Member Avatar for Montes

Do you see if i got someting that block it ?
Cant get advansed options in folderoptions either !

Logfile of HijackThis v1.99.1
Scan saved at 16:32:52, on 29.05.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Temp\svchost1.exe
C:\WINDOWS\Temp\system.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programfiler\Java\jre1.5.0_04\bin\jucheck.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\D-Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\iexplorer.exe
C:\Programfiler\PopUp Killer\popupkiller.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Skype\Phone\Skype.exe
C:\Programfiler\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Windows Media Player\wmplayer.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\mscastdb.dll
O3 - Toolbar: Nordnet Toolbar Norge - {A601B013-3DDB-4902-948A-9879E1F6A1A7} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [eDonkey2000] "C:\Programfiler\eDonkey2000\edonkey2000.exe" -t
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Iexplorer] C:\WINDOWS\iexplorer.exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Programfiler\PopUp Killer\popupkiller.EXE
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programfiler\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Nordnet Toolbar sök - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.1\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Programfiler\Poker.com\poker.exe (HKCU)
O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {92F02779-6D88-4958-8AD3-83C12D86ADC7} - https://www.nordnet.se/NNNO/no/toolbar/toolbar.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C29A5E9-7E05-44AD-8848-B49E4BF0DB26}: NameServer = 213.167.96.50,213.167.96.34
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\DOCUME~1\demo\LOKALE~1\Temp\IXP001.TMP\MsiExec.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE
O23 - Service: FireDaemon Service: system (system) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE

  • 2 Contributors
  • 1 Reply
  • 169 Views
  • 6 Days Discussion Span
  • Latest Post Latest Post by ShadowPuterDude
Member Avatar for ShadowPuterDude

The version of Java installed on your computer is out-of-date and represents a security risk. Install version 1.5.0_07 available from http://www.java.com/en/download/manual.jsp. Make sure you uninstall all older versions.

Windows Meesenger is running in theh background and represents a security risk. Disable Windows Messenger by running Shoot the Messenger

Download
- Pocket Killbox
- ExplorerXP
- CCleaner

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
On the page that opens, scroll down to FireDaemon Service: ecure or ecure (Whichever is present) ... right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows. Next, run HJT, but instead of scanning, click on the 'None of the above, just start the program' button at the bottom of the choices. At the lower right, click on the 'Config' button, and then the 'Misc tools' button ... select 'Delete an NT Service' ... copy/paste the following into the box that opens, and press 'OK':

FireDaemon Service: ecure or ecure (Whichever you found above)

Repeat the process for the following Services:

Windows Installer or MSIServer (Whichever is present)
FireDaemon Service: svchost1 or svchost1 (Whichever is present)
FireDaemon Service: system or system (Whichever is present)

In HJT Choose Open the Misc Tools Section choose Process Manager, Highlight:

C:\WINDOWS\Temp\svchost1.exe
C:\WINDOWS\Temp\system.exe
C:\WINDOWS\iexplorer.exe

Choose Kill Process

Now scan and have HJT Fix the following:

O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\mscastdb.dll
O3 - Toolbar: Nordnet Toolbar Norge - {A601B013-3DDB-4902-948A-9879E1F6A1A7} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\toolbar.dll
O4 - HKLM\..\Run: [Iexplorer] C:\WINDOWS\iexplorer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Nordnet Toolbar sök - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.1\toolbar.dll/SEARCH.HTML
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {92F02779-6D88-4958-8AD3-83C12D86ADC7} - https://www.nordnet.se/NNNO/no/toolbar/toolbar.cab
O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\DOCUME~1\demo\LOKALE~1\Temp\IXP001.TMP\MsiExec.exe (file missing)
O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE
O23 - Service: FireDaemon Service: system (system) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

C:\DOCUME~1\demo\LOKALE~1\Temp\IXP001.TMP\MsiExec.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\toolbar.dll
C:\WINDOWS\system32\mscastdb.dll
C:\WINDOWS\Temp\FireDaemon.EXE
C:\WINDOWS\Temp\svchost1.exe
C:\WINDOWS\Temp\system.exe

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

C:\DOCUME~1\demo <<=== Delete the Folder
C:\WINDOWS\iexplorer.exe <<=== Delete the File
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\toolbar.dll <<=== Delete the File
C:\WINDOWS\system32\mscastdb.dll <<=== Delete the File
C:\WINDOWS\Temp\FireDaemon.EXE <<=== Delete the File
C:\WINDOWS\Temp\svchost1.exe <<=== Delete the File
C:\WINDOWS\Temp\system.exe <<=== Delete the File

Now run CCleaner

  1. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
  2. Then select the items you wish to clean up.

In the Windows Tab:

  • Clean all entries in the "Internet Explorer" section.
  • Clean all the entries in the "Windows Explorer" section.
  • Clean all entries in the "System" section.
  • Clean any others that you choose.

In the Applications Tab:

  • Clean all in the Firefox/Mozilla section.
  • Clean all in the Applications section.
  • Clean all in the Internet Section.
  • Clean all in the Multimedia Section.
  • Clean all in the Utilities Section.
  • Clean all in the Windows Section.
  • Clean any others that you choose.
  1. Click the "Run Cleaner" button.
  2. A pop up box will appear advising this process will permanently delete files from your system.
  3. Click "OK" and it will scan and clean your system.
  4. Click "exit" when done.

If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.