Hi!

I am running windows xp pro, and yesterday my computer started working very bad, it wont let me log out the normal way,only the virus program shuts down,and the pc still working.Run my virus program today and found som advertising files that I have removed,but was not any help.Hope someone can help me here,thanks

You seem to have a virus/malware problem.

Please run an on-line virus scan here (http://housecall.trendmicro.com/)

Then download Hijack This (http://www.subratam.org/?page=removal).

Install hjt into it's own folder.

Run the ese file and click on scan.

After the scan there will be an option to save the log file.

Please post the contents of the log here

Thanks for your answer.I have done a virus check,first with my installed Norton antivirus,and found some advertizing ****,I have removed.Then as you sugested I run the Trend online check,and found one trojan,run it twice and nothing left now,but pc still wont let me shut down, neither switch to another user.Now I will post my Hijackthis logg,hope this will help.

Logfile of HijackThis v1.98.2
Scan saved at 17:39:06, on 26.11.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\systemout.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\Programfiler\winfax\WFXMOD32.EXE
C:\WINDOWS\System32\wfxsnt40.exe
C:\Programfiler\BIL-ISDN\isdnsta.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Programfiler\Telenor\ecc\ecc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\System32\cmutil39.exe
C:\WINDOWS\SVCHOST.EXE
C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programfiler\Nytteprogr\Hijack\HijackThis.exe
C:\Programfiler\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17A54BFC-8214-4F5C-B1A7-A161BFA5FDCC} - C:\Programfiler\Nytteprogr\nyxpc\XSoftware\Working \IEMon.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\NYTTEP~1\SPYBOT~1\SPYBOT~1\SDHelper.dl l
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\NYTTEP~1\FGET\FLASHGET\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Programfiler\SEP\sep.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\NYTTEP~1\FGET\FLASHGET\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Programfiler\SEP\sep.dll (file missing)
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [ISDNStatus] C:\Programfiler\BIL-ISDN\isdnsta.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programfiler\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Programfiler\ScanSoft\OmniPagePro14.0\PdfCnv\Re gistryController.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programfiler\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [System Check] Rundll32.exe SysDll32.dll,SystemCheck
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [83078678681a] C:\WINDOWS\System32\cmutil39.exe
O4 - HKLM\..\Run: [SVCHOST.EXE] C:\WINDOWS\SVCHOST.EXE
O4 - HKCU\..\Run: [Firefly] "C:\Programfiler\Firefly\Firefly.exe"
O4 - Startup: MyWebSearch Email Plugin.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk.disabled
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSxdm148
O8 - Extra context menu item: Download with GetRight - C:\Programfiler\GetRight\GRdownload.htm
O8 - Extra context menu item: Last ned alle med FlashGet - C:\Programfiler\Nytteprogr\FGet\FlashGet\jc_all.ht m
O8 - Extra context menu item: Last ned med FlashGet - C:\Programfiler\Nytteprogr\FGet\FlashGet\jc_link.h tm
O8 - Extra context menu item: Open PDF in Word - res://C:\Programfiler\ScanSoft\OmniPagePro14.0\PdfCnv\IE ShellExt.dll /100
O8 - Extra context menu item: Open with GetRight Browser - C:\Programfiler\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (no file)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - (no file)
O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file)
O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com/?fref=149031 (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\NYTTEP~1\FGET\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\NYTTEP~1\FGET\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Programfiler\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Programfiler\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)
O16 - DPF: {0957C19A-D854-482A-A4F9-18856C723D7D} (XNC600NetCam Control) - http://192.168.62.51/XNC600NetCam.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095398658195
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {17A54BFC-8214-4F5C-B1A7-A161BFA5FDCC} - C:\Programfiler\Nytteprogr\nyxpc\XSoftware\Working \IEMon.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Programfiler\SEP\sep.dll (file missing)
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Programfiler\SEP\sep.dll (file missing)

O4 - HKLM\..\Run: [System Check] Rundll32.exe SysDll32.dll,SystemCheck

O4 - HKLM\..\Run: [83078678681a] C:\WINDOWS\System32\cmutil39.exe
O4 - HKLM\..\Run: [SVCHOST.EXE] C:\WINDOWS\SVCHOST.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSxdm148

O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com/?fref=149031 (file missing)

O16 - DPF: {0957C19A-D854-482A-A4F9-18856C723D7D} (XNC600NetCam Control) - http://192.168.62.51/XNC600NetCam.cab

Reboot and delete

files
C:\WINDOWS\System32\SearchBar.htm
SysDll32.dll
C:\WINDOWS\System32\cmutil39.exe
C:\WINDOWS\SVCHOST.EXE
SysDll32.dll

folders
C:\Programfiler\SEP

These may be hidden files. See HERE (http://www.xtra.co.nz/help/0,,4155-1916458,00.html) for how to show hidden files.

The item in red is part of the XPCSpy Pro keylogger. If you are aware of this program, and wish to keep it, or it was installed by management ( if this is a company computer) then it must remain.

Please post a followup Hijack this log, and say if your problems persist.

Hi!

Hav started remove some of the problem,and it started working much better,now,it is posible for me to logout and shut down the normal way.
But I did not remove all of it,you want me to remove the Svchost.exe, are you sure it is safe to remove that exe?Seems to me this exe is mention many times in my firewall program,but dont know exatly what it does.I will post my Hijacklog now:
Logfile of HijackThis v1.98.2
Scan saved at 11:00:38, on 28.11.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\systemout.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\Programfiler\winfax\WFXMOD32.EXE
C:\WINDOWS\System32\wfxsnt40.exe
C:\Programfiler\BIL-ISDN\isdnsta.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Programfiler\Telenor\ecc\ecc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe
C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Nytteprogr\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17A54BFC-8214-4F5C-B1A7-A161BFA5FDCC} - C:\Programfiler\Nytteprogr\nyxpc\XSoftware\Working \IEMon.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\NYTTEP~1\SPYBOT~1\SPYBOT~1\SDHelper.dl l
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\NYTTEP~1\FGET\FLASHGET\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\NYTTEP~1\FGET\FLASHGET\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [ISDNStatus] C:\Programfiler\BIL-ISDN\isdnsta.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programfiler\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Programfiler\ScanSoft\OmniPagePro14.0\PdfCnv\Re gistryController.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programfiler\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [System Check] Rundll32.exe SysDll32.dll,SystemCheck
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKCU\..\Run: [Firefly] "C:\Programfiler\Firefly\Firefly.exe"
O4 - Startup: MyWebSearch Email Plugin.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk.disabled
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSxdm148
O8 - Extra context menu item: Download with GetRight - C:\Programfiler\GetRight\GRdownload.htm
O8 - Extra context menu item: Last ned alle med FlashGet - C:\Programfiler\Nytteprogr\FGet\FlashGet\jc_all.ht m
O8 - Extra context menu item: Last ned med FlashGet - C:\Programfiler\Nytteprogr\FGet\FlashGet\jc_link.h tm
O8 - Extra context menu item: Open PDF in Word - res://C:\Programfiler\ScanSoft\OmniPagePro14.0\PdfCnv\IE ShellExt.dll /100
O8 - Extra context menu item: Open with GetRight Browser - C:\Programfiler\GetRight\GRbrowse.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\NYTTEP~1\FGET\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\NYTTEP~1\FGET\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Programfiler\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Programfiler\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095398658195
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab

The one to remove is C:\WINDOWS\SVCHOST.EXE, which is a trojan.

C:\WINDOWS\system32\svchost.exe is the real windows file, and must not be removed.


Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {17A54BFC-8214-4F5C-B1A7-A161BFA5FDCC} - C:\Programfiler\Nytteprogr\nyxpc\XSoftware\Working \IEMon.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll

O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)

O4 - HKLM\..\Run: [System Check] Rundll32.exe SysDll32.dll,SystemCheck

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSxdm148

Reboot after fixing. If you want to keep the keylogger, then the item in red should be left unchecked.

These may be hidden files. See HERE (http://www.xtra.co.nz/help/0,,4155-1916458,00.html) for how to show hidden files.

Please post a followup Hijack this log, and say if your problems persist.