1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I think I have a virus...

Discussion in 'Virus & Other Malware Removal' started by Zert2000, Jul 15, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Zert2000

    Zert2000 Thread Starter

    Joined:
    Jul 15, 2007
    Messages:
    8
    Hi!

    I think i have a virus, when i run my Zonealarm ainti Virus/spyware it finds a virus called "Not-A-Virus:Downloader.Win32.WinFixer.I"
    I have also had some other problems..

    How ever here is my Hijack this log:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 14:24:40, on 2007-07-15
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program\CyberLink\Shared Files\RichVideo.exe
    C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program\ULI5287\ULiRaid.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\Program\Microsoft IntelliType Pro\type32.exe
    C:\Program\Microsoft IntelliPoint\point32.exe
    C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program\HP\HP Software Update\HPWuSchd2.exe
    C:\Program\MI948F~1\GAMECO~1\common\swtrayv4.exe
    C:\Program\Delade filer\Real\Update_OB\realsched.exe
    C:\WINDOWS\VM_STI.EXE
    C:\Program\TRIXX\TRIXX.exe
    C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
    C:\Program\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
    C:\Program\Wacom\TabUserW.exe
    C:\Program\DELADE~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\ijji\ENGLISH\Gunz\SetPoint.exe
    C:\Program\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Calle Lind\Skrivbord\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slutet.se/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: 81.235.154.241 localhost
    O1 - Hosts: 81.235.154.241
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0D24FA71-697F-4D26-AEA4-0C5E022CDD3a} - C:\WINDOWS\system32\qujiqjuk.dll (file missing)
    O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\adriptim.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\jkkkkkl.dll
    O2 - BHO: (no name) - {C52BC978-7782-4ECD-A227-30FF7D3DC8C1} - C:\WINDOWS\system32\jkhfd.dll
    O4 - HKLM\..\Run: [ULiRaid] C:\Program\ULI5287\ULiRaid.exe
    O4 - HKLM\..\Run: [Genväg till egenskapssida för High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [WINCINEMAMGR] C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - HKLM\..\Run: [type32] "C:\Program\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\Program\MI948F~1\GAMECO~1\common\swtrayv4.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 300NC PC Camera
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [TRIXX] "C:\Program\TRIXX\TRIXX.exe" -s
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
    O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [LanguageShortcut] C:\Program\CyberLink\PowerDVD\Language\Language.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\rgqkmnmn.dll",realset
    O4 - HKLM\..\Run: [StartCCC] C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [LaCie Backup] C:\Program\LaCie\Backup Software\\LaCieBackup.exe /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: TabUserW.lnk = C:\Program\Wacom\TabUserW.exe
    O4 - Global Startup: TrayMin300.exe.lnk = C:\Program\Philips\SPC 300NC PC Camera\TrayMin300.exe
    O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program\BP Go!Zilla v4.1\download-with-gozilla.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O15 - Trusted Zone: www.tradera.se
    O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nmstarter/NMStarter23.cab
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136458113484
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148635341843
    O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D4FBD173-A772-49DF-B65E-394B1695B952}: NameServer = 192.168.1.1
    O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll
    O20 - Winlogon Notify: jkkkkkl - C:\WINDOWS\SYSTEM32\jkkkkkl.dll
    O20 - Winlogon Notify: vturqnl - vturqnl.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tncwfxre.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O24 - Desktop Component 1: (no name) - http://gunz.ijji.com/

    --
    End of file - 11936 bytes
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    If you have vundofix, remove it and get the current version

    Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
    Double-click VundoFix.exe to run it.
    click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES.
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on.
    Please post the contents of C:\vundofix.txt
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

    Please let Vundo finish its thing, sometimes it can take multiple passes
    ====================
    Download Superantispyware (SAS)

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.

    This can take a while!
     
  3. Zert2000

    Zert2000 Thread Starter

    Joined:
    Jul 15, 2007
    Messages:
    8
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/16/2007 at 12:57 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3269
    Trace Rules Database Version: 1280

    Scan type : Complete Scan
    Total Scan Time : 02:01:02

    Memory items scanned : 571
    Memory threats detected : 0
    Registry items scanned : 7126
    Registry threats detected : 18
    File items scanned : 127675
    File threats detected : 31

    Adware.Vundo Variant
    HKLM\Software\Classes\CLSID\{0A7383CB-A5AA-4389-8965-E2B418E51587}
    HKCR\CLSID\{0A7383CB-A5AA-4389-8965-E2B418E51587}
    HKCR\CLSID\{0A7383CB-A5AA-4389-8965-E2B418E51587}\InprocServer32
    HKCR\CLSID\{0A7383CB-A5AA-4389-8965-E2B418E51587}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\JKHFD.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A7383CB-A5AA-4389-8965-E2B418E51587}

    Adware.GoZilla
    HKLM\Software\Classes\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}
    HKCR\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}
    HKCR\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}
    HKCR\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32
    HKCR\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32#ThreadingModel
    HKCR\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}\ProgID
    HKCR\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}\Programmable
    HKCR\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}\TypeLib
    HKCR\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}\VersionIndependentProgID
    C:\PROGRAM\BP GO!ZILLA V4.1\GOIEHLP.DLL

    Unclassified.Unknown Origin
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{8A61098D-612B-4EF2-943D-64E920684061}

    Adware.Tracking Cookie
    C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][1].txt
    C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][1].txt
    C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][1].txt
    C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][2].txt
    C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][1].txt
    C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][1].txt
    C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][2].txt
    C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][1].txt
    C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][1].txt
    C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][2].txt
    C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][2].txt
    C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][1].txt
    C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][1].txt
    C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][1].txt
    C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][2].txt
    C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][2].txt
    C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][1].txt
    C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][2].txt
    C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][1].txt
    C:\Documents and Settings\Calle Lind\Cookies\calle [email protected][2].txt

    Trojan.SmartLoad
    HKLM\Software\Microsoft\drsmartload2
    HKLM\Software\Microsoft\drsmartload2#Installed

    Adware.ClickSpring/Yazzle
    HKLM\Software\Yazzle Snowball Wars
    C:\Program\Yazzle Snowball Wars\License.txt
    C:\Program\Yazzle Snowball Wars

    Trojan.Downloader-Gen/HitItQuitIt
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D6B3B1A3-A7D2-4AD0-A252-BD6EC8E0CABD}\RP516\A0210951.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D6B3B1A3-A7D2-4AD0-A252-BD6EC8E0CABD}\RP542\A0220311.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D6B3B1A3-A7D2-4AD0-A252-BD6EC8E0CABD}\RP542\A0220317.DLL

    Trojan.Downloader-SpyTool
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D6B3B1A3-A7D2-4AD0-A252-BD6EC8E0CABD}\RP542\A0220307.DLL

    Adware.Vundo/Traff-2
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{D6B3B1A3-A7D2-4AD0-A252-BD6EC8E0CABD}\RP542\A0220309.EXE
    C:\VUNDOFIX BACKUPS\GDADQDUO.EXE.BAD

    Trojan.Downloader-CREW
    C:\WINDOWS\SYSTEM32\QUJIQJUK.DLL.VZR

    ---------------------------------------------------------------------------------------------------



    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 13:35:15, on 2007-07-16
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program\CyberLink\Shared Files\RichVideo.exe
    C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program\ULI5287\ULiRaid.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\Program\Microsoft IntelliType Pro\type32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program\Microsoft IntelliPoint\point32.exe
    C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program\HP\HP Software Update\HPWuSchd2.exe
    C:\Program\MI948F~1\GAMECO~1\common\swtrayv4.exe
    C:\Program\Delade filer\Real\Update_OB\realsched.exe
    C:\WINDOWS\VM_STI.EXE
    C:\Program\TRIXX\TRIXX.exe
    C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program\Winamp\winampa.exe
    C:\Program\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
    C:\Program\DELADE~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\Program\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\Program\Wacom\TabUserW.exe
    C:\Program\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Calle Lind\Skrivbord\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slutet.se/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: 81.235.154.241 localhost
    O1 - Hosts: 81.235.154.241
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0D24FA71-697F-4D26-AEA4-0C5E022CDD3a} - C:\WINDOWS\system32\qujiqjuk.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [ULiRaid] C:\Program\ULI5287\ULiRaid.exe
    O4 - HKLM\..\Run: [Genväg till egenskapssida för High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [WINCINEMAMGR] C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - HKLM\..\Run: [type32] "C:\Program\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\Program\MI948F~1\GAMECO~1\common\swtrayv4.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 300NC PC Camera
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [TRIXX] "C:\Program\TRIXX\TRIXX.exe" -s
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
    O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [LanguageShortcut] C:\Program\CyberLink\PowerDVD\Language\Language.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [StartCCC] C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [LaCie Backup] C:\Program\LaCie\Backup Software\\LaCieBackup.exe /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: TabUserW.lnk = C:\Program\Wacom\TabUserW.exe
    O4 - Global Startup: TrayMin300.exe.lnk = C:\Program\Philips\SPC 300NC PC Camera\TrayMin300.exe
    O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program\BP Go!Zilla v4.1\download-with-gozilla.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O15 - Trusted Zone: www.tradera.se
    O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nmstarter/NMStarter23.cab
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136458113484
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148635341843
    O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D4FBD173-A772-49DF-B65E-394B1695B952}: NameServer = 192.168.1.1
    O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: vturqnl - vturqnl.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tncwfxre.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O24 - Desktop Component 1: (no name) - http://gunz.ijji.com/

    --
    End of file - 11779 bytes
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Fix these with HiJackThis – mark them, close IE, click fix checked

    O2 - BHO: (no name) - {0D24FA71-697F-4D26-AEA4-0C5E022CDD3a} - C:\WINDOWS\system32\qujiqjuk.dll (file missing)

    O20 - Winlogon Notify: vturqnl - vturqnl.dll (file missing)

    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tncwfxre.exe (file missing)

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new hijack log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  5. Zert2000

    Zert2000 Thread Starter

    Joined:
    Jul 15, 2007
    Messages:
    8
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 11:53:31, on 2007-07-22
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program\CyberLink\Shared Files\RichVideo.exe
    C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program\ULI5287\ULiRaid.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program\Microsoft IntelliType Pro\type32.exe
    C:\Program\Microsoft IntelliPoint\point32.exe
    C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program\HP\HP Software Update\HPWuSchd2.exe
    C:\Program\MI948F~1\GAMECO~1\common\swtrayv4.exe
    C:\Program\Delade filer\Real\Update_OB\realsched.exe
    C:\WINDOWS\VM_STI.EXE
    C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
    C:\Program\Telia\Supportassistent\bin\sprtcmd.exe
    C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program\Winamp\winampa.exe
    C:\Program\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
    C:\Program\DELADE~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\Program\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\Program\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program\Wacom\TabUserW.exe
    C:\Documents and Settings\Calle Lind\Skrivbord\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slutet.se/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: 81.235.154.241 localhost
    O1 - Hosts: 81.235.154.241
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [ULiRaid] C:\Program\ULI5287\ULiRaid.exe
    O4 - HKLM\..\Run: [Genväg till egenskapssida för High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [WINCINEMAMGR] C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - HKLM\..\Run: [type32] "C:\Program\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\Program\MI948F~1\GAMECO~1\common\swtrayv4.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 300NC PC Camera
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
    O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [LanguageShortcut] C:\Program\CyberLink\PowerDVD\Language\Language.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [LaCie Backup] C:\Program\LaCie\Backup Software\\LaCieBackup.exe /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: Genväg till ventrilo_srv.exe.lnk = C:\Program\Ventrilo v.1.2..1\VentSrv\ventrilo_srv.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
    O4 - .DEFAULT Startup: Genväg till ventrilo_srv.exe.lnk = C:\Program\Ventrilo v.1.2..1\VentSrv\ventrilo_srv.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Genväg till ventrilo_srv.exe.lnk = C:\Program\Ventrilo v.1.2..1\VentSrv\ventrilo_srv.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: TabUserW.lnk = C:\Program\Wacom\TabUserW.exe
    O4 - Global Startup: TrayMin300.exe.lnk = C:\Program\Philips\SPC 300NC PC Camera\TrayMin300.exe
    O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program\BP Go!Zilla v4.1\download-with-gozilla.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O15 - Trusted Zone: www.tradera.se
    O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nmstarter/NMStarter23.cab
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136458113484
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148635341843
    O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D4FBD173-A772-49DF-B65E-394B1695B952}: NameServer = 192.168.1.1
    O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O24 - Desktop Component 1: (no name) - http://gunz.ijji.com/

    --
    End of file - 11796 bytes



    Oh the Run %temp% thing and deliting temp files, thats good to do every now and then right?
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/595993

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice