I caugh this malware thing last night and been trying to get rid of it. Cant login to this site on my infected machine so i got problems. I've runned spy bot and found this and it wont remove it. Malwarebytes anti - malware cant find it either.
All help is apprecieated.
This is my HijackThis log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:04:02, on 2009-09-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\HighPoint Technologies, Inc\HighPoint RAID Management Software\service\hptsvr.exe
C:\Program\HighPoint Technologies, Inc\HighPoint RAID Management Software\service\drvinst.exe
C:\Program\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program\RealVNC\VNC4\WinVNC4.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\DOCUME~1\DANIEL~1\LOKALA~1\Temp\dfhaegeh.exe
C:\Program\Windows Live\Messenger\msnmsgr.exe
C:\Program\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\PC Connectivity Solution\ServiceLayer.exe
C:\Program\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Windows Live\Contacts\wlcomm.exe
C:\Program\Adobe\Adobe Photoshop Lightroom 2.5\lightroom.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Windows Live\Messenger\msvs.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es127.0.0.1 activate.adobe.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\Program\DELADE~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [MacDrive7.0.4TimeOutPatch] C:\Program\Mediafour\MacDrive 7\TimeOutPatch.EXE
O4 - HKLM\..\Run: [15789] C:\WINDOWS\TEMP\VRT4F.tmp.exe
O4 - HKLM\..\Run: [dfhaegeh] C:\DOCUME~1\DANIEL~1\LOKALA~1\Temp\dfhaegeh.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [SpybotDeletingA9730] command.com /c del "C:\WINDOWS\system32\drivers\gasfkypmylvmyb.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4788] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkypmylvmyb.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6503] command.com /c del "C:\WINDOWS\system32\drivers\gasfkypmylvmyb.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9130] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkypmylvmyb.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1803] command.com /c del "C:\WINDOWS\system32\gasfkycdylhlde.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7377] cmd.exe /c del "C:\WINDOWS\system32\gasfkycdylhlde.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3490] command.com /c del "C:\WINDOWS\system32\gasfkycdylhlde.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4878] cmd.exe /c del "C:\WINDOWS\system32\gasfkycdylhlde.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7519] command.com /c del "C:\WINDOWS\system32\gasfkytltsrril.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5933] cmd.exe /c del "C:\WINDOWS\system32\gasfkytltsrril.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9787] command.com /c del "C:\WINDOWS\system32\gasfkytltsrril.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8487] cmd.exe /c del "C:\WINDOWS\system32\gasfkytltsrril.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA773] command.com /c del "C:\WINDOWS\system32\gasfkywwituyfw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7438] cmd.exe /c del "C:\WINDOWS\system32\gasfkywwituyfw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5911] command.com /c del "C:\WINDOWS\system32\gasfkywwituyfw.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7494] cmd.exe /c del "C:\WINDOWS\system32\gasfkywwituyfw.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2173] command.com /c del "C:\WINDOWS\system32\gasfkyhxdqygsv.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6985] cmd.exe /c del "C:\WINDOWS\system32\gasfkyhxdqygsv.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6389] command.com /c del "C:\WINDOWS\system32\gasfkyhxdqygsv.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2457] cmd.exe /c del "C:\WINDOWS\system32\gasfkyhxdqygsv.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4409] command.com /c del "C:\WINDOWS\system32\gasfkyxasrscwe.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8895] cmd.exe /c del "C:\WINDOWS\system32\gasfkyxasrscwe.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3776] command.com /c del "C:\WINDOWS\system32\gasfkyxasrscwe.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5211] cmd.exe /c del "C:\WINDOWS\system32\gasfkyxasrscwe.dat"
O4 - HKCU\..\Run: [StartCCC] C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [wesspell] C:\WINDOWS\system32\shelldm.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [mqlwindl] C:\WINDOWS\system32\clsinde.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB9850] command.com /c del "C:\WINDOWS\system32\drivers\gasfkypmylvmyb.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD719] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkypmylvmyb.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6976] command.com /c del "C:\WINDOWS\system32\drivers\gasfkypmylvmyb.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD620] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkypmylvmyb.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8418] command.com /c del "C:\WINDOWS\system32\gasfkycdylhlde.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8582] cmd.exe /c del "C:\WINDOWS\system32\gasfkycdylhlde.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8156] command.com /c del "C:\WINDOWS\system32\gasfkycdylhlde.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6676] cmd.exe /c del "C:\WINDOWS\system32\gasfkycdylhlde.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1774] command.com /c del "C:\WINDOWS\system32\gasfkytltsrril.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9757] cmd.exe /c del "C:\WINDOWS\system32\gasfkytltsrril.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7222] command.com /c del "C:\WINDOWS\system32\gasfkytltsrril.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD432] cmd.exe /c del "C:\WINDOWS\system32\gasfkytltsrril.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4774] command.com /c del "C:\WINDOWS\system32\gasfkywwituyfw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4045] cmd.exe /c del "C:\WINDOWS\system32\gasfkywwituyfw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4571] command.com /c del "C:\WINDOWS\system32\gasfkywwituyfw.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7333] cmd.exe /c del "C:\WINDOWS\system32\gasfkywwituyfw.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3254] command.com /c del "C:\WINDOWS\system32\gasfkyhxdqygsv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8821] cmd.exe /c del "C:\WINDOWS\system32\gasfkyhxdqygsv.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7658] command.com /c del "C:\WINDOWS\system32\gasfkyhxdqygsv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD88] cmd.exe /c del "C:\WINDOWS\system32\gasfkyhxdqygsv.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1143] command.com /c del "C:\WINDOWS\system32\gasfkyxasrscwe.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2700] cmd.exe /c del "C:\WINDOWS\system32\gasfkyxasrscwe.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9874] command.com /c del "C:\WINDOWS\system32\gasfkyxasrscwe.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8587] cmd.exe /c del "C:\WINDOWS\system32\gasfkyxasrscwe.dat"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: Blue eye Calibration.lnk = C:\Program\LaCie blue eye Pro\Tools\CLCalibrationLoader.exe
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program\Delade filer\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HighPoint RAID Management Service (hptsvr) - Unknown owner - C:\Program\HighPoint Technologies, Inc.\HighPoint RAID Management Software\service\hptsvr.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program\RealVNC\VNC4\WinVNC4.exe
--
End of file - 14526 bytes