ipconfig.exe box just appears a fraction of a second

[Peterwolfe]

OOOP, see it is in Norwegian??? There wasnt a question for the language!!!! Sorry

ComboFix 10-05-15.03 - Peter 16.05.2010  16:54:50.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.47.1033.18.3071.2483 [GMT 2:00]
Kjører fra: c:\documents and settings\Peter\Desktop\commy.exe
.

(((((((((((((((((((((((((((((((((((((((   Andre slettinger   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Peter\Application Data\Desktopicon
c:\documents and settings\Peter\Application Data\inst.exe
c:\program files\eMule\lang\ar_AE.dll
c:\program files\eMule\lang\ba_BA.dll
c:\program files\eMule\lang\bg_BG.dll
c:\program files\eMule\lang\ca_ES.dll
c:\program files\eMule\lang\cz_CZ.dll
c:\program files\eMule\lang\da_DK.dll
c:\program files\eMule\lang\de_DE.dll
c:\program files\eMule\lang\el_GR.dll
c:\program files\eMule\lang\es_AS.dll
c:\program files\eMule\lang\es_ES_T.dll
c:\program files\eMule\lang\et_EE.dll
c:\program files\eMule\lang\fa_IR.dll
c:\program files\eMule\lang\fi_FI.dll
c:\program files\eMule\lang\fr_BR.dll
c:\program files\eMule\lang\fr_FR.dll
c:\program files\eMule\lang\gl_ES.dll
c:\program files\eMule\lang\he_IL.dll
c:\program files\eMule\lang\hu_HU.dll
c:\program files\eMule\lang\it_IT.dll
c:\program files\eMule\lang\jp_JP.dll
c:\program files\eMule\lang\ko_KR.dll
c:\program files\eMule\lang\lt_LT.dll
c:\program files\eMule\lang\lv_LV.dll
c:\program files\eMule\lang\mt_MT.dll
c:\program files\eMule\lang\nb_NO.dll
c:\program files\eMule\lang\nl_NL.dll
c:\program files\eMule\lang\nn_NO.dll
c:\program files\eMule\lang\pl_PL.dll
c:\program files\eMule\lang\pt_BR.dll
c:\program files\eMule\lang\pt_PT.dll
c:\program files\eMule\lang\ro_RO.dll
c:\program files\eMule\lang\ru_RU.dll
c:\program files\eMule\lang\sl_SI.dll
c:\program files\eMule\lang\sq_AL.dll
c:\program files\eMule\lang\sv_SE.dll
c:\program files\eMule\lang\tr_TR.dll
c:\program files\eMule\lang\ua_UA.dll
c:\program files\eMule\lang\ug_CN.dll
c:\program files\eMule\lang\va_ES.dll
c:\program files\eMule\lang\va_ES_RACV.dll
c:\program files\eMule\lang\vi_VN.dll
c:\program files\eMule\lang\zh_CN.dll
c:\program files\eMule\lang\zh_TW.dll
C:\Thumbs.db

.
(((((((((((((((((((((((((((   Filer Opprettet Fra 2010-04-16 til 2010-05-16  )))))))))))))))))))))))))))))))))
.

2010-05-15 12:37 . 2010-05-15 12:37   503808   ----a-w-   c:\documents and settings\Peter\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1807a956-n\msvcp71.dll
2010-05-15 12:37 . 2010-05-15 12:37   499712   ----a-w-   c:\documents and settings\Peter\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1807a956-n\jmc.dll
2010-05-15 12:37 . 2010-05-15 12:37   348160   ----a-w-   c:\documents and settings\Peter\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1807a956-n\msvcr71.dll
2010-05-15 12:37 . 2010-05-15 12:37   61440   ----a-w-   c:\documents and settings\Peter\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5f522b00-n\decora-sse.dll
2010-05-15 12:37 . 2010-05-15 12:37   12800   ----a-w-   c:\documents and settings\Peter\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5f522b00-n\decora-d3d.dll
2010-05-14 05:06 . 2010-05-14 05:06   --------   d-----w-   c:\program files\ESET
2010-05-10 10:20 . 2010-05-10 10:20   37600   ----a-w-   c:\windows\system32\Partizan.exe
2010-05-10 10:20 . 2010-05-10 10:20   35816   ----a-w-   c:\windows\system32\drivers\Partizan.sys
2010-05-10 10:19 . 2010-05-10 10:19   2   --shatr-   c:\windows\winstart.bat
2010-05-10 10:19 . 2010-05-06 11:44   12752   ----a-w-   c:\windows\system32\drivers\UnHackMeDrv.sys
2010-05-10 10:18 . 2010-05-10 12:46   --------   d-----w-   c:\program files\UnHackMe
2010-05-06 05:26 . 2010-05-06 05:26   --------   d-----w-   c:\program files\JRE
2010-05-03 18:46 . 2010-05-03 18:47   --------   d-----w-   c:\documents and settings\Peter\Application Data\vlc
2010-05-02 12:24 . 2010-04-12 15:29   411368   ----a-w-   c:\windows\system32\deployJava1.dll
2010-04-29 12:24 . 2010-04-29 12:29   --------   d-----w-   c:\program files\Ask.com

.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-16 07:25 . 2009-07-20 01:59   --------   d-----w-   c:\program files\uTorrent
2010-05-15 22:29 . 2009-07-20 01:58   --------   d-----w-   c:\documents and settings\Peter\Application Data\uTorrent
2010-05-10 05:10 . 2009-11-09 10:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-09 19:33 . 2009-11-27 00:32   117760   ----a-w-   c:\documents and settings\Peter\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-09 02:43 . 2009-09-06 11:12   1   ----a-w-   c:\documents and settings\Peter\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-06 05:43 . 2009-07-14 15:15   75440   ----a-w-   c:\documents and settings\Peter\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-06 05:26 . 2009-07-14 18:03   --------   d-----w-   c:\program files\OpenOffice.org 3
2010-05-06 05:24 . 2009-11-12 22:30   --------   d-----w-   c:\program files\Java
2010-05-04 20:01 . 2009-07-14 16:19   --------   d-----w-   c:\program files\Opera
2010-05-04 12:29 . 2009-07-14 18:18   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-05-01 21:02 . 2009-08-11 17:06   --------   d-----w-   c:\program files\VideoLAN
2010-04-30 13:12 . 2009-07-14 19:05   --------   d-----w-   c:\program files\Opera 10 Beta
2010-04-29 13:39 . 2009-07-14 18:18   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-07-14 18:18   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-04-21 07:09 . 2009-07-15 15:49   242896   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2010-04-20 17:06 . 2009-11-27 00:31   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-04-12 16:28 . 2009-11-10 08:55   --------   d-----w-   c:\documents and settings\Peter\Application Data\dvdcss
2010-04-12 16:27 . 2009-08-30 20:56   --------   d-----w-   c:\documents and settings\Peter\Application Data\Vso
2010-04-12 00:49 . 2010-04-12 00:49   --------   d-----w-   c:\documents and settings\Peter\Application Data\ImTOO Software Studio
2010-04-12 00:49 . 2010-04-12 00:49   --------   d-----w-   c:\program files\ImTOO
2010-04-11 13:05 . 2009-10-25 23:50   --------   d-----w-   c:\documents and settings\Peter\Application Data\Skype
2010-04-11 10:57 . 2009-07-31 16:43   --------   d-----w-   c:\documents and settings\Peter\Application Data\skypePM
2010-04-11 08:00 . 2010-04-11 07:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\RegCure
2010-04-11 07:59 . 2010-04-11 07:55   --------   d-----w-   c:\program files\RegCure
2010-04-11 06:50 . 2010-04-11 06:45   --------   d-----w-   c:\program files\Wise Registry Cleaner
2010-04-11 06:39 . 2009-08-01 15:57   --------   d-----w-   c:\documents and settings\Peter\Application Data\Uniblue
2010-04-02 13:10 . 2010-02-22 11:35   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-03-30 17:48 . 2009-07-14 15:36   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-03-30 17:28 . 2010-03-30 17:28   503808   ----a-w-   c:\documents and settings\Peter\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-62f2f14c-n\msvcp71.dll
2010-03-30 17:28 . 2010-03-30 17:28   499712   ----a-w-   c:\documents and settings\Peter\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-62f2f14c-n\jmc.dll
2010-03-30 17:28 . 2010-03-30 17:28   348160   ----a-w-   c:\documents and settings\Peter\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-62f2f14c-n\msvcr71.dll
2010-03-30 17:28 . 2010-03-30 17:28   61440   ----a-w-   c:\documents and settings\Peter\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4c2341e5-n\decora-sse.dll
2010-03-30 17:28 . 2010-03-30 17:28   12800   ----a-w-   c:\documents and settings\Peter\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4c2341e5-n\decora-d3d.dll
2010-03-30 17:28 . 2010-03-30 17:28   --------   d-----w-   c:\program files\Common Files\Java
2010-03-29 23:54 . 2009-09-28 11:08   --------   d-----w-   c:\program files\CCleaner
2010-03-25 11:41 . 2010-03-25 11:41   --------   d-----w-   c:\program files\Smart Projects
2010-03-13 06:04 . 2010-03-13 06:04   12464   ----a-w-   c:\windows\system32\avgrsstx.dll
2010-03-13 06:04 . 2009-07-15 15:49   29512   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2010-03-13 06:03 . 2009-07-15 15:49   216200   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2010-03-10 06:15 . 2008-04-14 12:00   420352   ----a-w-   c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2008-04-14 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 12:00   455680   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 16:20 . 2010-02-22 16:20   1   ----a-w-   c:\windows\system32\Eztoo AVI Video Converter.dat
2010-02-17 07:10 . 2008-04-14 12:00   2189952   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01   2066816   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2009-05-01 21:02 . 2009-05-01 21:02   1044480   -c--a-w-   c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   -c--a-w-   c:\program files\opera\program\plugins\ssldivx.dll
2009-11-09 06:49 . 2009-11-09 06:49   107520   --sha-r-   c:\windows\system32\GBPKIGMR.dll
.

((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2010-05-06 594144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"D-Link AirPlus G DWL-G510"="c:\program files\D-Link\AirPlus G DWL-G510\AirGCFG.exe" [2007-10-24 1552384]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2002-06-10 102400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-15 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-13 06:04   12464   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0Partizan\0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\OpenOffice.org 3\\program\\soffice.exe"=
"c:\\Program Files\\OpenOffice.org 3\\program\\sbase.exe"=
"c:\\Program Files\\OpenOffice.org 3\\program\\scalc.exe"=
"c:\\Program Files\\OpenOffice.org 3\\program\\sdraw.exe"=
"c:\\Program Files\\OpenOffice.org 3\\program\\simpress.exe"=
"c:\\Program Files\\OpenOffice.org 3\\program\\smath.exe"=
"c:\\Program Files\\OpenOffice.org 3\\program\\swriter.exe"=
"c:\\Program Files\\Opera 10 Beta\\opera.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\7-Zip\\7zFM.exe"=
"c:\\Program Files\\D-Link\\AirPlus G DWL-G510\\D-Link Wizard.exe"=
"c:\\Program Files\\D-Link\\AirPlus G DWL-G510\\AirGCFG.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\RapidShareManager_0_1_0_248\\RapidShareManager_0_1_0_248\\RapidShareManager.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"50488:TCP"= 50488:TCP:TCP
"23090:UDP"= 23090:UDP:UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15.07.2009 17:49 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15.07.2009 17:49 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [13.03.2010 08:04 308064]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [10.05.2010 12:20 35816]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Peter\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Peter\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Peter\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\Peter\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.06.2009 14:20 12648]
S3 SASENUM;SASENUM;\??\c:\docume~1\Peter\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\Peter\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]

--- Andre tjenester/drivere lastet i minnet ---

*Deregistered* - UnHackMeDrv
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2010-05-15 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 19:29]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.sol.no/
.
- - - - TOMME PEKERE FJERNET - - - -

Toolbar-Locked - (no file)
WebBrowser-{7C5C0F58-E061-457D-9033-77307F5ED00C} - (no file)
HKCU-Run-WebCamRT.exe - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-16 16:58
Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ... 

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ... 

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Tidspunkt ferdig: 2010-05-16  17:00:07
ComboFix-quarantined-files.txt  2010-05-16 14:59

Pre-Run: 151 593 795 584 bytes free
Post-Run: 151 586 959 360 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT

- - End Of File - - 5CF9E0C24A01DA5106BD130A83ABCF1D

[SuperDave]

Use utroorent only for music and movies and they are always checked, because nowadays you cant be sure of anything

As you can see from this latest scan, a lot of bad stuff is getting in from P2P programs, specifically emule. Evidently, a lot of infections are getting through. Some other forums will not start cleaning computers until the P2P programs are all removed. All we do here is caution the user.

===========================
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners

Wise Registry Cleaner Professional V5.12
c:\program files\RegCure
==================================
Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and logs posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

c:\windows\system32\GBPKIGMR.dll
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

====================================
Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  KillAll::
  
  Folder::
  c:\program files\Ask.com
  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

[Peterwolfe]

c:\windows\system32\GBPKIGMR.dll.....Jotti said it couldnt find the file!!!!...Ask.com removed manually(probably a remnant after Limewire or so?);removed RegCure

[SuperDave]

Ok. Please send me another HTJ log.

[Peterwolfe]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:05:03, on 17.05.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\RapidShareManager_0_1_0_248\RapidShareManager_0_1_0_248\RapidShareManager.exe
C:\Program Files\Opera 10 Beta\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [D-Link AirPlus G DWL-G510] C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)

--
End of file - 5323 bytes

[SuperDave]

Well, that looks good. Are they any other issues? Please let me know.

[Peterwolfe]

Nope, thanks a lot for all your great efforts and info...will take all this with me when I abandon XP soon and go over to W7 for a while for so to end up with Linux somehow...lol..hope the more than 550 viewers learned a lot too... ...so, lets close the post...you're great

[SuperDave]

you're great

Thank you. Someday, perhaps.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in commy /uninstall
  

(Note: Make sure there's a space between the word commy and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

=================================

Download OTC by OldTimer and save it to your desktop.

1. Double-click OTC to run it.
2. Click the CleanUp! button.
3. Select Yes when the "Begin cleanup Process?" prompt appears.
4. If you are prompted to Reboot during the cleanup, select Yes
5. OTC should delete itself once it finishes, if not delete it yourself.

=========================================
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

===================================

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[Peterwolfe]

wow, didnt expect so much info again...lol..thats why I said you're great....lol...will do as advised....be certain of that..

by the way, I use Ccleaner...is that as good as OTC? Have Secunia running for quite some time and was able to renew/refresh some software with the right drivers But one has to be very careful to change drivers as listed in that type of software, sometimes it ruins your software by advising wrong drivers....(bad experience...lol). But thanks and ciao...

[SuperDave]

by the way, I use Ccleaner...is that as good as OTC?

No. They're not the same. OTC is to remove all the tools we used to clean the computer.

[Peterwolfe]

ah, ok...will use it then..

[Peterwolfe]

didnt expect that it would turn out to such a crusade with so much learning...lol....main answer to my problem was really that I made a small mistake by looking for my ipconfig...lol....but well, when I got a MS alert that I was using a fake/false W7 which I had bloody well paid for, I started to think of more the SuperDave way...lol

Oh and that license issue that several scandinavians got, is solved, ms apologized and thats a miracle in itself!!!!!!!!!

and uh, ESET is now a very invaluable software I am going to use, when just having a suspicion..lol

[Peterwolfe]

by the way, UnHackMe just found malware in the XP-start phase....nice to have a good rootkit ...it included what I might expect if I didnt remove it....lol....cool... ...so I did after checking the net...

[SuperDave]

I wouldn't put too much trust in UnHackMe.

[Peterwolfe]

well, it helped this first time...lol...any other/better suggestions than? Always on the outlook for freeware...lol and then I mean in the rootkit section...