Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 8 of 8 Posts

·
Registered
Joined
·
5 Posts
Discussion Starter · #1 ·
Gotta admit im not really sure what i am up against here, but it seems as if ive got an smss.exe with some strange behaviour after what ive tried reading around on different forums.

Anyways this is my HijackThis logfile

Logfile of HijackThis v1.99.1
Scan saved at 06:03:56, on 13.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\winhelp\smss.exe
C:\Programfiler\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Programfiler\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Programfiler\Razer\Habu\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Creative\MediaSource\GO\CTCMSGo.exe
C:\Programfiler\ATI Technologies\ATI.ACE\CLI.exe
C:\Programfiler\Logitech\SetPoint\SetPoint.exe
C:\Programfiler\Razer\Habu\razertra.exe
C:\Programfiler\Razer\Habu\razerofa.exe
C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rikard Tollefsen\Mine dokumenter\Mine mottatte filer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dagbladet.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winhelp\smss.exe
O1 - Hosts: 79.73.47.58 www.symantec.com
O1 - Hosts: 71.27.238.107 symantec.com
O1 - Hosts: 156.122.212.159 securityresponse.symantec.com
O1 - Hosts: 113.216.187.211 symantecstore.com
O1 - Hosts: 105.170.123.5 www.symantecstore.com
O1 - Hosts: 62.138.224.58 service1.symantec.com
O1 - Hosts: 53.218.34.107 sarc.com
O1 - Hosts: 96.26.110.211 www.sophos.com
O1 - Hosts: 87.234.46.5 sophos.com
O1 - Hosts: 44.74.20.57 www.mcafee.com
O1 - Hosts: 1.169.250.110 mcafee.com
O1 - Hosts: 248.122.186.159 customer.symantec.com
O1 - Hosts: 205.217.32.211 liveupdate.symantec.com
O1 - Hosts: 197.171.96.5 liveupdate.symantecliveupdate.com
O1 - Hosts: 27.10.198.57 www.viruslist.com
O1 - Hosts: 239.233.172.109 viruslist.com
O1 - Hosts: 230.187.108.158 f-secure.com
O1 - Hosts: 187.27.83.211 www.f-secure.com
O1 - Hosts: 144.121.57.8 f-prot.com
O1 - Hosts: 136.75.249.57 www.f-prot.com
O1 - Hosts: 221.170.95.109 kaspersky.com
O1 - Hosts: 213.123.159.158 kaspersky-labs.com
O1 - Hosts: 170.218.6.210 www.avp.com
O1 - Hosts: 127.186.235.8 avp.com
O1 - Hosts: 119.11.171.56 www.kaspersky.com
O1 - Hosts: 76.234.146.109 www.networkassociates.com
O1 - Hosts: 33.74.120.161 networkassociates.com
O1 - Hosts: 24.27.56.210 www.ca.com
O1 - Hosts: 109.122.158.7 www3.ca.com
O1 - Hosts: 101.76.222.56 ca.com
O1 - Hosts: 58.170.68.108 mast.mcafee.com
O1 - Hosts: 15.10.43.161 my-etrust.com
O1 - Hosts: 7.219.234.210 www.my-etrust.com
O1 - Hosts: 219.186.209.7 dispatch.mcafee.com
O1 - Hosts: 49.26.183.59 secure.nai.com
O1 - Hosts: 41.235.119.108 nai.com
O1 - Hosts: 253.74.221.160 www.nai.com
O1 - Hosts: 244.28.30.209 vil.nai.com
O1 - Hosts: 201.123.131.7 update.symantec.com
O1 - Hosts: 158.218.106.59 updates.symantec.com
O1 - Hosts: 150.171.42.108 us.mcafee.com
O1 - Hosts: 235.11.16.160 mcafee.net
O1 - Hosts: 192.234.246.212 rads.mcafee.com
O1 - Hosts: 184.187.182.6 download.mcafee.com
O1 - Hosts: 141.27.28.59 trendmicro.com
O1 - Hosts: 133.235.93.108 www.trendmicro.com
O1 - Hosts: 90.75.194.160 housecall.trendmicro.com
O1 - Hosts: 175.170.169.212 pandasoftware.com
O1 - Hosts: 166.124.105.6 www.pandasoftware.com
O1 - Hosts: 123.218.79.58 www.trendmicro.com
O1 - Hosts: 80.186.54.111 free.grisoft.com
O1 - Hosts: 72.12.245.160 www.grisoft.com
O1 - Hosts: 29.234.91.212 grisoft.com
O1 - Hosts: 21.60.155.6 clamav.net
O1 - Hosts: 106.28.2.58 www.clamav.net
O1 - Hosts: 63.122.231.110 free-av.com
O1 - Hosts: 55.76.167.159 www.free-av.com
O1 - Hosts: 12.171.142.212 www.avast.com
O1 - Hosts: 224.10.116.9 avast.com
O1 - Hosts: 215.219.53.58 cert.org
O1 - Hosts: 45.59.154.110 www.cert.org
O1 - Hosts: 37.12.218.159 www.microsoft.com
O1 - Hosts: 249.235.65.211 microsoft.com
O1 - Hosts: 206.75.39.9 www.virustotal.com
O1 - Hosts: 198.28.230.57 virustotal.com
O1 - Hosts: 155.123.205.110 www.teamanti-virus.org
O1 - Hosts: 240.218.179.162 teamanti-virus.org
O1 - Hosts: 231.171.115.211 www.drsolomon.com
O1 - Hosts: 189.11.217.8 drsolomon.com
O1 - Hosts: 180.220.26.57 www.virusbtn.com
O1 - Hosts: 137.59.127.109 virusbtn.com
O1 - Hosts: 94.27.102.162 update.microsoft.com
O1 - Hosts: 86.236.38.211 windowsupdate.microsoft.com
O1 - Hosts: 43.76.13.8 www.avgbulgaria.com
O1 - Hosts: 128.170.242.60 avgbulgaria.com
O1 - Hosts: 120.124.178.109 www.vet.com.au
O1 - Hosts: 77.219.25.161 vet.com.au
O1 - Hosts: 68.172.89.210 antivirus.about.com
O1 - Hosts: 25.12.190.8 www.avg-antivirus.net
O1 - Hosts: 237.235.165.60 avg-antivirus.net
O1 - Hosts: 229.60.101.109 nod32.com
O1 - Hosts: 59.28.75.161 www.nod32.com
O1 - Hosts: 16.123.50.213 virus-radar.com
O1 - Hosts: 8.76.241.7 www.virus-radar.com
O1 - Hosts: 220.171.87.60 bitdefender.com
O1 - Hosts: 212.125.152.109 www.bitdefender.com
O1 - Hosts: 169.219.253.161 www.freebyte.com
O1 - Hosts: 254.59.228.213 freebyte.com
O1 - Hosts: 245.13.164.7 www.zonelabs.com
O1 - Hosts: 202.235.138.59 zonelabs.com
O1 - Hosts: 159.75.113.112 download.zonelabs.com
O1 - Hosts: 151.29.49.161 smb.sygate.com
O1 - Hosts: 108.123.150.213 www.agnitum.com
O1 - Hosts: 100.77.214.7 agnitum.com
O1 - Hosts: 185.172.61.59 kasperskyusa.com
O1 - Hosts: 142.12.35.111 www.kasperskyusa.com
O1 - Hosts: 134.220.226.160 www.kaspersky.com.au
O1 - Hosts: 91.60.201.213 kaspersky.com.au
O1 - Hosts: 48.28.175.10 www.kaspersky.co.uk
O1 - Hosts: 39.108.112.59 kaspersky.co.uk
O1 - Hosts: 124.76.213.111 www.kaspersky-me.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programfiler\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programfiler\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Programfiler\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Programfiler\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [Habu] C:\Programfiler\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [PK Guard 32] C:\WINDOWS\system32\winhelp\smss.exe
O4 - HKLM\..\RunServices: [PK Guard 32] C:\WINDOWS\system32\winhelp\smss.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Programfiler\Creative\MediaSource\GO\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [PK Guard 32] C:\WINDOWS\system32\winhelp\smss.exe
O4 - HKCU\..\RunServices: [PK Guard 32] C:\WINDOWS\system32\winhelp\smss.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programfiler\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Programfiler\expektMPP\MPPoker.exe
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Programfiler\ladbrokesMPP\MPPoker.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

Im guessing the list with all the anti virus url's might have something to do with all of this >_>
Any help is appreciated : )
Thank you in advance

/rtollefsen
 

·
Retired Moderator
Joined
·
72,109 Posts
Download the Hoster and unzip it to your desktop.
www.funkytoad.com/download/hoster.zip

Next, open the Hoster
Make sure that you see "Your hosts file is editable" if not click the button in the upper right corner
Now, click on 'back up Host files'
then click on 'Restore Microsoft's orginal host files'
Finally, close the hoster

Run HJT again and put a check in the following:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winhelp\smss.exe
O4 - HKLM\..\Run: [PK Guard 32] C:\WINDOWS\system32\winhelp\smss.exe
O4 - HKLM\..\RunServices: [PK Guard 32] C:\WINDOWS\system32\winhelp\smss.exe
O4 - HKCU\..\Run: [PK Guard 32] C:\WINDOWS\system32\winhelp\smss.exe
O4 - HKCU\..\RunServices: [PK Guard 32] C:\WINDOWS\system32\winhelp\smss.exe

Close all applications and browser windows before you click "fix checked".

Run Panda ActiveScan here

Once you are on the Panda site click the "Scan your PC" button.
A new window will open... click the "Check Now" button.
Enter your Country.
Enter your State/Province.
Enter your e-mail address.
Select either Home User or Company.
Click the big "Scan Now" button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes).
When download is complete, click on "Local Disks" to start the scan.
When the scan completes, if anything malicious is detected, click the "See Report" button; then "Save Report" and save it to a convenient location. Post the contents of the Panda scan report in your next reply.

Post a new HiJack This log along with the results from ActiveScan.
 

·
Registered
Joined
·
5 Posts
Discussion Starter · #3 ·
Thanks alot for the help!!

----------------------------------------------------------------------------------------
New HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 01:58:11, on 15.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\Logitech\iTouch\iTouch.exe
C:\Programfiler\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Programfiler\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Programfiler\Razer\Habu\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Creative\MediaSource\GO\CTCMSGo.exe
C:\Programfiler\ATI Technologies\ATI.ACE\CLI.exe
C:\Programfiler\Logitech\SetPoint\SetPoint.exe
C:\Programfiler\Razer\Habu\razertra.exe
C:\Programfiler\Razer\Habu\razerofa.exe
C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
G:\wtf\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dagbladet.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programfiler\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programfiler\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Programfiler\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Programfiler\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [Habu] C:\Programfiler\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Programfiler\Creative\MediaSource\GO\CTCMSGo.exe /SCB
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programfiler\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Programfiler\expektMPP\MPPoker.exe
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Programfiler\ladbrokesMPP\MPPoker.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

-----------------------------------------------------------------------------------------------

Panda log :

Incident Status Location

Adware:adware/favoriteman Not disinfected Windows Registry
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][3].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][1].txt
Spyware:Cookie/Itrack Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][1].txt
Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][2].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Rikard Tollefsen\Cookies\rikard [email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Rikard Tollefsen\Lokale innstillinger\Temp\Cookies\rikard [email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Rikard Tollefsen\Lokale innstillinger\Temp\Cookies\rikard [email protected][2].txt
Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Rikard Tollefsen\Lokale innstillinger\Temp\Cookies\rikard [email protected][1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Rikard Tollefsen\Lokale innstillinger\Temp\Cookies\rikard [email protected][1].txt
Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\Program Files\mIRC\script\dlls\moo.dll
Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected G:\DL HER FFS\mIRC Install 6.16[27.01.05]\div scripts\nnscript381.exe[script\dlls\moo.dll]
Virus:Trj/Lineage.BHR Disinfected G:\Mine Dok fra gamle comp\Mine mottatte filer\leeshack\lees****hack.exe

-----------------------------------------------------------------------------------------------

Kaspersky log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, January 15, 2007 6:04:44 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 15/01/2007
Kaspersky Anti-Virus database records: 258438
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 116001
Number of viruses found: 3
Number of infected objects: 7 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:02:33

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Rikard Tollefsen\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Rikard Tollefsen\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rikard Tollefsen\Lokale innstillinger\Logg\History.IE5\MSHist012007011520070116\index.dat Object is locked skipped
C:\Documents and Settings\Rikard Tollefsen\Lokale innstillinger\Programdata\ApplicationHistory\cli.exe.cf0e47d0.ini.inuse Object is locked skipped
C:\Documents and Settings\Rikard Tollefsen\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Rikard Tollefsen\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Rikard Tollefsen\Lokale innstillinger\Temp\Perflib_Perfdata_20c.dat Object is locked skipped
C:\Documents and Settings\Rikard Tollefsen\Lokale innstillinger\Temp\Perflib_Perfdata_6cc.dat Object is locked skipped
C:\Documents and Settings\Rikard Tollefsen\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rikard Tollefsen\ntuser.dat Object is locked skipped
C:\Documents and Settings\Rikard Tollefsen\ntuser.dat.LOG Object is locked skipped
C:\itouch_crash_info.txt Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3D7E9537-5644-4656-96FC-7CFDEB50B60E}\RP379\A0124019.exe Infected: Backdoor.Win32.SdBot.akv skipped
C:\System Volume Information\_restore{3D7E9537-5644-4656-96FC-7CFDEB50B60E}\RP379\A0124034.exe Infected: Backdoor.Win32.SdBot.akv skipped
C:\System Volume Information\_restore{3D7E9537-5644-4656-96FC-7CFDEB50B60E}\RP379\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd0029.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
G:\DL HER FFS\mIRC Install 6.16[27.01.05]\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
G:\DL HER FFS\mIRC Install 6.16[27.01.05]\mirc616.exe mIRC: infected - 1 skipped
G:\MUSIKK\LimeWire\01 Track 1.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
G:\MUSIKK\LimeWire\Wicked Remix.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{3D7E9537-5644-4656-96FC-7CFDEB50B60E}\RP379\change.log Object is locked skipped

Scan process completed.

----------------------------------------------------------------------------------------------
Btw, any chance you happen to know what this virus\spyware has done or what it was supposed to do? Any chance it coulda logged my passwords or something like that so i should change them asap?

Thank you again for all your time, this is by far the best help site ive ever seen :)))

/rtollefsen
 

·
Retired Moderator
Joined
·
72,109 Posts
I would not even take a chance with passwords and possible data stolen! Change your passwords and watch any accounts you may access with this machine.

Delete this file: C:\WINDOWS\system32\winhelp\smss.exe

I would suggest removal of LimeWire as well.

Are you having any problems now?
 

·
Registered
Joined
·
5 Posts
Discussion Starter · #5 ·
Having some trouble with my bandwith out it seems... but other than that it seems ok now.

Occasionally i play World of Warcraft and ive got this addon tracking the bandwith usage in the game, and it show that im only using 1/10 of my bandwith out and my ms is crazy compared to some friends that is living in my same area. Any chance some of this could be hogging some of my bandwith or in any other way limiting my usage of it? >_<

HiJackThis log incase it helps :

Logfile of HijackThis v1.99.1
Scan saved at 19:10:21, on 17.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\Logitech\iTouch\iTouch.exe
C:\Programfiler\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Programfiler\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Programfiler\Razer\Habu\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Creative\MediaSource\GO\CTCMSGo.exe
C:\Programfiler\ATI Technologies\ATI.ACE\CLI.exe
C:\Programfiler\Logitech\SetPoint\SetPoint.exe
C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE
C:\Programfiler\Razer\Habu\razertra.exe
C:\Programfiler\Razer\Habu\razerofa.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Ventrilo2.3.0\Ventrilo.exe
C:\Program Files\mIRC\mirc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Internet Explorer\iexplore.exe
G:\wtf\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dagbladet.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programfiler\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programfiler\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Programfiler\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Programfiler\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [Habu] C:\Programfiler\Razer\Habu\razerhid.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Programfiler\Creative\MediaSource\GO\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Programfiler\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programfiler\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Programfiler\expektMPP\MPPoker.exe
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Programfiler\ladbrokesMPP\MPPoker.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

Thanks again for the replies :)

/rtollefsen
 

·
Registered
Joined
·
5 Posts
Discussion Starter · #7 ·
razer came with my microsoft habu mouse.
as far as i know they produced the mouse together with microsoft.
thanks alot for all the help, and btw i think the latency issues is due to my ISP, so nothing i can do about that right now :)
 

·
Retired Moderator
Joined
·
72,109 Posts
It's a good idea to Flush your System Restore after removing malware:

  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
  • Restart the computer.

To create a new restore point:
  • Start go to All Programs
  • Accessories, System Tools and select System Restore.
  • In the System Restore wizard, select "Create a restore point" and click the Next button.
  • Type a description for your new restore point. Something like "After trojan/spyware cleanup".
  • Click Create and you're done.
 
1 - 8 of 8 Posts
Status
Not open for further replies.
Top