HELP! Hijackthis Log

Hi Sanna,
I have to run out the door to work right now, I m sure we can get this sorted for you,

Please Download
Silent Runners
Please create a folder for it please, Then double click on the program, It will save a notebook file in the same folder, Open that, copy, paste the log back to this thread please


I will try and reply at some point during the day if possible, Otherwise I will post back later toningt,
6:45 here right now in Mass, so have to run

Thank you!!
I will do that and I'm doing the spybot run right now (following that thread I didn't see at first about what to do before posting a hijackthislog)
Thanks again and I will get back to you!

Fix the following.... O2 - BHO: (no name) - {ABE0BEF4-ECA1-CDF6-55C4-D6344AA3384A} - (no file)

Might I suggest you download and run the latest version of Hijack this?

Ihhh?
I haven't got the latest one of hjt???
gahh
gotta check that
thanks

Silent runners
Hi there

I have been scanning my computer all day, trying different programs


Now I have done the silent runner
"Silent Runners.vbs", revision 29, launched at: 17:37
Output limited to non-default values, except where indicated by "{++}"
Operating System: Windows XP SP2


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"msnmsgr" = ""C:\Program\MSN Messenger\msnmsgr.exe" /background" [file not found]
"Testlove" = "C:\DOCUME~1\Sanna\APPLIC~1\WIPEWI~1\Close Free.exe" [file not found]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ICQ" = "C:\Program\ICQ\ICQ.exe -trayboot" ["ICQ Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"vptray" = "C:\Program\NavNT\vptray.exe" ["Symantec Corporation"]
"Mirabilis ICQ" = "C:\Program\ICQ\ICQNet.exe" [null data]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"LogonStudio" = ""C:\Program\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM" ["Stardock and Luca Saggese"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{398CF232-F3EB-1867-A137-045A6BA0E4C9}\(Default) = (no title provided)
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\DOCUME~1\Sanna\APPLIC~1\VGAREG~1\16 Fork.exe" [null data]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> resolves to: {CLSID}\InprocServer32\(Default) = "c:\program\google\googletoolbar2.dll" ["Google Inc."]
{E10959A2-8862-4582-973A-05BDAF4E0FE9}\(Default) = "cnt Class" [from CLSID]
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\WINDOWS\System32\ctcnt1.dll" [empty string]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Kontrollpanelstillägg för bildskärmspanorering"
-> CLSID InProcServer32 resolves to: "deskpan.dll" [file not found]

oops
maybe i have deleted some important .exe files?

a virus program found a couple of virus .exe files in the application folder and there were several other strange looking files at the same spot so i deleted them as well..


gaaah

hjt file log as well
Logfile of HijackThis v1.99.0
Scan saved at 17:44:40, on 2005-01-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\NavNT\defwatch.exe
C:\WINDOWS\system32\id2scaps.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program\NavNT\vptray.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\iD2\CSP\iD2CertMover.exe
C:\Program\ICQ\ICQ.exe
c:\program\intern~1\iexplore.exe
C:\Program\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program\Messenger\msmsgs.exe
C:\Program\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rosenstrandh.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {398CF232-F3EB-1867-A137-045A6BA0E4C9} - C:\DOCUME~1\Sanna\APPLIC~1\VGAREG~1\16 Fork.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll
O2 - BHO: (no name) - {ABE0BEF4-ECA1-CDF6-55C4-D6344AA3384A} - (no file)
O2 - BHO: cnt Class - {E10959A2-8862-4582-973A-05BDAF4E0FE9} - C:\WINDOWS\System32\ctcnt1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] C:\Program\NavNT\vptray.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Testlove] C:\DOCUME~1\Sanna\APPLIC~1\WIPEWI~1\Close Free.exe
O4 - HKCU\..\RunOnce: [ICQ] C:\Program\ICQ\ICQ.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: iD2 CSP Certificate Utility.lnk = C:\Program\iD2\CSP\iD2CertMover.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: QuickPost - http://www.rosenstrandh.se/cgi-bin/dagbok/mt.cgi?__mode=reg_bm_js&bm_show=&bm_height=440
O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O12 - Plugin for .sgn: C:\Program\Internet Explorer\PLUGINS\npSign.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.181.87.189/activex/AxisCamControl.cab
O16 - DPF: {B0228472-F17B-4D89-A5AC-C75130405CCD} (DTS_Web.DTSWebSigning) - http://www.accurata.se/demos/DTSWebdemo/DTS_Web.CAB
O16 - DPF: {F70FAED4-069F-40E8-B609-F01DA4BF74DA} - http://www.apport.nu/Bilderonline/ActiveX/Ver1.0.0.6/ApportFastTrack.CAB
O23 - Service: Adobe LM Service - Unknown - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program\NavNT\defwatch.exe
O23 - Service: iD2 Smart Card Server - iD2 Technologies - C:\WINDOWS\system32\id2scaps.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

I restarted the computer
but I'm not sure the hjt log says any different..

Logfile of HijackThis v1.99.0
Scan saved at 18:04:00, on 2005-01-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\NavNT\defwatch.exe
C:\WINDOWS\system32\id2scaps.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program\NavNT\vptray.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\TDK Systems\Bluetooth Software\BTTray.exe
C:\Program\iD2\CSP\iD2CertMover.exe
C:\Program\ICQ\ICQ.exe
C:\Program\TDK Systems\Bluetooth Software\BTStackServer.exe
C:\Program\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Messenger\msmsgs.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rosenstrandh.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {398CF232-F3EB-1867-A137-045A6BA0E4C9} - C:\DOCUME~1\Sanna\APPLIC~1\VGAREG~1\16 Fork.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll
O2 - BHO: (no name) - {ABE0BEF4-ECA1-CDF6-55C4-D6344AA3384A} - (no file)
O2 - BHO: cnt Class - {E10959A2-8862-4582-973A-05BDAF4E0FE9} - C:\WINDOWS\System32\ctcnt1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] C:\Program\NavNT\vptray.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Testlove] C:\DOCUME~1\Sanna\APPLIC~1\WIPEWI~1\Close Free.exe
O4 - HKCU\..\RunOnce: [ICQ] C:\Program\ICQ\ICQ.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: iD2 CSP Certificate Utility.lnk = C:\Program\iD2\CSP\iD2CertMover.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: QuickPost - http://www.rosenstrandh.se/cgi-bin/dagbok/mt.cgi?__mode=reg_bm_js&bm_show=&bm_height=440
O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O12 - Plugin for .sgn: C:\Program\Internet Explorer\PLUGINS\npSign.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.181.87.189/activex/AxisCamControl.cab
O16 - DPF: {B0228472-F17B-4D89-A5AC-C75130405CCD} (DTS_Web.DTSWebSigning) - http://www.accurata.se/demos/DTSWebdemo/DTS_Web.CAB
O16 - DPF: {F70FAED4-069F-40E8-B609-F01DA4BF74DA} - http://www.apport.nu/Bilderonline/ActiveX/Ver1.0.0.6/ApportFastTrack.CAB
O23 - Service: Adobe LM Service - Unknown - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program\NavNT\defwatch.exe
O23 - Service: iD2 Smart Card Server - iD2 Technologies - C:\WINDOWS\system32\id2scaps.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

these are my worries
O2 - BHO: (no name) - {398CF232-F3EB-1867-A137-045A6BA0E4C9} - C:\DOCUME~1\Sanna\APPLIC~1\VGAREG~1\16 Fork.exe

O2 - BHO: (no name) - {ABE0BEF4-ECA1-CDF6-55C4-D6344AA3384A} - (no file)


O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

O4 - HKCU\..\Run: [Testlove] C:\DOCUME~1\Sanna\APPLIC~1\WIPEWI~1\Close Free.exe

I have erased the second one (the O2- BHO...no name, no file) after getting that tip from another guy up here. Was that ok?

Hi sanna
Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"
O2 - BHO: (no name) - {398CF232-F3EB-1867-A137-045A6BA0E4C9} - C:\DOCUME~1\Sanna\APPLIC~1\VGAREG~1\16 Fork.exe
O2 - BHO: (no name) - {ABE0BEF4-ECA1-CDF6-55C4-D6344AA3384A} - (no file)
O4 - HKCU\..\Run: [Testlove] C:\DOCUME~1\Sanna\APPLIC~1\WIPEWI~1\Close Free.exe

Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the above files highlighted in BOLD
C:\DOCUME~1\Sanna\APPLIC~1\VGAREG~1\16 Fork.exe
C:\DOCUME~1\Sanna\APPLIC~1\WIPEWI~1\Close Free.exe

Restart your computer, Post back a fresh log please
Post back a fresh silent runners log please,

It would be helpful if you didn't think make changes till told to do so please,

Sorry
Someone else in this thread suggested that one change and I did that
I will do the others now
Thank you again!

Silent runners
"Silent Runners.vbs", revision 29, launched at: 09:12
Output limited to non-default values, except where indicated by "{++}"
Operating System: Windows XP SP2


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"msnmsgr" = ""C:\Program\MSN Messenger\msnmsgr.exe" /background" [file not found]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ICQ" = "C:\Program\ICQ\ICQ.exe -trayboot" ["ICQ Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"vptray" = "C:\Program\NavNT\vptray.exe" ["Symantec Corporation"]
"Mirabilis ICQ" = "C:\Program\ICQ\ICQNet.exe" [null data]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"LogonStudio" = ""C:\Program\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM" ["Stardock and Luca Saggese"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Program\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> resolves to: {CLSID}\InprocServer32\(Default) = "c:\program\google\googletoolbar2.dll" ["Google Inc."]
{E10959A2-8862-4582-973A-05BDAF4E0FE9}\(Default) = "cnt Class" [from CLSID]
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\WINDOWS\System32\ctcnt1.dll" [empty string]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Kontrollpanelstillägg för bildskärmspanorering"
-> CLSID InProcServer32 resolves to: "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-ikontillägg"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Skrivbordsutforskaren"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> CLSID InProcServer32 resolves to: "C:\Program\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> CLSID InProcServer32 resolves to: "C:\Program\Microsoft Office\Office10\msohev.dll" [MS]
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions"
-> CLSID InProcServer32 resolves to: "C:\Program\Delade filer\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
"{F802F260-519B-11D1-BB5D-0060974C6013}" = "ICQ Shell Extension"
-> CLSID InProcServer32 resolves to: "C:\Program\ICQ\ICQShExt.dll" ["ICQ"]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> CLSID InProcServer32 resolves to: "C:\PROGRAM\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> CLSID InProcServer32 resolves to: "C:\PROGRAM\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> CLSID InProcServer32 resolves to: "C:\PROGRAM\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> CLSID InProcServer32 resolves to: "C:\PROGRAM\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{2F5AC606-70CF-461C-BFE1-734234536262}" = "WindowBlinds CPL Extension"
-> CLSID InProcServer32 resolves to: "C:\Program\Object Desktop\WindowBlinds\wbui.dll" [file not found]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> CLSID InProcServer32 resolves to: "C:\Program\WinRAR\rarext.dll" [null data]
"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\System32\btneighborhood.dll" ["WIDCOMM Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> CLSID InProcServer32 resolves to: "C:\WINDOWS\system32\Audiodev.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! "NavLogon\DLLName" = "C:\WINDOWS\System32\NavLogon.dll" [null data]


Startup items in "Sanna" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\All Users\Start-meny\Program\Autostart
"Adobe Gamma Loader" -> shortcut to: "C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"BTTray" -> shortcut to: "C:\Program\TDK Systems\Bluetooth Software\BTTray.exe" ["WIDCOMM Inc."]
"iD2 CSP Certificate Utility" -> shortcut to: "C:\Program\iD2\CSP\iD2CertMover.exe" ["iD2 Technologies"]
"Microsoft Office" -> shortcut to: "C:\Program\Microsoft Office\Office10\OSA.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"ACAD57C491BECCD0" -> launches: "c:\docume~1\sanna\applic~1\wipewi~1\DUMB TONS DOG.exe" [file not found]
"system32" -> launches: "C:\WINDOWS\system32" [file not found]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

DefWatch, DefWatch, "C:\Program\NavNT\defwatch.exe" ["Symantec Corporation"]
iD2 Smart Card Server, id2scaps, "C:\WINDOWS\system32\id2scaps.exe service" ["iD2 Technologies"]
Machine Debug Manager, MDM, ""C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Norton AntiVirus Client, Norton AntiVirus Server, "C:\Program\NavNT\rtvscan.exe" ["Symantec Corporation"]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------


I can see for myself that there are others popping up... Dumb tons dog.exe for example....

HJT Log
file of HijackThis v1.99.0
Scan saved at 09:23:45, on 2005-01-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\NavNT\defwatch.exe
C:\WINDOWS\system32\id2scaps.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program\NavNT\vptray.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\TDK Systems\Bluetooth Software\BTTray.exe
C:\Program\iD2\CSP\iD2CertMover.exe
C:\Program\ICQ\ICQ.exe
C:\Program\TDK Systems\Bluetooth Software\BTStackServer.exe
C:\hjt\HijackThis.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rosenstrandh.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll
O2 - BHO: cnt Class - {E10959A2-8862-4582-973A-05BDAF4E0FE9} - C:\WINDOWS\System32\ctcnt1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] C:\Program\NavNT\vptray.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ] C:\Program\ICQ\ICQ.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: iD2 CSP Certificate Utility.lnk = C:\Program\iD2\CSP\iD2CertMover.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: QuickPost - http://www.rosenstrandh.se/cgi-bin/dagbok/mt.cgi?__mode=reg_bm_js&bm_show=&bm_height=440
O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O12 - Plugin for .sgn: C:\Program\Internet Explorer\PLUGINS\npSign.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.181.87.189/activex/AxisCamControl.cab
O16 - DPF: {B0228472-F17B-4D89-A5AC-C75130405CCD} (DTS_Web.DTSWebSigning) - http://www.accurata.se/demos/DTSWebdemo/DTS_Web.CAB
O16 - DPF: {F70FAED4-069F-40E8-B609-F01DA4BF74DA} - http://www.apport.nu/Bilderonline/ActiveX/Ver1.0.0.6/ApportFastTrack.CAB
O23 - Service: Adobe LM Service - Unknown - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program\NavNT\defwatch.exe
O23 - Service: iD2 Smart Card Server - iD2 Technologies - C:\WINDOWS\system32\id2scaps.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Hi again Sanna, You have a good eye

c:\docume~1\sanna\applic~1\wipewi~1\DUMB TONS DOG.exe
Its showing file not found but reboot to safe mode just the same and have a look for it, If found delete any associated folders found with it,

Aside from that everything else looks fine,


Download the following programs, For keeping crap off your system to begin with
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer.
Download Spyware Blaster and SpywareGaurd
Check for updates after you install them, And check weekly as well
Keep Ad-aware and Spybot handy, Check them for updates and run them weekly
Same with your Anti Virus,

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.

Remeber to Check Windows for updates

Probably a good time to create a new restore point See Here Name it clean or something like that,

How is the computer running now ?

Thank you!!!
Wow, you have been terrific! Thanks for all the help!
The computer is feeling much better now
Hopefully I won't have any more probs.

Thanks again! I'm very grateful!
You are a star! :wink:

Your very welcome Sanna, Glad we could help,
Let us know if you have any further problems,

Play safe now