Here is the list of threads running in Windows, according to
Hijack This:
Logfile of HijackThis v1.99.1
Scan saved at 20:16:21, on 13.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer
Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program
Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
C:\Programfiler\Norton Internet Security\Norton
AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
C:\Programfiler\CyberLink\Shared Files\RichVideo.exe
C:\Programfiler\UPHClean\uphclean.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programfiler\Launch Manager\Wbutton.exe
C:\Programfiler\Telenor\Online Start\Telenor.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe
C:\Programfiler\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programfiler\QuickTime\qttask.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe
C:\Programfiler\Launch Manager\OSDCtrl.exe
C:\Programfiler\Launch Manager\HotkeyApp.exe
C:\Programfiler\Launch Manager\LaunchAp.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\Works
Shared\wkcalrem.exe C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Acer\Empowering
Technology\Acer.Empowering.Framework.Launcher.exe
C:\Programfiler\Telenor Sikker Lagring\safestorage.exe
C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security
Console\NSCSRVCE.EXE
C:\Programfiler\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINDOWS\system32\svchost.exe
D:\Mine mottatte filer\Hijack This Quick
Start\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.startsiden.no/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext
=
http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Koblinger
R3 - URLSearchHook: SweetIM For Internet Explorer -
{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} -
C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} -
C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: FINBHO - {5C472352-90D0-4214-BF20-8E4A2B82F980} - (no
file)
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Norton Internet Security -
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
C:\Programfiler\Fellesfiler\Symantec
Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} -
C:\Programfiler\Norton Internet Security\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: Acer eDataSecurity Management -
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} -
C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: Norton Internet
Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -
C:\Programfiler\Fellesfiler\Symantec
Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus -
{C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton
Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SweetIM For Internet Explorer -
{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} -
C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering
Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Programfiler\Microsoft
Works\wkfud.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programfiler\Launch
Manager\Wbutton.exe"
O4 - HKLM\..\Run: [Telenor] "C:\Programfiler\Telenor\Online
Start\Telenor.exe" O4 - HKLM\..\Run: [SynTPEnh]
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]
"C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Programfiler\IObit\IObit
SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer
Arcade\PCMService.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ntiMUI] C:\Programfiler\NewTech
Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Microsoft Works Update Detection]
C:\Programfiler\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio]
C:\Programfiler\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]]
C:\Programfiler\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)]
C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [LogitechCameraAssistant]
C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programfiler\Launch
Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [LManager] "C:\Programfiler\Launch
Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [LaunchAp]
"C:\Programfiler\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [iTunesHelper]
"C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef
/Migration32
O4 - HKLM\..\Run: [ImageItEncrypt]
C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering
Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering
Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [CtrlVol] "C:\Programfiler\Launch
Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [AzMixerSel]
C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering
Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\RunServices: [DJSNetCN]
C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programfiler\MSN
Messenger\MsnMsgr.Exe" /background
O4 - Startup: Telenor Sikker Lagring.lnk =
C:\Programfiler\Telenor Sikker Lagring\safestorage.exe
O4 - Global Startup: PÃ¥minnelser for Microsoft Works Kalender.lnk
= ?
O4 - Global Startup: Microsoft Office.lnk =
C:\Programfiler\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Researcher -
{9455301C-CF6B-11D3-A266-00C04F689C50} -
C:\Programfiler\Fellesfiler\Microsoft Shared\Reference
2001\EROProj.dll
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programfiler\Messenger\msmsgs.exe O11 - Options group:
[INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop
Utility) -
http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows
Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec
AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo
Upload Tool) -
http://cyber-space-for-johnny.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live
Safety
Center Base Module) -
http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: fin - {5C472352-90D0-4214-BF20-8E4A2B82F980} -
(no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj -
{AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) -
Acer Inc. - C:\Acer\Empowering
Technology\ePerformance\MemCheck.exe
O23 - Service: Automatisk LiveUpdate-planlegging - Symantec
Corporation -
C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Programfiler\Fellesfiler\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation
(ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton
Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network
Proxy (ccProxy) - Symantec Corporation -
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Programfiler\Fellesfiler\Symantec
Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS)
(CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer
Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown
owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: COM Host (comHost) - Symantec Corporation -
C:\Programfiler\Norton Internet Security\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink -
C:\Program Files\Acer\Acer
Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Symantec Licensing Detect Internet Connection
(DJSNETCN) - Symantec Corporation -
C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel
Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation -
C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. -
C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech -
c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc)
- Symantec Corporation - C:\Programfiler\Norton Internet
Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) -
Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec
Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita
Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Intel(R) PROSet/Wireless Registry Service
(RegSrvc) - Intel Corporation -
C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) -
Unknown owner - C:\Programfiler\CyberLink\Shared
Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental)
(rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d
-f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor)
- Intel Corporation -
C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation -
C:\Programfiler\Norton Internet Security\Norton
AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) -
Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec
Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec
Corporation - C:\Programfiler\Fellesfiler\Symantec
Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation -
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
Thank you for all help!
Pinon.
a