Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Member
    Join Date
    Jan 2008
    Posts
    44
    Points
    0

    Default tries to remote my computer???

    Hi ! I ask for help earlier to help remove Virus Ranger 3.8,

    i also have another problem a Major one as many refer it to,
    I have zlob.downloader.vdt,efz, maybe more allthough spybot s&d and NoAdware detected these and s&d couldn't remove .vdt, maybe bcause I haven't updated s&d, but the problem is : when I starts windows xp pro, the remoteControl Assistant tries to access my modem(I have a Laptop with mobile modem) so I am trying to stay OFFLINE untill i can solve the problem. , this is why I havent followed the help in my previous topic.

    (scan with Panda Activescan and Housecall ) Can I start in safe mode and do the active scan there? or do i need to take the risk, I dont even know if I have an AntiVirus, it is not in the place where it should be , in security center, virus Ranger is there instead, but have Windows firewall and EAV-antivirus though. EAV starts when windows starts but dont show when right click a file and choose scan with ex: AVG etc. I post a logfile from Hijackthis.

    ------------------------------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:28:25 PM, on 1/6/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\a-squared Free\a2service.exe
    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program\Telia\Connect\ATService.exe
    C:\Program\Telia\Connect\Connect.exe
    C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe
    C:\Program\Spyware Doctor\svcntaux.exe
    C:\Program\Spyware Doctor\swdsvc.exe
    C:\Program\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\atiptaxx.exe
    C:\WINDOWS\LTSMMSG.exe
    C:\Program\TiFiC\TiFiC Client G1\ConnecteSupport.exe
    C:\Program\iTunes\iTunesHelper.exe
    C:\Program\Telia\Supportassistent\bin\sprtcmd.exe
    C:\Program\Spyware Doctor\SDTrayApp.exe
    C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program\Enigma Software Group\SpyHunter\SpyHunter3.exe
    C:\Program\SpyNoMore\SNM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program\Veoh Networks\Veoh\VeohClient.exe
    C:\Program\Telia\Connect\WVPNMonitor.exe
    C:\Program\EAV Antivirus Suite\Anti-Virus.exe
    C:\Program\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smalandsborsen.se/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LDnkar
    R3 - URLSearchHook: free-downloads.net Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program\free-downloads\tbfre0.dll
    R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program\Freecorder\tbFre0.dll
    O3 - Toolbar: free-downloads.net Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program\free-downloads\tbfre0.dll
    O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
    O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program\Freecorder\tbFre0.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: IE Custom Tools - {EFAF6EA3-615D-4F83-8748-2F7A576FCEA6} - C:\Program\Video Add-on\ictmdl.dll (file missing)
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ConnecteSupport] "C:\Program\TiFiC\TiFiC Client G1\ConnecteSupport.exe" /HIDE /ONLINECHECK /WAIT 5 /DEFLANG "English" /SERVER teliabg.connect.teliasonera.com
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NI.UGA6P_0001_N119M1510] "C:\documents and settings\melissamaya\application data\install_en[1].exe"
    O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia
    O4 - HKLM\..\Run: [SDTray] "C:\Program\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program\Enigma Software Group\SpyHunter\SpyHunter3.exe
    O4 - HKLM\..\Run: [SNM] C:\Program\SpyNoMore\SNM.exe /startup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
    O4 - HKCU\..\Run: [Internet History Eraser] C:\Program\Acesoft\Internet History Eraser\te.exe min
    O4 - HKCU\..\Run: [Veoh] "C:\Program\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [AntiSpywareBot] C:\Program\AntiSpywareBot\AntiSpywareBot.exe -boot
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJ$NST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Connect Monitor.lnk = C:\Program\Telia\Connect\WVPNMonitor.exe
    O4 - Global Startup: EAV Antivirus Suite.lnk = C:\Program\EAV Antivirus Suite\Anti-Virus.exe
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.3stepit.se
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1194400343634
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program\a-squared Free\a2service.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Telia Connect AT Service (CTATSvc) - Telia - C:\Program\Telia\Connect\ATService.exe
    O23 - Service: Telia Connect (CTConnect) - Telia - C:\Program\Telia\Connect\Connect.exe
    O23 - Service: GtFlashSwitch - OptionNV - C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program\WinPcap\rpcapd.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\swdsvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

    --
    End of file - 8093 bytes




    Eagerly waiting for the Help I can get Thank You!!! :-}

  2. #2
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    You have or had a smitfruad infection.

    Disconnect from the internet, close all browser windows including this one.
    Run another HJT scan and check the following files for HJT to fix:

    O3 - Toolbar: IE Custom Tools - {EFAF6EA3-615D-4F83-8748-2F7A576FCEA6} - C:\Program\Video Add-on\ictmdl.dll (file missing)

    O4 - HKLM\..\Run: [NI.UGA6P_0001_N119M1510] "C:\documents and settings\melissamaya\application data\install_en[1].exe"

    O4 - HKCU\..\Run: [AntiSpywareBot] C:\Program\AntiSpywareBot\AntiSpywareBot.exe -boot


    One this one:

    O14 - IERESET.INF: START_PAGE_URL=http://www.3stepit.se

    If you know it and use it, leave it.

    Press the fix check button. Close the HJT program - Re boot the PC

    Find and delete the following if found:

    C:\Program\Video Add-on ...file

    C:\documents and settings\melissamaya\application data\install_en[1].exe ...file

    C:\Program\iSpywareBot ...file.

    Re boot the PC

    Next......

    I am giving you 2 sets of instructions to run a malware removal program...

    The first set of instructions will find the bad files...
    The second set of instructions will delete the bad files...

    Both sets of instructions will generate a logfile, I need to see BOTH logfiles ... so save the first one somewhere you can find it again, and when you have the second one ... post them both in your next post here

    First instructions ... find files

    Download: SmitfraudFix.zip from :-

    http://siri.urz.free.fr/Fix/SmitfraudFix.zip (the file contains both English and French versions)

    1. Download to your desktop
    2. unzip the zip file to your desktop (they will be extracted to a folder called SmitfraudFix
    3. Double-click smitfraudfix.cmd
    4. Select 1 and hit Enter to create a report of the infected files
    5. find the C:\rapport.txt file and change the name of the text file to REPORT1.txt ... otherwise it will be overwritten when you run the next set of instructions.


    Second instructions ... delete files

    1. Reboot into >>>safe mode
    2. Double-click smitfraudfix.cmd
    3. Select 2 and hit Enter to delete infected files
    4. You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection
    5. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file
    6. A reboot may be needed to finish the cleaning process.

    The report can be found at the root of the system drive, usually at C:\rapport.txt ...[b] Post the contents of the C:\rapport.txt file + the C:\REPORT1.txt in your next post here... + a new hijackthis log.

    NOTE:

    process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a
    RiskTool . It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between good and malicious use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consultin...rocessutil.htm

    BG

  3. #3
    Member
    Join Date
    Jan 2008
    Posts
    44
    Points
    0

    Default followed instructions on: "tried remote my computer???&

    Hi I have done the following thingss:

    1* Disconnected from the internet, closed all browser windows including this one.
    Run another HJT scan and checked the following files for HJT to fix:

    2* O3 - Toolbar: IE Custom Tools - {EFAF6EA3-615D-4F83-8748- 2F7A576FCEA6} - C:\Program\Video Add-on\ictmdl.dll (file missing) (HJT Fixed) ( remebered, when ran scan with spybot S&D , before finding help2go.com page, I deleted it myself, but folder still exist)

    * O4 - HKLM\..\Run: [NI.UGA6P_0001_N119M1510] "C:\documents and settings\melissamaya\application data\install_en[1].exe" (HJT Fixed)

    * O4 - HKCU\..\Run: [AntiSpywareBot] C:\Program\AntiSpywareBot\AntiSpywareBot.exe -boot ( HJT Fixed)
    ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    but left : O14 - IERESET.INF: START_PAGE_URL=http://www.3stepit.se

    "If you know it and use it, leave it."


    3* rebooted,

    4* tried to find the following files:

    Find and delete the following if found:
    -----------------------------------------------
    C:\Program\Video Add-on ...file ( found the file by go to My Computer, C drive, Program. ( zlob, orwhatever did not let me finnish searching the file, it says that i need to shut down internet explorer.exe, with a warn
    ing window. (Delete this program?)

    C:\documents and settings\melissamaya\application data\install_en[1].exe ...file (Did NOT find the file at all, by entering: My computer,C:\documents and settings....." Where/how to find???

    C:\Program\iSpywareBot ...file. ( ??? unless you meant "AntispywareBot", couldnot find: iSpywareBot)

    5* AWAITING answer....... before going to next step.

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Past this into your address bar ...

    C:\documents and settings\melissamaya\application data

    you should then see the install_en[1].exe if it's still there.

    But don't worry about the files, continue with Basementgeek's instructions from ...

    Next......

    I am giving you 2 sets of instructions to run a malware removal program... etc,
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  5. #5
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    You've started a new thread with this in it ...

    Quote Originally Posted by JayWong
    hey can you check this out for me , because I installed and ran SUPERantispyware.do I still have smitfraud? my lprevious thread: hijack my computer???............thanx
    There is nothing wrong with running SUPERantispyware, but if you want your computer cleaned as quickly as possible, you must run the programs we ask you to, not the ones you think you should run... did you save the log from SUPERantispyware ? we'd like to see it. did you have
    SUPERantispyware remove all it found ?

    Please post a new hijack this log also.

    I've locked your other thread, please keep all replies in this thread.

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  6. #6
    Member
    Join Date
    Jan 2008
    Posts
    44
    Points
    0

    Default continued with 2nd instruction

    hi I ran the 2nd step of your instructions,

    *Ran SmitFraudFix and saved REPORT1
    *Ran SmitFraudFix in safe mode, however the tool did not check if wininet.dll is infected. step 5,
    *shuted down computer,
    *charged batteries, ( I didn't followed the instructions at once, hope that was OK)
    *started computer in normal mode.
    *remote control still comming
    ( I remembered that when i had Panda Internet Security 2007, when I started windows (xp pro), I got a notice that Panda "detected a new network" every time I started my computer, Normal?? i Think so, Because on my other computer with Windows 98Second Edition, ( coulnt get mobile internet,even if I wanted it, only 2000 and higher) I also have Panda Internet Security 2007 installed , and I get notices from Panda everytime I starts windows98SE,

    maybe my xp is not being Hijacked Maybe it is the same effect like Panda Internet Security, But I uninstalled Panda, I get thou to choose wheater I gonna connect or abort I DONT KNOW, until I insert the Internet Datacard, dont want to take that risk, until Zlob is removed.

    Noted this: when you minimize your programs , notepad etc, next to START, and on the remote "block" it have the same icon that SUPER Anti Spyware are using, maybe Super Anti Spyware tries to update it self.....don't remember if the icon was there before I installed SUPER Anti Spyware. persistent it is, It continued to pop up 4 times. when finally shut down,, it came again, but this time I could choose to work offline.

    but



    *SUPER AntiSpyware Alerted me that the homepage changed, from www.smalandsborsen.se to http://www.microsoft.com/isapi/redir...er=6ar=msnhome :
    
    SUPERAntispyware Alert - Home Page Changed

    Home page Change Detected
    SUPER AntiSpyware has detected that your browser home page has been changed.If
    you did not make this change, you may have spyware or adware on your system.

    *Ididn't make the change And I KNOW that I HAVE SPYWARE ,ZLOB, maybe because that smalandsborsen was named 3stepit... before they changed to smalandsborsen.se in sweden, and I am abroad , and in this country when I enter google.com, I got instead : "google.co.th" depending on which country I am in. but it is what I think.

    *My desktop wallpaper also dissapeared. Blank when no wallpaper is choosed, understand that ,Step 4? in Second Instructions...deleting files?
    

    And here is when I scanned with SUPERAntiSpyware.

    SUPERAntiSpyware - Detect and Remove Harmful Software
    

    SUPERAntiSpyware has detected the following items on your computer
    You may elect to quarantine and remove an application or leave it on your computer. Quarantined and removed
    applications can always be restored to your computer at any time.
    

    + Unclassified.SpywareBot (Not A Threat) [ 1 items ]


    and summary....

    SUPERAntiSpyware Scan Summary

    Potentially harmful items heve been detected on your computer. It is advised
    that you quarantine and remove these items to prevent further infection.

    Memory Items Detected

    0

    Files Detected

    3

    ------------------------------------------------------
    Here is my Hijackthis Log that you asked for.

    ............................................................................
    REPORT1.txt (saved to usb 2.0 memory)

    SmitFraudFix v2.274

    Scan done at 2:58:04.33, Sat 01/12/2008
    Run from C:\Documents and Settings\MELISSAMAYA\Skrivbord\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

     Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\a-squared Free\a2service.exe
    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program\Telia\Connect\ATService.exe
    C:\Program\Telia\Connect\Connect.exe
    C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe
    C:\Program\Spyware Doctor\svcntaux.exe
    C:\Program\Spyware Doctor\swdsvc.exe
    C:\Program\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\atiptaxx.exe
    C:\WINDOWS\LTSMMSG.exe
    C:\Program\TiFiC\TiFiC Client G1\ConnecteSupport.exe
    C:\Program\iTunes\iTunesHelper.exe
    C:\Program\Telia\Supportassistent\bin\sprtcmd.exe
    C:\Program\Spyware Doctor\SDTrayApp.exe
    C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program\Enigma Software Group\SpyHunter\SpyHunter3.exe
    C:\Program\SpyNoMore\SNM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program\Veoh Networks\Veoh\VeohClient.exe
    C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program\Telia\Connect\WVPNMonitor.exe
    C:\Program\EAV Antivirus Suite\Anti-Virus.exe
    C:\Program\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

     hosts


     C:\


     C:\WINDOWS


     C:\WINDOWS\system


     C:\WINDOWS\Web


     C:\WINDOWS\system32

    C:\WINDOWS\system32\ivrllc.dll FOUND !

     C:\WINDOWS\system32\LogFiles


     C:\Documents and Settings\MELISSAMAYA


     C:\Documents and Settings\MELISSAMAYA\Application Data

    C:\Documents and Settings\MELISSAMAYA\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusProtect 3.8.lnk FOUND !

     Start Menu

    C:\DOCUME~1\MELISS~1\START-~1\AntiVirGear 3.8.lnk FOUND !
    C:\DOCUME~1\MELISS~1\START-~1\VirusProtect 3.8.lnk FOUND !

     C:\DOCUME~1\MELISS~1\FAVORI~1

    C:\DOCUME~1\MELISS~1\FAVORI~1\Online Security Test.url FOUND !

     Desktop


     C:\Program

    C:\Program\Video Add-on\ FOUND !

     Corrupted keys


     Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Min aktuella startsida"


     IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix.exe by S!Ri


     Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


     AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


     Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


     Rustock








    .........................................................................
    REPORT.txt After running SmitFraudFix IN SAFE mode

    SmitFraudFix v2.274

    Scan done at 9:35:07.33, Sun 01/13/2008
    Run from C:\Documents and Settings\MELISSAMAYA\Skrivbord\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

     SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

     Killing process


     hosts


    127.0.0.1 localhost

     Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


     Generic Renos Fix

    GenericRenosFix by S!Ri


     Deleting infected files

    C:\WINDOWS\system32\ivrllc.dll Deleted
    C:\Documents and Settings\MELISSAMAYA\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusProtect 3.8.lnk Deleted
    C:\DOCUME~1\MELISS~1\START-~1\AntiVirGear 3.8.lnk Deleted
    C:\DOCUME~1\MELISS~1\START-~1\VirusProtect 3.8.lnk Deleted
    C:\DOCUME~1\MELISS~1\FAVORI~1\Online Security Test.url Deleted
    C:\Program\Video Add-on\ Deleted

     IEDFix

    IEDFix.exe by S!Ri


     DNS



     Deleting Temp Files


     Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


     Registry Cleaning

    Registry Cleaning done.

     SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


     End


    And HijackThis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:21:09 PM, on 1/13/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\a-squared Free\a2service.exe
    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program\Telia\Connect\ATService.exe
    C:\Program\Telia\Connect\Connect.exe
    C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe
    C:\Program\Spyware Doctor\svcntaux.exe
    C:\Program\Spyware Doctor\swdsvc.exe
    C:\Program\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\atiptaxx.exe
    C:\WINDOWS\LTSMMSG.exe
    C:\Program\TiFiC\TiFiC Client G1\ConnecteSupport.exe
    C:\Program\iTunes\iTunesHelper.exe
    C:\Program\Telia\Supportassistent\bin\sprtcmd.exe
    C:\Program\Spyware Doctor\SDTrayApp.exe
    C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program\Enigma Software Group\SpyHunter\SpyHunter3.exe
    C:\Program\SpyNoMore\SNM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program\Veoh Networks\Veoh\VeohClient.exe
    C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program\Telia\Connect\WVPNMonitor.exe
    C:\Program\EAV Antivirus Suite\Anti-Virus.exe
    C:\Program\iPod\bin\iPodService.exe
    C:\Program\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smalandsborsen.se/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LDnkar
    R3 - URLSearchHook: free-downloads.net Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program\free-downloads\tbfre0.dll
    R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program\Freecorder\tbFre0.dll
    O3 - Toolbar: free-downloads.net Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program\free-downloads\tbfre0.dll
    O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
    O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program\Freecorder\tbFre0.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ConnecteSupport] "C:\Program\TiFiC\TiFiC Client G1\ConnecteSupport.exe" /HIDE /ONLINECHECK /WAIT 5 /DEFLANG "English" /SERVER teliabg.connect.teliasonera.com
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia
    O4 - HKLM\..\Run: [SDTray] "C:\Program\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program\Enigma Software Group\SpyHunter\SpyHunter3.exe
    O4 - HKLM\..\Run: [SNM] C:\Program\SpyNoMore\SNM.exe /startup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
    O4 - HKCU\..\Run: [Internet History Eraser] C:\Program\Acesoft\Internet History Eraser\te.exe min
    O4 - HKCU\..\Run: [Veoh] "C:\Program\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJ$NST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Connect Monitor.lnk = C:\Program\Telia\Connect\WVPNMonitor.exe
    O4 - Global Startup: EAV Antivirus Suite.lnk = C:\Program\EAV Antivirus Suite\Anti-Virus.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.3stepit.se
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1194400343634
    O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program\a-squared Free\a2service.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Telia Connect AT Service (CTATSvc) - Telia - C:\Program\Telia\Connect\ATService.exe
    O23 - Service: Telia Connect (CTConnect) - Telia - C:\Program\Telia\Connect\Connect.exe
    O23 - Service: GtFlashSwitch - OptionNV - C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program\WinPcap\rpcapd.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\swdsvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

    --
    End of file - 7130 bytes

  7. #7
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    *SUPER AntiSpyware Alerted me that the homepage changed, from www.smalandsborsen.se to http://www.microsoft.com/isapi/redir.dll?prd=iepver=6ar =msnhome :
    This is something you have instigated, maybe inadvertantly, it's not malware, it's being changed to point to your home network... somehow ...

    *My desktop wallpaper also dissapeared. Blank when no wallpaper is choosed, understand that ,Step 4?
    What is the position with this now ? can you set a new wallpaper ?

    SmitFraudFix has removed a zlob trojan for you ...

    Please download Combofix: http://download.bleepingcomputer.com...a/ComboFix.exe
    and save to the desktop.

    1. Double click on combo.exe & follow the prompts.
    2. When finished, it will produce a logfile located at C:\ComboFix.txt.
    3. Post the contents of that log in your next reply with a new hijackthis log.

    Notes:
    * Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
    * Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  8. #8
    Member
    Join Date
    Jan 2008
    Posts
    44
    Points
    0

    Default combofix log + hijackthis log

    Hi here is the combofix log that you requested, along with a new Hijackthis log...
    จจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจ
    ComboFix 08-01-09.2 - MELISSAMAYA 2008-01-18 19:52:52.1 - NTFSx86
    Running from: C:\Documents and Settings\MELISSAMAYA\Skrivbord\ComboFix.exe
    * Created a new restore point
    .
    The following files were disabled during the run:
    C:\Program\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data.\Starware316
    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\775_button_1b_def.bmp
    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\FindIt.bmp
    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\FindItHot.bmp
    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\findithotxp.png
    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\finditxp.png
    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Free_Credit_Score0.bmp
    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Free_Music0.bmp
    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\logo.bmp
    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\logoxp.bmp
    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Reference.bmp
    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\ReferenceHot.bmp
    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\referencehotxp.png
    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\referencexp.png
    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Ringtones0.bmp
    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Screensavers0.bmp
    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Weather.bmp
    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\WeatherHot.bmp
    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\weatherhotxp.png
    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\weatherxp.png
    C:\Documents and Settings\All Users\Application Data.\Starware316\contexts\error.xml
    C:\Documents and Settings\All Users\Application Data.\Starware316\contexts\Related.xml
    C:\Documents and Settings\All Users\Application Data.\Starware316\contexts\Travel.xml
    C:\Documents and Settings\All Users\Application Data.\Starware316\images\walertXP.bmp
    C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\ProductMessagingConfig.xml
    C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
    C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
    C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
    C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\TimerManagerConfig.xml
    C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\775_button_1b_def.bmp
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Free_Credit_Score0.bmp
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Free_Music0.bmp
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logo.bmp
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logoxp.bmp
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Ringtones0.bmp
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\WeatherHot.bmp
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png
    C:\Documents and Settings\All Users\Application Data\Starware316\contexts\error.xml
    C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Related.xml
    C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Travel.xml
    C:\Documents and Settings\All Users\Application Data\Starware316\images\walertXP.bmp
    C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml
    C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
    C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
    C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
    C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml
    C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
    C:\Documents and Settings\MELISSAMAYA\Application Data\AntiSpywareBot
    C:\Documents and Settings\MELISSAMAYA\Application Data\AntiSpywareBot\DataBase.ref
    C:\Documents and Settings\MELISSAMAYA\Application Data\AntiSpywareBot\Log\2007 Dec 23 - 02_46_50 AM_943.log
    C:\Documents and Settings\MELISSAMAYA\Application Data\AntiSpywareBot\Log\2007 Dec 23 - 03_00_03 AM_242.log
    C:\Documents and Settings\MELISSAMAYA\Application Data\AntiSpywareBot\Log\2007 Dec 23 - 03_00_05 AM_005.log
    C:\Documents and Settings\MELISSAMAYA\Application Data\AntiSpywareBot\Log\2007 Dec 23 - 03_01_07 PM_725.log
    C:\Documents and Settings\MELISSAMAYA\Application Data\AntiSpywareBot\Log\2007 Dec 24 - 03_09_42 AM_223.log
    C:\Documents and Settings\MELISSAMAYA\Application Data\AntiSpywareBot\rs.dat
    C:\Documents and Settings\MELISSAMAYA\Application Data\AntiSpywareBot\Settings\CustomScan.stg
    C:\Documents and Settings\MELISSAMAYA\Application Data\AntiSpywareBot\Settings\IgnoreList.stg
    C:\Documents and Settings\MELISSAMAYA\Application Data\AntiSpywareBot\Settings\ScanInfo.stg
    C:\Documents and Settings\MELISSAMAYA\Application Data\AntiSpywareBot\Settings\ScanResults.stg
    C:\Documents and Settings\MELISSAMAYA\Application Data\AntiSpywareBot\Settings\SelectedFolders.stg
    C:\Documents and Settings\MELISSAMAYA\Application Data\AntiSpywareBot\Settings\Settings.stg
    C:\WINDOWS\Tasks.\AntiSpywareBot Scheduled Scan.job

    .
    ((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
    .

    2008-01-18 19:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-18 19:31 . 2008-01-18 19:31 d-------- C:\WINDOWS\LastGood
    2008-01-14 16:28 . 2005-10-07 16:54 114,688 --a------ C:\WINDOWS\system32\rkinstaller.exe
    2008-01-12 02:58 . 2008-01-13 09:35 1,840 --a------ C:\WINDOWS\system32\tmp.reg
    2008-01-09 02:49 . 2008-01-09 02:49 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-01-09 02:48 . 2008-01-16 02:06 d-------- C:\Program\SUPERAntiSpyware
    2008-01-09 02:48 . 2008-01-09 02:48 d-------- C:\Documents and Settings\MELISSAMAYA\Application Data\SUPERAntiSpyware.com
    2008-01-06 23:31 . 2008-01-06 23:31 d-------- C:\Program\Delade filer\Wise Installation Wizard
    2008-01-06 23:19 . 2008-01-06 23:19 d-------- C:\Program\Trend Micro
    2008-01-06 05:54 . 2008-01-06 05:54 d-------- C:\Program\NoAdware5.0
    2008-01-04 17:07 . 2008-01-04 17:07 d-------- C:\Program\PrivacyEraser Computing
    2008-01-04 16:10 . 2008-01-04 16:10 1,152 --a------ C:\WINDOWS\system32\windrv.sys
    2008-01-04 16:09 . 2008-01-05 18:03 d-------- C:\Program\SpyNoMore
    2008-01-04 12:18 . 2008-01-04 12:18 d-------- C:\Program\Enigma Software Group
    2008-01-03 00:21 . 2008-01-03 00:21 d-------- C:\Program\EAV Antivirus Suite
    2007-12-22 13:21 . 2008-01-18 19:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-12-22 13:21 . 2007-12-22 13:21 1,409 --a------ C:\WINDOWS\QTFont.for

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-14 15:28 --------- d-----w C:\Program\filesubmit
    2008-01-03 06:26 --------- d--h--w C:\Program\InstallShield Installation Information
    2008-01-03 06:26 --------- d-----w C:\Program\Delade filer\Panda Software
    2008-01-01 09:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-01 02:42 --------- d-----w C:\Program\Spyware Doctor
    2008-01-01 02:40 --------- d-----w C:\Program\iTunes
    2008-01-01 02:39 --------- d-----w C:\Program\Delade filer\GtFlashSwitch
    2008-01-01 02:37 --------- d-----w C:\Program\a-squared Free
    2007-12-15 12:58 --------- d-----w C:\Documents and Settings\MELISSAMAYA\Application Data\DivX
    2007-12-05 08:51 --------- d-----w C:\Program\Xvid
    2007-11-30 12:32 --------- d-----w C:\Program\Replay Media Catcher
    2007-11-26 20:27 --------- d-----w C:\Documents and Settings\MELISSAMAYA\Application Data\Grisoft
    2007-11-26 20:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-26 20:04 --------- d-----w C:\Program\MagicISO
    2007-11-26 09:52 --------- d-----w C:\Documents and Settings\MELISSAMAYA\Application Data\PC Tools
    2007-11-26 02:17 --------- d-----w C:\Program\Freecorder
    2007-11-26 02:17 --------- d-----w C:\Program\free-downloads
    2007-11-18 11:43 --------- d-----w C:\Program\Veoh Networks
    2007-11-04 21:13 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
    2007-11-04 21:13 286,720 ------w C:\WINDOWS\Setup1.exe
    2007-10-29 22:45 1,289,728 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-11 18:53 2,293,712 ----a-w C:\Program\FLV PlayerFCSetup.exe
    2007-10-11 18:49 3,655,488 ----a-w C:\Program\FLV PlayerRCATSetup.exe
    2007-10-11 18:34 411,248 ----a-w C:\Program\FLV PlayerRCSetup.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    2008-01-18 19:30 1502232 --a------ C:\Program\Freecorder\tbFre1.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]
    2008-01-18 19:30 1502232 --a------ C:\Program\free-downloads\tbfre1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {D3E23B4B-F153-4687-82C2-816319DD3C5A}
    {ED4BD629-C1B6-4399-8A34-02CCAA921DC9}
    {1392B8D2-5C05-419F-A8F6-B9F15A596612}
    {D0943516-5076-4020-A3B5-AEFAF26AB263}

    [HKEY_CLASSES_ROOT\clsid\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]

    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{D3E23B4B-F153-4687-82C2-816319DD3C5A}"= C:\Program\free-downloads\tbfre1.dll [2008-01-18 19:30 1502232]
    "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= C:\Program\Freecorder\tbFre1.dll [2008-01-18 19:30 1502232]

    [HKEY_CLASSES_ROOT\clsid\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]

    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:34 15360]
    "AlcoholAutomount"="C:\Program\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-07-02 11:27 219520]
    "Internet History Eraser"="C:\Program\Acesoft\Internet History Eraser\te.exe" [ ]
    "Veoh"="C:\Program\Veoh Networks\Veoh\VeohClient.exe" [2007-11-13 15:48 3411968]
    "SUPERAntiSpyware"="C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIModeChange"="Ati2mdxx.exe" [2006-06-13 08:51 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
    "AtiPTA"="atiptaxx.exe" [2006-06-13 08:51 286720 C:\WINDOWS\system32\atiptaxx.exe]
    "LTSMMSG"="LTSMMSG.exe" [2006-06-13 09:02 32768 C:\WINDOWS\LTSMMSG.exe]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "ConnecteSupport"="C:\Program\TiFiC\TiFiC Client G1\ConnecteSupport.exe" [2007-07-17 08:30 1986560]
    "QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
    "iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]
    "Telia"="C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" [2007-08-21 14:46 197880]
    "SDTray"="C:\Program\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24 1065800]
    "!AVG Anti-Spyware"="C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
    "SpyHunter Security Suite"="C:\Program\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2007-11-30 13:47 847872]
    "SNM"="C:\Program\SpyNoMore\SNM.exe" [2007-12-26 15:50 1212368]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:34 15360]

    C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
    Adobe Reader Speed Launch.lnk - C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
    Connect Monitor.lnk - C:\Program\Telia\Connect\WVPNMonitor.exe [2007-07-16 07:38:00]
    EAV Antivirus Suite.lnk - C:\Program\EAV Antivirus Suite\Anti-Virus.exe [2007-06-15 23:29:16]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program\SUPERAntiSpyware\SASWINLO.dll

    R2 CTATSvc;Telia Connect AT Service;C:\Program\Telia\Connect\ATService.exe [2007-07-16 07:38]
    R2 CTConnect;Telia Connect;C:\Program\Telia\Connect\Connect.exe [2007-07-16 07:38]
    R2 GtFlashSwitch;GtFlashSwitch;"C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe" [2007-02-09 13:48]
    R3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-04-14 04:05]
    R3 GTSCSER;GT SC SER;C:\WINDOWS\system32\DRIVERS\gtscser.sys [2007-04-14 04:05]
    R3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-04-14 04:06]
    R3 LucentSoftModem;Lucent Technologies Soft Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys [2006-06-13 09:02]
    S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-29 01:01]
    S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
    S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []

    *Newly Created Service* - PROCEXP90
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-16 22:40:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-18 19:59:18
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwClose

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\SYSTEM32\winlogon.exe
    -> C:\Program\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

    PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
    -> C:\Program\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
    .
    Completion time: 2008-01-18 20:00:49
    ComboFix-quarantined-files.txt 2008-01-18 19:00:37
    .
    2008-01-01 13:59:42 --- E O F --- จ

    จจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจ

    And HijackThis
    จจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจ

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:22:12 PM, on 1/21/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\a-squared Free\a2service.exe
    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program\Telia\Connect\ATService.exe
    C:\Program\Telia\Connect\Connect.exe
    C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe
    C:\Program\Spyware Doctor\svcntaux.exe
    C:\Program\Spyware Doctor\swdsvc.exe
    C:\Program\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\atiptaxx.exe
    C:\WINDOWS\LTSMMSG.exe
    C:\Program\TiFiC\TiFiC Client G1\ConnecteSupport.exe
    C:\Program\iTunes\iTunesHelper.exe
    C:\Program\Telia\Supportassistent\bin\sprtcmd.exe
    C:\Program\Spyware Doctor\SDTrayApp.exe
    C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program\Enigma Software Group\SpyHunter\SpyHunter3.exe
    C:\Program\SpyNoMore\SNM.exe
    C:\Program\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program\FlashGet\FlashGet.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program\Veoh Networks\Veoh\VeohClient.exe
    C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program\Telia\Connect\WVPNMonitor.exe
    C:\Program\EAV Antivirus Suite\Anti-Virus.exe
    C:\Program\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smalandsborsen.se/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lไnkar
    R3 - URLSearchHook: free-downloads.net Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program\free-downloads\tbfre1.dll
    R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program\Freecorder\tbFre1.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program\FlashGet\jccatch.dll
    O3 - Toolbar: free-downloads.net Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program\free-downloads\tbfre1.dll
    O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
    O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program\Freecorder\tbFre1.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ConnecteSupport] "C:\Program\TiFiC\TiFiC Client G1\ConnecteSupport.exe" /HIDE /ONLINECHECK /WAIT 5 /DEFLANG "English" /SERVER teliabg.connect.teliasonera.com
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia
    O4 - HKLM\..\Run: [SDTray] "C:\Program\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program\Enigma Software Group\SpyHunter\SpyHunter3.exe
    O4 - HKLM\..\Run: [SNM] C:\Program\SpyNoMore\SNM.exe /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Flashget] "C:\Program\FlashGet\FlashGet.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
    O4 - HKCU\..\Run: [Internet History Eraser] C:\Program\Acesoft\Internet History Eraser\te.exe min
    O4 - HKCU\..\Run: [Veoh] "C:\Program\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJฤNST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Connect Monitor.lnk = C:\Program\Telia\Connect\WVPNMonitor.exe
    O4 - Global Startup: EAV Antivirus Suite.lnk = C:\Program\EAV Antivirus Suite\Anti-Virus.exe
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.3stepit.se
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1194400343634
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program\a-squared Free\a2service.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Telia Connect AT Service (CTATSvc) - Telia - C:\Program\Telia\Connect\ATService.exe
    O23 - Service: Telia Connect (CTConnect) - Telia - C:\Program\Telia\Connect\Connect.exe
    O23 - Service: GtFlashSwitch - OptionNV - C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program\WinPcap\rpcapd.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\swdsvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

    --
    End of file - 9037 bytes
    จจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจ

    ps.

    Basementgeek wrote:

    Please don't start a new topic as gets very confusing. Stay with this one:

    http://www.help2go.com/component/option,com_forum/Itemi d,32/page,viewtopic/p,129993/highlight,/#129993

    Need to see the combo log.
    จจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจจ
    the reason why i started a new topic??!! was that i have 2 topic : tries to remote my computer???, and, Remove VirusRanger 3.8 (oops wrong, should be 3.2) sorry!! but I had/have both "zlob", and "virusRanger 3.2" in my computer that I want to remove... haven't been able to remove VirusRanger 3.2 yet, ran activescan, but Housecall took VERY long time to load, (too slow internet connection).

    so SORRY about by starting a New thread.

    Thanx

  9. #9
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    The Combofix version you downloaded is now out of date ... the link & version I gave you on Jan 13 were OK for Jan 13 ... it is now Jan 22 & Combofix has been updated over dozen times & has a new download location ... Please delete your Combofix.exe file and download the new one from here :-

    Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

    Link 1
    Link 2
    Link 3


    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    --------------------------------------------------------------------

    Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  10. #10
    Member
    Join Date
    Jan 2008
    Posts
    44
    Points
    0

    Default New combofix & hijackthis log

    Hi sorry for keeping you waiting, but here they are. Thanx for being patient.

    Combofix:

    ComboFix 08-01-23.1C - MELISSAMAYA 2008-01-25 13:05:40.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.46.1053.18.101 [GMT 1:00]
    Running from: C:\Documents and Settings\MELISSAMAYA\Skrivbord\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))
    .

    2008-01-24 00:09 . 2008-01-25 12:33 d--h----- C:\Downloads
    2008-01-22 17:51 . 2008-01-22 17:51 d-------- C:\Program\Pcsx2_0.9.4
    2008-01-20 07:31 . 2008-01-20 07:31 d-------- C:\Program\Google
    2008-01-20 07:31 . 2008-01-25 13:06 d-------- C:\Program\FlashGet
    2008-01-18 23:58 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-01-18 23:57 . 2008-01-18 23:58 d-------- C:\Program\Java
    2008-01-18 23:52 . 2008-01-18 23:52 d-------- C:\Program\Delade filer\Java
    2008-01-18 21:28 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
    2008-01-18 21:26 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\qulhxcsjmiwa.sys
    2008-01-18 20:55 . 2008-01-18 22:16 d-------- C:\WINDOWS\system32\ActiveScan
    2008-01-18 20:55 . 2008-01-18 20:55 30,590 --a------ C:\WINDOWS\system32\pavas.ico
    2008-01-18 20:55 . 2008-01-18 20:55 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
    2008-01-18 20:55 . 2008-01-18 20:55 1,406 --a------ C:\WINDOWS\system32\Help.ico
    2008-01-18 19:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-12 02:58 . 2008-01-13 09:35 1,840 --a------ C:\WINDOWS\system32\tmp.reg
    2008-01-09 02:48 . 2008-01-21 17:41 d-------- C:\Program\SUPERAntiSpyware
    2008-01-06 23:31 . 2008-01-06 23:31 d-------- C:\Program\Delade filer\Wise Installation Wizard
    2008-01-06 23:19 . 2008-01-06 23:19 d-------- C:\Program\Trend Micro
    2008-01-06 05:54 . 2008-01-06 05:54 d-------- C:\Program\NoAdware5.0
    2008-01-04 17:07 . 2008-01-04 17:07 d-------- C:\Program\PrivacyEraser Computing
    2008-01-04 16:10 . 2008-01-04 16:10 1,152 --a------ C:\WINDOWS\system32\windrv.sys
    2008-01-04 16:09 . 2008-01-23 08:37 d-------- C:\Program\SpyNoMore
    2008-01-04 12:18 . 2008-01-04 12:18 d-------- C:\Program\Enigma Software Group
    2008-01-03 00:21 . 2008-01-18 21:54 d-------- C:\Program\EAV Antivirus Suite

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-24 18:36 --------- d-----w C:\Program\Spyware Doctor
    2008-01-23 07:37 --------- d-----w C:\Program\filesubmit
    2008-01-23 07:33 --------- d-----w C:\Program\a-squared Free
    2008-01-22 16:48 --------- d-----w C:\Program\Pcsx2t
    2008-01-19 01:33 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-01-19 01:32 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-01-18 20:55 --------- d-----w C:\Program\iTunes
    2008-01-18 20:54 --------- d-----w C:\Program\Freecorder
    2008-01-18 20:54 --------- d-----w C:\Program\free-downloads
    2008-01-18 20:53 --------- d-----w C:\Program\Delade filer\GtFlashSwitch
    2008-01-03 06:26 --------- d--h--w C:\Program\InstallShield Installation Information
    2008-01-03 06:26 --------- d-----w C:\Program\Delade filer\Panda Software
    2007-12-05 08:51 --------- d-----w C:\Program\Xvid
    2007-11-30 12:32 --------- d-----w C:\Program\Replay Media Catcher
    2007-11-26 20:04 --------- d-----w C:\Program\MagicISO
    2007-11-07 09:29 722,432 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-11-04 21:13 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
    2007-11-04 21:13 286,720 ------w C:\WINDOWS\Setup1.exe
    2007-10-29 22:45 1,289,728 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-11 18:53 2,293,712 ----a-w C:\Program\FLV PlayerFCSetup.exe
    2007-10-11 18:49 3,655,488 ----a-w C:\Program\FLV PlayerRCATSetup.exe
    2007-10-11 18:34 411,248 ----a-w C:\Program\FLV PlayerRCSetup.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {D3E23B4B-F153-4687-82C2-816319DD3C5A}
    {ED4BD629-C1B6-4399-8A34-02CCAA921DC9}
    {1392B8D2-5C05-419F-A8F6-B9F15A596612}
    {D0943516-5076-4020-A3B5-AEFAF26AB263}
    {2318C2B1-4965-11D4-9B18-009027A5CD4F}

    [HKEY_CLASSES_ROOT\clsid\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]

    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{D3E23B4B-F153-4687-82C2-816319DD3C5A}"= C:\Program\free-downloads\tbfre1.dll [2008-01-18 19:30 1502232]
    "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= C:\Program\Freecorder\tbFre1.dll [2008-01-18 19:30 1502232]

    [HKEY_CLASSES_ROOT\clsid\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]

    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:34 15360]
    "AlcoholAutomount"="C:\Program\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-07-02 11:27 219520]
    "Internet History Eraser"="C:\Program\Acesoft\Internet History Eraser\te.exe" [ ]
    "Veoh"="C:\Program\Veoh Networks\Veoh\VeohClient.exe" [2007-11-13 15:48 3411968]
    "SUPERAntiSpyware"="C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
    "swg"="C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-20 07:31 171448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIModeChange"="Ati2mdxx.exe" [2006-06-13 08:51 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
    "AtiPTA"="atiptaxx.exe" [2006-06-13 08:51 286720 C:\WINDOWS\system32\atiptaxx.exe]
    "LTSMMSG"="LTSMMSG.exe" [2006-06-13 09:02 32768 C:\WINDOWS\LTSMMSG.exe]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "ConnecteSupport"="C:\Program\TiFiC\TiFiC Client G1\ConnecteSupport.exe" [2007-07-17 08:30 1986560]
    "QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
    "iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]
    "Telia"="C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" [2007-08-21 14:46 197880]
    "SDTray"="C:\Program\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24 1065800]
    "!AVG Anti-Spyware"="C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
    "SpyHunter Security Suite"="C:\Program\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2007-11-30 13:47 847872]
    "SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "Flashget"="C:\Program\FlashGet\FlashGet.exe" [2007-09-25 10:29 2007088]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:34 15360]

    C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
    Adobe Reader Speed Launch.lnk - C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
    Connect Monitor.lnk - C:\Program\Telia\Connect\WVPNMonitor.exe [2007-07-16 07:38:00 2228224]
    EAV Antivirus Suite.lnk - C:\Program\EAV Antivirus Suite\Anti-Virus.exe [2007-06-15 23:29:16 349696]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program\SUPERAntiSpyware\SASWINLO.dll

    R2 CTATSvc;Telia Connect AT Service;C:\Program\Telia\Connect\ATService.exe [2007-07-16 07:38]
    R2 CTConnect;Telia Connect;C:\Program\Telia\Connect\Connect.exe [2007-07-16 07:38]
    R2 GtFlashSwitch;GtFlashSwitch;"C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe" [2007-02-09 13:48]
    R3 LucentSoftModem;Lucent Technologies Soft Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys [2006-06-13 09:02]
    S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-04-14 04:05]
    S3 GTSCSER;GT SC SER;C:\WINDOWS\system32\DRIVERS\gtscser.sys [2007-04-14 04:05]
    S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-04-14 04:06]
    S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-29 01:01]
    S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
    S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-01-18 22:40:24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-25 13:08:51
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwClose

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\Program\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

    PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
    -> C:\Program\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
    .
    Completion time: 2008-01-25 13:10:11
    ComboFix-quarantined-files.txt 2008-01-25 12:10:03
    .
    2008-01-19 02:09:48 --- E O F ---

    and HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:26:00 PM, on 1/25/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\a-squared Free\a2service.exe
    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program\Telia\Connect\ATService.exe
    C:\Program\Telia\Connect\Connect.exe
    C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe
    C:\Program\Spyware Doctor\svcntaux.exe
    C:\Program\Spyware Doctor\swdsvc.exe
    C:\Program\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\atiptaxx.exe
    C:\WINDOWS\LTSMMSG.exe
    C:\Program\TiFiC\TiFiC Client G1\ConnecteSupport.exe
    C:\Program\iTunes\iTunesHelper.exe
    C:\Program\Telia\Supportassistent\bin\sprtcmd.exe
    C:\Program\Spyware Doctor\SDTrayApp.exe
    C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program\Enigma Software Group\SpyHunter\SpyHunter3.exe
    C:\Program\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program\FlashGet\FlashGet.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program\Veoh Networks\Veoh\VeohClient.exe
    C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program\Telia\Connect\WVPNMonitor.exe
    C:\Program\EAV Antivirus Suite\Anti-Virus.exe
    C:\Program\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\Program\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smalandsborsen.se/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lไnkar
    R3 - URLSearchHook: free-downloads.net Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program\free-downloads\tbfre1.dll
    R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program\Freecorder\tbFre1.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program\FlashGet\jccatch.dll
    O3 - Toolbar: free-downloads.net Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program\free-downloads\tbfre1.dll
    O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
    O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program\Freecorder\tbFre1.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ConnecteSupport] "C:\Program\TiFiC\TiFiC Client G1\ConnecteSupport.exe" /HIDE /ONLINECHECK /WAIT 5 /DEFLANG "English" /SERVER teliabg.connect.teliasonera.com
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia
    O4 - HKLM\..\Run: [SDTray] "C:\Program\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program\Enigma Software Group\SpyHunter\SpyHunter3.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Flashget] "C:\Program\FlashGet\FlashGet.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
    O4 - HKCU\..\Run: [Internet History Eraser] C:\Program\Acesoft\Internet History Eraser\te.exe min
    O4 - HKCU\..\Run: [Veoh] "C:\Program\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJฤNST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Connect Monitor.lnk = C:\Program\Telia\Connect\WVPNMonitor.exe
    O4 - Global Startup: EAV Antivirus Suite.lnk = C:\Program\EAV Antivirus Suite\Anti-Virus.exe
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.3stepit.se
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1194400343634
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program\a-squared Free\a2service.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Telia Connect AT Service (CTATSvc) - Telia - C:\Program\Telia\Connect\ATService.exe
    O23 - Service: Telia Connect (CTConnect) - Telia - C:\Program\Telia\Connect\Connect.exe
    O23 - Service: GtFlashSwitch - OptionNV - C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program\WinPcap\rpcapd.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\swdsvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

    --
    End of file - 8911 bytes

    Thanx for helping me! :-)

Page 1 of 2 12 LastLast