore
    or
    Windows XP System Restore Guide
    re-enable system restore with instructions from tutorial above

    b. Make your Internet Explorer more secure - This can be done by following these simple instructions:

      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.

        a. Change the Download signed ActiveX controls to Prompt
        b. Change the Download unsigned ActiveX controls to Disable
        c. Change the Initialise and script ActiveX controls not marked as safe to Disable
        d. Change the Installation of desktop items to Prompt
        e. Change the Launching programs and files in an IFRAME to Prompt
        f. Change the Navigate sub-frames across different domains to Prompt
        g. When all these settings have been made, click on the OK button.
        h. If it prompts you as to whether or not you want to save the settings, press the Yes button.

      5. Next press the Apply button and then the OK to exit the Internet Properties page.

    c. Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
    Computer Safety On line - Anti-Virus

    d. Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

    e. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls

    f. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

    g. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware

    h. Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware

    i. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line - Anti-Malware

    j. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Unread postby NonSuch » May 2nd, 2007, 2:35 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware