Bier Posted January 22, 2007 Share Posted January 22, 2007 OK, I need help removing these programs as the pop-ups are getting irritating and closes down what I'm doing at the internet, I have no idea of how to remove it, so I'll post my HJT log. Logfile of HijackThis v1.99.1 Scan saved at 22:07:08, on 2007-01-25 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\csrss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv[Caution: ExecutableFile] C:\Norman\Npf\BIN\NPFSVICE[Caution: ExecutableFile] C:\Norman\bin\Zanda[Caution: ExecutableFile] C:\WINDOWS\system32\nvsvc32[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Norman\bin\NJEEVES[Caution: ExecutableFile] C:\Norman\Nvc\bin\nvcoas[Caution: ExecutableFile] C:\Norman\Nvc\BIN\NVCSCHED[Caution: ExecutableFile] C:\NORMAN\Nvc\BIN\nipsvc[Caution: ExecutableFile] C:\WINDOWS\System32\alg[Caution: ExecutableFile] C:\WINDOWS\System32\HPZipm12[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\Program\Java\jre1.5.0_08\bin\jusched[Caution: ExecutableFile] C:\Program\WinPortrait\wpctrl[Caution: ExecutableFile] C:\Program\D-Tools\daemon[Caution: ExecutableFile] C:\Norman\bin\ZLH[Caution: ExecutableFile] C:\Program\Delade filer\Real\Update_OB\realsched[Caution: ExecutableFile] C:\Program\QuickTime\qttask[Caution: ExecutableFile] C:\WINDOWS\system32\RUNDLL32[Caution: ExecutableFile] C:\Program\SlySoft\CloneCD\CloneCDTray[Caution: ExecutableFile] C:\Norman\Nvc\BIN\NIP[Caution: ExecutableFile] C:\Norman\Nvc\bin\cclaw[Caution: ExecutableFile] C:\Norman\Npf\BIN\npfmsg2[Caution: ExecutableFile] C:\Program\WinPortrait\floater[Caution: ExecutableFile] C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile] C:\Program\MSN Messenger\msnmsgr[Caution: ExecutableFile] C:\Program\Messenger\msmsgs[Caution: ExecutableFile] C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08[Caution: ExecutableFile] C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01[Caution: ExecutableFile] C:\Program\Hewlett-Packard\Digital Imaging\bin\hpoevm08[Caution: ExecutableFile] C:\Program\Nikon\PictureProject\NkbMonitor[Caution: ExecutableFile] C:\Program\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08[Caution: ExecutableFile] C:\Program\Internet Explorer\iexplore[Caution: ExecutableFile] C:\WINDOWS\system32\csrss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\Program\Java\jre1.5.0_08\bin\jusched[Caution: ExecutableFile] C:\Program\WinPortrait\wpctrl[Caution: ExecutableFile] C:\Program\D-Tools\daemon[Caution: ExecutableFile] C:\Norman\bin\ZLH[Caution: ExecutableFile] C:\Program\QuickTime\qttask[Caution: ExecutableFile] C:\Program\WinPortrait\floater[Caution: ExecutableFile] C:\Norman\Nvc\BIN\NIP[Caution: ExecutableFile] C:\Norman\Nvc\bin\cclaw[Caution: ExecutableFile] C:\WINDOWS\system32\RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\system32\rundll32[Caution: ExecutableFile] C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile] C:\Program\Pinnacle\Shared Files\InstantCDDVD\PCLETray[Caution: ExecutableFile] C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08[Caution: ExecutableFile] C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01[Caution: ExecutableFile] C:\Program\Nikon\PictureProject\NkbMonitor[Caution: ExecutableFile] C:\Program\Hewlett-Packard\Digital Imaging\bin\hpoevm08[Caution: ExecutableFile] C:\Norman\Npf\BIN\npfmsg2[Caution: ExecutableFile] C:\Program\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08[Caution: ExecutableFile] C:\Program\ExtractNow\extractnow[Caution: ExecutableFile] C:\WINDOWS\system32\csrss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\Program\Java\jre1.5.0_08\bin\jusched[Caution: ExecutableFile] C:\Program\WinPortrait\wpctrl[Caution: ExecutableFile] C:\Program\D-Tools\daemon[Caution: ExecutableFile] C:\Norman\bin\ZLH[Caution: ExecutableFile] C:\Program\QuickTime\qttask[Caution: ExecutableFile] C:\Norman\Nvc\BIN\NIP[Caution: ExecutableFile] C:\Norman\Nvc\bin\cclaw[Caution: ExecutableFile] C:\Norman\Npf\BIN\npfmsg2[Caution: ExecutableFile] C:\Program\WinPortrait\floater[Caution: ExecutableFile] C:\WINDOWS\system32\RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile] C:\Program\Messenger\msmsgs[Caution: ExecutableFile] C:\Program\MSN Messenger\MsnMsgr[Caution: ExecutableFile] C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08[Caution: ExecutableFile] C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01[Caution: ExecutableFile] C:\Program\Nikon\PictureProject\NkbMonitor[Caution: ExecutableFile] C:\Program\Hewlett-Packard\Digital Imaging\bin\hpoevm08[Caution: ExecutableFile] C:\Program\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08[Caution: ExecutableFile] C:\Program\Internet Explorer\iexplore[Caution: ExecutableFile] C:\Norman\bin\niu[Caution: ExecutableFile] C:\WINDOWS\system32\msiexec[Caution: ExecutableFile] C:\Program\Windows Defender\MsMpEng[Caution: ExecutableFile] C:\Program\Windows Defender\MSASCui[Caution: ExecutableFile] C:\WINDOWS\system32\wuauclt[Caution: ExecutableFile] C:\WINDOWS\System32\wbem\wmiprvse[Caution: ExecutableFile] C:\Documents and Settings\Jonathan\Skrivbord\hijackthis\HijackThis[Caution: ExecutableFile] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LÃÆÃâÃâänkar O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_08\bin\jusched[Caution: ExecutableFile]" O4 - HKLM\..\Run: [PivotSoftware] "C:\Program\WinPortrait\wpctrl[Caution: ExecutableFile]" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon[Caution: ExecutableFile]" -lang 1033 O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH[Caution: ExecutableFile] /LOAD /SPLASH O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck[Caution: ExecutableFile] O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck[Caution: ExecutableFile] -CheckReg O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz[Caution: ExecutableFile] /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CloneCDTray] "C:\Program\SlySoft\CloneCD\CloneCDTray[Caution: ExecutableFile]" /s O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui[Caution: ExecutableFile]" -hide O4 - HKCU\..\Run: [CTFMON[Caution: ExecutableFile]] C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile] O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl[Caution: ExecutableFile] O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08[Caution: ExecutableFile] O4 - Global Startup: hpoddt01[Caution: ExecutableFile].lnk = ? O4 - Global Startup: NkbMonitor[Caution: ExecutableFile].lnk = C:\Program\Nikon\PictureProject\NkbMonitor[Caution: ExecutableFile] O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL[Caution: ExecutableFile]/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs[Caution: ExecutableFile] O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.se/static/download/pi ... upload.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4328510546 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.fujidirekt.se/aurigma/ImageUploader3.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv[Caution: ExecutableFile] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile] O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc[Caution: ExecutableFile] O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES[Caution: ExecutableFile] O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE[Caution: ExecutableFile] O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\Zanda[Caution: ExecutableFile] O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas[Caution: ExecutableFile] O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED[Caution: ExecutableFile] O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32[Caution: ExecutableFile] O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12[Caution: ExecutableFile] O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv[Caution: ExecutableFile] O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv[Caution: ExecutableFile] Updated log, HJT is now in it's own folder. And one more question, should I remove Xoftspy? Link to comment Share on other sites More sharing options...
Bier Posted January 25, 2007 Author Share Posted January 25, 2007 Errorsafe and Drivecleaner are allmost the same program as Winfixer, from what I've heard. Link to comment Share on other sites More sharing options...
coltm4carbine Posted January 25, 2007 Share Posted January 25, 2007 Yeh, both vundo. Can you move HJT out of the temp and onto it's own folder on the desktop? Then rename HJT to scan. Had a quick look and I can't see any vundo related entries. I'll take a better look tomorrow or during the weekends. I have also noticed that your using Microsoft Antispyware. It's now windows defender... Link to comment Share on other sites More sharing options...
Bier Posted January 30, 2007 Author Share Posted January 30, 2007 I don't seem to have much problems with errorsafe anymore, but Drivecleaner is still giving me popups. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now