blank buttons and windows -please help
EyesOnly
Sweden New
I have a wierd problem. Some buttons and parts of some program windows are blank. Firefox works as do most apps but some dont display all info. I thought it was just some corrupted data due to the last computer problems but that would only affect zipfiles and such not installed programs.
Even some files that was just downloaded have this problem. While avg has found viruses in the nightly scan i have schechuled it doesn't fully disclose if it also deleted those files but it must have, or am i wrong. I don't check the logs often.
Still though i did a system check and no viruses was found but it did complain about some system files being changed. Ad-aware found some tracking cookies but that's minor.
I really don't know if this is even a virus related matter. Attached is a screenshot of the install of vx2 cleaner. That is how some apps look. And that was still a freshly downloaded file. I'll also include a hjt log.
Logfile of HijackThis v1.99.1
Scan saved at 22:36:28, on 2006-06-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Program\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Program\APC\APC PowerChute Personal Edition\mainserv.exe
E:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
E:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
E:\Program\Bluetooth\Bluetooth-programvara\bin\btwdins.exe
E:\Folding @ Home\FAH502-Console.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
E:\Program\Raxco\PerfectDisk\PDSched.exe
E:\Program\Grisoft\AVGFRE~1\avgcc.exe
E:\Program\Grisoft\AVGFRE~1\avgemc.exe
E:\Program\Startup Mechanic\StartupMonitor.exe
C:\WINDOWS\system32\rundll32.exe
E:\Program\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
E:\Program\MSN Messenger\MsnMsgr.Exe
E:\Program\Bluetooth\Bluetooth-programvara\BTTray.exe
E:\Program\JetToolBar\JetTB.exe
E:\Program\Logitech\SetPoint\KEM.exe
E:\Program\Personal\bin\Personal.exe
E:\EMIII\EMIII.exe
E:\Program\Logitech\SetPoint\KHALMNPR.EXE
E:\Program\APC\APC PowerChute Personal Edition\apcsystray.exe
E:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
E:\Program\Delade filer\PCSuite\Services\NclBTHandler.exe
E:\Program\DELADE~1\Nokia\MPAPI\MPAPI3s.exe
E:\Program\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
E:\Program\dvd43\DVD43_Tray.exe
E:\Folding @ Home\FahCore_78.exe
E:\Program\DELADE~1\PCSuite\DATALA~1\DATALA~1.EXE
E:\Program\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
E:\Program\ewido anti-malware\ewidoctrl.exe
E:\Program\ewido anti-malware\SecuritySuite.exe
E:\Program\ewido anti-malware\ewidoguard.exe
E:\Spyware apps\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: SpoofStick BHO - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - E:\Program\CoreStreet\SpoofStick\SpoofStickBHO.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - E:\Program\CoreStreet\SpoofStick\SpoofStick.dll
O4 - HKLM\..\Run: [cof.updit] Seurit.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] E:\Program\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] E:\Program\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "E:\Program\Delade filer\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [dvd43] E:\Program\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\RunServices: [cof.updit] Seurit.exe
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-R4P30.exe /REG
O4 - HKCU\..\Run: [FreeRAM XP] "E:\Program\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Electron Microscope.lnk = E:\EMIII\EMIII.exe
O4 - Global Startup: APC UPS Status.lnk = E:\Program\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: jetToolBar.lnk = E:\Program\JetToolBar\JetTB.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Personal.lnk = E:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: Skicka till &Bluetooth - E:\Program\Bluetooth\Bluetooth-programvara\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program\Bluetooth\Bluetooth-programvara\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program\Bluetooth\Bluetooth-programvara\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\Program\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - E:\Program\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program\Bluetooth\Bluetooth-programvara\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - E:\Program\ewido anti-malware\ewidoguard.exe
O23 - Service: FAH@E:+Folding @ Home+FAH502-Console.exe - Stanford University - E:\Folding @ Home\FAH502-Console.exe
O23 - Service: PDEngine - Raxco Software, Inc. - E:\Program\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - E:\Program\Raxco\PerfectDisk\PDSched.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Program\Sygate\SPF\smc.exe
Even some files that was just downloaded have this problem. While avg has found viruses in the nightly scan i have schechuled it doesn't fully disclose if it also deleted those files but it must have, or am i wrong. I don't check the logs often.
Still though i did a system check and no viruses was found but it did complain about some system files being changed. Ad-aware found some tracking cookies but that's minor.
I really don't know if this is even a virus related matter. Attached is a screenshot of the install of vx2 cleaner. That is how some apps look. And that was still a freshly downloaded file. I'll also include a hjt log.
Logfile of HijackThis v1.99.1
Scan saved at 22:36:28, on 2006-06-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Program\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Program\APC\APC PowerChute Personal Edition\mainserv.exe
E:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
E:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
E:\Program\Bluetooth\Bluetooth-programvara\bin\btwdins.exe
E:\Folding @ Home\FAH502-Console.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
E:\Program\Raxco\PerfectDisk\PDSched.exe
E:\Program\Grisoft\AVGFRE~1\avgcc.exe
E:\Program\Grisoft\AVGFRE~1\avgemc.exe
E:\Program\Startup Mechanic\StartupMonitor.exe
C:\WINDOWS\system32\rundll32.exe
E:\Program\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
E:\Program\MSN Messenger\MsnMsgr.Exe
E:\Program\Bluetooth\Bluetooth-programvara\BTTray.exe
E:\Program\JetToolBar\JetTB.exe
E:\Program\Logitech\SetPoint\KEM.exe
E:\Program\Personal\bin\Personal.exe
E:\EMIII\EMIII.exe
E:\Program\Logitech\SetPoint\KHALMNPR.EXE
E:\Program\APC\APC PowerChute Personal Edition\apcsystray.exe
E:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
E:\Program\Delade filer\PCSuite\Services\NclBTHandler.exe
E:\Program\DELADE~1\Nokia\MPAPI\MPAPI3s.exe
E:\Program\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
E:\Program\dvd43\DVD43_Tray.exe
E:\Folding @ Home\FahCore_78.exe
E:\Program\DELADE~1\PCSuite\DATALA~1\DATALA~1.EXE
E:\Program\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
E:\Program\ewido anti-malware\ewidoctrl.exe
E:\Program\ewido anti-malware\SecuritySuite.exe
E:\Program\ewido anti-malware\ewidoguard.exe
E:\Spyware apps\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: SpoofStick BHO - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - E:\Program\CoreStreet\SpoofStick\SpoofStickBHO.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - E:\Program\CoreStreet\SpoofStick\SpoofStick.dll
O4 - HKLM\..\Run: [cof.updit] Seurit.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] E:\Program\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] E:\Program\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "E:\Program\Delade filer\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [dvd43] E:\Program\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\RunServices: [cof.updit] Seurit.exe
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-R4P30.exe /REG
O4 - HKCU\..\Run: [FreeRAM XP] "E:\Program\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Electron Microscope.lnk = E:\EMIII\EMIII.exe
O4 - Global Startup: APC UPS Status.lnk = E:\Program\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: jetToolBar.lnk = E:\Program\JetToolBar\JetTB.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Personal.lnk = E:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: Skicka till &Bluetooth - E:\Program\Bluetooth\Bluetooth-programvara\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program\Bluetooth\Bluetooth-programvara\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program\Bluetooth\Bluetooth-programvara\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\Program\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - E:\Program\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program\Bluetooth\Bluetooth-programvara\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - E:\Program\ewido anti-malware\ewidoguard.exe
O23 - Service: FAH@E:+Folding @ Home+FAH502-Console.exe - Stanford University - E:\Folding @ Home\FAH502-Console.exe
O23 - Service: PDEngine - Raxco Software, Inc. - E:\Program\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - E:\Program\Raxco\PerfectDisk\PDSched.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Program\Sygate\SPF\smc.exe
0
Comments
Now launch HijackThis and place a checkmark by the following entries:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [cof.updit] Seurit.exe
O4 - HKLM\..\RunServices: [cof.updit] Seurit.exe
Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer.
Upon reboot, go to Start > Search. Click on All Files and folders. In the "All or part of the filename" box, type in Seurit.exe, Then click Search. If found, delete it.
Rescan with HijackThis and post the new log in your next reply.
BTW: I have my reservations about this entry:
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-R4P30.exe /REG
There is some information found regarding Inno Setup:
http://www.jrsoftware.org/isinfo.php
The question is what's it trying to install?
Please submit C:\WINDOWS\is-R4P30.exe here:
http://www.kaspersky.com/scanforvirus
Post the results here as well. (along with the new HijackThis log)
* List of files to be registered on the next reboot. DO NOT EDIT! *
[t]C:\WINDOWS\system32\StdOle2.tlb
C:\WINDOWS\system32\MSVBVM60.dll
C:\WINDOWS\system32\OleAut32.dll
C:\WINDOWS\system32\OlePro32.dll
C:\WINDOWS\system32\ComCat.dll
C:\WINDOWS\system32\Comdlg32.ocx
C:\WINDOWS\system32\ComCt232.ocx
C:\WINDOWS\system32\csCtls.ocx
C:\WINDOWS\system32\tlpSounds.dll
C:\WINDOWS\system32\msflxgrd.ocx
C:\WINDOWS\system32\MSWINSCK.ocx
[t]C:\WINDOWS\system32\wbemdisp.tlb
C:\WINDOWS\system32\mscomctl.ocx
C:\WINDOWS\system32\MSSTDFMT.DLL
C:\WINDOWS\system32\msxml.dll
Loooks like it installs something. But what?
Ps whatever was wrong is now fixed. I snapped another pic of vx2 cleaner.
Logfile of HijackThis v1.99.1
Scan saved at 08:17:36, on 2006-06-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Program\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\Program\Grisoft\AVGFRE~1\avgcc.exe
E:\Program\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\rundll32.exe
E:\Program\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
E:\Program\MSN Messenger\MsnMsgr.Exe
E:\Program\Bluetooth\Bluetooth-programvara\BTTray.exe
E:\Program\JetToolBar\JetTB.exe
E:\Program\Logitech\SetPoint\KEM.exe
E:\Program\APC\APC PowerChute Personal Edition\mainserv.exe
E:\Program\Personal\bin\Personal.exe
E:\EMIII\EMIII.exe
E:\Program\APC\APC PowerChute Personal Edition\apcsystray.exe
E:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
E:\Program\Logitech\SetPoint\KHALMNPR.EXE
E:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
E:\Program\Bluetooth\Bluetooth-programvara\bin\btwdins.exe
E:\Program\ewido anti-malware\ewidoctrl.exe
E:\Program\ewido anti-malware\ewidoguard.exe
E:\Folding @ Home\FAH502-Console.exe
C:\WINDOWS\System32\svchost.exe
E:\Folding @ Home\FahCore_78.exe
C:\WINDOWS\system32\MsPMSPSv.exe
E:\Program\Raxco\PerfectDisk\PDSched.exe
E:\billy104b\Billy.exe
C:\WINDOWS\system32\SNDVOL32.EXE
E:\Spyware apps\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: SpoofStick BHO - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - E:\Program\CoreStreet\SpoofStick\SpoofStickBHO.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - E:\Program\CoreStreet\SpoofStick\SpoofStick.dll
O4 - HKLM\..\Run: [AVG7_CC] E:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] E:\Program\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] E:\Program\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "E:\Program\Delade filer\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [dvd43] E:\Program\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKCU\..\Run: [FreeRAM XP] "E:\Program\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Electron Microscope.lnk = E:\EMIII\EMIII.exe
O4 - Global Startup: APC UPS Status.lnk = E:\Program\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: jetToolBar.lnk = E:\Program\JetToolBar\JetTB.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Personal.lnk = E:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: Skicka till &Bluetooth - E:\Program\Bluetooth\Bluetooth-programvara\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program\Bluetooth\Bluetooth-programvara\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program\Bluetooth\Bluetooth-programvara\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\Program\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - E:\Program\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program\Bluetooth\Bluetooth-programvara\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - E:\Program\ewido anti-malware\ewidoguard.exe
O23 - Service: FAH@E:+Folding @ Home+FAH502-Console.exe - Stanford University - E:\Folding @ Home\FAH502-Console.exe
O23 - Service: PDEngine - Raxco Software, Inc. - E:\Program\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - E:\Program\Raxco\PerfectDisk\PDSched.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Program\Sygate\SPF\smc.exe
Click Start, click All Programs, click Accessories, click System Tools, and then click System Restore. Click to add a check mark beside Turn off System Restore on all Drives, and click Apply. When you are warned that all existing Restore Points will be deleted, click Yes to continue. All system restore points are deleted. Now you should manually create a restore point. Click Start, click All Programs, click Accessories, click System Tools, and then click System Restore.
Click Create a Restore Point, and then click Next. Name your restore point. (I use the date as well as a descriptive term such as "Clean system.")
Here are a number of recommendations for additional protection to help prevent any malware infections in the future. These few simple steps can stave off the vast majority of spyware problems.
You may have already taken some of these steps:
1. Watch what you download!
Do not download just anything you see on the web. Some may have spyware bundled into them.
2. Try not to use peer-to-peer programs.
P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself. If you insist on using a P2P program, please read this article written by Mike Healan of Spywareinfo.com fame. It is an updated and comprehensive article that gives in-depth detail about which P2P programs are "safe" to use.
3. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp
We recommend checking for Windows updates monthly.
4. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.
So why is ActiveX so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
Would you run just any random file downloaded off a web site without knowing what it is and what it does?
5. Download and install the following free programs:
a. SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
b. SpywareGuard: http://www.javacoolsoftware.com/spywareguard.html
Periodically check for updates.
6. There is reason to suspect that Norton on your computer is non-functional or awfully outdated. Please update it, or if the subscription has run out then I recommend the the free AVG.
7. Use a firewall. If you don't have a firewall, I recommend the free version of ZoneAlarm
A tutorial on understanding and using firewalls may be found here
8. IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Another good hosts program is mvpshosts. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial.
9. You might consider installing Mozilla / Firefox, which is much safer than Internet Explorer.
http://www.mozilla.org/
10. Install spyware detection and removal programs:
Ad-aware: http://www.snapfiles.com/get/adaware.html
Spybot S&D:
http://www.safer-networking.org
Use these programs to regularly scan your system for and remove many forms of spyware/malware.
11. Microsoft now offers their own anti-spyware product. Windows® Defender (Beta 2) improves Internet browsing safety by guarding over fifty (50) ways spyware can enter your PC. This is a BETA for XP/2000 only.
12. Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are thinking of purchasing. Here is the link: http://www.spywarewarrior.com/rogue_anti-spyware.htm
If you want to know just how effective your anti-spyware program is, or how well any of the "rogue" programs listed at the above link work, check this for an independent comparison of several anti-spyware programs: http://www.spywarewarrior.com/asw-test-guide.htm
Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing!
I didn't go through the whole log, but here's some info on SEURIT.EXE
Nice job, chiawaikian.
I'm glad i know i can come here for help. This would have taken longer to fix otherwise. But still what did i have.
...any one of which may have caused your problem, directly or indirectly by replacing or otherwise messing up assorted components of Windows or other programs.
Glad to see that you're back in business.