Aphasia

OK, I've uninstalled ComboFix and run DelFix. I've just run a quick scan with both Avast Internet Security and MBAM Pro, and both scans came up clean.

ESET found 4 files: C:\System Volume Information\_restore{3CDDF21C-93F9-4740-898C-6EBEAA821307}\RP2386\A0618659.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\System Volume Information\_restore{3CDDF21C-93F9-4740-898C-6EBEAA821307}\RP2408\A0628589.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\System Volume Information\_restore{3CDDF21C-93F9-4740-898C-6EBEAA821307}\RP2425\A0632132.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\System Volume Information\_restore{3CDDF21C-93F9-4740-898C-6EBEAA821307}\RP2449\A0643754.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

Sorry, HERE is the attached log. (Why can't I edit posts?) hijackthis.log

For some reason, some parts of the HiJackThis log gets removed when I paste the log here, so I will just post it as an attachment.

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:25:05, on 04.02.2014 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Alwil Software\Avast5\afwServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE C:\Programfiler\Java\jre7\bin\jqs.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Programfiler\Malwarebytes' Anti-Malware\mbamservice.exe C:\Programfiler\Malwarebytes' Anti-Malware\mbamgui.exe C:\Programfiler\Nero\Update\NASvc.exe C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE C:\Programfiler\Prio\prio_svc.exe c:\Programfiler\Fellesfiler\Protexis\License Service\PsiService_2.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe C:\Programfiler\UPHClean\uphclean.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\ALCXMNTR.EXE C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\HP\KBD\KBD.EXE C:\Programfiler\Sony\Content Transfer\ContentTransferWMDetector.exe C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe C:\Programfiler\Alwil Software\Avast5\AvastUI.exe C:\Programfiler\Nero\Nero 11\Nero BackItUp\NBAgent.exe C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\Documents and Settings\HP_Eier\Skrivebord\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: BHO - {2EF1BAF9-1988-42a1-82BC-5CB6197AED28} - C:\Programfiler\Telenor Norway\Telenorhjelpen\BHO\IEBHO.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programfiler\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programfiler\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programfiler\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre7\bin\jp2ssv.dll O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Programfiler\Fellesfiler\Simple Adblock\SimpleAdblock.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programfiler\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Programfiler\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD08] c:\Programfiler\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Programfiler\Sony\Content Transfer\ContentTransferWMDetector.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Programfiler\Fellesfiler\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [Adobe ARM] "C:\Programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Programfiler\Alwil Software\Avast5\AvastUI.exe" /nogui O4 - HKLM\..\Run: [NBAgent] "C:\Programfiler\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKCU\..\Run: [WinPatrol] C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe -expressboot O8 - Extra context menu item: Download files with BH - C:\Programfiler\BilderHerunterlader\IEPlugin\BHIEScript.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://stein-vidar.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349787841203 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Programfiler\Alwil Software\Avast5\afwServ.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programfiler\Java\jre7\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programfiler\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programfiler\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Programfiler\Nero\Update\NASvc.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE O23 - Service: Prio Service (prio_svc) - Unknown owner - C:\Programfiler\Prio\prio_svc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Programfiler\Fellesfiler\Protexis\License Service\PsiService_2.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programfiler\WinPcap\rpcapd.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sony PC Companion - Avanquest Software - C:\Programfiler\Sony\Sony PC Companion\PCCService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows ® Codename Longhorn DDK provider - C:\Programfiler\UPHClean\uphclean.exe -- End of file - 11927 bytes

MBAM log: Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Databaseversjon: v2014.02.04.10 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 HP_Eier :: STEIN-VIDAR [administrator] Beskyttelse: Aktivert 04.02.2014 20:09:42 mbam-log-2014-02-04 (20-09-42).txt Skanntype: Hurtigsøk Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM Deaktiverte skanninnstillinger: P2P Objekter skannet: 279842 Tid tilbakelagt: 11 minutt(er), 20 sekund(er) Minneprosesser oppdaget: 0 (Ingen skadelige objekter funnet) Minnemoduler oppdaget: 0 (Ingen skadelige objekter funnet) Registernøkler oppdaget: 0 (Ingen skadelige objekter funnet) Registerverdier oppdaget: 0 (Ingen skadelige objekter funnet) Registerfiler oppdaget: 0 (Ingen skadelige objekter funnet) Mapper oppdaget: 0 (Ingen skadelige objekter funnet) Filer oppdaget 0 (Ingen skadelige objekter funnet) (klar) -------------------------------------------------- HiJackThis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:25:05, on 04.02.2014 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Alwil Software\Avast5\afwServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE C:\Programfiler\Java\jre7\bin\jqs.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Programfiler\Malwarebytes' Anti-Malware\mbamservice.exe C:\Programfiler\Malwarebytes' Anti-Malware\mbamgui.exe C:\Programfiler\Nero\Update\NASvc.exe C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE C:\Programfiler\Prio\prio_svc.exe c:\Programfiler\Fellesfiler\Protexis\License Service\PsiService_2.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe C:\Programfiler\UPHClean\uphclean.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\ALCXMNTR.EXE C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\HP\KBD\KBD.EXE C:\Programfiler\Sony\Content Transfer\ContentTransferWMDetector.exe C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe C:\Programfiler\Alwil Software\Avast5\AvastUI.exe C:\Programfiler\Nero\Nero 11\Nero BackItUp\NBAgent.exe C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\Documents and Settings\HP_Eier\Skrivebord\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: BHO - {2EF1BAF9-1988-42a1-82BC-5CB6197AED28} - C:\Programfiler\Telenor Norway\Telenorhjelpen\BHO\IEBHO.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programfiler\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programfiler\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programfiler\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre7\bin\jp2ssv.dll O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Programfiler\Fellesfiler\Simple Adblock\SimpleAdblock.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programfiler\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Programfiler\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD08] c:\Programfiler\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Programfiler\Sony\Content Transfer\ContentTransferWMDetector.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Programfiler\Fellesfiler\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [Adobe ARM] "C:\Programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Programfiler\Alwil Software\Avast5\AvastUI.exe" /nogui O4 - HKLM\..\Run: [NBAgent] "C:\Programfiler\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKCU\..\Run: [WinPatrol] C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe -expressboot O8 - Extra context menu item: Download files with BH - C:\Programfiler\BilderHerunterlader\IEPlugin\BHIEScript.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://stein-vidar.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349787841203 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Programfiler\Alwil Software\Avast5\afwServ.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programfiler\Java\jre7\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programfiler\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programfiler\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Programfiler\Nero\Update\NASvc.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE O23 - Service: Prio Service (prio_svc) - Unknown owner - C:\Programfiler\Prio\prio_svc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Programfiler\Fellesfiler\Protexis\License Service\PsiService_2.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programfiler\WinPcap\rpcapd.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sony PC Companion - Avanquest Software - C:\Programfiler\Sony\Sony PC Companion\PCCService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows ® Codename Longhorn DDK provider - C:\Programfiler\UPHClean\uphclean.exe -- End of file - 11927 bytes

ComboFix 14-02-03.01 - HP_Eier 03.02.2014 17:06:53.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.2558.1836 [GMT 1:00] Kjører fra: c:\documents and settings\HP_Eier\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\HP_Eier\Skrivebord\CFScript.txt AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2014-01-03 til 2014-02-03 ))))))))))))))))))))))))))))))))) . . 2014-02-02 21:32 . 2014-02-03 16:02 -------- d--h--r- c:\documents and settings\HP_Eier\Siste 2014-02-02 16:17 . 2014-02-02 16:17 -------- d-----w- c:\windows\ERUNT 2014-01-18 10:20 . 2013-11-22 15:48 32384 ----a-w- c:\windows\system32\udcpm.dll 2014-01-18 10:20 . 2014-01-18 10:20 -------- d-----w- c:\programfiler\Universal Document Converter 2014-01-15 19:03 . 2014-01-15 19:03 -------- d-----w- c:\programfiler\HD Tune 2014-01-15 16:59 . 2013-12-18 19:46 145408 ----a-w- c:\windows\system32\javacpl.cpl 2014-01-15 16:58 . 2013-12-18 20:10 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-01-11 08:56 . 2014-01-11 08:56 -------- d-----w- c:\documents and settings\HP_Eier\Lokale innstillinger\Programdata\Nero 2014-01-10 22:44 . 2014-01-10 22:46 -------- d-----w- c:\programfiler\Verbatim 2014-01-10 22:40 . 2014-01-10 22:41 -------- d-----w- c:\programfiler\Fellesfiler\Nero 2014-01-10 22:33 . 2011-12-01 10:40 12464 ----a-w- c:\windows\system32\drivers\NBVolUp.sys 2014-01-10 22:33 . 2011-12-01 10:40 56496 ----a-w- c:\windows\system32\drivers\NBVol.sys 2014-01-10 22:27 . 2014-01-10 22:27 -------- d-----w- c:\programfiler\Microsoft.NET . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-01-24 16:19 . 2012-03-30 09:05 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-01-24 16:19 . 2011-05-18 10:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-12-28 13:45 . 2013-03-13 20:38 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-12-28 13:45 . 2013-03-13 20:38 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-12-28 13:45 . 2011-03-14 01:11 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-12-28 13:45 . 2010-07-10 02:11 43152 ----a-w- c:\windows\avastSS.scr 2013-12-28 13:45 . 2008-04-03 11:04 410528 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-12-28 13:45 . 2006-01-06 10:56 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-12-28 13:45 . 2006-01-06 10:56 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-12-28 13:45 . 2006-01-06 10:56 270240 ----a-w- c:\windows\system32\aswBoot.exe 2013-12-28 13:45 . 2013-08-31 08:18 252336 ----a-w- c:\windows\system32\drivers\aswndis2.sys 2013-11-27 20:21 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2013-11-19 16:42 . 2013-03-13 20:38 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-11-19 16:41 . 2013-08-31 08:18 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2013-11-13 03:00 . 2004-08-04 18:00 150528 ----a-w- c:\windows\system32\imagehlp.dll 2013-11-07 05:38 . 2004-08-04 12:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll 2013-11-06 01:36 . 2008-05-05 05:25 7168 ----a-w- c:\windows\system32\xpsp4res.dll 2005-05-13 16:12 217073 --sha-r- c:\windows\meta4.exe 2005-10-24 10:13 66560 --sha-r- c:\windows\MOTA113.exe 2005-10-13 20:27 422400 --sha-r- c:\windows\x2.64.exe 2005-06-26 14:32 616448 --sha-r- c:\windows\system32\cygwin1.dll 2005-06-21 21:37 45568 --sha-r- c:\windows\system32\cygz.dll 2008-09-03 06:25 77312 --sh--r- c:\windows\system32\devcon_001.exe 2004-01-24 23:00 70656 --sha-r- c:\windows\system32\i420vfw.dll 2006-04-27 09:24 2945024 --sha-r- c:\windows\system32\Smab.dll 2005-02-28 12:16 240128 --sha-r- c:\windows\system32\x.264.exe 2004-01-24 23:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll . . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-12-28 13:45 259464 ----a-w- c:\programfiler\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "HPHUPD08"="c:\programfiler\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344] "HP Software Update"="c:\programfiler\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "regcmdcons"="c:\hp\bin\cloaker.exe" [1999-11-07 27136] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-12 196608] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "ContentTransferWMDetector.exe"="c:\programfiler\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200] "APSDaemon"="c:\programfiler\Fellesfiler\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2013-07-02 254336] "AvastUI.exe"="c:\programfiler\Alwil Software\Avast5\AvastUI.exe" [2013-12-28 3764024] "NBAgent"="c:\programfiler\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-11-18 1492264] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^HP_Eier^Start-meny^Programmer^Oppstart^Adobe Gamma.lnk] path=c:\documents and settings\HP_Eier\Start-meny\Programmer\Oppstart\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2013-04-21 19:43 59720 ----a-w- c:\programfiler\Fellesfiler\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2004-07-27 22:50 221184 ----a-w- c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2004-07-27 22:50 81920 ----a-w- c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telenorhjelpen] 2010-12-17 07:53 88440 ----a-w- c:\programfiler\Telenor Norway\Telenorhjelpen\Telenorhjelpen.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "YahooAUService"=2 (0x2) "xmlprov"=3 (0x3) "WZCSVC"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "TelenorhjelpenSvc"=2 (0x2) "ESUSClient_TNO"=2 (0x2) "ERSvc"=2 (0x2) "Dot3svc"=3 (0x3) "Bonjour Service"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "Apple Mobile Device"=2 (0x2) "Adobe LM Service"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Programfiler\\QuickTime\\QuickTimePlayer.exe"= "c:\\Gammel Harddisk\\Gamle Programfiler\\WS_FTP\\WS_FTP95.exe"= "c:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"= "c:\\Documents and Settings\\HP_Eier\\Programdata\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\\Programfiler\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Telenor Norway\\Telenorhjelpen\\Telenorhjelpen.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Programfiler\\Java\\jre7\\bin\\javaw.exe"= "c:\\Documents and Settings\\HP_Eier\\Programdata\\Dropbox\\bin\\Dropbox.exe"= "c:\\Programfiler\\Fellesfiler\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\Winamp\\winamp.exe"= "c:\\Programfiler\\Nero\\Nero 11\\Nero BackItUp\\BackItUp.exe"= . R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [31.08.2013 09:17 12112] R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswndis2.sys [31.08.2013 09:18 252336] R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [13.03.2013 21:38 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [13.03.2013 21:38 180248] R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [10.01.2014 23:33 56496] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [10.01.2014 23:33 12464] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.01.2007 20:31 639224] R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [31.08.2013 09:18 26136] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.03.2011 02:11 775952] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03.04.2008 12:04 410528] R1 prio;Prio;c:\windows\system32\drivers\prio.sys [08.11.2012 20:29 54128] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [13.03.2013 21:38 67824] R2 avast! Firewall;avast! Firewall;c:\programfiler\Alwil Software\Avast5\afwServ.exe [31.08.2013 09:17 113704] R2 MBAMScheduler;MBAMScheduler;c:\programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe [12.10.2012 19:08 418376] R2 MBAMService;MBAMService;c:\programfiler\Malwarebytes' Anti-Malware\mbamservice.exe [26.03.2009 21:58 701512] R2 NAUpdate;Nero Update;c:\programfiler\Nero\Update\NASvc.exe [04.11.2011 14:40 687400] R2 prio_svc;Prio Service;c:\programfiler\Prio\prio_svc.exe [08.11.2012 20:29 12656] R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.10.2013 20:37 13880] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.03.2009 21:58 22856] S2 OMSI download service;Sony Ericsson OMSI download service;c:\programfiler\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [15.04.2011 13:14 90112] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [31.08.2012 15:39 12400] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [15.04.2011 13:14 86824] S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [15.04.2011 13:14 15016] S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [15.04.2011 13:14 114600] S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [15.04.2011 13:14 108328] S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [15.04.2011 13:14 26024] S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [15.04.2011 13:14 104616] S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [15.04.2011 13:14 109736] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [15.04.2011 13:06 86824] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [15.04.2011 13:06 15016] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [15.04.2011 13:06 114728] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [15.04.2011 13:06 106208] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [15.04.2011 13:06 26024] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [15.04.2011 13:06 104744] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [15.04.2011 13:06 109864] S3 Sony PC Companion;Sony PC Companion;c:\programfiler\Sony\Sony PC Companion\PCCService.exe [31.08.2012 15:35 155824] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [18.11.2010 20:57 41984] S3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [02.01.2005 08:36 449920] S4 ESUSClient_TNO;Telenor Norway Software Update Service;c:\programfiler\Telenor Norway\ESUS_TNO\ESUS_TNO.exe [17.12.2010 11:02 358808] S4 TelenorhjelpenSvc;Telenorhjelpen Service;c:\programfiler\Telenor Norway\Telenorhjelpen\Service.exe [15.02.2011 16:31 463240] . --- Andre tjenester/drivere lastet i minnet --- . *Deregistered* - uphcleanhlp . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2014-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 16:19] . 2014-02-03 c:\windows\Tasks\avast! Emergency Update.job - c:\programfiler\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-01 13:45] . 2014-02-02 c:\windows\Tasks\HP_Eier Nero LIVEBackup 6 0.job - c:\programfiler\Nero\Nero 11\Nero BackItUp\NBCore.exe [2011-11-18 11:37] . 2014-02-02 c:\windows\Tasks\HP_Eier Nero LIVEBackup Merge 6 0.job - c:\programfiler\Nero\Nero 11\Nero BackItUp\NBCore.exe [2011-11-18 11:37] . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local IE: Download files with BH - c:\programfiler\BilderHerunterlader\IEPlugin\BHIEScript.htm IE: Easy-WebPrint Add To Print List - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html TCP: DhcpNameServer = 130.67.15.198 193.213.112.4 10.0.0.138 FF - ProfilePath - c:\documents and settings\HP_Eier\Programdata\Mozilla\Firefox\Profiles\lendhffs.default\ FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\documents and settings\HP_Eier\Programdata\Mozilla\Firefox\Profiles\lendhffs.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi FF - ExtSQL: !HIDDEN! 2009-09-02 02:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-02-03 17:19 Windows 5.1.2600 Service Pack 3 NTFS . skanner skjulte prosesser ... . skanner skjulte autostart-oppføringer ... . skanner skjulte filer ... . skanning vellykket skjulte filer: 0 . ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- . - - - - - - - > 'winlogon.exe'(1084) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(3484) c:\programfiler\BillP Studios\WinPatrol\PATROLPRO.DLL c:\windows\system32\msi.dll c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Tidspunkt ferdig: 2014-02-03 17:22:10 ComboFix-quarantined-files.txt 2014-02-03 16:22 ComboFix2.txt 2014-02-02 22:05 . Pre-Run: 826 513 367 040 byte ledig Post-Run: 826 501 640 192 byte ledig . - - End Of File - - 1732C23E0017CD4447E65295026C1725 5F8B5082F3482CC06B72EC5806598AE9

Well, I ran ComboFix and disabled Avast and MBAM. However, I forgot to disable WinPatrol. Is that a bad thing? I tried to install the Recovery Console after I was asked, but I got something like "Failed to generate download link" and the scan went on. Here is the log: ComboFix 14-02-01.01 - HP_Eier 02.02.2014 22:44:19.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.2558.1890 [GMT 1:00] Kjører fra: c:\documents and settings\HP_Eier\Skrivebord\ComboFix.exe AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Programdata\9075968fa8a039e8cd2a93c22b53a28e_HP_Eier c:\documents and settings\All Users\Programdata\hpe477.dll c:\documents and settings\All Users\Programdata\TEMP c:\documents and settings\All Users\Programdata\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe c:\documents and settings\Default User\WINDOWS c:\documents and settings\HP_Eier\Programdata\dvdae c:\documents and settings\HP_Eier\Programdata\dvdae\dvdae.config c:\documents and settings\HP_Eier\Programdata\dvdae\dvdae.lic c:\documents and settings\HP_Eier\Programdata\HPSU_48BitScanUpdate.log c:\documents and settings\HP_Eier\Skrivebord\Internet Explorer.lnk c:\documents and settings\HP_Eier\Skrivebord\Scanner.lnk c:\documents and settings\HP_Eier\WINDOWS c:\programfiler\DaemonTools_WhenUSave_Installer c:\programfiler\media-codec c:\programfiler\WinPCap c:\programfiler\WinPCap\daemon_mgm.exe c:\programfiler\WinPCap\INSTALL.LOG c:\programfiler\WinPCap\NetMonInstaller.exe c:\programfiler\WinPCap\npf_mgm.exe c:\programfiler\WinPCap\rpcapd.exe c:\programfiler\WinPCap\Uninstall.exe c:\windows\IsUn0414.exe c:\windows\iun6002.exe c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\PowerToyReadme.htm c:\windows\system32\ps2.bat c:\windows\system32\SET176.tmp c:\windows\system32\SET17B.tmp c:\windows\system32\SET182.tmp c:\windows\unin0414.exe c:\windows\wininit.ini D:\Autorun.inf J:\Autorun.inf K:\autorun.inf K:\setup.exe . . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2014-01-02 til 2014-02-02 ))))))))))))))))))))))))))))))))) . . 2014-02-02 21:32 . 2014-02-02 21:34 -------- d--h--r- c:\documents and settings\HP_Eier\Siste 2014-02-02 16:17 . 2014-02-02 16:17 -------- d-----w- c:\windows\ERUNT 2014-01-18 10:20 . 2013-11-22 15:48 32384 ----a-w- c:\windows\system32\udcpm.dll 2014-01-18 10:20 . 2014-01-18 10:20 -------- d-----w- c:\programfiler\Universal Document Converter 2014-01-15 19:03 . 2014-01-15 19:03 -------- d-----w- c:\programfiler\HD Tune 2014-01-15 16:59 . 2013-12-18 19:46 145408 ----a-w- c:\windows\system32\javacpl.cpl 2014-01-15 16:58 . 2013-12-18 20:10 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-01-11 08:56 . 2014-01-11 08:56 -------- d-----w- c:\documents and settings\HP_Eier\Lokale innstillinger\Programdata\Nero 2014-01-10 22:44 . 2014-01-10 22:46 -------- d-----w- c:\programfiler\Verbatim 2014-01-10 22:40 . 2014-01-10 22:41 -------- d-----w- c:\programfiler\Fellesfiler\Nero 2014-01-10 22:33 . 2011-12-01 10:40 12464 ----a-w- c:\windows\system32\drivers\NBVolUp.sys 2014-01-10 22:33 . 2011-12-01 10:40 56496 ----a-w- c:\windows\system32\drivers\NBVol.sys 2014-01-10 22:27 . 2014-01-10 22:27 -------- d-----w- c:\programfiler\Microsoft.NET . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-01-24 16:19 . 2012-03-30 09:05 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-01-24 16:19 . 2011-05-18 10:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-12-28 13:45 . 2013-03-13 20:38 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-12-28 13:45 . 2013-03-13 20:38 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-12-28 13:45 . 2011-03-14 01:11 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-12-28 13:45 . 2010-07-10 02:11 43152 ----a-w- c:\windows\avastSS.scr 2013-12-28 13:45 . 2008-04-03 11:04 410528 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-12-28 13:45 . 2006-01-06 10:56 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-12-28 13:45 . 2006-01-06 10:56 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-12-28 13:45 . 2006-01-06 10:56 270240 ----a-w- c:\windows\system32\aswBoot.exe 2013-12-28 13:45 . 2013-08-31 08:18 252336 ----a-w- c:\windows\system32\drivers\aswndis2.sys 2013-11-27 20:21 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2013-11-19 16:42 . 2013-03-13 20:38 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-11-19 16:41 . 2013-08-31 08:18 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2013-11-13 03:00 . 2004-08-04 18:00 150528 ----a-w- c:\windows\system32\imagehlp.dll 2013-11-07 05:38 . 2004-08-04 12:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll 2013-11-06 01:36 . 2008-05-05 05:25 7168 ----a-w- c:\windows\system32\xpsp4res.dll 2005-05-13 16:12 217073 --sha-r- c:\windows\meta4.exe 2005-10-24 10:13 66560 --sha-r- c:\windows\MOTA113.exe 2005-10-13 20:27 422400 --sha-r- c:\windows\x2.64.exe . . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-12-28 13:45 259464 ----a-w- c:\programfiler\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="c:\programfiler\BillP Studios\WinPatrol\winpatrol.exe" [2013-12-10 455744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "HPHUPD08"="c:\programfiler\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344] "HP Software Update"="c:\programfiler\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "regcmdcons"="c:\hp\bin\cloaker.exe" [1999-11-07 27136] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-12 196608] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "ContentTransferWMDetector.exe"="c:\programfiler\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200] "APSDaemon"="c:\programfiler\Fellesfiler\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2013-07-02 254336] "AvastUI.exe"="c:\programfiler\Alwil Software\Avast5\AvastUI.exe" [2013-12-28 3764024] "NBAgent"="c:\programfiler\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-11-18 1492264] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^HP_Eier^Start-meny^Programmer^Oppstart^Adobe Gamma.lnk] path=c:\documents and settings\HP_Eier\Start-meny\Programmer\Oppstart\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2013-04-21 19:43 59720 ----a-w- c:\programfiler\Fellesfiler\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2004-07-27 22:50 221184 ----a-w- c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2004-07-27 22:50 81920 ----a-w- c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telenorhjelpen] 2010-12-17 07:53 88440 ----a-w- c:\programfiler\Telenor Norway\Telenorhjelpen\Telenorhjelpen.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "YahooAUService"=2 (0x2) "xmlprov"=3 (0x3) "WZCSVC"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "TelenorhjelpenSvc"=2 (0x2) "ESUSClient_TNO"=2 (0x2) "ERSvc"=2 (0x2) "Dot3svc"=3 (0x3) "Bonjour Service"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "Apple Mobile Device"=2 (0x2) "Adobe LM Service"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Programfiler\\QuickTime\\QuickTimePlayer.exe"= "c:\\Gammel Harddisk\\Gamle Programfiler\\WS_FTP\\WS_FTP95.exe"= "c:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"= "c:\\Documents and Settings\\HP_Eier\\Programdata\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\\Programfiler\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Telenor Norway\\Telenorhjelpen\\Telenorhjelpen.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Programfiler\\Java\\jre7\\bin\\javaw.exe"= "c:\\Documents and Settings\\HP_Eier\\Programdata\\Dropbox\\bin\\Dropbox.exe"= "c:\\Programfiler\\Fellesfiler\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\Winamp\\winamp.exe"= "c:\\Programfiler\\Nero\\Nero 11\\Nero BackItUp\\BackItUp.exe"= . R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [31.08.2013 09:17 12112] R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswndis2.sys [31.08.2013 09:18 252336] R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [13.03.2013 21:38 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [13.03.2013 21:38 180248] R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [10.01.2014 23:33 56496] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [10.01.2014 23:33 12464] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.01.2007 20:31 639224] R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [31.08.2013 09:18 26136] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.03.2011 02:11 775952] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03.04.2008 12:04 410528] R1 prio;Prio;c:\windows\system32\drivers\prio.sys [08.11.2012 20:29 54128] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [13.03.2013 21:38 67824] R2 avast! Firewall;avast! Firewall;c:\programfiler\Alwil Software\Avast5\afwServ.exe [31.08.2013 09:17 113704] R2 MBAMScheduler;MBAMScheduler;c:\programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe [12.10.2012 19:08 418376] R2 NAUpdate;Nero Update;c:\programfiler\Nero\Update\NASvc.exe [04.11.2011 14:40 687400] R2 OMSI download service;Sony Ericsson OMSI download service;c:\programfiler\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [15.04.2011 13:14 90112] R2 prio_svc;Prio Service;c:\programfiler\Prio\prio_svc.exe [08.11.2012 20:29 12656] R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.10.2013 20:37 13880] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.03.2009 21:58 22856] S2 MBAMService;MBAMService;c:\programfiler\Malwarebytes' Anti-Malware\mbamservice.exe [26.03.2009 21:58 701512] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [31.08.2012 15:39 12400] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [15.04.2011 13:14 86824] S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [15.04.2011 13:14 15016] S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [15.04.2011 13:14 114600] S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [15.04.2011 13:14 108328] S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [15.04.2011 13:14 26024] S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [15.04.2011 13:14 104616] S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [15.04.2011 13:14 109736] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [15.04.2011 13:06 86824] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [15.04.2011 13:06 15016] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [15.04.2011 13:06 114728] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [15.04.2011 13:06 106208] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [15.04.2011 13:06 26024] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [15.04.2011 13:06 104744] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [15.04.2011 13:06 109864] S3 Sony PC Companion;Sony PC Companion;c:\programfiler\Sony\Sony PC Companion\PCCService.exe [31.08.2012 15:35 155824] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [18.11.2010 20:57 41984] S3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [02.01.2005 08:36 449920] S4 ESUSClient_TNO;Telenor Norway Software Update Service;c:\programfiler\Telenor Norway\ESUS_TNO\ESUS_TNO.exe [17.12.2010 11:02 358808] S4 TelenorhjelpenSvc;Telenorhjelpen Service;c:\programfiler\Telenor Norway\Telenorhjelpen\Service.exe [15.02.2011 16:31 463240] . --- Andre tjenester/drivere lastet i minnet --- . *NewlyCreated* - WS2IFSL *Deregistered* - uphcleanhlp . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2014-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 16:19] . 2014-02-02 c:\windows\Tasks\avast! Emergency Update.job - c:\programfiler\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-01 13:45] . 2014-02-02 c:\windows\Tasks\HP_Eier Nero LIVEBackup 6 0.job - c:\programfiler\Nero\Nero 11\Nero BackItUp\NBCore.exe [2011-11-18 11:37] . 2014-02-02 c:\windows\Tasks\HP_Eier Nero LIVEBackup Merge 6 0.job - c:\programfiler\Nero\Nero 11\Nero BackItUp\NBCore.exe [2011-11-18 11:37] . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local IE: Download files with BH - c:\programfiler\BilderHerunterlader\IEPlugin\BHIEScript.htm IE: Easy-WebPrint Add To Print List - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html TCP: DhcpNameServer = 130.67.15.198 193.213.112.4 10.0.0.138 FF - ProfilePath - c:\documents and settings\HP_Eier\Programdata\Mozilla\Firefox\Profiles\lendhffs.default\ FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\documents and settings\HP_Eier\Programdata\Mozilla\Firefox\Profiles\lendhffs.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi FF - ExtSQL: !HIDDEN! 2009-09-02 02:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-02-02 22:58 Windows 5.1.2600 Service Pack 3 NTFS . skanner skjulte prosesser ... . skanner skjulte autostart-oppføringer ... . skanner skjulte filer ... . . C:\avast! sandbox . skanning vellykket skjulte filer: 1 . ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- . - - - - - - - > 'winlogon.exe'(1088) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(760) c:\programfiler\BillP Studios\WinPatrol\PATROLPRO.DLL c:\windows\system32\msi.dll c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\programfiler\Alwil Software\Avast5\AvastSvc.exe c:\programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\programfiler\Canon\IJPLM\IJPLMSVC.EXE c:\programfiler\Java\jre7\bin\jqs.exe c:\programfiler\Fellesfiler\LightScribe\LSSrvc.exe c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE c:\programfiler\Fellesfiler\Protexis\License Service\PsiService_2.exe c:\programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe c:\programfiler\UPHClean\uphclean.exe c:\programfiler\Canon\CAL\CALMAIN.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\ALCXMNTR.EXE . ************************************************************************** . Tidspunkt ferdig: 2014-02-02 23:05:44 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2014-02-02 22:05 . Pre-Run: 826 367 246 336 byte ledig Post-Run: 826 588 299 264 byte ledig . - - End Of File - - F46D328AA95DACE8840C3AF723DB3AD4 5F8B5082F3482CC06B72EC5806598AE9

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.0 (01.07.2014:1) OS: Microsoft Windows XP x86 Ran by HP_Eier on 02.02.2014 at 17:17:43,20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\HP_Eier\Programdata\getrighttogo" ~~~ FireFox Emptied folder: C:\Documents and Settings\HP_Eier\Programdata\mozilla\firefox\profiles\lendhffs.default\minidumps [8 files] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 02.02.2014 at 17:27:53,95 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OK, I'm really worried now. I've tried to run AdwCleaner three times. First I clicked Scan and then I clicked Clean, and all three times the computer crashed during "Cleaning Browsers". I got no response from the program or anything else on the computer, so I had to turn off the computer manually. What do I do to fix this?

Hi. I'm sorry, I've been dealing with some personal issues this week. I will run those programs tomorrow and post the reports then.

I ran a full MBAM Pro scan and this file came up infected: C:\WINDOWS\Downloaded Installations\{C1379C57-0336-4779-B6AB-2D05B1C29FE5}\iTunes.msi (Malware.Packer.as) Here are the logs: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 06.01.2006 11:25:55 System Uptime: 26.01.2014 22:22:35 (19 hours ago) . Motherboard: MSI | | AMETHYST-M Processor: AMD Athlon 64 Processor 3500+ | Socket 939 | 2188/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 908 GiB total, 768,734 GiB free. D: is FIXED (FAT32) - 24 GiB total, 20,565 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is FIXED (FAT32) - 466 GiB total, 255,717 GiB free. K: is FIXED (FAT32) - 298 GiB total, 2,495 GiB free. N: is FIXED (NTFS) - 932 GiB total, 724,975 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Wireless LAN PCI 802.11 a/b/g adapter WN5401A Device ID: PCI\VEN_168C&DEV_001B&SUBSYS_500011AD&REV_01\4&1C88B56&0&08A4 Manufacturer: Liteon Name: Wireless LAN PCI 802.11 a/b/g adapter WN5401A PNP Device ID: PCI\VEN_168C&DEV_001B&SUBSYS_500011AD&REV_01\4&1C88B56&0&08A4 Service: WN5401 . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Beep Device ID: ROOT\LEGACY_BEEP\0000 Manufacturer: Name: Beep PNP Device ID: ROOT\LEGACY_BEEP\0000 Service: Beep . ==== System Restore Points =================== . RP2382: 29.10.2013 17:01:30 - Installert iTunes RP2383: 01.11.2013 16:16:26 - Kontrollpunkt for system RP2384: 03.11.2013 22:23:18 - Kontrollpunkt for system RP2385: 06.11.2013 22:41:53 - Kontrollpunkt for system RP2386: 08.11.2013 11:54:29 - Kontrollpunkt for system RP2387: 08.11.2013 20:59:22 - Installert iTunes RP2388: 11.11.2013 16:39:08 - Kontrollpunkt for system RP2389: 12.11.2013 21:07:42 - Gjenopprettingsoperasjon RP2390: 13.11.2013 15:24:48 - Software Distribution Service 3.0 RP2391: 15.11.2013 15:11:28 - Kontrollpunkt for system RP2392: 19.11.2013 17:34:11 - avast! antivirus system restore point RP2393: 21.11.2013 20:17:06 - Kontrollpunkt for system RP2394: 22.11.2013 23:26:18 - Kontrollpunkt for system RP2395: 24.11.2013 11:54:46 - Kontrollpunkt for system RP2396: 25.11.2013 16:23:01 - Kontrollpunkt for system RP2397: 29.11.2013 15:27:31 - Kontrollpunkt for system RP2398: 01.12.2013 01:10:38 - Kontrollpunkt for system RP2399: 02.12.2013 16:16:59 - Kontrollpunkt for system RP2400: 03.12.2013 16:52:36 - Kontrollpunkt for system RP2401: 04.12.2013 18:20:14 - Kontrollpunkt for system RP2402: 05.12.2013 19:20:11 - Kontrollpunkt for system RP2403: 07.12.2013 10:18:36 - Kontrollpunkt for system RP2404: 08.12.2013 14:39:24 - Kontrollpunkt for system RP2405: 09.12.2013 16:30:11 - Kontrollpunkt for system RP2406: 12.12.2013 16:44:43 - Software Distribution Service 3.0 RP2407: 13.12.2013 12:02:52 - Software Distribution Service 3.0 RP2408: 14.12.2013 12:50:37 - Kontrollpunkt for system RP2409: 15.12.2013 13:59:22 - Kontrollpunkt for system RP2410: 17.12.2013 18:21:47 - Kontrollpunkt for system RP2411: 18.12.2013 18:36:51 - Kontrollpunkt for system RP2412: 20.12.2013 13:59:36 - Kontrollpunkt for system RP2413: 21.12.2013 16:02:38 - Kontrollpunkt for system RP2414: 22.12.2013 16:55:03 - Kontrollpunkt for system RP2415: 23.12.2013 20:42:25 - Kontrollpunkt for system RP2416: 24.12.2013 20:44:42 - Kontrollpunkt for system RP2417: 25.12.2013 20:57:10 - Kontrollpunkt for system RP2418: 26.12.2013 21:33:26 - Kontrollpunkt for system RP2419: 27.12.2013 22:54:17 - Kontrollpunkt for system RP2420: 28.12.2013 14:44:43 - avast! antivirus system restore point RP2421: 29.12.2013 16:45:52 - Kontrollpunkt for system RP2422: 31.12.2013 11:10:52 - Kontrollpunkt for system RP2423: 01.01.2014 11:59:15 - Kontrollpunkt for system RP2424: 04.01.2014 11:58:52 - Kontrollpunkt for system RP2425: 05.01.2014 20:53:02 - Kontrollpunkt for system RP2426: 07.01.2014 17:37:51 - Kontrollpunkt for system RP2427: 08.01.2014 21:55:05 - Kontrollpunkt for system RP2428: 10.01.2014 09:42:51 - Kontrollpunkt for system RP2429: 10.01.2014 23:40:11 - Installert Nero BackItUp 11 Essentials CDPack. RP2430: 11.01.2014 10:05:45 - Software Distribution Service 3.0 RP2431: 12.01.2014 20:09:11 - Kontrollpunkt for system RP2432: 13.01.2014 20:13:46 - Kontrollpunkt for system RP2433: 15.01.2014 17:55:13 - Software Distribution Service 3.0 RP2434: 16.01.2014 19:40:31 - Kontrollpunkt for system RP2435: 18.01.2014 01:26:27 - Kontrollpunkt for system RP2436: 18.01.2014 11:21:10 - Skriverdriver Universal Document Converter installert RP2437: 18.01.2014 11:21:31 - Skriverdriver Universal Document Converter installert RP2438: 19.01.2014 14:22:02 - Kontrollpunkt for system RP2439: 20.01.2014 14:55:46 - Kontrollpunkt for system RP2440: 23.01.2014 21:24:10 - Kontrollpunkt for system RP2441: 24.01.2014 22:21:47 - Kontrollpunkt for system RP2442: 26.01.2014 14:06:00 - Kontrollpunkt for system RP2443: 27.01.2014 14:29:38 - Kontrollpunkt for system . ==== Installed Programs ====================== . 3DSexVilla2 Adobe AIR Adobe Flash Player 12 ActiveX Adobe Flash Player 12 Plugin Adobe Reader XI (11.0.06) - Norsk Adobe Shockwave Player 12.0 AiO_Scan AiOSoftware AnalogX DXMan AnalogX Vocal Remover (WinAmp) AoA DVD Ripper Apple-programsupport Apple Mobile Device Support Apple Software Update Applian FLV and Media Player 3.1.1.12 ATI Control Panel ATI Display Driver Audacity 1.2.4 Audio Transcoder Audiograbber 1.83 SE avast! Internet Security Batch Image Resizer Full Version BilderHerunterlader 3.6.6 BilderHerunterlader IE-Plugin 8.0 Bink and Smacker Bonjour Brukerregistrering for Canon iP4300 Brukerregistrering for Canon iP4800 series Bulk Image Downloader v4.65.0.0 Bulk Rename Utility 2.7.1.1 CameraDrivers CameraUserGuides Canon Camera Access Library Canon Easy-PhotoPrint EX Canon Easy-WebPrint EX CANON iMAGE GATEWAY MyCamera Download Plugin CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon iP4300 Canon iP4800 series Printer Driver Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon My Printer Canon Setup Utility 2.3 Canon Solution Menu EX Canon Utilities CameraWindow DC 8 Canon Utilities CameraWindow Launcher Canon Utilities Easy-PhotoPrint Canon Utilities Easy-PrintToolBox Canon Utilities Movie Uploader for YouTube Canon Utilities MyCamera Canon Utilities PhotoStitch Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility CCleaner CD-LabelPrint Content Transfer Corel WinDVD Corel WinDVD Pro 11 CPU-Control Crush'Em 2.0 D2300 D2300_Help Destinations DeviceFunctionQFolder DeviceManagementQFolder DivXLand Media Subtitler DocProc DocumentViewer DocumentViewerQFolder Dropbox DVD Audio Extractor 7.1.3 DVD Flick 1.3.0.7 DVD Shrink 3.2 Easy-WebPrint Enhanced Multimedia Keyboard Solution Facebook Plug-In Fax FLAC 1.2.1b (remove only) GdiplusUpgrade GoldWave v5.70 HD Tune 2.55 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB976002-v5) HP Deskjet Printer Preload HP Document Viewer 5.3 HP Imaging Device Functions 7.0 HP Photosmart-kameraer 5.0 HP Photosmart-kameraer 6.0 HP Photosmart 330,380,420,470,7800,8000,8200 Series HP Photosmart and Deskjet 7.0 Software (nob) HP Photosmart Essential HP Product Assistant HP PSC & OfficeJet 5.3.B HP Solution Center 7.0 HP Update hph_ProductContext hph_readme hph_software hph_software_req hpiCamDrvQFolder HPPhotoSmartExpress HPProductAssistant Hurtigreparasjon for Windows Internet Explorer 7 (KB947864) ICA Icon Restore 1.0 InterActual Player InterVideo WinDVD Player iPhoto Plus 4 IPM IrfanView (remove only) iTunes Java 7 Update 51 Java Auto Updater LightScribe 1.4.42.1 Malwarebytes Anti-Malware versjon 1.75.0.1300 Media Go Media Go Video Playback Engine 1.116.103.02020 Melodyne 3.1 Memeo AutoBackup Memeo AutoSync MemoriesOnWeb 3.1.7 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Norwegian Language Pack Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2833941) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Language Pack - NOR Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Encarta 98 Encyclopedia Microsoft FrontPage 2000 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft National Language Support Downlevel APIs Microsoft Silverlight Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ Run Time Lib Setup Microsoft Works MixMeister BPM Analyzer 1.0 Mozilla Firefox 26.0 (x86 en-US) Mozilla Maintenance Service Mp3tag v2.58 MSVC80_x86 MSVCRT MSVCRT Redists MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MSXML 4.0 SP3 Parser (KB973685) MSXML 6.0 Parser (KB933579) Nero BackItUp 11 Nero BackItUp 11 Essentials CDPack Nero BackItUp 11 Help (CHM) Nero Backup Drivers Nero ControlCenter 11 Nero ControlCenter 11 Help (CHM) Nero Core Components 11 Nero RescueAgent 11 Nero RescueAgent 11 Help (CHM) Nero Update nero.prerequisites.msi neroxml NewCopy Octoshape add-in for Adobe Flash Player Oppdatering for Windows Internet Explorer 8 (KB971930) Oppdatering for Windows Internet Explorer 8 (KB976662) Oppdatering for Windows Internet Explorer 8 (KB976749) Oppdatering for Windows Internet Explorer 8 (KB980182) Oppdatering for Windows XP (KB2904266) Opplastingsverktøy for Windows Live Packard Bell Diamond 1200Plus v1.0 PanoStandAlone PC Connectivity Solution PC SWOS-Total Pack version V1.34 PlayStation®Network Downloader PlayStation®Store Påloggingsassistent for Windows Live Prio PS2 PSPrinters08 PSTAPlugin Puzzl'Em 1.0 Beta2 Python 2.2 pywin32 extensions (build 203) Python 2.2.3 QFolder QuickSFV (Remove only) QuickTime Readme Revo Uninstaller 1.95 SAMSUNG SYMBIAN USB Download Driver Samsung USB Driver SamsungConnectivityCableDriver Scan ScannerCopy Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188) Segoe UI Setup Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB928090) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB929969) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB931768) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB933566) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB937143) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB938127) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB939653) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB942615) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB944533) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB950759) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB953838) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB956390) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB958215) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB960714) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB961260) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB963027) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB969897) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2183461) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2360131) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2416400) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2482017) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2497640) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2510531) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2530548) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2544521) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2559049) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2586448) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2618444) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2647516) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2675157) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2699988) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2722913) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2744842) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2761465) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2792100) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2797052) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2799329) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2809289) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2817183) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2829530) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2838727) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2846071) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2847204) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2862772) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2870699) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2879017) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2888505) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2898785) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB969897) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB971961) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB972260) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB974455) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB976325) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB978207) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB981332) Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB982381) Sikkerhetsoppdatering for Windows Media Player (KB911564) Sikkerhetsoppdatering for Windows Media Player 6.4 (KB925398) Sikkerhetsoppdatering for Windows XP (KB2862152) Sikkerhetsoppdatering for Windows XP (KB2868626) Sikkerhetsoppdatering for Windows XP (KB2876331) Sikkerhetsoppdatering for Windows XP (KB2892075) Sikkerhetsoppdatering for Windows XP (KB2893294) Sikkerhetsoppdatering for Windows XP (KB2893984) Sikkerhetsoppdatering for Windows XP (KB2898715) Sikkerhetsoppdatering for Windows XP (KB2900986) Sikkerhetsoppdatering for Windows XP (KB2914368) Sikkerhetsoppdatering for Windows XP (KB923689) Simple Adblock SMI Grabber Device SolutionCenter Sonic Express Labeler Sonic MyDVD Plus Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Sony Ericsson PC Suite Sony Ericsson PC Suite 6.011.00 Sony Media Manager 2.2 Sony PC Companion 2.10.155 Sound Forge Audio Studio 10.0 Spotify Status Subtitle Workshop 2.51 swMSM Take It Easy Telenor Software Update Service Telenorhjelpen Tetra Blocks v1.54 The Klub 17 Toolbox TrayApp Trust WB-3100P Portable Webcam Tunatic Ulead GIF Animator 5 Ulead VideoStudio SE DVD Universal Document Converter (Demo) Unload Update for Microsoft .NET Framework 3.5 SP1 (KB963707) User Profile Hive Cleanup Service VCRedistSetup Veoh Web Player Video iCodec 3.15 Vizrt Vizky version 1.5.8 VLC media player 2.1.1 VST Bridge 1.1 WD Diagnostics WebFldrs XP WebReg WiMP 2.5.1 Winamp Winamp Detector Plug-in Winamp Essentials Pack Windows-driverpakke - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Grep 2.3 Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Media Encoder 9 Series Windows Media Format 11 runtime Windows Media Player 11 Windows Presentation Foundation Windows XP Service Pack 3 WinFF v0.23 WinPatrol WinRAR 5.01 (32-bit) XML Paper Specification Shared Components Pack 1.0 Xvid 1.1.3 final uninstall . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.51.2 Run by HP_Eier at 16:59:17 on 2014-01-27 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.2558.1288 [GMT 1:00] . AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Internet Security *Enabled* . ============== Running Processes ================ . C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Alwil Software\Avast5\afwServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE C:\Programfiler\Java\jre7\bin\jqs.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Programfiler\Malwarebytes' Anti-Malware\mbamservice.exe C:\Programfiler\Malwarebytes' Anti-Malware\mbamgui.exe C:\Programfiler\Nero\Update\NASvc.exe C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE C:\Programfiler\Prio\prio_svc.exe c:\Programfiler\Fellesfiler\Protexis\License Service\PsiService_2.exe C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe C:\Programfiler\UPHClean\uphclean.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\ALCXMNTR.EXE C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\HP\KBD\KBD.EXE C:\Programfiler\Sony\Content Transfer\ContentTransferWMDetector.exe C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe C:\Programfiler\Alwil Software\Avast5\AvastUI.exe C:\Programfiler\Nero\Nero 11\Nero BackItUp\NBAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . BHO: Telenorhjelpen: {2EF1BAF9-1988-42a1-82BC-5CB6197AED28} - c:\programfiler\telenor norway\telenorhjelpen\bho\IEBHO.dll BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\programfiler\canon\easy-webprint ex\ewpexbho.dll BHO: EWPBrowseObject Class: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - c:\programfiler\canon\easy-webprint\EWPBrowseLoader.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\programfiler\java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\programfiler\alwil software\avast5\aswWebRepIE.dll BHO: Påloggingshjelp for Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\programfiler\fellesfiler\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\programfiler\java\jre7\bin\jp2ssv.dll BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - c:\programfiler\fellesfiler\simple adblock\SimpleAdblock.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\programfiler\canon\easy-webprint ex\ewpexhlp.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\programfiler\canon\easy-webprint ex\ewpexhlp.dll TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\programfiler\alwil software\avast5\aswWebRepIE.dll EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\programfiler\canon\easy-webprint ex\ewpexhlp.dll EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - <orphaned> EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - <orphaned> uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [WinPatrol] c:\programfiler\billp studios\winpatrol\winpatrol.exe -expressboot mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [HPHUPD08] c:\programfiler\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [HP Software Update] c:\programfiler\hp\hp software update\HPWuSchd2.exe mRun: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [ContentTransferWMDetector.exe] c:\programfiler\sony\content transfer\ContentTransferWMDetector.exe mRun: [APSDaemon] "c:\programfiler\fellesfiler\apple\apple application support\APSDaemon.exe" mRun: [iSUSPM Startup] c:\progra~1\felles~1\instal~1\update~1\ISUSPM.exe -startup mRun: [Adobe ARM] "c:\programfiler\fellesfiler\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\programfiler\fellesfiler\java\java update\jusched.exe" mRun: [AvastUI.exe] "c:\programfiler\alwil software\avast5\AvastUI.exe" /nogui mRun: [NBAgent] "c:\programfiler\nero\nero 11\nero backitup\NBAgent.exe" /WinStart uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Download files with BH - c:\programfiler\bilderherunterlader\ieplugin\BHIEScript.htm IE: Easy-WebPrint Add To Print List - c:\programfiler\canon\easy-webprint\Toolband.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\programfiler\canon\easy-webprint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\programfiler\canon\easy-webprint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\programfiler\canon\easy-webprint\Toolband.dll/RC_Print.html IE: Legg mål-linken i kø med BID - c:\programfiler\bulk image downloader\iemenu\iebidlinkqueue.htm IE: Legg nåværende side til med BID Image Downloader - c:\programfiler\bulk image downloader\iemenu\iebidqueue.htm IE: Åpne mål-linken med BID - c:\programfiler\bulk image downloader\iemenu\iebidlink.htm IE: Åpne nåværende side med BID Image Downloader - c:\programfiler\bulk image downloader\iemenu\iebid.htm IE: Åpne nåværende side med BID Link Explorer Image Downloader - c:\programfiler\bulk image downloader\iemenu\iebidlinkexplorer.htm IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001010-0002-0010-ABCDEFFEDCBC} - <orphaned> IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programfiler\messenger\msmsgs.exe TCP: NameServer = 193.213.112.4 130.67.15.198 10.0.0.138 TCP: Interfaces\{6AEC86C2-693B-4F76-8E32-83EC86171176} : DHCPNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.114.3.243 TCP: Interfaces\{7029FD28-C845-4426-BF5C-81A7284627A4} : DHCPNameServer = 193.213.112.4 130.67.15.198 10.0.0.138 Notify: AtiExtEvent - Ati2evxx.dll AppInit_DLLs= prio.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 130.0.234.27 razlyuli.org ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\hp_eier\programdata\mozilla\firefox\profiles\lendhffs.default\ FF - component: c:\programfiler\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll FF - plugin: c:\documents and settings\hp_eier\programdata\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\programfiler\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\programfiler\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\programfiler\canon\mycamera download plugin\NPCIG.dll FF - plugin: c:\programfiler\java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\programfiler\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\programfiler\microsoft silverlight\5.1.20913.0\npctrlui.dll FF - plugin: c:\programfiler\sony\media go\npmediago.dll FF - plugin: c:\programfiler\vizky\npVizky.dll FF - plugin: c:\programfiler\winamp detect\npwachk.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1207148.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\documents and settings\hp_eier\programdata\mozilla\firefox\profiles\lendhffs.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi FF - ExtSQL: !HIDDEN! 2009-09-02 02:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2013-8-31 12112] R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswndis2.sys [2013-8-31 252336] R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-13 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-13 180248] R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2014-1-10 56496] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2014-1-10 12464] R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-8-31 26136] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-14 775952] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-3 410528] R1 prio;Prio;c:\windows\system32\drivers\prio.sys [2012-11-8 54128] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-13 67824] R2 avast! Antivirus;avast! Antivirus;c:\programfiler\alwil software\avast5\AvastSvc.exe [2010-7-10 50344] R2 avast! Firewall;avast! Firewall;c:\programfiler\alwil software\avast5\afwServ.exe [2013-8-31 113704] R2 MBAMScheduler;MBAMScheduler;c:\programfiler\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-12 418376] R2 MBAMService;MBAMService;c:\programfiler\malwarebytes' anti-malware\mbamservice.exe [2009-3-26 701512] R2 NAUpdate;Nero Update;c:\programfiler\nero\update\NASvc.exe [2011-11-4 687400] R2 OMSI download service;Sony Ericsson OMSI download service;c:\programfiler\sony ericsson\sony ericsson pc suite\SupServ.exe [2011-4-15 90112] R2 prio_svc;Prio Service;c:\programfiler\prio\prio_svc.exe [2012-11-8 12656] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2013-10-17 13880] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-26 22856] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-8-31 12400] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2011-4-15 86824] S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2011-4-15 15016] S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2011-4-15 114600] S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2011-4-15 108328] S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2011-4-15 26024] S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2011-4-15 104616] S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2011-4-15 109736] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2011-4-15 86824] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2011-4-15 15016] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2011-4-15 114728] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2011-4-15 106208] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2011-4-15 26024] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2011-4-15 104744] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2011-4-15 109864] S3 Sony PC Companion;Sony PC Companion;c:\programfiler\sony\sony pc companion\PCCService.exe [2012-8-31 155824] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2010-11-18 41984] S3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [2005-1-2 449920] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856] S4 ESUSClient_TNO;Telenor Norway Software Update Service;c:\programfiler\telenor norway\esus_tno\ESUS_TNO.exe [2010-12-17 358808] S4 TelenorhjelpenSvc;Telenorhjelpen Service;c:\programfiler\telenor norway\telenorhjelpen\Service.exe [2011-2-15 463240] . =============== File Associations =============== . ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~3\office\FRONTPG.EXE . =============== Created Last 30 ================ . 2014-01-26 21:32:52 -------- d--h--r- c:\documents and settings\hp_eier\Siste 2014-01-18 10:20:44 32384 ----a-w- c:\windows\system32\udcpm.dll 2014-01-18 10:20:32 -------- d-----w- c:\programfiler\Universal Document Converter 2014-01-15 19:03:16 -------- d-----w- c:\programfiler\HD Tune 2014-01-15 16:59:03 145408 ----a-w- c:\windows\system32\javacpl.cpl 2014-01-15 16:58:22 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-01-11 08:57:39 -------- d-----w- c:\documents and settings\hp_eier\lokale innstillinger\programdata\Nero_AG 2014-01-11 08:56:58 -------- d-----w- c:\documents and settings\hp_eier\lokale innstillinger\programdata\Nero 2014-01-10 22:44:30 -------- d-----w- c:\programfiler\Verbatim 2014-01-10 22:33:13 12464 ----a-w- c:\windows\system32\drivers\NBVolUp.sys 2014-01-10 22:33:05 56496 ----a-w- c:\windows\system32\drivers\NBVol.sys . ==================== Find3M ==================== . 2014-01-24 16:19:04 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-01-24 16:19:04 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-12-28 13:45:47 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-12-28 13:45:47 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-12-28 13:45:47 43152 ----a-w- c:\windows\avastSS.scr 2013-12-28 13:45:47 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-12-28 13:45:27 252336 ----a-w- c:\windows\system32\drivers\aswndis2.sys 2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2013-11-19 16:42:04 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-11-19 16:41:50 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2013-11-13 03:00:06 150528 ----a-w- c:\windows\system32\imagehlp.dll 2013-11-07 05:38:04 591360 ----a-w- c:\windows\system32\rpcrt4.dll 2013-11-06 01:36:43 7168 ----a-w- c:\windows\system32\xpsp4res.dll 2013-10-31 06:46:14 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys 2013-10-30 02:51:21 1879040 ----a-w- c:\windows\system32\win32k.sys 2005-05-13 16:12:00 217073 --sha-r- c:\windows\meta4.exe 2005-10-24 10:13:58 66560 --sha-r- c:\windows\MOTA113.exe 2005-10-13 20:27:00 422400 --sha-r- c:\windows\x2.64.exe 2005-06-26 14:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll 2005-06-21 21:37:42 45568 --sha-r- c:\windows\system32\cygz.dll 2008-09-03 06:25:48 77312 --sh--r- c:\windows\system32\devcon_001.exe 2004-01-24 23:00:00 70656 --sha-r- c:\windows\system32\i420vfw.dll 2006-04-27 09:24:24 2945024 --sha-r- c:\windows\system32\Smab.dll 2005-02-28 12:16:22 240128 --sha-r- c:\windows\system32\x.264.exe 2004-01-24 23:00:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll . ============= FINISH: 17:00:45,40 ===============

OK, I've updated Firefox and ran OTC. Thanks for your help!

Results of screen317's Security Check version 0.99.76 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` avast! Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 11.9.900.117 Adobe Reader XI Mozilla Firefox 24.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` WinPatrol winpatrol.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast afwServ.exe AVAST Software Avast avastui.exe BillP Studios WinPatrol WinPatrol.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

The laptop seems to be running fine.

# AdwCleaner v3.010 - Report created 03/11/2013 at 14:09:11 # Updated 20/10/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Stein-Vidar - STEIN-BÆRBAR-HP # Running from : C:\Users\Stein-Vidar\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\STEIN-~1\AppData\Local\Temp\CT3289075 Folder Deleted : C:\Users\Stein-Vidar\AppData\Roaming\Mozilla\Firefox\Profiles\70p1mvzp.default\CT3289075 Folder Deleted : C:\Users\Stein-Vidar\AppData\Roaming\Mozilla\Firefox\Profiles\70p1mvzp.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\AppDataLow\Software\smartbar Key Deleted : HKLM\Software\Conduit ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16720 -\\ Mozilla Firefox v24.0 (nb-NO) [ File : C:\Users\Stein-Vidar\AppData\Roaming\Mozilla\Firefox\Profiles\70p1mvzp.default\prefs.js ] Line Deleted : user_pref("CT3289075.UserID", "UN39692344042499213"); Line Deleted : user_pref("CT3289075.fullUserID", "UN39692344042499213.IN.20131103100325"); Line Deleted : user_pref("CT3289075.installerVersion", "1.7.0.9"); Line Deleted : user_pref("CT3289075.versionFromInstaller", "10.20.0.13"); Line Deleted : user_pref("CT3289075.xpeMode", "0"); Line Deleted : user_pref("smartbar.machineId", "LV7Q9M0DYBLAWIN54KXJ1X8DDVDESSARAEA37+N/LDSX1CXFNX5HOLY/KJWCXRLSTXE3SPCUOGBSQWGPOZWDWG"); ************************* AdwCleaner[R0].txt - [3379 octets] - [03/11/2013 14:06:06] AdwCleaner[s0].txt - [2920 octets] - [03/11/2013 14:09:11] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2980 octets] ########## Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Databaseversjon: v2013.11.03.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 Stein-Vidar :: STEIN-BÆRBAR-HP [administrator] Beskyttelse: Aktivert 03.11.2013 14:14:59 mbam-log-2013-11-03 (14-14-59).txt Skanntype: Hurtigsøk Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM Deaktiverte skanninnstillinger: P2P Objekter skannet: 200317 Tid tilbakelagt: 4 minutt(er), 9 sekund(er) Minneprosesser oppdaget: 0 (Ingen skadelige objekter funnet) Minnemoduler oppdaget: 0 (Ingen skadelige objekter funnet) Registernøkler oppdaget: 0 (Ingen skadelige objekter funnet) Registerverdier oppdaget: 0 (Ingen skadelige objekter funnet) Registerfiler oppdaget: 0 (Ingen skadelige objekter funnet) Mapper oppdaget: 0 (Ingen skadelige objekter funnet) Filer oppdaget 0 (Ingen skadelige objekter funnet) (klar)

Here are the infected files that MBAM Pro found after a quick scan of my laptop: Here are the requested logs: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16720 Run by Stein-Vidar at 11:46:33 on 2013-11-03 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.47.1044.18.3992.2396 [GMT 1:00] . AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\Hpservice.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\SysWOW64\ezSharedSvcHost.exe C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Users\Stein-Vidar\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\taskeng.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Påloggingshjelp for Microsoft-konto: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui StartupFolder: C:\Users\STEIN-~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Stein-Vidar\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: EnableShellExecuteHooks = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: HideFastUserSwitching = dword:0 IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html TCP: NameServer = 193.213.112.4 130.67.15.198 10.0.0.138 TCP: Interfaces\{5F1A9643-2EB1-401B-8DD6-A9166F4D0AF0} : DHCPNameServer = 193.213.112.4 130.67.15.198 10.0.0.138 TCP: Interfaces\{5F1A9643-2EB1-401B-8DD6-A9166F4D0AF0}\244584572633D283A574E4 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{5F1A9643-2EB1-401B-8DD6-A9166F4D0AF0}\D45727D656475616D6 : DHCPNameServer = 208.122.23.22 208.122.23.23 184.106.242.193 TCP: Interfaces\{A017FBE5-FBAC-46CA-BC53-5804E143876D} : DHCPNameServer = 77.234.40.79 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Stein-Vidar\AppData\Roaming\Mozilla\Firefox\Profiles\70p1mvzp.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Winamp Detect\npwachk.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll FF - ExtSQL: 2013-10-17 21:00; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Stein-Vidar\AppData\Roaming\Mozilla\Firefox\Profiles\70p1mvzp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF - ExtSQL: 2013-10-17 21:02; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; C:\Users\Stein-Vidar\AppData\Roaming\Mozilla\Firefox\Profiles\70p1mvzp.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - ExtSQL: 2013-10-20 09:35; artur.dubovoy@gmail.com; C:\Users\Stein-Vidar\AppData\Roaming\Mozilla\Firefox\Profiles\70p1mvzp.default\extensions\artur.dubovoy@gmail.com.xpi FF - ExtSQL: 2013-11-03 10:03; {96f454ea-9d38-474f-b504-56193e00c1a5}; C:\Users\Stein-Vidar\AppData\Roaming\Mozilla\Firefox\Profiles\70p1mvzp.default\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-17 65776] R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-17 205320] R0 iusb3hcs;Driver for Intel® USB 3.0 vertskontrollerbryter;C:\Windows\System32\drivers\iusb3hcs.sys [2013-6-2 16152] R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-8-31 28184] R1 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2013-8-31 447888] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-12-25 1032416] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-12-25 409832] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-12-25 38984] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-12-25 84328] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-10-17 50344] R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-10-17 179088] R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-1 13592] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-9 607456] R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-6-1 128280] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-6-1 161560] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-25 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-25 701512] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-1 363800] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-6 331264] R3 iusb3hub;Driver for Intel® USB 3.0 hub;C:\Windows\System32\drivers\iusb3hub.sys [2013-6-2 355096] R3 iusb3xhc;Driver for Intel® USB 3.0 utvidbar vertskontroller;C:\Windows\System32\drivers\iusb3xhc.sys [2013-6-2 786200] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-25 25928] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-6-1 2431792] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-1 565352] R3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2013-6-2 21264] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680] S3 aswTap;avast! SecureLine TAP Adapter v3;C:\Windows\System32\drivers\aswTap.sys [2013-10-17 44640] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-10-17 57840] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-6-1 258664] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-13 1255736] . =============== Created Last 30 ================ . 2013-11-01 19:42:05 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B3E7004C-4591-4E65-831B-C2C02F770781}\mpengine.dll 2013-10-25 17:03:54 -------- d-----w- C:\Program Files (x86)\Evernote 2013-10-24 19:11:31 -------- d-----w- C:\Program Files (x86)\Winamp Detect 2013-10-23 21:13:25 -------- d-----w- C:\Program Files (x86)\Batch Image Resizer 2013-10-20 14:16:33 -------- d-----w- C:\Program Files (x86)\BillP Studios 2013-10-20 09:51:30 -------- d-----w- C:\Users\Stein-Vidar\AppData\Roaming\Mp3tag 2013-10-20 09:45:39 -------- d-----w- C:\Program Files (x86)\Mp3tag 2013-10-20 07:30:49 -------- d-----w- C:\Program Files (x86)\VideoLAN 2013-10-18 16:26:54 -------- d-----w- C:\Program Files\CCleaner 2013-10-17 19:06:24 -------- d-----w- C:\Users\Stein-Vidar\AppData\Roaming\WinPatrol 2013-10-17 19:06:21 -------- d-----w- C:\ProgramData\InstallMate 2013-10-17 18:28:03 -------- d-----w- C:\Windows\en 2013-10-17 18:27:36 -------- d-----w- C:\Windows\da 2013-10-17 18:27:32 -------- d-----w- C:\Windows\sv 2013-10-17 18:25:22 57840 ----a-w- C:\Windows\System32\drivers\fssfltr.sys 2013-10-17 18:22:30 5659096 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a648a9921cecb6501\skydrivesetup.exe 2013-10-17 18:22:30 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive 2013-10-17 18:22:30 -------- d-----r- C:\Users\Stein-Vidar\SkyDrive 2013-10-17 18:22:17 -------- d-----w- C:\ProgramData\Microsoft SkyDrive 2013-10-17 18:21:24 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\adbb5b6d1cecb6504\DSETUP.dll 2013-10-17 18:21:24 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\adbb5b6d1cecb6504\DXSETUP.exe 2013-10-17 18:21:24 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\adbb5b6d1cecb6504\dsetup32.dll 2013-10-17 18:21:20 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ac513ed01cecb6503\DXSETUP.exe 2013-10-17 18:21:19 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ac513ed01cecb6503\DSETUP.dll 2013-10-17 18:21:19 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ac513ed01cecb6503\dsetup32.dll 2013-10-17 18:21:17 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a84607a71cecb6502\DXSETUP.exe 2013-10-17 18:21:17 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a84607a71cecb6502\dsetup32.dll 2013-10-17 18:21:16 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a84607a71cecb6502\DSETUP.dll 2013-10-17 18:21:06 -------- d-----w- C:\Users\Stein-Vidar\AppData\Local\Windows Live 2013-10-17 18:17:21 -------- d-----w- C:\Users\Stein-Vidar\AppData\Local\Evernote 2013-10-17 18:14:15 -------- d-----r- C:\Program Files (x86)\Skype 2013-10-17 17:55:31 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2013-10-17 17:51:48 -------- d-----w- C:\Users\Stein-Vidar\AppData\Roaming\AVAST Software 2013-10-17 17:48:44 44640 ----a-w- C:\Windows\System32\drivers\aswTap.sys 2013-10-13 08:35:02 633856 ----a-w- C:\Windows\System32\comctl32.dll 2013-10-13 08:35:02 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll . ==================== Find3M ==================== . 2013-10-17 17:49:12 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2013-10-17 17:49:12 205320 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2013-10-17 17:49:12 1032416 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2013-10-17 17:49:11 84328 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2013-10-17 17:49:10 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2013-10-17 17:49:09 43152 ----a-w- C:\Windows\avastSS.scr 2013-10-17 17:48:52 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys 2013-10-17 17:48:43 447888 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys 2013-10-14 17:41:56 270824 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys 2013-10-14 17:41:56 131232 ----a-w- C:\Windows\System32\drivers\aswFW.sys 2013-10-13 08:41:41 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-13 08:41:41 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll 2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll 2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll 2013-09-03 12:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll 2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll 2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll 2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll 2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll 2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys 2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll . ============= FINISH: 11:46:48,08 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 25.12.2012 09:03:53 System Uptime: 03.11.2013 09:43:04 (2 hours ago) . Motherboard: Hewlett-Packard | | 1841 Processor: Intel® Core i3-2350M CPU @ 2.30GHz | U3E1 | 2300/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 441 GiB total, 373,022 GiB free. D: is FIXED (NTFS) - 25 GiB total, 2,587 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: avast! SecureLine TAP Adapter v3 Device ID: ROOT\NET\0000 Manufacturer: TAP-Windows Provider V9 Name: avast! SecureLine TAP Adapter v3 PNP Device ID: ROOT\NET\0000 Service: aswTap . ==== System Restore Points =================== . RP118: 21.10.2013 15:11:35 - Installasjon av enhetsdriverpakke: TAP-Windows Provider V9 Nettverkskort RP119: 22.10.2013 19:26:55 - Windows Update RP120: 25.10.2013 19:03:00 - Installed Evernote v. 5.0.3 RP121: 29.10.2013 16:18:02 - Windows Update RP122: 01.11.2013 20:41:08 - Windows Update . ==== Installed Programs ====================== . 3DSexVilla2 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.05) - Norsk Adobe Shockwave Player 12.0 avast! Internet Security Batch Image Resizer 2.88 Bejeweled 3 Blackhawk Striker 2 Bulk Rename Utility 2.7.1.2 CCleaner Chuzzle Deluxe Cradle of Rome 2 CyberLink YouCam D3DX10 Dora's World Adventure Dropbox DVD Shrink 3.2 ESU for Microsoft Windows 7 SP1 Evernote v. 5.0.3 Farm Frenzy Farmscapes FATE Final Drive Fury Fotogalleri Fotogalleriet Hewlett-Packard ACLM.NET v1.2.1.1 Hoyle Card Games HP 3D DriveGuard HP Auto HP Client Services HP CoolSense HP Customer Experience Enhancements HP Documentation HP Games HP Launch Box HP On Screen Display HP Power Manager HP Quick Launch HP Recovery Manager HP Security Assistant HP Setup HP Setup Manager HP Software Framework HP Support Assistant IDT Audio Intel® Control Center Intel® Management Engine Components Intel® OpenCL CPU Runtime Intel® Processor Graphics Intel® Rapid Storage Technology Intel® USB 3.0 eXtensible Host Controller Driver Intel® Trusted Connect Service Client Java 7 Update 45 (64-bit) Jewel Match 3 Jewel Quest Mysteries: The Seventh Gate Collector's Edition John Deere Drive Green Junk Mail filter update Letters from Nowhere 2 Luxor HD Mah Jong Medley Malwarebytes Anti-Malware versjon 1.75.0.1300 MemoriesOnWeb 3.1.7 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile NOR Language Pack Microsoft Application Error Reporting Microsoft FrontPage 2000 Microsoft Office 2010 Microsoft Silverlight Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Movie Maker Mozilla Firefox 24.0 (x86 nb-NO) Mozilla Maintenance Service Mp3tag v2.58 MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 opensource Penguins! Photo Common Photo Gallery Plants vs. Zombies - Game of the Year Poker Superstars III Polar Bowler Polar Golfer Ralink RT5390R 802.11b/g/n Wi-Fi Adapter Realtek Ethernet Controller Driver Realtek PCIE Card Reader RollerCoaster Tycoon 3: Platinum Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Skype™ 6.10 swMSM Synaptics Pointing Device Driver Take It Easy The Treasures of Mystery Island: The Ghost Ship Torchlight Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update Installer for WildTangent Games App Virtual Villagers 4 - The Tree of Life VLC media player 2.1.0 WildTangent Games App (HP Games) WiMP 2.4.1 Winamp Winamp Detector Plug-in Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Fotogalleri Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Liven asennustyökalu Windows Liven sähköposti Windows Liven valokuvavalikoima WinPatrol WinRAR 5.00 (64-bit) Xvid 1.1.3 final uninstall Zuma's Revenge . ==== End Of File ===========================

OK, I deleted them. Well, I don't think there's any other issues currently, so you can close this.

Just wanted to add that I'm pretty sure those duplicate folders are a result of a system restore I did a long time ago.

I did that and now RealPlayer is completely gone. Thanks! Just one more thing before you can close this: I notice that I have two duplicate folders in my Program Files folder. iPod(2) and iTunes(2). Both of these folder contain very few files which seem to be duplicates of files in the regular iPod and iTunes folders. Can I just delete the Pod(2) and iTunes(2) folders right away, or do I need to run a program first?

I downloaded Revo Uninstaller Free, started it and Real Player was on the list. I did what you said, but I got this error message: "Running the application's uninstaller failed! Possible invalid uninstall command!" What do I do now?

I have a problem with RealPlayer. It was one of the programs I updated thanks to FileHippo, but after a while I decided to uninstall it. However, there were two entries for RealPlayer in Add/Remove, and after I clicked remove on both, one of them still remained. And in the Program Files folder, there's a Real folder with two RealPlayer folders and one RealUpgrade folder. The reason there are two RealPlayer folders is probably because of some issues I had with updating RealPlayer a long time ago and I had to do a System Restore. So basically my question is: Is it safe to delete these folders? Is there a program I should use to clean up this mess, or can I just delete them right away?

I tried doing that, but something went wrong so I had to do a System Restore. That means I'll have to update the programs again, but I don't know if I'll bother trying to update AMD again...

Thanks for your help, I've installed WinPatrol, FileHippo Update Checker, Web of Trust and NoScript. A bunch of programs needed to be updated, including AMD Catalyst Drivers 13.4 XP, because I had the 6.1 version. So I downloaded the 13.4 XP version from FileHippo and installed it. But after I had updated the programs and ran FileHippo again to check up, this came up: 1 Update Detected Icon AMD Catalyst Drivers 13.4 XP Installed Version: 6.1 95.64MB Download Now! Total size: 95.64MB So apparently the 6.1 version is still on the computer, so how do I get rid of it?