I think I have a virus...

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Zert2000

Thread Starter
Joined
Jul 15, 2007
Messages
8
Hi!

I think i have a virus, when i run my Zonealarm ainti Virus/spyware it finds a virus called "Not-A-Virus:Downloader.Win32.WinFixer.I"
I have also had some other problems..

How ever here is my Hijack this log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:24:40, on 2007-07-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
C:\Program\CyberLink\Shared Files\RichVideo.exe
C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program\ULI5287\ULiRaid.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program\Microsoft IntelliType Pro\type32.exe
C:\Program\Microsoft IntelliPoint\point32.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program\Java\jre1.6.0_01\bin\jusched.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\MI948F~1\GAMECO~1\common\swtrayv4.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program\TRIXX\TRIXX.exe
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\Program\CyberLink\PowerDVD\PDVDServ.exe
C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
C:\Program\Wacom\TabUserW.exe
C:\Program\DELADE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\ijji\ENGLISH\Gunz\SetPoint.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Calle Lind\Skrivbord\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slutet.se/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 81.235.154.241 localhost
O1 - Hosts: 81.235.154.241
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D24FA71-697F-4D26-AEA4-0C5E022CDD3a} - C:\WINDOWS\system32\qujiqjuk.dll (file missing)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\adriptim.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\jkkkkkl.dll
O2 - BHO: (no name) - {C52BC978-7782-4ECD-A227-30FF7D3DC8C1} - C:\WINDOWS\system32\jkhfd.dll
O4 - HKLM\..\Run: [ULiRaid] C:\Program\ULI5287\ULiRaid.exe
O4 - HKLM\..\Run: [Genväg till egenskapssida för High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WINCINEMAMGR] C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - HKLM\..\Run: [type32] "C:\Program\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\Program\MI948F~1\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 300NC PC Camera
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TRIXX] "C:\Program\TRIXX\TRIXX.exe" -s
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Program\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\rgqkmnmn.dll",realset
O4 - HKLM\..\Run: [StartCCC] C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [LaCie Backup] C:\Program\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TabUserW.lnk = C:\Program\Wacom\TabUserW.exe
O4 - Global Startup: TrayMin300.exe.lnk = C:\Program\Philips\SPC 300NC PC Camera\TrayMin300.exe
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program\BP Go!Zilla v4.1\download-with-gozilla.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O15 - Trusted Zone: www.tradera.se
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nmstarter/NMStarter23.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136458113484
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148635341843
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4FBD173-A772-49DF-B65E-394B1695B952}: NameServer = 192.168.1.1
O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll
O20 - Winlogon Notify: jkkkkkl - C:\WINDOWS\SYSTEM32\jkkkkkl.dll
O20 - Winlogon Notify: vturqnl - vturqnl.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tncwfxre.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 1: (no name) - http://gunz.ijji.com/

--
End of file - 11936 bytes
 
Joined
Sep 7, 2004
Messages
49,014
If you have vundofix, remove it and get the current version

Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
Double-click VundoFix.exe to run it.
click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Please let Vundo finish its thing, sometimes it can take multiple passes
====================
Download Superantispyware (SAS)

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.

This can take a while!
 

Zert2000

Thread Starter
Joined
Jul 15, 2007
Messages
8
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/16/2007 at 12:57 PM

Application Version : 3.9.1008

Core Rules Database Version : 3269
Trace Rules Database Version: 1280

Scan type : Complete Scan
Total Scan Time : 02:01:02

Memory items scanned : 571
Memory threats detected : 0
Registry items scanned : 7126
Registry threats detected : 18
File items scanned : 127675
File threats detected : 31

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{0A7383CB-A5AA-4389-8965-E2B418E51587}
HKCR\CLSID\{0A7383CB-A5AA-4389-8965-E2B418E51587}
HKCR\CLSID\{0A7383CB-A5AA-4389-8965-E2B418E51587}\InprocServer32
HKCR\CLSID\{0A7383CB-A5AA-4389-8965-E2B418E51587}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JKHFD.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A7383CB-A5AA-4389-8965-E2B418E51587}

Adware.GoZilla
HKLM\Software\Classes\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}
HKCR\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}
HKCR\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}
HKCR\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32
HKCR\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32#ThreadingModel
HKCR\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}\ProgID
HKCR\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}\Programmable
HKCR\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}\TypeLib
HKCR\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}\VersionIndependentProgID
C:\PROGRAM\BP GO!ZILLA V4.1\GOIEHLP.DLL

Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{8A61098D-612B-4EF2-943D-64E920684061}

Adware.Tracking Cookie
C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][1].txt
C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][1].txt
C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][1].txt
C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][2].txt
C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][1].txt
C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][1].txt
C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][2].txt
C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][1].txt
C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][1].txt
C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][2].txt
C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][2].txt
C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][1].txt
C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][1].txt
C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][1].txt
C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][2].txt
C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][2].txt
C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][1].txt
C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][2].txt
C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][1].txt
C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][2].txt

Trojan.SmartLoad
HKLM\Software\Microsoft\drsmartload2
HKLM\Software\Microsoft\drsmartload2#Installed

Adware.ClickSpring/Yazzle
HKLM\Software\Yazzle Snowball Wars
C:\Program\Yazzle Snowball Wars\License.txt
C:\Program\Yazzle Snowball Wars

Trojan.Downloader-Gen/HitItQuitIt
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D6B3B1A3-A7D2-4AD0-A252-BD6EC8E0CABD}\RP516\A0210951.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D6B3B1A3-A7D2-4AD0-A252-BD6EC8E0CABD}\RP542\A0220311.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D6B3B1A3-A7D2-4AD0-A252-BD6EC8E0CABD}\RP542\A0220317.DLL

Trojan.Downloader-SpyTool
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D6B3B1A3-A7D2-4AD0-A252-BD6EC8E0CABD}\RP542\A0220307.DLL

Adware.Vundo/Traff-2
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D6B3B1A3-A7D2-4AD0-A252-BD6EC8E0CABD}\RP542\A0220309.EXE
C:\VUNDOFIX BACKUPS\GDADQDUO.EXE.BAD

Trojan.Downloader-CREW
C:\WINDOWS\SYSTEM32\QUJIQJUK.DLL.VZR

---------------------------------------------------------------------------------------------------



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:35:15, on 2007-07-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
C:\Program\CyberLink\Shared Files\RichVideo.exe
C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program\ULI5287\ULiRaid.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Microsoft IntelliPoint\point32.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program\Java\jre1.6.0_01\bin\jusched.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\MI948F~1\GAMECO~1\common\swtrayv4.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program\TRIXX\TRIXX.exe
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Winamp\winampa.exe
C:\Program\CyberLink\PowerDVD\PDVDServ.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
C:\Program\DELADE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program\Wacom\TabUserW.exe
C:\Program\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Calle Lind\Skrivbord\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slutet.se/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 81.235.154.241 localhost
O1 - Hosts: 81.235.154.241
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D24FA71-697F-4D26-AEA4-0C5E022CDD3a} - C:\WINDOWS\system32\qujiqjuk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [ULiRaid] C:\Program\ULI5287\ULiRaid.exe
O4 - HKLM\..\Run: [Genväg till egenskapssida för High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WINCINEMAMGR] C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - HKLM\..\Run: [type32] "C:\Program\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\Program\MI948F~1\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 300NC PC Camera
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TRIXX] "C:\Program\TRIXX\TRIXX.exe" -s
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Program\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [LaCie Backup] C:\Program\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TabUserW.lnk = C:\Program\Wacom\TabUserW.exe
O4 - Global Startup: TrayMin300.exe.lnk = C:\Program\Philips\SPC 300NC PC Camera\TrayMin300.exe
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program\BP Go!Zilla v4.1\download-with-gozilla.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O15 - Trusted Zone: www.tradera.se
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nmstarter/NMStarter23.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136458113484
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148635341843
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4FBD173-A772-49DF-B65E-394B1695B952}: NameServer = 192.168.1.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: vturqnl - vturqnl.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tncwfxre.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 1: (no name) - http://gunz.ijji.com/

--
End of file - 11779 bytes
 
Joined
Sep 7, 2004
Messages
49,014
Fix these with HiJackThis – mark them, close IE, click fix checked

O2 - BHO: (no name) - {0D24FA71-697F-4D26-AEA4-0C5E022CDD3a} - C:\WINDOWS\system32\qujiqjuk.dll (file missing)

O20 - Winlogon Notify: vturqnl - vturqnl.dll (file missing)

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tncwfxre.exe (file missing)

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new hijack log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
 

Zert2000

Thread Starter
Joined
Jul 15, 2007
Messages
8
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:53:31, on 2007-07-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
C:\Program\CyberLink\Shared Files\RichVideo.exe
C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program\ULI5287\ULiRaid.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program\Microsoft IntelliType Pro\type32.exe
C:\Program\Microsoft IntelliPoint\point32.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program\Java\jre1.6.0_01\bin\jusched.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\MI948F~1\GAMECO~1\common\swtrayv4.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\Program\Telia\Supportassistent\bin\sprtcmd.exe
C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program\Winamp\winampa.exe
C:\Program\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
C:\Program\DELADE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program\Wacom\TabUserW.exe
C:\Documents and Settings\Calle Lind\Skrivbord\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slutet.se/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 81.235.154.241 localhost
O1 - Hosts: 81.235.154.241
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [ULiRaid] C:\Program\ULI5287\ULiRaid.exe
O4 - HKLM\..\Run: [Genväg till egenskapssida för High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WINCINEMAMGR] C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - HKLM\..\Run: [type32] "C:\Program\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\Program\MI948F~1\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 300NC PC Camera
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Program\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [LaCie Backup] C:\Program\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Genväg till ventrilo_srv.exe.lnk = C:\Program\Ventrilo v.1.2..1\VentSrv\ventrilo_srv.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: Genväg till ventrilo_srv.exe.lnk = C:\Program\Ventrilo v.1.2..1\VentSrv\ventrilo_srv.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Genväg till ventrilo_srv.exe.lnk = C:\Program\Ventrilo v.1.2..1\VentSrv\ventrilo_srv.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TabUserW.lnk = C:\Program\Wacom\TabUserW.exe
O4 - Global Startup: TrayMin300.exe.lnk = C:\Program\Philips\SPC 300NC PC Camera\TrayMin300.exe
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program\BP Go!Zilla v4.1\download-with-gozilla.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O15 - Trusted Zone: www.tradera.se
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nmstarter/NMStarter23.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136458113484
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148635341843
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4FBD173-A772-49DF-B65E-394B1695B952}: NameServer = 192.168.1.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 1: (no name) - http://gunz.ijji.com/

--
End of file - 11796 bytes



Oh the Run %temp% thing and deliting temp files, thats good to do every now and then right?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top