Aphasia

OK, I've uninstalled ComboFix and run DelFix. I've just run a quick scan with both Avast Internet Security and MBAM Pro, and both scans came up clean.

ESET found 4 files: C:\System Volume Information\_restore{3CDDF21C-93F9-4740-898C-6EBEAA821307}\RP2386\A0618659.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\System Volume Information\_restore{3CDDF21C-93F9-4740-898C-6EBEAA821307}\RP2408\A0628589.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\System Volume Information\_restore{3CDDF21C-93F9-4740-898C-6EBEAA821307}\RP2425\A0632132.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\System Volume Information\_restore{3CDDF21C-93F9-4740-898C-6EBEAA821307}\RP2449\A0643754.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

Sorry, HERE is the attached log. (Why can't I edit posts?) hijackthis.log

For some reason, some parts of the HiJackThis log gets removed when I paste the log here, so I will just post it as an attachment.

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:25:05, on 04.02.2014 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Alwil Software\Avast5\afwServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE C:\Programfiler\Java\jre7\bin\jqs.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Programfiler\Malwarebytes' Anti-Malware\mbamservice.exe C:\Programfiler\Malwarebytes' Anti-Malware\mbamgui.exe C:\Programfiler\Nero\Update\NASvc.exe C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE C:\Programfiler\Prio\prio_svc.exe c:\Programfiler\Fellesfiler\Protexis\License Service\PsiService_2.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe C:\Programfiler\UPHClean\uphclean.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\ALCXMNTR.EXE C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\HP\KBD\KBD.EXE C:\Programfiler\Sony\Content Transfer\ContentTransferWMDetector.exe C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe C:\Programfiler\Alwil Software\Avast5\AvastUI.exe C:\Programfiler\Nero\Nero 11\Nero BackItUp\NBAgent.exe C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\Documents and Settings\HP_Eier\Skrivebord\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: BHO - {2EF1BAF9-1988-42a1-82BC-5CB6197AED28} - C:\Programfiler\Telenor Norway\Telenorhjelpen\BHO\IEBHO.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programfiler\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programfiler\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programfiler\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre7\bin\jp2ssv.dll O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Programfiler\Fellesfiler\Simple Adblock\SimpleAdblock.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programfiler\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Programfiler\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD08] c:\Programfiler\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Programfiler\Sony\Content Transfer\ContentTransferWMDetector.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Programfiler\Fellesfiler\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [Adobe ARM] "C:\Programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Programfiler\Alwil Software\Avast5\AvastUI.exe" /nogui O4 - HKLM\..\Run: [NBAgent] "C:\Programfiler\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKCU\..\Run: [WinPatrol] C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe -expressboot O8 - Extra context menu item: Download files with BH - C:\Programfiler\BilderHerunterlader\IEPlugin\BHIEScript.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://stein-vidar.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349787841203 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Programfiler\Alwil Software\Avast5\afwServ.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programfiler\Java\jre7\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programfiler\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programfiler\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Programfiler\Nero\Update\NASvc.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE O23 - Service: Prio Service (prio_svc) - Unknown owner - C:\Programfiler\Prio\prio_svc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Programfiler\Fellesfiler\Protexis\License Service\PsiService_2.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programfiler\WinPcap\rpcapd.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sony PC Companion - Avanquest Software - C:\Programfiler\Sony\Sony PC Companion\PCCService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows ® Codename Longhorn DDK provider - C:\Programfiler\UPHClean\uphclean.exe -- End of file - 11927 bytes

MBAM log: Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Databaseversjon: v2014.02.04.10 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 HP_Eier :: STEIN-VIDAR [administrator] Beskyttelse: Aktivert 04.02.2014 20:09:42 mbam-log-2014-02-04 (20-09-42).txt Skanntype: Hurtigsøk Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM Deaktiverte skanninnstillinger: P2P Objekter skannet: 279842 Tid tilbakelagt: 11 minutt(er), 20 sekund(er) Minneprosesser oppdaget: 0 (Ingen skadelige objekter funnet) Minnemoduler oppdaget: 0 (Ingen skadelige objekter funnet) Registernøkler oppdaget: 0 (Ingen skadelige objekter funnet) Registerverdier oppdaget: 0 (Ingen skadelige objekter funnet) Registerfiler oppdaget: 0 (Ingen skadelige objekter funnet) Mapper oppdaget: 0 (Ingen skadelige objekter funnet) Filer oppdaget 0 (Ingen skadelige objekter funnet) (klar) -------------------------------------------------- HiJackThis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:25:05, on 04.02.2014 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Alwil Software\Avast5\afwServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE C:\Programfiler\Java\jre7\bin\jqs.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Programfiler\Malwarebytes' Anti-Malware\mbamservice.exe C:\Programfiler\Malwarebytes' Anti-Malware\mbamgui.exe C:\Programfiler\Nero\Update\NASvc.exe C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE C:\Programfiler\Prio\prio_svc.exe c:\Programfiler\Fellesfiler\Protexis\License Service\PsiService_2.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe C:\Programfiler\UPHClean\uphclean.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\ALCXMNTR.EXE C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\HP\KBD\KBD.EXE C:\Programfiler\Sony\Content Transfer\ContentTransferWMDetector.exe C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe C:\Programfiler\Alwil Software\Avast5\AvastUI.exe C:\Programfiler\Nero\Nero 11\Nero BackItUp\NBAgent.exe C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\Documents and Settings\HP_Eier\Skrivebord\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: BHO - {2EF1BAF9-1988-42a1-82BC-5CB6197AED28} - C:\Programfiler\Telenor Norway\Telenorhjelpen\BHO\IEBHO.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programfiler\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programfiler\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programfiler\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre7\bin\jp2ssv.dll O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Programfiler\Fellesfiler\Simple Adblock\SimpleAdblock.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programfiler\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Programfiler\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD08] c:\Programfiler\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Programfiler\Sony\Content Transfer\ContentTransferWMDetector.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Programfiler\Fellesfiler\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [Adobe ARM] "C:\Programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Programfiler\Alwil Software\Avast5\AvastUI.exe" /nogui O4 - HKLM\..\Run: [NBAgent] "C:\Programfiler\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKCU\..\Run: [WinPatrol] C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe -expressboot O8 - Extra context menu item: Download files with BH - C:\Programfiler\BilderHerunterlader\IEPlugin\BHIEScript.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://stein-vidar.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349787841203 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Programfiler\Alwil Software\Avast5\afwServ.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programfiler\Java\jre7\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programfiler\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programfiler\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Programfiler\Nero\Update\NASvc.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE O23 - Service: Prio Service (prio_svc) - Unknown owner - C:\Programfiler\Prio\prio_svc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Programfiler\Fellesfiler\Protexis\License Service\PsiService_2.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programfiler\WinPcap\rpcapd.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sony PC Companion - Avanquest Software - C:\Programfiler\Sony\Sony PC Companion\PCCService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows ® Codename Longhorn DDK provider - C:\Programfiler\UPHClean\uphclean.exe -- End of file - 11927 bytes

ComboFix 14-02-03.01 - HP_Eier 03.02.2014 17:06:53.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.2558.1836 [GMT 1:00] Kjører fra: c:\documents and settings\HP_Eier\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\HP_Eier\Skrivebord\CFScript.txt AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2014-01-03 til 2014-02-03 ))))))))))))))))))))))))))))))))) . . 2014-02-02 21:32 . 2014-02-03 16:02 -------- d--h--r- c:\documents and settings\HP_Eier\Siste 2014-02-02 16:17 . 2014-02-02 16:17 -------- d-----w- c:\windows\ERUNT 2014-01-18 10:20 . 2013-11-22 15:48 32384 ----a-w- c:\windows\system32\udcpm.dll 2014-01-18 10:20 . 2014-01-18 10:20 -------- d-----w- c:\programfiler\Universal Document Converter 2014-01-15 19:03 . 2014-01-15 19:03 -------- d-----w- c:\programfiler\HD Tune 2014-01-15 16:59 . 2013-12-18 19:46 145408 ----a-w- c:\windows\system32\javacpl.cpl 2014-01-15 16:58 . 2013-12-18 20:10 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-01-11 08:56 . 2014-01-11 08:56 -------- d-----w- c:\documents and settings\HP_Eier\Lokale innstillinger\Programdata\Nero 2014-01-10 22:44 . 2014-01-10 22:46 -------- d-----w- c:\programfiler\Verbatim 2014-01-10 22:40 . 2014-01-10 22:41 -------- d-----w- c:\programfiler\Fellesfiler\Nero 2014-01-10 22:33 . 2011-12-01 10:40 12464 ----a-w- c:\windows\system32\drivers\NBVolUp.sys 2014-01-10 22:33 . 2011-12-01 10:40 56496 ----a-w- c:\windows\system32\drivers\NBVol.sys 2014-01-10 22:27 . 2014-01-10 22:27 -------- d-----w- c:\programfiler\Microsoft.NET . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-01-24 16:19 . 2012-03-30 09:05 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-01-24 16:19 . 2011-05-18 10:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-12-28 13:45 . 2013-03-13 20:38 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-12-28 13:45 . 2013-03-13 20:38 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-12-28 13:45 . 2011-03-14 01:11 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-12-28 13:45 . 2010-07-10 02:11 43152 ----a-w- c:\windows\avastSS.scr 2013-12-28 13:45 . 2008-04-03 11:04 410528 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-12-28 13:45 . 2006-01-06 10:56 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-12-28 13:45 . 2006-01-06 10:56 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-12-28 13:45 . 2006-01-06 10:56 270240 ----a-w- c:\windows\system32\aswBoot.exe 2013-12-28 13:45 . 2013-08-31 08:18 252336 ----a-w- c:\windows\system32\drivers\aswndis2.sys 2013-11-27 20:21 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2013-11-19 16:42 . 2013-03-13 20:38 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-11-19 16:41 . 2013-08-31 08:18 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2013-11-13 03:00 . 2004-08-04 18:00 150528 ----a-w- c:\windows\system32\imagehlp.dll 2013-11-07 05:38 . 2004-08-04 12:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll 2013-11-06 01:36 . 2008-05-05 05:25 7168 ----a-w- c:\windows\system32\xpsp4res.dll 2005-05-13 16:12 217073 --sha-r- c:\windows\meta4.exe 2005-10-24 10:13 66560 --sha-r- c:\windows\MOTA113.exe 2005-10-13 20:27 422400 --sha-r- c:\windows\x2.64.exe 2005-06-26 14:32 616448 --sha-r- c:\windows\system32\cygwin1.dll 2005-06-21 21:37 45568 --sha-r- c:\windows\system32\cygz.dll 2008-09-03 06:25 77312 --sh--r- c:\windows\system32\devcon_001.exe 2004-01-24 23:00 70656 --sha-r- c:\windows\system32\i420vfw.dll 2006-04-27 09:24 2945024 --sha-r- c:\windows\system32\Smab.dll 2005-02-28 12:16 240128 --sha-r- c:\windows\system32\x.264.exe 2004-01-24 23:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll . . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-12-28 13:45 259464 ----a-w- c:\programfiler\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "HPHUPD08"="c:\programfiler\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344] "HP Software Update"="c:\programfiler\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "regcmdcons"="c:\hp\bin\cloaker.exe" [1999-11-07 27136] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-12 196608] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "ContentTransferWMDetector.exe"="c:\programfiler\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200] "APSDaemon"="c:\programfiler\Fellesfiler\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2013-07-02 254336] "AvastUI.exe"="c:\programfiler\Alwil Software\Avast5\AvastUI.exe" [2013-12-28 3764024] "NBAgent"="c:\programfiler\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-11-18 1492264] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^HP_Eier^Start-meny^Programmer^Oppstart^Adobe Gamma.lnk] path=c:\documents and settings\HP_Eier\Start-meny\Programmer\Oppstart\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2013-04-21 19:43 59720 ----a-w- c:\programfiler\Fellesfiler\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2004-07-27 22:50 221184 ----a-w- c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2004-07-27 22:50 81920 ----a-w- c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telenorhjelpen] 2010-12-17 07:53 88440 ----a-w- c:\programfiler\Telenor Norway\Telenorhjelpen\Telenorhjelpen.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "YahooAUService"=2 (0x2) "xmlprov"=3 (0x3) "WZCSVC"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "TelenorhjelpenSvc"=2 (0x2) "ESUSClient_TNO"=2 (0x2) "ERSvc"=2 (0x2) "Dot3svc"=3 (0x3) "Bonjour Service"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "Apple Mobile Device"=2 (0x2) "Adobe LM Service"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Programfiler\\QuickTime\\QuickTimePlayer.exe"= "c:\\Gammel Harddisk\\Gamle Programfiler\\WS_FTP\\WS_FTP95.exe"= "c:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"= "c:\\Documents and Settings\\HP_Eier\\Programdata\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\\Programfiler\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Telenor Norway\\Telenorhjelpen\\Telenorhjelpen.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Programfiler\\Java\\jre7\\bin\\javaw.exe"= "c:\\Documents and Settings\\HP_Eier\\Programdata\\Dropbox\\bin\\Dropbox.exe"= "c:\\Programfiler\\Fellesfiler\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\Winamp\\winamp.exe"= "c:\\Programfiler\\Nero\\Nero 11\\Nero BackItUp\\BackItUp.exe"= . R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [31.08.2013 09:17 12112] R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswndis2.sys [31.08.2013 09:18 252336] R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [13.03.2013 21:38 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [13.03.2013 21:38 180248] R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [10.01.2014 23:33 56496] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [10.01.2014 23:33 12464] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.01.2007 20:31 639224] R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [31.08.2013 09:18 26136] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.03.2011 02:11 775952] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03.04.2008 12:04 410528] R1 prio;Prio;c:\windows\system32\drivers\prio.sys [08.11.2012 20:29 54128] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [13.03.2013 21:38 67824] R2 avast! Firewall;avast! Firewall;c:\programfiler\Alwil Software\Avast5\afwServ.exe [31.08.2013 09:17 113704] R2 MBAMScheduler;MBAMScheduler;c:\programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe [12.10.2012 19:08 418376] R2 MBAMService;MBAMService;c:\programfiler\Malwarebytes' Anti-Malware\mbamservice.exe [26.03.2009 21:58 701512] R2 NAUpdate;Nero Update;c:\programfiler\Nero\Update\NASvc.exe [04.11.2011 14:40 687400] R2 prio_svc;Prio Service;c:\programfiler\Prio\prio_svc.exe [08.11.2012 20:29 12656] R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.10.2013 20:37 13880] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.03.2009 21:58 22856] S2 OMSI download service;Sony Ericsson OMSI download service;c:\programfiler\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [15.04.2011 13:14 90112] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [31.08.2012 15:39 12400] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [15.04.2011 13:14 86824] S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [15.04.2011 13:14 15016] S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [15.04.2011 13:14 114600] S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [15.04.2011 13:14 108328] S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [15.04.2011 13:14 26024] S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [15.04.2011 13:14 104616] S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [15.04.2011 13:14 109736] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [15.04.2011 13:06 86824] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [15.04.2011 13:06 15016] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [15.04.2011 13:06 114728] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [15.04.2011 13:06 106208] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [15.04.2011 13:06 26024] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [15.04.2011 13:06 104744] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [15.04.2011 13:06 109864] S3 Sony PC Companion;Sony PC Companion;c:\programfiler\Sony\Sony PC Companion\PCCService.exe [31.08.2012 15:35 155824] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [18.11.2010 20:57 41984] S3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [02.01.2005 08:36 449920] S4 ESUSClient_TNO;Telenor Norway Software Update Service;c:\programfiler\Telenor Norway\ESUS_TNO\ESUS_TNO.exe [17.12.2010 11:02 358808] S4 TelenorhjelpenSvc;Telenorhjelpen Service;c:\programfiler\Telenor Norway\Telenorhjelpen\Service.exe [15.02.2011 16:31 463240] . --- Andre tjenester/drivere lastet i minnet --- . *Deregistered* - uphcleanhlp . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2014-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 16:19] . 2014-02-03 c:\windows\Tasks\avast! Emergency Update.job - c:\programfiler\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-01 13:45] . 2014-02-02 c:\windows\Tasks\HP_Eier Nero LIVEBackup 6 0.job - c:\programfiler\Nero\Nero 11\Nero BackItUp\NBCore.exe [2011-11-18 11:37] . 2014-02-02 c:\windows\Tasks\HP_Eier Nero LIVEBackup Merge 6 0.job - c:\programfiler\Nero\Nero 11\Nero BackItUp\NBCore.exe [2011-11-18 11:37] . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local IE: Download files with BH - c:\programfiler\BilderHerunterlader\IEPlugin\BHIEScript.htm IE: Easy-WebPrint Add To Print List - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html TCP: DhcpNameServer = 130.67.15.198 193.213.112.4 10.0.0.138 FF - ProfilePath - c:\documents and settings\HP_Eier\Programdata\Mozilla\Firefox\Profiles\lendhffs.default\ FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\documents and settings\HP_Eier\Programdata\Mozilla\Firefox\Profiles\lendhffs.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi FF - ExtSQL: !HIDDEN! 2009-09-02 02:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-02-03 17:19 Windows 5.1.2600 Service Pack 3 NTFS . skanner skjulte prosesser ... . skanner skjulte autostart-oppføringer ... . skanner skjulte filer ... . skanning vellykket skjulte filer: 0 . ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- . - - - - - - - > 'winlogon.exe'(1084) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(3484) c:\programfiler\BillP Studios\WinPatrol\PATROLPRO.DLL c:\windows\system32\msi.dll c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Tidspunkt ferdig: 2014-02-03 17:22:10 ComboFix-quarantined-files.txt 2014-02-03 16:22 ComboFix2.txt 2014-02-02 22:05 . Pre-Run: 826 513 367 040 byte ledig Post-Run: 826 501 640 192 byte ledig . - - End Of File - - 1732C23E0017CD4447E65295026C1725 5F8B5082F3482CC06B72EC5806598AE9

Well, I ran ComboFix and disabled Avast and MBAM. However, I forgot to disable WinPatrol. Is that a bad thing? I tried to install the Recovery Console after I was asked, but I got something like "Failed to generate download link" and the scan went on. Here is the log: ComboFix 14-02-01.01 - HP_Eier 02.02.2014 22:44:19.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.2558.1890 [GMT 1:00] Kjører fra: c:\documents and settings\HP_Eier\Skrivebord\ComboFix.exe AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Programdata\9075968fa8a039e8cd2a93c22b53a28e_HP_Eier c:\documents and settings\All Users\Programdata\hpe477.dll c:\documents and settings\All Users\Programdata\TEMP c:\documents and settings\All Users\Programdata\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe c:\documents and settings\Default User\WINDOWS c:\documents and settings\HP_Eier\Programdata\dvdae c:\documents and settings\HP_Eier\Programdata\dvdae\dvdae.config c:\documents and settings\HP_Eier\Programdata\dvdae\dvdae.lic c:\documents and settings\HP_Eier\Programdata\HPSU_48BitScanUpdate.log c:\documents and settings\HP_Eier\Skrivebord\Internet Explorer.lnk c:\documents and settings\HP_Eier\Skrivebord\Scanner.lnk c:\documents and settings\HP_Eier\WINDOWS c:\programfiler\DaemonTools_WhenUSave_Installer c:\programfiler\media-codec c:\programfiler\WinPCap c:\programfiler\WinPCap\daemon_mgm.exe c:\programfiler\WinPCap\INSTALL.LOG c:\programfiler\WinPCap\NetMonInstaller.exe c:\programfiler\WinPCap\npf_mgm.exe c:\programfiler\WinPCap\rpcapd.exe c:\programfiler\WinPCap\Uninstall.exe c:\windows\IsUn0414.exe c:\windows\iun6002.exe c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\PowerToyReadme.htm c:\windows\system32\ps2.bat c:\windows\system32\SET176.tmp c:\windows\system32\SET17B.tmp c:\windows\system32\SET182.tmp c:\windows\unin0414.exe c:\windows\wininit.ini D:\Autorun.inf J:\Autorun.inf K:\autorun.inf K:\setup.exe . . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2014-01-02 til 2014-02-02 ))))))))))))))))))))))))))))))))) . . 2014-02-02 21:32 . 2014-02-02 21:34 -------- d--h--r- c:\documents and settings\HP_Eier\Siste 2014-02-02 16:17 . 2014-02-02 16:17 -------- d-----w- c:\windows\ERUNT 2014-01-18 10:20 . 2013-11-22 15:48 32384 ----a-w- c:\windows\system32\udcpm.dll 2014-01-18 10:20 . 2014-01-18 10:20 -------- d-----w- c:\programfiler\Universal Document Converter 2014-01-15 19:03 . 2014-01-15 19:03 -------- d-----w- c:\programfiler\HD Tune 2014-01-15 16:59 . 2013-12-18 19:46 145408 ----a-w- c:\windows\system32\javacpl.cpl 2014-01-15 16:58 . 2013-12-18 20:10 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-01-11 08:56 . 2014-01-11 08:56 -------- d-----w- c:\documents and settings\HP_Eier\Lokale innstillinger\Programdata\Nero 2014-01-10 22:44 . 2014-01-10 22:46 -------- d-----w- c:\programfiler\Verbatim 2014-01-10 22:40 . 2014-01-10 22:41 -------- d-----w- c:\programfiler\Fellesfiler\Nero 2014-01-10 22:33 . 2011-12-01 10:40 12464 ----a-w- c:\windows\system32\drivers\NBVolUp.sys 2014-01-10 22:33 . 2011-12-01 10:40 56496 ----a-w- c:\windows\system32\drivers\NBVol.sys 2014-01-10 22:27 . 2014-01-10 22:27 -------- d-----w- c:\programfiler\Microsoft.NET . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-01-24 16:19 . 2012-03-30 09:05 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-01-24 16:19 . 2011-05-18 10:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-12-28 13:45 . 2013-03-13 20:38 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-12-28 13:45 . 2013-03-13 20:38 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-12-28 13:45 . 2011-03-14 01:11 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-12-28 13:45 . 2010-07-10 02:11 43152 ----a-w- c:\windows\avastSS.scr 2013-12-28 13:45 . 2008-04-03 11:04 410528 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-12-28 13:45 . 2006-01-06 10:56 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-12-28 13:45 . 2006-01-06 10:56 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-12-28 13:45 . 2006-01-06 10:56 270240 ----a-w- c:\windows\system32\aswBoot.exe 2013-12-28 13:45 . 2013-08-31 08:18 252336 ----a-w- c:\windows\system32\drivers\aswndis2.sys 2013-11-27 20:21 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2013-11-19 16:42 . 2013-03-13 20:38 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-11-19 16:41 . 2013-08-31 08:18 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2013-11-13 03:00 . 2004-08-04 18:00 150528 ----a-w- c:\windows\system32\imagehlp.dll 2013-11-07 05:38 . 2004-08-04 12:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll 2013-11-06 01:36 . 2008-05-05 05:25 7168 ----a-w- c:\windows\system32\xpsp4res.dll 2005-05-13 16:12 217073 --sha-r- c:\windows\meta4.exe 2005-10-24 10:13 66560 --sha-r- c:\windows\MOTA113.exe 2005-10-13 20:27 422400 --sha-r- c:\windows\x2.64.exe . . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-12-28 13:45 259464 ----a-w- c:\programfiler\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="c:\programfiler\BillP Studios\WinPatrol\winpatrol.exe" [2013-12-10 455744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "HPHUPD08"="c:\programfiler\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344] "HP Software Update"="c:\programfiler\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "regcmdcons"="c:\hp\bin\cloaker.exe" [1999-11-07 27136] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-12 196608] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "ContentTransferWMDetector.exe"="c:\programfiler\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200] "APSDaemon"="c:\programfiler\Fellesfiler\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2013-07-02 254336] "AvastUI.exe"="c:\programfiler\Alwil Software\Avast5\AvastUI.exe" [2013-12-28 3764024] "NBAgent"="c:\programfiler\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-11-18 1492264] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^HP_Eier^Start-meny^Programmer^Oppstart^Adobe Gamma.lnk] path=c:\documents and settings\HP_Eier\Start-meny\Programmer\Oppstart\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2013-04-21 19:43 59720 ----a-w- c:\programfiler\Fellesfiler\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2004-07-27 22:50 221184 ----a-w- c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2004-07-27 22:50 81920 ----a-w- c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telenorhjelpen] 2010-12-17 07:53 88440 ----a-w- c:\programfiler\Telenor Norway\Telenorhjelpen\Telenorhjelpen.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "YahooAUService"=2 (0x2) "xmlprov"=3 (0x3) "WZCSVC"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "TelenorhjelpenSvc"=2 (0x2) "ESUSClient_TNO"=2 (0x2) "ERSvc"=2 (0x2) "Dot3svc"=3 (0x3) "Bonjour Service"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "Apple Mobile Device"=2 (0x2) "Adobe LM Service"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Programfiler\\QuickTime\\QuickTimePlayer.exe"= "c:\\Gammel Harddisk\\Gamle Programfiler\\WS_FTP\\WS_FTP95.exe"= "c:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"= "c:\\Documents and Settings\\HP_Eier\\Programdata\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\\Programfiler\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Telenor Norway\\Telenorhjelpen\\Telenorhjelpen.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Programfiler\\Java\\jre7\\bin\\javaw.exe"= "c:\\Documents and Settings\\HP_Eier\\Programdata\\Dropbox\\bin\\Dropbox.exe"= "c:\\Programfiler\\Fellesfiler\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\Winamp\\winamp.exe"= "c:\\Programfiler\\Nero\\Nero 11\\Nero BackItUp\\BackItUp.exe"= . R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [31.08.2013 09:17 12112] R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswndis2.sys [31.08.2013 09:18 252336] R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [13.03.2013 21:38 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [13.03.2013 21:38 180248] R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [10.01.2014 23:33 56496] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [10.01.2014 23:33 12464] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.01.2007 20:31 639224] R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [31.08.2013 09:18 26136] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.03.2011 02:11 775952] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03.04.2008 12:04 410528] R1 prio;Prio;c:\windows\system32\drivers\prio.sys [08.11.2012 20:29 54128] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [13.03.2013 21:38 67824] R2 avast! Firewall;avast! Firewall;c:\programfiler\Alwil Software\Avast5\afwServ.exe [31.08.2013 09:17 113704] R2 MBAMScheduler;MBAMScheduler;c:\programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe [12.10.2012 19:08 418376] R2 NAUpdate;Nero Update;c:\programfiler\Nero\Update\NASvc.exe [04.11.2011 14:40 687400] R2 OMSI download service;Sony Ericsson OMSI download service;c:\programfiler\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [15.04.2011 13:14 90112] R2 prio_svc;Prio Service;c:\programfiler\Prio\prio_svc.exe [08.11.2012 20:29 12656] R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.10.2013 20:37 13880] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.03.2009 21:58 22856] S2 MBAMService;MBAMService;c:\programfiler\Malwarebytes' Anti-Malware\mbamservice.exe [26.03.2009 21:58 701512] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [31.08.2012 15:39 12400] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [15.04.2011 13:14 86824] S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [15.04.2011 13:14 15016] S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [15.04.2011 13:14 114600] S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [15.04.2011 13:14 108328] S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [15.04.2011 13:14 26024] S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [15.04.2011 13:14 104616] S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [15.04.2011 13:14 109736] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [15.04.2011 13:06 86824] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [15.04.2011 13:06 15016] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [15.04.2011 13:06 114728] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [15.04.2011 13:06 106208] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [15.04.2011 13:06 26024] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [15.04.2011 13:06 104744] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [15.04.2011 13:06 109864] S3 Sony PC Companion;Sony PC Companion;c:\programfiler\Sony\Sony PC Companion\PCCService.exe [31.08.2012 15:35 155824] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [18.11.2010 20:57 41984] S3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [02.01.2005 08:36 449920] S4 ESUSClient_TNO;Telenor Norway Software Update Service;c:\programfiler\Telenor Norway\ESUS_TNO\ESUS_TNO.exe [17.12.2010 11:02 358808] S4 TelenorhjelpenSvc;Telenorhjelpen Service;c:\programfiler\Telenor Norway\Telenorhjelpen\Service.exe [15.02.2011 16:31 463240] . --- Andre tjenester/drivere lastet i minnet --- . *NewlyCreated* - WS2IFSL *Deregistered* - uphcleanhlp . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2014-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 16:19] . 2014-02-02 c:\windows\Tasks\avast! Emergency Update.job - c:\programfiler\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-01 13:45] . 2014-02-02 c:\windows\Tasks\HP_Eier Nero LIVEBackup 6 0.job - c:\programfiler\Nero\Nero 11\Nero BackItUp\NBCore.exe [2011-11-18 11:37] . 2014-02-02 c:\windows\Tasks\HP_Eier Nero LIVEBackup Merge 6 0.job - c:\programfiler\Nero\Nero 11\Nero BackItUp\NBCore.exe [2011-11-18 11:37] . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local IE: Download files with BH - c:\programfiler\BilderHerunterlader\IEPlugin\BHIEScript.htm IE: Easy-WebPrint Add To Print List - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html TCP: DhcpNameServer = 130.67.15.198 193.213.112.4 10.0.0.138 FF - ProfilePath - c:\documents and settings\HP_Eier\Programdata\Mozilla\Firefox\Profiles\lendhffs.default\ FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\documents and settings\HP_Eier\Programdata\Mozilla\Firefox\Profiles\lendhffs.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi FF - ExtSQL: !HIDDEN! 2009-09-02 02:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-02-02 22:58 Windows 5.1.2600 Service Pack 3 NTFS . skanner skjulte prosesser ... . skanner skjulte autostart-oppføringer ... . skanner skjulte filer ... . . C:\avast! sandbox . skanning vellykket skjulte filer: 1 . ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- . - - - - - - - > 'winlogon.exe'(1088) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(760) c:\programfiler\BillP Studios\WinPatrol\PATROLPRO.DLL c:\windows\system32\msi.dll c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\programfiler\Alwil Software\Avast5\AvastSvc.exe c:\programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\programfiler\Canon\IJPLM\IJPLMSVC.EXE c:\programfiler\Java\jre7\bin\jqs.exe c:\programfiler\Fellesfiler\LightScribe\LSSrvc.exe c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE c:\programfiler\Fellesfiler\Protexis\License Service\PsiService_2.exe c:\programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe c:\programfiler\UPHClean\uphclean.exe c:\programfiler\Canon\CAL\CALMAIN.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\ALCXMNTR.EXE . ************************************************************************** . Tidspunkt ferdig: 2014-02-02 23:05:44 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2014-02-02 22:05 . Pre-Run: 826 367 246 336 byte ledig Post-Run: 826 588 299 264 byte ledig . - - End Of File - - F46D328AA95DACE8840C3AF723DB3AD4 5F8B5082F3482CC06B72EC5806598AE9

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.0 (01.07.2014:1) OS: Microsoft Windows XP x86 Ran by HP_Eier on 02.02.2014 at 17:17:43,20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\HP_Eier\Programdata\getrighttogo" ~~~ FireFox Emptied folder: C:\Documents and Settings\HP_Eier\Programdata\mozilla\firefox\profiles\lendhffs.default\minidumps [8 files] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 02.02.2014 at 17:27:53,95 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OK, I'm really worried now. I've tried to run AdwCleaner three times. First I clicked Scan and then I clicked Clean, and all three times the computer crashed during "Cleaning Browsers". I got no response from the program or anything else on the computer, so I had to turn off the computer manually. What do I do to fix this?

Hi. I'm sorry, I've been dealing with some personal issues this week. I will run those programs tomorrow and post the reports then.

I ran a full MBAM Pro scan and this file came up infected: C:\WINDOWS\Downloaded Installations\{C1379C57-0336-4779-B6AB-2D05B1C29FE5}\iTunes.msi (Malware.Packer.as) Here are the logs: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 06.01.2006 11:25:55 System Uptime: 26.01.2014 22:22:35 (19 hours ago) . Motherboard: MSI | | AMETHYST-M Processor: AMD Athlon 64 Processor 3500+ | Socket 939 | 2188/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 908 GiB total, 768,734 GiB free. D: is FIXED (FAT32) - 24 GiB total, 20,565 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is FIXED (FAT32) - 466 GiB total, 255,717 GiB free. K: is FIXED (FAT32) - 298 GiB total, 2,495 GiB free. N: is FIXED (NTFS) - 932 GiB total, 724,975 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Wireless LAN PCI 802.11 a/b/g adapter WN5401A Device ID: PCI\VEN_168C&DEV_001B&SUBSYS_500011AD&REV_01\4&1C88B56&0&08A4 Manufacturer: Liteon Name: Wireless LAN PCI 802.11 a/b/g adapter WN5401A PNP Device ID: PCI\VEN_168C&DEV_001B&SUBSYS_500011AD&REV_01\4&1C88B56&0&08A4 Service: WN5401 . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Beep Device ID: ROOT\LEGACY_BEEP\0000 Manufacturer: Name: Beep PNP Device ID: ROOT\LEGACY_BEEP\0000 Service: Beep . ==== System Restore Points =================== . RP2382: 29.10.2013 17:01:30 - Installert iTunes RP2383: 01.11.2013 16:16:26 - Kontrollpunkt for system RP2384: 03.11.2013 22:23:18 - Kontrollpunkt for system RP2385: 06.11.2013 22:41:53 - Kontrollpunkt for system RP2386: 08.11.2013 11:54:29 - Kontrollpunkt for system RP2387: 08.11.2013 20:59:22 - Installert iTunes RP2388: 11.11.2013 16:39:08 - Kontrollpunkt for system RP2389: 12.11.2013 21:07:42 - Gjenopprettingsoperasjon RP2390: 13.11.2013 15:24:48 - Software Distribution Service 3.0 RP2391: 15.11.2013 15:11:28 - Kontrollpunkt for system RP2392: 19.11.2013 17:34:11 - avast! antivirus system restore point RP2393: 21.11.2013 20:17:06 - Kontrollpunkt for system RP2394: 22.11.2013 23:26:18 - Kontrollpunkt for system RP2395: 24.11.2013 11:54:46 - Kontrollpunkt for system RP2396: 25.11.2013 16:23:01 - Kontrollpunkt for system RP2397: 29.11.2013 15:27:31 - Kontrollpunkt for system RP2398: 01.12.2013 01:10:38 - Kontrollpunkt for system RP2399: 02.12.2013 16:16:59 - Kontrollpunkt for system RP2400: 03.12.2013 16:52:36 - Kontrollpunkt for system RP2401: 04.12.2013 18:20:14 - Kontrollpunkt for system RP2402: 05.12.2013 19:20:11 - Kontrollpunkt for system RP2403: 07.12.2013 10:18:36 - Kontrollpunkt for system RP2404: 08.12.2013 14:39:24 - Kontrollpunkt for system RP2405: 09.12.2013 16:30:11 - Kontrollpunkt for system RP2406: 12.12.2013 16:44:43 - Software Distribution Service 3.0 RP2407: 13.12.2013 12:02:52 - Software Distribution Service 3.0 RP2408: 14.12.2013 12:50:37 - Kontrollpunkt for system RP2409: 15.12.2013 13:59:22 - Kontrollpunkt for system RP2410: 17.12.2013 18:21:47 - Kontrollpunkt for system RP2411: 18.12.2013 18:36:51 - Kontrollpunkt for system RP2412: 20.12.2013 13:59:36 - Kontrollpunkt for system RP2413: 21.12.2013 16:02:38 - Kontrollpunkt for system RP2414: 22.12.2013 16:55:03 - Kontrollpunkt for system RP2415: 23.12.2013 20:42:25 - Kontrollpunkt for system RP2416: 24.12.2013 20:44:42 - Kontrollpunkt for system RP2417: 25.12.2013 20:57:10 - Kontrollpunkt for system RP2418: 26.12.2013 21:33:26 - Kontrollpunkt for system RP2419: 27.12.2013 22:54:17 - Kontrollpunkt for system RP2420: 28.12.2013 14:44:43 - avast! antivirus system restore point RP2421: 29.12.2013 16:45:52 - Kontrollpunkt for system RP2422: 31.12.2013 11:10:52 - Kontrollpunkt for system RP2423: 01.01.2014 11:59:15 - Kontrollpunkt for system RP2424: 04.01.2014 11:58:52 - Kontrollpunkt for system RP2425: 05.01.2014 20:53:02 - Kontrollpunkt for system RP2426: 07.01.2014 17:37:51 - Kontrollpunkt for system RP2427: 08.01.2014 21:55:05 - Kontrollpunkt for system RP2428: 10.01.2014 09:42:51 - Kontrollpunkt for system RP2429: 10.01.2014 23:40:11 - Installert Nero BackItUp 11 Essentials CDPack. RP2430: 11.01.2014 10:05:45 - Software Distribution Service 3.0 RP2431: 12.01.2014 20:09:11 - Kontrollpunkt for system RP2432: 13.01.2014 20:13:46 - Kontrollpunkt for system RP2433: 15.01.2014 17:55:13 - Software Distribution Service 3.0 RP2434: 16.01.2014 19:40:31 - Kontrollpunkt for system RP2435: 18.01.2014 01:26:27 - Kontrollpunkt for system RP2436: 18.01.2014 11:21:10 - Skriverdriver Universal Document Converter installert RP2437: 18.01.2014 11:21:31 - Skriverdriver Universal Document Converter installert RP2438: 19.01.2014 14:22:02 - Kontrollpunkt for system RP2439: 20.01.2014 14:55:46 - Kontrollpunkt for system RP2440: 23.01.2014 21:24:10 - Kontrollpunkt for system RP2441: 24.01.2014 22:21:47 - Kontrollpunkt for system RP2442: 26.01.2014 14:06:00 - Kontrollpunkt for system RP2443: 27.01.2014 14:29:38 - Kontrollpunkt for system . ==== Installed Programs ====================== . 3DSexVilla2 Adobe AIR Adobe Flash Player 12 ActiveX Adobe Flash Player 12 Plugin Adobe Reader XI (11.0.06) - Norsk Adobe Shockwave Player 12.0 AiO_Scan AiOSoftware AnalogX DXMan AnalogX Vocal Remover (WinAmp) AoA DVD Ripper Apple-programsupport Apple Mobile Device Support Apple Software Update Applian FLV and Media Player 3.1.1.12 ATI Control Panel ATI Display Driver Audacity 1.2.4 Audio Transcoder Audiograbber 1.83 SE avast! Internet Security Batch Image Resizer Full Version BilderHerunterlader 3.6.6 BilderHerunterlader IE-Plugin 8.0 Bink and Smacker Bonjour Brukerregistrering for Canon iP4300 Brukerregistrering for Canon iP4800 series Bulk Image Downloader v4.65.0.0 Bulk Rename Utility 2.7.1.1 CameraDrivers CameraUserGuides Canon Camera Access Library Canon Easy-PhotoPrint EX Canon Easy-WebPrint EX CANON iMAGE GATEWAY MyCamera Download Plugin CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon iP4300 Canon iP4800 series Printer Driver Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon My Printer Canon Setup Utility 2.3 Canon Solution Menu EX Canon Utilities CameraWindow DC 8 Canon Utilities CameraWindow Launcher Canon Utilities Easy-PhotoPrint Canon Utilities Easy-PrintToolBox Canon Utilities Movie Uploader for YouTube Canon Utilities MyCamera Canon Utilities PhotoStitch Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility CCleaner CD-LabelPrint Content Transfer Corel WinDVD Corel WinDVD Pro 11 CPU-Control Crush'Em 2.0 D2300 D2300_Help Destinations DeviceFunctionQFolder DeviceManagementQFolder DivXLand Media Subtitler DocProc DocumentViewer DocumentViewerQFolder Dropbox DVD Audio Extractor 7.1.3 DVD Flick 1.3.0.7 DVD Shrink 3.2 Easy-WebPrint Enhanced Multimedia Keyboard Solution Facebook Plug-In Fax FLAC 1.2.1b (remove only) GdiplusUpgrade GoldWave v5.70 HD Tune 2.55 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB976002-v5) HP Deskjet Printer Preload HP Document Viewer 5.3 HP Imaging Device Functions 7.0 HP Photosmart-kameraer 5.0 HP Photosmart-kameraer 6.0 HP Photosmart 330,380,420,470,7800,8000,8200 Series HP Photosmart and Deskjet 7.0 Software (nob) HP Photosmart Essential HP Product Assistant HP PSC & OfficeJet 5.3.B HP Solution Center 7.0 HP Update hph_ProductContext hph_readme hph_software hph_software_req hpiCamDrvQFolder HPPhotoSmartExpress HPProductAssistant Hurtigreparasjon for Windows Internet Explorer 7 (KB947864) ICA Icon Restore 1.0 InterActual Player InterVideo WinDVD Player iPhoto Plus 4 IPM IrfanView (remove only) iTunes Java 7 Update 51 Java Auto Updater LightScribe 1.4.42.1 Malwarebytes Anti-Malware versjon 1.75.0.1300 Media Go Media Go Video Playback Engine 1.116.103.02020 Melodyne 3.1 Memeo AutoBackup Memeo AutoSync MemoriesOnWeb 3.1.7 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Norwegian Language Pack Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2833941) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Language Pack - NOR Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Encarta 98 Encyclopedia Microsoft FrontPage 2000 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft National Language Support Downlevel APIs Microsoft Silverlight Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ Run Time Lib Setup Microsoft Works MixMeister BPM Analyzer 1.0 Mozilla Firefox 26.0 (x86 en-US) Mozilla Maintenance Service Mp3tag v2.58 MSVC80_x86 MSVCRT MSVCRT Redists MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MSXML 4.0 SP3 Parser (KB973685) MSXML 6.0 Parser (KB933579) Nero BackItUp 11 Nero BackItUp 11 Essentials CDPack Nero BackItUp 11 Help (CHM) Nero Backup Drivers Nero ControlCenter 11 Nero ControlCenter 11 Help (CHM) Nero Core Components 11 Nero RescueAgent 11 Nero RescueAgent 11 Help (CHM) Nero Update nero.prerequisites.msi neroxml NewCopy Octoshape add-in for Adobe Flash Player Oppdatering for Windows Internet Explorer 8 (KB971930) Oppdatering for Windows Internet Explorer 8 (KB976662) Oppdatering for Windows Internet Explorer 8 (KB976749) Oppdatering for Windows Internet Explorer 8 (KB980182) Oppdatering for Windows XP (KB2904266) Opplastingsverktøy for Windows Live Packard Bell Diamond 1200Plus v1.0 PanoStandAlone PC Connectivity Solution PC SWOS-Total Pack version V1.34 PlayStation®Network Downloader PlayStation®Store Påloggingsassistent for Windows Live Prio PS2 PSPrinters08 PSTAPlugin Puzzl'Em 1.0 Beta2 Python 2.2 pywin32 extensions (build 203) Python 2.2.3 QFolder QuickSFV (Remove only) QuickTime Readme Revo Uninstaller 1.95 SAMSUNG SYMBIAN USB Download Driver Samsung USB Driver SamsungConnectivityCableDriver Scan ScannerCopy Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188) Segoe UI Setup Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB928090) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB929969) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB931768) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB933566) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB937143) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB938127) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB939653) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB942615) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB944533) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB950759) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB953838) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB956390) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB958215) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB960714) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB961260) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB963027) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB969897) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2183461) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2360131) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2416400) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2482017) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2497640) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2510531) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2530548) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2544521) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2559049) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2586448) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2618444) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2647516) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2675157) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2699988) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2722913) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2744842) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2761465) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2792100) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2797052) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2799329) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2809289) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2817183) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2829530) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2838727) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2846071) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2847204) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2862772) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2870699) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2879017) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2888505) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2898785) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB969897) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB971961) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB972260) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB974455) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB976325) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB978207) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB981332) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB982381) Sikkerhetsoppdatering for Windows Media Player (KB911564) Sikkerhetsoppdatering for Windows Media Player 6.4 (KB925398) Sikkerhetsoppdatering for Windows XP (KB2862152) Sikkerhetsoppdatering for Windows XP (KB2868626) Sikkerhetsoppdatering for Windows XP (KB2876331) Sikkerhetsoppdatering for Windows XP (KB2892075) Sikkerhetsoppdatering for Windows XP (KB2893294) Sikkerhetsoppdatering for Windows XP (KB2893984) Sikkerhetsoppdatering for Windows XP (KB2898715) Sikkerhetsoppdatering for Windows XP (KB2900986) Sikkerhetsoppdatering for Windows XP (KB2914368) Sikkerhetsoppdatering for Windows XP (KB923689) Simple Adblock SMI Grabber Device SolutionCenter Sonic Express Labeler Sonic MyDVD Plus Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Sony Ericsson PC Suite Sony Ericsson PC Suite 6.011.00 Sony Media Manager 2.2 Sony PC Companion 2.10.155 Sound Forge Audio Studio 10.0 Spotify Status Subtitle Workshop 2.51 swMSM Take It Easy Telenor Software Update Service Telenorhjelpen Tetra Blocks v1.54 The Klub 17 Toolbox TrayApp Trust WB-3100P Portable Webcam Tunatic Ulead GIF Animator 5 Ulead VideoStudio SE DVD Universal Document Converter (Demo) Unload Update for Microsoft .NET Framework 3.5 SP1 (KB963707) User Profile Hive Cleanup Service VCRedistSetup Veoh Web Player Video iCodec 3.15 Vizrt Vizky version 1.5.8 VLC media player 2.1.1 VST Bridge 1.1 WD Diagnostics WebFldrs XP WebReg WiMP 2.5.1 Winamp Winamp Detector Plug-in Winamp Essentials Pack Windows-driverpakke - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Grep 2.3 Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Media Encoder 9 Series Windows Media Format 11 runtime Windows Media Player 11 Windows Presentation Foundation Windows XP Service Pack 3 WinFF v0.23 WinPatrol WinRAR 5.01 (32-bit) XML Paper Specification Shared Components Pack 1.0 Xvid 1.1.3 final uninstall . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.51.2 Run by HP_Eier at 16:59:17 on 2014-01-27 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.2558.1288 [GMT 1:00] . AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Internet Security *Enabled* . ============== Running Processes ================ . C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Alwil Software\Avast5\afwServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE C:\Programfiler\Java\jre7\bin\jqs.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Programfiler\Malwarebytes' Anti-Malware\mbamservice.exe C:\Programfiler\Malwarebytes' Anti-Malware\mbamgui.exe C:\Programfiler\Nero\Update\NASvc.exe C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE C:\Programfiler\Prio\prio_svc.exe c:\Programfiler\Fellesfiler\Protexis\License Service\PsiService_2.exe C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe C:\Programfiler\UPHClean\uphclean.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\ALCXMNTR.EXE C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\HP\KBD\KBD.EXE C:\Programfiler\Sony\Content Transfer\ContentTransferWMDetector.exe C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe C:\Programfiler\Alwil Software\Avast5\AvastUI.exe C:\Programfiler\Nero\Nero 11\Nero BackItUp\NBAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . BHO: Telenorhjelpen: {2EF1BAF9-1988-42a1-82BC-5CB6197AED28} - c:\programfiler\telenor norway\telenorhjelpen\bho\IEBHO.dll BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\programfiler\canon\easy-webprint ex\ewpexbho.dll BHO: EWPBrowseObject Class: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - c:\programfiler\canon\easy-webprint\EWPBrowseLoader.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\programfiler\java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\programfiler\alwil software\avast5\aswWebRepIE.dll BHO: Påloggingshjelp for Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\programfiler\fellesfiler\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\programfiler\java\jre7\bin\jp2ssv.dll BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - c:\programfiler\fellesfiler\simple adblock\SimpleAdblock.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\programfiler\canon\easy-webprint ex\ewpexhlp.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\programfiler\canon\easy-webprint ex\ewpexhlp.dll TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\programfiler\alwil software\avast5\aswWebRepIE.dll EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\programfiler\canon\easy-webprint ex\ewpexhlp.dll EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - <orphaned> EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - <orphaned> uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [WinPatrol] c:\programfiler\billp studios\winpatrol\winpatrol.exe -expressboot mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [HPHUPD08] c:\programfiler\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [HP Software Update] c:\programfiler\hp\hp software update\HPWuSchd2.exe mRun: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [ContentTransferWMDetector.exe] c:\programfiler\sony\content transfer\ContentTransferWMDetector.exe mRun: [APSDaemon] "c:\programfiler\fellesfiler\apple\apple application support\APSDaemon.exe" mRun: [iSUSPM Startup] c:\progra~1\felles~1\instal~1\update~1\ISUSPM.exe -startup mRun: [Adobe ARM] "c:\programfiler\fellesfiler\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\programfiler\fellesfiler\java\java update\jusched.exe" mRun: [AvastUI.exe] "c:\programfiler\alwil software\avast5\AvastUI.exe" /nogui mRun: [NBAgent] "c:\programfiler\nero\nero 11\nero backitup\NBAgent.exe" /WinStart uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Download files with BH - c:\programfiler\bilderherunterlader\ieplugin\BHIEScript.htm IE: Easy-WebPrint Add To Print List - c:\programfiler\canon\easy-webprint\Toolband.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\programfiler\canon\easy-webprint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\programfiler\canon\easy-webprint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\programfiler\canon\easy-webprint\Toolband.dll/RC_Print.html IE: Legg mål-linken i kø med BID - c:\programfiler\bulk image downloader\iemenu\iebidlinkqueue.htm IE: Legg nåværende side til med BID Image Downloader - c:\programfiler\bulk image downloader\iemenu\iebidqueue.htm IE: Åpne mål-linken med BID - c:\programfiler\bulk image downloader\iemenu\iebidlink.htm IE: Åpne nåværende side med BID Image Downloader - c:\programfiler\bulk image downloader\iemenu\iebid.htm IE: Åpne nåværende side med BID Link Explorer Image Downloader - c:\programfiler\bulk image downloader\iemenu\iebidlinkexplorer.htm IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001010-0002-0010-ABCDEFFEDCBC} - <orphaned> IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programfiler\messenger\msmsgs.exe TCP: NameServer = 193.213.112.4 130.67.15.198 10.0.0.138 TCP: Interfaces\{6AEC86C2-693B-4F76-8E32-83EC86171176} : DHCPNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.114.3.243 TCP: Interfaces\{7029FD28-C845-4426-BF5C-81A7284627A4} : DHCPNameServer = 193.213.112.4 130.67.15.198 10.0.0.138 Notify: AtiExtEvent - Ati2evxx.dll AppInit_DLLs= prio.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 130.0.234.27 razlyuli.org ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\hp_eier\programdata\mozilla\firefox\profiles\lendhffs.default\ FF - component: c:\programfiler\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll FF - plugin: c:\documents and settings\hp_eier\programdata\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\programfiler\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\programfiler\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\programfiler\canon\mycamera download plugin\NPCIG.dll FF - plugin: c:\programfiler\java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\programfiler\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\programfiler\microsoft silverlight\5.1.20913.0\npctrlui.dll FF - plugin: c:\programfiler\sony\media go\npmediago.dll FF - plugin: c:\programfiler\vizky\npVizky.dll FF - plugin: c:\programfiler\winamp detect\npwachk.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1207148.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\documents and settings\hp_eier\programdata\mozilla\firefox\profiles\lendhffs.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi FF - ExtSQL: !HIDDEN! 2009-09-02 02:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2013-8-31 12112] R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswndis2.sys [2013-8-31 252336] R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-13 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-13 180248] R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2014-1-10 56496] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2014-1-10 12464] R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-8-31 26136] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-14 775952] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-3 410528] R1 prio;Prio;c:\windows\system32\drivers\prio.sys [2012-11-8 54128] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-13 67824] R2 avast! Antivirus;avast! Antivirus;c:\programfiler\alwil software\avast5\AvastSvc.exe [2010-7-10 50344] R2 avast! Firewall;avast! Firewall;c:\programfiler\alwil software\avast5\afwServ.exe [2013-8-31 113704] R2 MBAMScheduler;MBAMScheduler;c:\programfiler\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-12 418376] R2 MBAMService;MBAMService;c:\programfiler\malwarebytes' anti-malware\mbamservice.exe [2009-3-26 701512] R2 NAUpdate;Nero Update;c:\programfiler\nero\update\NASvc.exe [2011-11-4 687400] R2 OMSI download service;Sony Ericsson OMSI download service;c:\programfiler\sony ericsson\sony ericsson pc suite\SupServ.exe [2011-4-15 90112] R2 prio_svc;Prio Service;c:\programfiler\prio\prio_svc.exe [2012-11-8 12656] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2013-10-17 13880] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-26 22856] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-8-31 12400] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2011-4-15 86824] S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2011-4-15 15016] S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2011-4-15 114600] S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2011-4-15 108328] S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2011-4-15 26024] S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2011-4-15 104616] S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2011-4-15 109736] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2011-4-15 86824] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2011-4-15 15016] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2011-4-15 114728] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2011-4-15 106208] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2011-4-15 26024] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2011-4-15 104744] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2011-4-15 109864] S3 Sony PC Companion;Sony PC Companion;c:\programfiler\sony\sony pc companion\PCCService.exe [2012-8-31 155824] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2010-11-18 41984] S3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [2005-1-2 449920] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856] S4 ESUSClient_TNO;Telenor Norway Software Update Service;c:\programfiler\telenor norway\esus_tno\ESUS_TNO.exe [2010-12-17 358808] S4 TelenorhjelpenSvc;Telenorhjelpen Service;c:\programfiler\telenor norway\telenorhjelpen\Service.exe [2011-2-15 463240] . =============== File Associations =============== . ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~3\office\FRONTPG.EXE . =============== Created Last 30 ================ . 2014-01-26 21:32:52 -------- d--h--r- c:\documents and settings\hp_eier\Siste 2014-01-18 10:20:44 32384 ----a-w- c:\windows\system32\udcpm.dll 2014-01-18 10:20:32 -------- d-----w- c:\programfiler\Universal Document Converter 2014-01-15 19:03:16 -------- d-----w- c:\programfiler\HD Tune 2014-01-15 16:59:03 145408 ----a-w- c:\windows\system32\javacpl.cpl 2014-01-15 16:58:22 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-01-11 08:57:39 -------- d-----w- c:\documents and settings\hp_eier\lokale innstillinger\programdata\Nero_AG 2014-01-11 08:56:58 -------- d-----w- c:\documents and settings\hp_eier\lokale innstillinger\programdata\Nero 2014-01-10 22:44:30 -------- d-----w- c:\programfiler\Verbatim 2014-01-10 22:33:13 12464 ----a-w- c:\windows\system32\drivers\NBVolUp.sys 2014-01-10 22:33:05 56496 ----a-w- c:\windows\system32\drivers\NBVol.sys . ==================== Find3M ==================== . 2014-01-24 16:19:04 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-01-24 16:19:04 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-12-28 13:45:47 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-12-28 13:45:47 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-12-28 13:45:47 43152 ----a-w- c:\windows\avastSS.scr 2013-12-28 13:45:47 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-12-28 13:45:27 252336 ----a-w- c:\windows\system32\drivers\aswndis2.sys 2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2013-11-19 16:42:04 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-11-19 16:41:50 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2013-11-13 03:00:06 150528 ----a-w- c:\windows\system32\imagehlp.dll 2013-11-07 05:38:04 591360 ----a-w- c:\windows\system32\rpcrt4.dll 2013-11-06 01:36:43 7168 ----a-w- c:\windows\system32\xpsp4res.dll 2013-10-31 06:46:14 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys 2013-10-30 02:51:21 1879040 ----a-w- c:\windows\system32\win32k.sys 2005-05-13 16:12:00 217073 --sha-r- c:\windows\meta4.exe 2005-10-24 10:13:58 66560 --sha-r- c:\windows\MOTA113.exe 2005-10-13 20:27:00 422400 --sha-r- c:\windows\x2.64.exe 2005-06-26 14:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll 2005-06-21 21:37:42 45568 --sha-r- c:\windows\system32\cygz.dll 2008-09-03 06:25:48 77312 --sh--r- c:\windows\system32\devcon_001.exe 2004-01-24 23:00:00 70656 --sha-r- c:\windows\system32\i420vfw.dll 2006-04-27 09:24:24 2945024 --sha-r- c:\windows\system32\Smab.dll 2005-02-28 12:16:22 240128 --sha-r- c:\windows\system32\x.264.exe 2004-01-24 23:00:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll . ============= FINISH: 17:00:45,40 ===============

OK, I've updated Firefox and ran OTC. Thanks for your help!

Results of screen317's Security Check version 0.99.76 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` avast! Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 11.9.900.117 Adobe Reader XI Mozilla Firefox 24.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` WinPatrol winpatrol.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast afwServ.exe AVAST Software Avast avastui.exe BillP Studios WinPatrol WinPatrol.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````