iTunes.msi infected by Malware.Packer.as

Aphasia · January 27, 2014

I ran a full MBAM Pro scan and this file came up infected:

C:\WINDOWS\Downloaded Installations\{C1379C57-0336-4779-B6AB-2D05B1C29FE5}\iTunes.msi (Malware.Packer.as)

Here are the logs:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 06.01.2006 11:25:55
System Uptime: 26.01.2014 22:22:35 (19 hours ago)
.
Motherboard: MSI | | AMETHYST-M
Processor: AMD Athlon 64 Processor 3500+ | Socket 939 | 2188/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 908 GiB total, 768,734 GiB free.
D: is FIXED (FAT32) - 24 GiB total, 20,565 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (FAT32) - 466 GiB total, 255,717 GiB free.
K: is FIXED (FAT32) - 298 GiB total, 2,495 GiB free.
N: is FIXED (NTFS) - 932 GiB total, 724,975 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Wireless LAN PCI 802.11 a/b/g adapter WN5401A
Device ID: PCI\VEN_168C&DEV_001B&SUBSYS_500011AD&REV_01\4&1C88B56&0&08A4
Manufacturer: Liteon
Name: Wireless LAN PCI 802.11 a/b/g adapter WN5401A
PNP Device ID: PCI\VEN_168C&DEV_001B&SUBSYS_500011AD&REV_01\4&1C88B56&0&08A4
Service: WN5401
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Beep
Device ID: ROOT\LEGACY_BEEP\0000
Manufacturer:
Name: Beep
PNP Device ID: ROOT\LEGACY_BEEP\0000
Service: Beep
.
==== System Restore Points ===================
.
RP2382: 29.10.2013 17:01:30 - Installert iTunes
RP2383: 01.11.2013 16:16:26 - Kontrollpunkt for system
RP2384: 03.11.2013 22:23:18 - Kontrollpunkt for system
RP2385: 06.11.2013 22:41:53 - Kontrollpunkt for system
RP2386: 08.11.2013 11:54:29 - Kontrollpunkt for system
RP2387: 08.11.2013 20:59:22 - Installert iTunes
RP2388: 11.11.2013 16:39:08 - Kontrollpunkt for system
RP2389: 12.11.2013 21:07:42 - Gjenopprettingsoperasjon
RP2390: 13.11.2013 15:24:48 - Software Distribution Service 3.0
RP2391: 15.11.2013 15:11:28 - Kontrollpunkt for system
RP2392: 19.11.2013 17:34:11 - avast! antivirus system restore point
RP2393: 21.11.2013 20:17:06 - Kontrollpunkt for system
RP2394: 22.11.2013 23:26:18 - Kontrollpunkt for system
RP2395: 24.11.2013 11:54:46 - Kontrollpunkt for system
RP2396: 25.11.2013 16:23:01 - Kontrollpunkt for system
RP2397: 29.11.2013 15:27:31 - Kontrollpunkt for system
RP2398: 01.12.2013 01:10:38 - Kontrollpunkt for system
RP2399: 02.12.2013 16:16:59 - Kontrollpunkt for system
RP2400: 03.12.2013 16:52:36 - Kontrollpunkt for system
RP2401: 04.12.2013 18:20:14 - Kontrollpunkt for system
RP2402: 05.12.2013 19:20:11 - Kontrollpunkt for system
RP2403: 07.12.2013 10:18:36 - Kontrollpunkt for system
RP2404: 08.12.2013 14:39:24 - Kontrollpunkt for system
RP2405: 09.12.2013 16:30:11 - Kontrollpunkt for system
RP2406: 12.12.2013 16:44:43 - Software Distribution Service 3.0
RP2407: 13.12.2013 12:02:52 - Software Distribution Service 3.0
RP2408: 14.12.2013 12:50:37 - Kontrollpunkt for system
RP2409: 15.12.2013 13:59:22 - Kontrollpunkt for system
RP2410: 17.12.2013 18:21:47 - Kontrollpunkt for system
RP2411: 18.12.2013 18:36:51 - Kontrollpunkt for system
RP2412: 20.12.2013 13:59:36 - Kontrollpunkt for system
RP2413: 21.12.2013 16:02:38 - Kontrollpunkt for system
RP2414: 22.12.2013 16:55:03 - Kontrollpunkt for system
RP2415: 23.12.2013 20:42:25 - Kontrollpunkt for system
RP2416: 24.12.2013 20:44:42 - Kontrollpunkt for system
RP2417: 25.12.2013 20:57:10 - Kontrollpunkt for system
RP2418: 26.12.2013 21:33:26 - Kontrollpunkt for system
RP2419: 27.12.2013 22:54:17 - Kontrollpunkt for system
RP2420: 28.12.2013 14:44:43 - avast! antivirus system restore point
RP2421: 29.12.2013 16:45:52 - Kontrollpunkt for system
RP2422: 31.12.2013 11:10:52 - Kontrollpunkt for system
RP2423: 01.01.2014 11:59:15 - Kontrollpunkt for system
RP2424: 04.01.2014 11:58:52 - Kontrollpunkt for system
RP2425: 05.01.2014 20:53:02 - Kontrollpunkt for system
RP2426: 07.01.2014 17:37:51 - Kontrollpunkt for system
RP2427: 08.01.2014 21:55:05 - Kontrollpunkt for system
RP2428: 10.01.2014 09:42:51 - Kontrollpunkt for system
RP2429: 10.01.2014 23:40:11 - Installert Nero BackItUp 11 Essentials CDPack.
RP2430: 11.01.2014 10:05:45 - Software Distribution Service 3.0
RP2431: 12.01.2014 20:09:11 - Kontrollpunkt for system
RP2432: 13.01.2014 20:13:46 - Kontrollpunkt for system
RP2433: 15.01.2014 17:55:13 - Software Distribution Service 3.0
RP2434: 16.01.2014 19:40:31 - Kontrollpunkt for system
RP2435: 18.01.2014 01:26:27 - Kontrollpunkt for system
RP2436: 18.01.2014 11:21:10 - Skriverdriver Universal Document Converter installert
RP2437: 18.01.2014 11:21:31 - Skriverdriver Universal Document Converter installert
RP2438: 19.01.2014 14:22:02 - Kontrollpunkt for system
RP2439: 20.01.2014 14:55:46 - Kontrollpunkt for system
RP2440: 23.01.2014 21:24:10 - Kontrollpunkt for system
RP2441: 24.01.2014 22:21:47 - Kontrollpunkt for system
RP2442: 26.01.2014 14:06:00 - Kontrollpunkt for system
RP2443: 27.01.2014 14:29:38 - Kontrollpunkt for system
.
==== Installed Programs ======================
.
3DSexVilla2
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06) - Norsk
Adobe Shockwave Player 12.0
AiO_Scan
AiOSoftware
AnalogX DXMan
AnalogX Vocal Remover (WinAmp)
AoA DVD Ripper
Apple-programsupport
Apple Mobile Device Support
Apple Software Update
Applian FLV and Media Player 3.1.1.12
ATI Control Panel
ATI Display Driver
Audacity 1.2.4
Audio Transcoder
Audiograbber 1.83 SE
avast! Internet Security
Batch Image Resizer Full Version
BilderHerunterlader 3.6.6
BilderHerunterlader IE-Plugin 8.0
Bink and Smacker
Bonjour
Brukerregistrering for Canon iP4300
Brukerregistrering for Canon iP4800 series
Bulk Image Downloader v4.65.0.0
Bulk Rename Utility 2.7.1.1
CameraDrivers
CameraUserGuides
Canon Camera Access Library
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon iP4300
Canon iP4800 series Printer Driver
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon My Printer
Canon Setup Utility 2.3
Canon Solution Menu EX
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
CD-LabelPrint
Content Transfer
Corel WinDVD
Corel WinDVD Pro 11
CPU-Control
Crush'Em 2.0
D2300
D2300_Help
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DivXLand Media Subtitler
DocProc
DocumentViewer
DocumentViewerQFolder
Dropbox
DVD Audio Extractor 7.1.3
DVD Flick 1.3.0.7
DVD Shrink 3.2
Easy-WebPrint
Enhanced Multimedia Keyboard Solution
Facebook Plug-In
Fax
FLAC 1.2.1b (remove only)
GdiplusUpgrade
GoldWave v5.70
HD Tune 2.55
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
HP Deskjet Printer Preload
HP Document Viewer 5.3
HP Imaging Device Functions 7.0
HP Photosmart-kameraer 5.0
HP Photosmart-kameraer 6.0
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart and Deskjet 7.0 Software (nob)
HP Photosmart Essential
HP Product Assistant
HP PSC & OfficeJet 5.3.B
HP Solution Center 7.0
HP Update
hph_ProductContext
hph_readme
hph_software
hph_software_req
hpiCamDrvQFolder
HPPhotoSmartExpress
HPProductAssistant
Hurtigreparasjon for Windows Internet Explorer 7 (KB947864)
ICA
Icon Restore 1.0
InterActual Player
InterVideo WinDVD Player
iPhoto Plus 4
IPM
IrfanView (remove only)
iTunes
Java 7 Update 51
Java Auto Updater
LightScribe 1.4.42.1
Malwarebytes Anti-Malware versjon 1.75.0.1300
Media Go
Media Go Video Playback Engine 1.116.103.02020
Melodyne 3.1
Memeo AutoBackup
Memeo AutoSync
MemoriesOnWeb 3.1.7
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Norwegian Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Language Pack - NOR
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta 98 Encyclopedia
Microsoft FrontPage 2000
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ Run Time Lib Setup
Microsoft Works
MixMeister BPM Analyzer 1.0
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.58
MSVC80_x86
MSVCRT
MSVCRT Redists
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6.0 Parser (KB933579)
Nero BackItUp 11
Nero BackItUp 11 Essentials CDPack
Nero BackItUp 11 Help (CHM)
Nero Backup Drivers
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero Update
nero.prerequisites.msi
neroxml
NewCopy
Octoshape add-in for Adobe Flash Player
Oppdatering for Windows Internet Explorer 8 (KB971930)
Oppdatering for Windows Internet Explorer 8 (KB976662)
Oppdatering for Windows Internet Explorer 8 (KB976749)
Oppdatering for Windows Internet Explorer 8 (KB980182)
Oppdatering for Windows XP (KB2904266)
Opplastingsverktøy for Windows Live
Packard Bell Diamond 1200Plus v1.0
PanoStandAlone
PC Connectivity Solution
PC SWOS-Total Pack version V1.34
PlayStation®Network Downloader
PlayStation®Store
Påloggingsassistent for Windows Live
Prio
PS2
PSPrinters08
PSTAPlugin
Puzzl'Em 1.0 Beta2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QFolder
QuickSFV (Remove only)
QuickTime
Readme
Revo Uninstaller 1.95
SAMSUNG SYMBIAN USB Download Driver
Samsung USB Driver
SamsungConnectivityCableDriver
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Segoe UI
Setup
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB928090)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB929969)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB931768)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB933566)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB937143)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB938127)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB939653)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB942615)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB944533)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB950759)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB953838)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB956390)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB958215)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB960714)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB961260)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB963027)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB969897)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2183461)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2360131)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2416400)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2482017)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2497640)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2510531)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2530548)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2544521)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2559049)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2586448)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2618444)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2647516)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2675157)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2699988)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2722913)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2744842)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2761465)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2792100)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2797052)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2799329)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2809289)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2817183)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2829530)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2838727)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2846071)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2847204)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2862772)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2870699)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2879017)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2888505)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB2898785)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB969897)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB971961)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB972260)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB974455)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB976325)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB978207)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB981332)
Sikkerhetsoppdatering for Windows Internet Explorer 8 (KB982381)
Sikkerhetsoppdatering for Windows Media Player (KB911564)
Sikkerhetsoppdatering for Windows Media Player 6.4 (KB925398)
Sikkerhetsoppdatering for Windows XP (KB2862152)
Sikkerhetsoppdatering for Windows XP (KB2868626)
Sikkerhetsoppdatering for Windows XP (KB2876331)
Sikkerhetsoppdatering for Windows XP (KB2892075)
Sikkerhetsoppdatering for Windows XP (KB2893294)
Sikkerhetsoppdatering for Windows XP (KB2893984)
Sikkerhetsoppdatering for Windows XP (KB2898715)
Sikkerhetsoppdatering for Windows XP (KB2900986)
Sikkerhetsoppdatering for Windows XP (KB2914368)
Sikkerhetsoppdatering for Windows XP (KB923689)
Simple Adblock
SMI Grabber Device
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sony Ericsson PC Suite
Sony Ericsson PC Suite 6.011.00
Sony Media Manager 2.2
Sony PC Companion 2.10.155
Sound Forge Audio Studio 10.0
Spotify
Status
Subtitle Workshop 2.51
swMSM
Take It Easy
Telenor Software Update Service
Telenorhjelpen
Tetra Blocks v1.54
The Klub 17
Toolbox
TrayApp
Trust WB-3100P Portable Webcam
Tunatic
Ulead GIF Animator 5
Ulead VideoStudio SE DVD
Universal Document Converter (Demo)
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User Profile Hive Cleanup Service
VCRedistSetup
Veoh Web Player
Video iCodec 3.15
Vizrt Vizky version 1.5.8
VLC media player 2.1.1
VST Bridge 1.1
WD Diagnostics
WebFldrs XP
WebReg
WiMP 2.5.1
Winamp
Winamp Detector Plug-in
Winamp Essentials Pack
Windows-driverpakke - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Grep 2.3
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinFF v0.23
WinPatrol
WinRAR 5.01 (32-bit)
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.3 final uninstall
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.51.2
Run by HP_Eier at 16:59:17 on 2014-01-27
Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.2558.1288 [GMT 1:00]
.
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ================
.
C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Alwil Software\Avast5\afwServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE
C:\Programfiler\Java\jre7\bin\jqs.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\Programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Programfiler\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programfiler\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Programfiler\Nero\Update\NASvc.exe
C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Programfiler\Prio\prio_svc.exe
c:\Programfiler\Fellesfiler\Protexis\License Service\PsiService_2.exe
C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programfiler\UPHClean\uphclean.exe
C:\Programfiler\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Programfiler\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe
C:\Programfiler\Alwil Software\Avast5\AvastUI.exe
C:\Programfiler\Nero\Nero 11\Nero BackItUp\NBAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.

BHO: Telenorhjelpen: {2EF1BAF9-1988-42a1-82BC-5CB6197AED28} - c:\programfiler\telenor norway\telenorhjelpen\bho\IEBHO.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\programfiler\canon\easy-webprint ex\ewpexbho.dll
BHO: EWPBrowseObject Class: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - c:\programfiler\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\programfiler\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\programfiler\alwil software\avast5\aswWebRepIE.dll
BHO: Påloggingshjelp for Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\programfiler\fellesfiler\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\programfiler\java\jre7\bin\jp2ssv.dll
BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - c:\programfiler\fellesfiler\simple adblock\SimpleAdblock.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\programfiler\canon\easy-webprint ex\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\programfiler\canon\easy-webprint ex\ewpexhlp.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\programfiler\alwil software\avast5\aswWebRepIE.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\programfiler\canon\easy-webprint ex\ewpexhlp.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - <orphaned>
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WinPatrol] c:\programfiler\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD08] c:\programfiler\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [HP Software Update] c:\programfiler\hp\hp software update\HPWuSchd2.exe
mRun: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [ContentTransferWMDetector.exe] c:\programfiler\sony\content transfer\ContentTransferWMDetector.exe
mRun: [APSDaemon] "c:\programfiler\fellesfiler\apple\apple application support\APSDaemon.exe"
mRun: [iSUSPM Startup] c:\progra~1\felles~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Adobe ARM] "c:\programfiler\fellesfiler\adobe\arm\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "c:\programfiler\fellesfiler\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\programfiler\alwil software\avast5\AvastUI.exe" /nogui
mRun: [NBAgent] "c:\programfiler\nero\nero 11\nero backitup\NBAgent.exe" /WinStart
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Download files with BH - c:\programfiler\bilderherunterlader\ieplugin\BHIEScript.htm
IE: Easy-WebPrint Add To Print List - c:\programfiler\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\programfiler\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\programfiler\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\programfiler\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: Legg mål-linken i kø med BID - c:\programfiler\bulk image downloader\iemenu\iebidlinkqueue.htm
IE: Legg nåværende side til med BID Image Downloader - c:\programfiler\bulk image downloader\iemenu\iebidqueue.htm
IE: Åpne mål-linken med BID - c:\programfiler\bulk image downloader\iemenu\iebidlink.htm
IE: Åpne nåværende side med BID Image Downloader - c:\programfiler\bulk image downloader\iemenu\iebid.htm
IE: Åpne nåværende side med BID Link Explorer Image Downloader - c:\programfiler\bulk image downloader\iemenu\iebidlinkexplorer.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001010-0002-0010-ABCDEFFEDCBC} - <orphaned>
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programfiler\messenger\msmsgs.exe

TCP: NameServer = 193.213.112.4 130.67.15.198 10.0.0.138
TCP: Interfaces\{6AEC86C2-693B-4F76-8E32-83EC86171176} : DHCPNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.114.3.243
TCP: Interfaces\{7029FD28-C845-4426-BF5C-81A7284627A4} : DHCPNameServer = 193.213.112.4 130.67.15.198 10.0.0.138
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs= prio.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 130.0.234.27 razlyuli.org
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_eier\programdata\mozilla\firefox\profiles\lendhffs.default\

FF - component: c:\programfiler\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\documents and settings\hp_eier\programdata\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\programfiler\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\programfiler\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\programfiler\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\programfiler\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\programfiler\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\programfiler\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\programfiler\sony\media go\npmediago.dll
FF - plugin: c:\programfiler\vizky\npVizky.dll
FF - plugin: c:\programfiler\winamp detect\npwachk.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1207148.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll
FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\documents and settings\hp_eier\programdata\mozilla\firefox\profiles\lendhffs.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF - ExtSQL: !HIDDEN! 2009-09-02 02:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2013-8-31 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswndis2.sys [2013-8-31 252336]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-13 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-13 180248]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2014-1-10 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2014-1-10 12464]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-8-31 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-14 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-3 410528]
R1 prio;Prio;c:\windows\system32\drivers\prio.sys [2012-11-8 54128]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-13 67824]
R2 avast! Antivirus;avast! Antivirus;c:\programfiler\alwil software\avast5\AvastSvc.exe [2010-7-10 50344]
R2 avast! Firewall;avast! Firewall;c:\programfiler\alwil software\avast5\afwServ.exe [2013-8-31 113704]
R2 MBAMScheduler;MBAMScheduler;c:\programfiler\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-12 418376]
R2 MBAMService;MBAMService;c:\programfiler\malwarebytes' anti-malware\mbamservice.exe [2009-3-26 701512]
R2 NAUpdate;Nero Update;c:\programfiler\nero\update\NASvc.exe [2011-11-4 687400]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\programfiler\sony ericsson\sony ericsson pc suite\SupServ.exe [2011-4-15 90112]
R2 prio_svc;Prio Service;c:\programfiler\prio\prio_svc.exe [2012-11-8 12656]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2013-10-17 13880]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-26 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-8-31 12400]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2011-4-15 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2011-4-15 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2011-4-15 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2011-4-15 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2011-4-15 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2011-4-15 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2011-4-15 109736]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2011-4-15 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2011-4-15 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2011-4-15 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2011-4-15 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2011-4-15 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2011-4-15 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2011-4-15 109864]
S3 Sony PC Companion;Sony PC Companion;c:\programfiler\sony\sony pc companion\PCCService.exe [2012-8-31 155824]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2010-11-18 41984]
S3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [2005-1-2 449920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 ESUSClient_TNO;Telenor Norway Software Update Service;c:\programfiler\telenor norway\esus_tno\ESUS_TNO.exe [2010-12-17 358808]
S4 TelenorhjelpenSvc;Telenorhjelpen Service;c:\programfiler\telenor norway\telenorhjelpen\Service.exe [2011-2-15 463240]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~3\office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2014-01-26 21:32:52   --------   d--h--r-   c:\documents and settings\hp_eier\Siste
2014-01-18 10:20:44   32384   ----a-w-   c:\windows\system32\udcpm.dll
2014-01-18 10:20:32   --------   d-----w-   c:\programfiler\Universal Document Converter
2014-01-15 19:03:16   --------   d-----w-   c:\programfiler\HD Tune
2014-01-15 16:59:03   145408   ----a-w-   c:\windows\system32\javacpl.cpl
2014-01-15 16:58:22   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2014-01-11 08:57:39   --------   d-----w-   c:\documents and settings\hp_eier\lokale innstillinger\programdata\Nero_AG
2014-01-11 08:56:58   --------   d-----w-   c:\documents and settings\hp_eier\lokale innstillinger\programdata\Nero
2014-01-10 22:44:30   --------   d-----w-   c:\programfiler\Verbatim
2014-01-10 22:33:13   12464   ----a-w-   c:\windows\system32\drivers\NBVolUp.sys
2014-01-10 22:33:05   56496   ----a-w-   c:\windows\system32\drivers\NBVol.sys
.
==================== Find3M ====================
.
2014-01-24 16:19:04   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-24 16:19:04   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-12-28 13:45:47   775952   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2013-12-28 13:45:47   67824   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2013-12-28 13:45:47   43152   ----a-w-   c:\windows\avastSS.scr
2013-12-28 13:45:47   180248   ----a-w-   c:\windows\system32\drivers\aswVmm.sys
2013-12-28 13:45:27   252336   ----a-w-   c:\windows\system32\drivers\aswndis2.sys
2013-11-27 20:21:06   40960   ----a-w-   c:\windows\system32\drivers\ndproxy.sys
2013-11-19 16:42:04   49944   ----a-w-   c:\windows\system32\drivers\aswRvrt.sys
2013-11-19 16:41:50   26136   ----a-w-   c:\windows\system32\drivers\aswKbd.sys
2013-11-13 03:00:06   150528   ----a-w-   c:\windows\system32\imagehlp.dll
2013-11-07 05:38:04   591360   ----a-w-   c:\windows\system32\rpcrt4.dll
2013-11-06 01:36:43   7168   ----a-w-   c:\windows\system32\xpsp4res.dll
2013-10-31 06:46:14   104752   ----a-w-   c:\windows\system32\drivers\aswFW.sys
2013-10-30 02:51:21   1879040   ----a-w-   c:\windows\system32\win32k.sys
2005-05-13 16:12:00   217073   --sha-r-   c:\windows\meta4.exe
2005-10-24 10:13:58   66560   --sha-r-   c:\windows\MOTA113.exe
2005-10-13 20:27:00   422400   --sha-r-   c:\windows\x2.64.exe
2005-06-26 14:32:28   616448   --sha-r-   c:\windows\system32\cygwin1.dll
2005-06-21 21:37:42   45568   --sha-r-   c:\windows\system32\cygz.dll
2008-09-03 06:25:48   77312   --sh--r-   c:\windows\system32\devcon_001.exe
2004-01-24 23:00:00   70656   --sha-r-   c:\windows\system32\i420vfw.dll
2006-04-27 09:24:24   2945024   --sha-r-   c:\windows\system32\Smab.dll
2005-02-28 12:16:22   240128   --sha-r-   c:\windows\system32\x.264.exe
2004-01-24 23:00:00   70656   --sha-r-   c:\windows\system32\yv12vfw.dll
.
============= FINISH: 17:00:45,40 ===============

gringo_pr · January 29, 2014

Hello Aphasia

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[s1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo

gringo_pr · February 1, 2014

Hello

48 Hour bump

It has been more than 48 hours since my last post.

do you still need help with this?
do you need more time?
are you having problems following my instructions?
if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

Aphasia · February 1, 2014

Hi.

I'm sorry, I've been dealing with some personal issues this week.

I will run those programs tomorrow and post the reports then.

Aphasia · February 2, 2014

OK, I'm really worried now.

I've tried to run AdwCleaner three times. First I clicked Scan and then I clicked Clean, and all three times the computer crashed during "Cleaning Browsers". I got no response from the program or anything else on the computer, so I had to turn off the computer manually.

What do I do to fix this?

gringo_pr · February 2, 2014

Move to the second program - I have seen on a few computers where this would not run

gringo

Aphasia · February 2, 2014

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Microsoft Windows XP x86
Ran by HP_Eier on 02.02.2014 at 17:17:43,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\HP_Eier\Programdata\getrighttogo"

~~~ FireFox

Emptied folder: C:\Documents and Settings\HP_Eier\Programdata\mozilla\firefox\profiles\lendhffs.default\minidumps [8 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.02.2014 at 17:27:53,95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

gringo_pr · February 2, 2014

Hello Aphasia

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

Aphasia · February 2, 2014

Well, I ran ComboFix and disabled Avast and MBAM. However, I forgot to disable WinPatrol. Is that a bad thing?

I tried to install the Recovery Console after I was asked, but I got something like "Failed to generate download link" and the scan went on.

Here is the log:

ComboFix 14-02-01.01 - HP_Eier 02.02.2014 22:44:19.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.2558.1890 [GMT 1:00]
Kjører fra: c:\documents and settings\HP_Eier\Skrivebord\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!
.
.
(((((((((((((((((((((((((((((((((((((((   Andre slettinger   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Programdata\9075968fa8a039e8cd2a93c22b53a28e_HP_Eier
c:\documents and settings\All Users\Programdata\hpe477.dll
c:\documents and settings\All Users\Programdata\TEMP
c:\documents and settings\All Users\Programdata\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Eier\Programdata\dvdae
c:\documents and settings\HP_Eier\Programdata\dvdae\dvdae.config
c:\documents and settings\HP_Eier\Programdata\dvdae\dvdae.lic
c:\documents and settings\HP_Eier\Programdata\HPSU_48BitScanUpdate.log
c:\documents and settings\HP_Eier\Skrivebord\Internet Explorer.lnk
c:\documents and settings\HP_Eier\Skrivebord\Scanner.lnk
c:\documents and settings\HP_Eier\WINDOWS
c:\programfiler\DaemonTools_WhenUSave_Installer
c:\programfiler\media-codec
c:\programfiler\WinPCap
c:\programfiler\WinPCap\daemon_mgm.exe
c:\programfiler\WinPCap\INSTALL.LOG
c:\programfiler\WinPCap\NetMonInstaller.exe
c:\programfiler\WinPCap\npf_mgm.exe
c:\programfiler\WinPCap\rpcapd.exe
c:\programfiler\WinPCap\Uninstall.exe
c:\windows\IsUn0414.exe
c:\windows\iun6002.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\ps2.bat
c:\windows\system32\SET176.tmp
c:\windows\system32\SET17B.tmp
c:\windows\system32\SET182.tmp
c:\windows\unin0414.exe
c:\windows\wininit.ini
D:\Autorun.inf
J:\Autorun.inf
K:\autorun.inf
K:\setup.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivere/Tjenester   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((((   Filer Opprettet Fra 2014-01-02 til 2014-02-02 )))))))))))))))))))))))))))))))))
.
.
2014-02-02 21:32 . 2014-02-02 21:34   --------   d--h--r-   c:\documents and settings\HP_Eier\Siste
2014-02-02 16:17 . 2014-02-02 16:17   --------   d-----w-   c:\windows\ERUNT
2014-01-18 10:20 . 2013-11-22 15:48   32384   ----a-w-   c:\windows\system32\udcpm.dll
2014-01-18 10:20 . 2014-01-18 10:20   --------   d-----w-   c:\programfiler\Universal Document Converter
2014-01-15 19:03 . 2014-01-15 19:03   --------   d-----w-   c:\programfiler\HD Tune
2014-01-15 16:59 . 2013-12-18 19:46   145408   ----a-w-   c:\windows\system32\javacpl.cpl
2014-01-15 16:58 . 2013-12-18 20:10   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2014-01-11 08:56 . 2014-01-11 08:56   --------   d-----w-   c:\documents and settings\HP_Eier\Lokale innstillinger\Programdata\Nero
2014-01-10 22:44 . 2014-01-10 22:46   --------   d-----w-   c:\programfiler\Verbatim
2014-01-10 22:40 . 2014-01-10 22:41   --------   d-----w-   c:\programfiler\Fellesfiler\Nero
2014-01-10 22:33 . 2011-12-01 10:40   12464   ----a-w-   c:\windows\system32\drivers\NBVolUp.sys
2014-01-10 22:33 . 2011-12-01 10:40   56496   ----a-w-   c:\windows\system32\drivers\NBVol.sys
2014-01-10 22:27 . 2014-01-10 22:27   --------   d-----w-   c:\programfiler\Microsoft.NET
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-24 16:19 . 2012-03-30 09:05   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2014-01-24 16:19 . 2011-05-18 10:27   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-28 13:45 . 2013-03-13 20:38   180248   ----a-w-   c:\windows\system32\drivers\aswVmm.sys
2013-12-28 13:45 . 2013-03-13 20:38   67824   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2013-12-28 13:45 . 2011-03-14 01:11   775952   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2013-12-28 13:45 . 2010-07-10 02:11   43152   ----a-w-   c:\windows\avastSS.scr
2013-12-28 13:45 . 2008-04-03 11:04   410528   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2013-12-28 13:45 . 2006-01-06 10:56   57672   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2013-12-28 13:45 . 2006-01-06 10:56   54832   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2013-12-28 13:45 . 2006-01-06 10:56   270240   ----a-w-   c:\windows\system32\aswBoot.exe
2013-12-28 13:45 . 2013-08-31 08:18   252336   ----a-w-   c:\windows\system32\drivers\aswndis2.sys
2013-11-27 20:21 . 2004-08-04 12:00   40960   ----a-w-   c:\windows\system32\drivers\ndproxy.sys
2013-11-19 16:42 . 2013-03-13 20:38   49944   ----a-w-   c:\windows\system32\drivers\aswRvrt.sys
2013-11-19 16:41 . 2013-08-31 08:18   26136   ----a-w-   c:\windows\system32\drivers\aswKbd.sys
2013-11-13 03:00 . 2004-08-04 18:00   150528   ----a-w-   c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2004-08-04 12:00   591360   ----a-w-   c:\windows\system32\rpcrt4.dll
2013-11-06 01:36 . 2008-05-05 05:25   7168   ----a-w-   c:\windows\system32\xpsp4res.dll
2005-05-13 16:12   217073   --sha-r-   c:\windows\meta4.exe
2005-10-24 10:13   66560   --sha-r-   c:\windows\MOTA113.exe
2005-10-13 20:27   422400   --sha-r-   c:\windows\x2.64.exe
.
.
((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-28 13:45   259464   ----a-w-   c:\programfiler\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32   129272   ----a-w-   c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32   129272   ----a-w-   c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32   129272   ----a-w-   c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32   129272   ----a-w-   c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\programfiler\BillP Studios\WinPatrol\winpatrol.exe" [2013-12-10 455744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD08"="c:\programfiler\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"HP Software Update"="c:\programfiler\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"regcmdcons"="c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-12 196608]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ContentTransferWMDetector.exe"="c:\programfiler\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"APSDaemon"="c:\programfiler\Fellesfiler\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\programfiler\Alwil Software\Avast5\AvastUI.exe" [2013-12-28 3764024]
"NBAgent"="c:\programfiler\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-11-18 1492264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Eier^Start-meny^Programmer^Oppstart^Adobe Gamma.lnk]
path=c:\documents and settings\HP_Eier\Start-meny\Programmer\Oppstart\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 19:43   59720   ----a-w-   c:\programfiler\Fellesfiler\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 22:50   221184   ----a-w-   c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 22:50   81920   ----a-w-   c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telenorhjelpen]
2010-12-17 07:53   88440   ----a-w-   c:\programfiler\Telenor Norway\Telenorhjelpen\Telenorhjelpen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"TelenorhjelpenSvc"=2 (0x2)
"ESUSClient_TNO"=2 (0x2)
"ERSvc"=2 (0x2)
"Dot3svc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programfiler\\Messenger\\msmsgs.exe"=
"c:\\Programfiler\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Programfiler\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Gammel Harddisk\\Gamle Programfiler\\WS_FTP\\WS_FTP95.exe"=
"c:\\Programfiler\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\HP_Eier\\Programdata\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Programfiler\\Spotify\\spotify.exe"=
"c:\\Programfiler\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\Telenor Norway\\Telenorhjelpen\\Telenorhjelpen.exe"=
"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Programfiler\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Documents and Settings\\HP_Eier\\Programdata\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programfiler\\Fellesfiler\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programfiler\\iTunes\\iTunes.exe"=
"c:\\Programfiler\\Winamp\\winamp.exe"=
"c:\\Programfiler\\Nero\\Nero 11\\Nero BackItUp\\BackItUp.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [31.08.2013 09:17 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswndis2.sys [31.08.2013 09:18 252336]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [13.03.2013 21:38 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [13.03.2013 21:38 180248]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [10.01.2014 23:33 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [10.01.2014 23:33 12464]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.01.2007 20:31 639224]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [31.08.2013 09:18 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.03.2011 02:11 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03.04.2008 12:04 410528]
R1 prio;Prio;c:\windows\system32\drivers\prio.sys [08.11.2012 20:29 54128]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [13.03.2013 21:38 67824]
R2 avast! Firewall;avast! Firewall;c:\programfiler\Alwil Software\Avast5\afwServ.exe [31.08.2013 09:17 113704]
R2 MBAMScheduler;MBAMScheduler;c:\programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe [12.10.2012 19:08 418376]
R2 NAUpdate;Nero Update;c:\programfiler\Nero\Update\NASvc.exe [04.11.2011 14:40 687400]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\programfiler\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [15.04.2011 13:14 90112]
R2 prio_svc;Prio Service;c:\programfiler\Prio\prio_svc.exe [08.11.2012 20:29 12656]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.10.2013 20:37 13880]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.03.2009 21:58 22856]
S2 MBAMService;MBAMService;c:\programfiler\Malwarebytes' Anti-Malware\mbamservice.exe [26.03.2009 21:58 701512]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [31.08.2012 15:39 12400]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [15.04.2011 13:14 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [15.04.2011 13:14 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [15.04.2011 13:14 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [15.04.2011 13:14 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [15.04.2011 13:14 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [15.04.2011 13:14 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [15.04.2011 13:14 109736]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [15.04.2011 13:06 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [15.04.2011 13:06 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [15.04.2011 13:06 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [15.04.2011 13:06 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [15.04.2011 13:06 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [15.04.2011 13:06 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [15.04.2011 13:06 109864]
S3 Sony PC Companion;Sony PC Companion;c:\programfiler\Sony\Sony PC Companion\PCCService.exe [31.08.2012 15:35 155824]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [18.11.2010 20:57 41984]
S3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [02.01.2005 08:36 449920]
S4 ESUSClient_TNO;Telenor Norway Software Update Service;c:\programfiler\Telenor Norway\ESUS_TNO\ESUS_TNO.exe [17.12.2010 11:02 358808]
S4 TelenorhjelpenSvc;Telenorhjelpen Service;c:\programfiler\Telenor Norway\Telenorhjelpen\Service.exe [15.02.2011 16:31 463240]
.
--- Andre tjenester/drivere lastet i minnet ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - uphcleanhlp
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
2014-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 16:19]
.
2014-02-02 c:\windows\Tasks\avast! Emergency Update.job
- c:\programfiler\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-01 13:45]
.
2014-02-02 c:\windows\Tasks\HP_Eier Nero LIVEBackup 6 0.job
- c:\programfiler\Nero\Nero 11\Nero BackItUp\NBCore.exe [2011-11-18 11:37]
.
2014-02-02 c:\windows\Tasks\HP_Eier Nero LIVEBackup Merge 6 0.job
- c:\programfiler\Nero\Nero 11\Nero BackItUp\NBCore.exe [2011-11-18 11:37]
.
.
------- Tilleggsskanning -------
.

uInternet Settings,ProxyOverride = *.local
IE: Download files with BH - c:\programfiler\BilderHerunterlader\IEPlugin\BHIEScript.htm
IE: Easy-WebPrint Add To Print List - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

TCP: DhcpNameServer = 130.67.15.198 193.213.112.4 10.0.0.138
FF - ProfilePath - c:\documents and settings\HP_Eier\Programdata\Mozilla\Firefox\Profiles\lendhffs.default\

FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\documents and settings\HP_Eier\Programdata\Mozilla\Firefox\Profiles\lendhffs.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF - ExtSQL: !HIDDEN! 2009-09-02 02:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-02 22:58
Windows 5.1.2600 Service Pack 3 NTFS
.
skanner skjulte prosesser ...
.
skanner skjulte autostart-oppføringer ...
.
skanner skjulte filer ...
.
.
C:\avast! sandbox
.
skanning vellykket
skjulte filer: 1
.
**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------
.
- - - - - - - > 'winlogon.exe'(1088)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(760)
c:\programfiler\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\msi.dll
c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre Kjørende Prosesser ------------------------
.
c:\programfiler\Alwil Software\Avast5\AvastSvc.exe
c:\programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programfiler\Canon\IJPLM\IJPLMSVC.EXE
c:\programfiler\Java\jre7\bin\jqs.exe
c:\programfiler\Fellesfiler\LightScribe\LSSrvc.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
c:\programfiler\Fellesfiler\Protexis\License Service\PsiService_2.exe
c:\programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
c:\programfiler\UPHClean\uphclean.exe
c:\programfiler\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\ALCXMNTR.EXE
.
**************************************************************************
.
Tidspunkt ferdig: 2014-02-02 23:05:44 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt 2014-02-02 22:05
.
Pre-Run: 826 367 246 336 byte ledig
Post-Run: 826 588 299 264 byte ledig
.
- - End Of File - - F46D328AA95DACE8840C3AF723DB3AD4
5F8B5082F3482CC06B72EC5806598AE9

gringo_pr · February 3, 2014

Hello Aphasia

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
- report from Combofix
- let me know of any problems you may have had
- How is the computer doing now after running the script?

Gringo

Aphasia · February 3, 2014

ComboFix 14-02-03.01 - HP_Eier 03.02.2014 17:06:53.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.2558.1836 [GMT 1:00]
Kjører fra: c:\documents and settings\HP_Eier\Skrivebord\ComboFix.exe
Command switches brukt :: c:\documents and settings\HP_Eier\Skrivebord\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!
.
.
(((((((((((((((((((((((((((   Filer Opprettet Fra 2014-01-03 til 2014-02-03 )))))))))))))))))))))))))))))))))
.
.
2014-02-02 21:32 . 2014-02-03 16:02   --------   d--h--r-   c:\documents and settings\HP_Eier\Siste
2014-02-02 16:17 . 2014-02-02 16:17   --------   d-----w-   c:\windows\ERUNT
2014-01-18 10:20 . 2013-11-22 15:48   32384   ----a-w-   c:\windows\system32\udcpm.dll
2014-01-18 10:20 . 2014-01-18 10:20   --------   d-----w-   c:\programfiler\Universal Document Converter
2014-01-15 19:03 . 2014-01-15 19:03   --------   d-----w-   c:\programfiler\HD Tune
2014-01-15 16:59 . 2013-12-18 19:46   145408   ----a-w-   c:\windows\system32\javacpl.cpl
2014-01-15 16:58 . 2013-12-18 20:10   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2014-01-11 08:56 . 2014-01-11 08:56   --------   d-----w-   c:\documents and settings\HP_Eier\Lokale innstillinger\Programdata\Nero
2014-01-10 22:44 . 2014-01-10 22:46   --------   d-----w-   c:\programfiler\Verbatim
2014-01-10 22:40 . 2014-01-10 22:41   --------   d-----w-   c:\programfiler\Fellesfiler\Nero
2014-01-10 22:33 . 2011-12-01 10:40   12464   ----a-w-   c:\windows\system32\drivers\NBVolUp.sys
2014-01-10 22:33 . 2011-12-01 10:40   56496   ----a-w-   c:\windows\system32\drivers\NBVol.sys
2014-01-10 22:27 . 2014-01-10 22:27   --------   d-----w-   c:\programfiler\Microsoft.NET
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-24 16:19 . 2012-03-30 09:05   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2014-01-24 16:19 . 2011-05-18 10:27   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-28 13:45 . 2013-03-13 20:38   180248   ----a-w-   c:\windows\system32\drivers\aswVmm.sys
2013-12-28 13:45 . 2013-03-13 20:38   67824   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2013-12-28 13:45 . 2011-03-14 01:11   775952   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2013-12-28 13:45 . 2010-07-10 02:11   43152   ----a-w-   c:\windows\avastSS.scr
2013-12-28 13:45 . 2008-04-03 11:04   410528   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2013-12-28 13:45 . 2006-01-06 10:56   57672   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2013-12-28 13:45 . 2006-01-06 10:56   54832   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2013-12-28 13:45 . 2006-01-06 10:56   270240   ----a-w-   c:\windows\system32\aswBoot.exe
2013-12-28 13:45 . 2013-08-31 08:18   252336   ----a-w-   c:\windows\system32\drivers\aswndis2.sys
2013-11-27 20:21 . 2004-08-04 12:00   40960   ----a-w-   c:\windows\system32\drivers\ndproxy.sys
2013-11-19 16:42 . 2013-03-13 20:38   49944   ----a-w-   c:\windows\system32\drivers\aswRvrt.sys
2013-11-19 16:41 . 2013-08-31 08:18   26136   ----a-w-   c:\windows\system32\drivers\aswKbd.sys
2013-11-13 03:00 . 2004-08-04 18:00   150528   ----a-w-   c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2004-08-04 12:00   591360   ----a-w-   c:\windows\system32\rpcrt4.dll
2013-11-06 01:36 . 2008-05-05 05:25   7168   ----a-w-   c:\windows\system32\xpsp4res.dll
2005-05-13 16:12   217073   --sha-r-   c:\windows\meta4.exe
2005-10-24 10:13   66560   --sha-r-   c:\windows\MOTA113.exe
2005-10-13 20:27   422400   --sha-r-   c:\windows\x2.64.exe
2005-06-26 14:32   616448   --sha-r-   c:\windows\system32\cygwin1.dll
2005-06-21 21:37   45568   --sha-r-   c:\windows\system32\cygz.dll
2008-09-03 06:25   77312   --sh--r-   c:\windows\system32\devcon_001.exe
2004-01-24 23:00   70656   --sha-r-   c:\windows\system32\i420vfw.dll
2006-04-27 09:24   2945024   --sha-r-   c:\windows\system32\Smab.dll
2005-02-28 12:16   240128   --sha-r-   c:\windows\system32\x.264.exe
2004-01-24 23:00   70656   --sha-r-   c:\windows\system32\yv12vfw.dll
.
.
((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-28 13:45   259464   ----a-w-   c:\programfiler\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32   129272   ----a-w-   c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32   129272   ----a-w-   c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32   129272   ----a-w-   c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32   129272   ----a-w-   c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD08"="c:\programfiler\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"HP Software Update"="c:\programfiler\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"regcmdcons"="c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-12 196608]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ContentTransferWMDetector.exe"="c:\programfiler\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"APSDaemon"="c:\programfiler\Fellesfiler\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\programfiler\Alwil Software\Avast5\AvastUI.exe" [2013-12-28 3764024]
"NBAgent"="c:\programfiler\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-11-18 1492264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Eier^Start-meny^Programmer^Oppstart^Adobe Gamma.lnk]
path=c:\documents and settings\HP_Eier\Start-meny\Programmer\Oppstart\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 19:43   59720   ----a-w-   c:\programfiler\Fellesfiler\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 22:50   221184   ----a-w-   c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 22:50   81920   ----a-w-   c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telenorhjelpen]
2010-12-17 07:53   88440   ----a-w-   c:\programfiler\Telenor Norway\Telenorhjelpen\Telenorhjelpen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"TelenorhjelpenSvc"=2 (0x2)
"ESUSClient_TNO"=2 (0x2)
"ERSvc"=2 (0x2)
"Dot3svc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programfiler\\Messenger\\msmsgs.exe"=
"c:\\Programfiler\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Programfiler\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Gammel Harddisk\\Gamle Programfiler\\WS_FTP\\WS_FTP95.exe"=
"c:\\Programfiler\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\HP_Eier\\Programdata\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Programfiler\\Spotify\\spotify.exe"=
"c:\\Programfiler\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\Telenor Norway\\Telenorhjelpen\\Telenorhjelpen.exe"=
"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Programfiler\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Documents and Settings\\HP_Eier\\Programdata\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programfiler\\Fellesfiler\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programfiler\\iTunes\\iTunes.exe"=
"c:\\Programfiler\\Winamp\\winamp.exe"=
"c:\\Programfiler\\Nero\\Nero 11\\Nero BackItUp\\BackItUp.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [31.08.2013 09:17 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswndis2.sys [31.08.2013 09:18 252336]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [13.03.2013 21:38 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [13.03.2013 21:38 180248]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [10.01.2014 23:33 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [10.01.2014 23:33 12464]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.01.2007 20:31 639224]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [31.08.2013 09:18 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14.03.2011 02:11 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03.04.2008 12:04 410528]
R1 prio;Prio;c:\windows\system32\drivers\prio.sys [08.11.2012 20:29 54128]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [13.03.2013 21:38 67824]
R2 avast! Firewall;avast! Firewall;c:\programfiler\Alwil Software\Avast5\afwServ.exe [31.08.2013 09:17 113704]
R2 MBAMScheduler;MBAMScheduler;c:\programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe [12.10.2012 19:08 418376]
R2 MBAMService;MBAMService;c:\programfiler\Malwarebytes' Anti-Malware\mbamservice.exe [26.03.2009 21:58 701512]
R2 NAUpdate;Nero Update;c:\programfiler\Nero\Update\NASvc.exe [04.11.2011 14:40 687400]
R2 prio_svc;Prio Service;c:\programfiler\Prio\prio_svc.exe [08.11.2012 20:29 12656]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.10.2013 20:37 13880]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.03.2009 21:58 22856]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\programfiler\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [15.04.2011 13:14 90112]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [31.08.2012 15:39 12400]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [15.04.2011 13:14 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [15.04.2011 13:14 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [15.04.2011 13:14 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [15.04.2011 13:14 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [15.04.2011 13:14 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [15.04.2011 13:14 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [15.04.2011 13:14 109736]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [15.04.2011 13:06 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [15.04.2011 13:06 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [15.04.2011 13:06 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [15.04.2011 13:06 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [15.04.2011 13:06 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [15.04.2011 13:06 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [15.04.2011 13:06 109864]
S3 Sony PC Companion;Sony PC Companion;c:\programfiler\Sony\Sony PC Companion\PCCService.exe [31.08.2012 15:35 155824]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [18.11.2010 20:57 41984]
S3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [02.01.2005 08:36 449920]
S4 ESUSClient_TNO;Telenor Norway Software Update Service;c:\programfiler\Telenor Norway\ESUS_TNO\ESUS_TNO.exe [17.12.2010 11:02 358808]
S4 TelenorhjelpenSvc;Telenorhjelpen Service;c:\programfiler\Telenor Norway\Telenorhjelpen\Service.exe [15.02.2011 16:31 463240]
.
--- Andre tjenester/drivere lastet i minnet ---
.
*Deregistered* - uphcleanhlp
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
2014-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 16:19]
.
2014-02-03 c:\windows\Tasks\avast! Emergency Update.job
- c:\programfiler\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-01 13:45]
.
2014-02-02 c:\windows\Tasks\HP_Eier Nero LIVEBackup 6 0.job
- c:\programfiler\Nero\Nero 11\Nero BackItUp\NBCore.exe [2011-11-18 11:37]
.
2014-02-02 c:\windows\Tasks\HP_Eier Nero LIVEBackup Merge 6 0.job
- c:\programfiler\Nero\Nero 11\Nero BackItUp\NBCore.exe [2011-11-18 11:37]
.
.
------- Tilleggsskanning -------
.

uInternet Settings,ProxyOverride = *.local
IE: Download files with BH - c:\programfiler\BilderHerunterlader\IEPlugin\BHIEScript.htm
IE: Easy-WebPrint Add To Print List - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

TCP: DhcpNameServer = 130.67.15.198 193.213.112.4 10.0.0.138
FF - ProfilePath - c:\documents and settings\HP_Eier\Programdata\Mozilla\Firefox\Profiles\lendhffs.default\

FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\documents and settings\HP_Eier\Programdata\Mozilla\Firefox\Profiles\lendhffs.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF - ExtSQL: !HIDDEN! 2009-09-02 02:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-03 17:19
Windows 5.1.2600 Service Pack 3 NTFS
.
skanner skjulte prosesser ...
.
skanner skjulte autostart-oppføringer ...
.
skanner skjulte filer ...
.
skanning vellykket
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------
.
- - - - - - - > 'winlogon.exe'(1084)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3484)
c:\programfiler\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\msi.dll
c:\documents and settings\HP_Eier\Programdata\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tidspunkt ferdig: 2014-02-03 17:22:10
ComboFix-quarantined-files.txt 2014-02-03 16:22
ComboFix2.txt 2014-02-02 22:05
.
Pre-Run: 826 513 367 040 byte ledig
Post-Run: 826 501 640 192 byte ledig
.
- - End Of File - - 1732C23E0017CD4447E65295026C1725
5F8B5082F3482CC06B72EC5806598AE9

gringo_pr · February 3, 2014

Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Clean Out Temp Files

This small application you may want to keep and use once a week to keep the computer clean.
Download CCleaner from here CCleaner
- Run the installer to install the application.
- When it gives you the option to install Yahoo toolbar uncheck the box next to it.
- Run CCleaner. default settings are fine
- Click Run Cleaner.
- Close CCleaner.

: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan

Double-click mbam icon
go to the update tab at the top
click on check for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidentally close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

Go Here to download HijackThis program
Save HijackThis to your desktop.
Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
copy and paste hijackthis report into the topic

"information and logs"

In your next post I need the following
- Log From MBAM
- report from Hijackthis
- let me know of any problems you may have had
- How is the computer doing now?

Gringo

Aphasia · February 4, 2014

MBAM log:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Databaseversjon: v2014.02.04.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Eier :: STEIN-VIDAR [administrator]

Beskyttelse: Aktivert

04.02.2014 20:09:42
mbam-log-2014-02-04 (20-09-42).txt

Skanntype: Hurtigsøk
Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM
Deaktiverte skanninnstillinger: P2P
Objekter skannet: 279842
Tid tilbakelagt: 11 minutt(er), 20 sekund(er)

Minneprosesser oppdaget: 0
(Ingen skadelige objekter funnet)

Minnemoduler oppdaget: 0
(Ingen skadelige objekter funnet)

Registernøkler oppdaget: 0
(Ingen skadelige objekter funnet)

Registerverdier oppdaget: 0
(Ingen skadelige objekter funnet)

Registerfiler oppdaget: 0
(Ingen skadelige objekter funnet)

Mapper oppdaget: 0
(Ingen skadelige objekter funnet)

Filer oppdaget 0
(Ingen skadelige objekter funnet)

(klar)

--------------------------------------------------

HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:25:05, on 04.02.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Alwil Software\Avast5\afwServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE
C:\Programfiler\Java\jre7\bin\jqs.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\Programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Programfiler\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programfiler\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Programfiler\Nero\Update\NASvc.exe
C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Programfiler\Prio\prio_svc.exe
c:\Programfiler\Fellesfiler\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programfiler\UPHClean\uphclean.exe
C:\Programfiler\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Programfiler\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe
C:\Programfiler\Alwil Software\Avast5\AvastUI.exe
C:\Programfiler\Nero\Nero 11\Nero BackItUp\NBAgent.exe
C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Documents and Settings\HP_Eier\Skrivebord\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: BHO - {2EF1BAF9-1988-42a1-82BC-5CB6197AED28} - C:\Programfiler\Telenor Norway\Telenorhjelpen\BHO\IEBHO.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programfiler\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programfiler\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programfiler\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Programfiler\Fellesfiler\Simple Adblock\SimpleAdblock.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programfiler\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Programfiler\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Programfiler\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Programfiler\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Programfiler\Fellesfiler\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Programfiler\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [NBAgent] "C:\Programfiler\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKCU\..\Run: [WinPatrol] C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O8 - Extra context menu item: Download files with BH - C:\Programfiler\BilderHerunterlader\IEPlugin\BHIEScript.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://stein-vidar.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349787841203
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Programfiler\Alwil Software\Avast5\afwServ.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programfiler\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programfiler\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programfiler\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Programfiler\Nero\Update\NASvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Prio Service (prio_svc) - Unknown owner - C:\Programfiler\Prio\prio_svc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Programfiler\Fellesfiler\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programfiler\WinPcap\rpcapd.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Programfiler\Sony\Sony PC Companion\PCCService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows ® Codename Longhorn DDK provider - C:\Programfiler\UPHClean\uphclean.exe

--
End of file - 11927 bytes

Aphasia · February 4, 2014

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:25:05, on 04.02.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Alwil Software\Avast5\afwServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE
C:\Programfiler\Java\jre7\bin\jqs.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\Programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Programfiler\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programfiler\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Programfiler\Nero\Update\NASvc.exe
C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Programfiler\Prio\prio_svc.exe
c:\Programfiler\Fellesfiler\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programfiler\UPHClean\uphclean.exe
C:\Programfiler\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Programfiler\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe
C:\Programfiler\Alwil Software\Avast5\AvastUI.exe
C:\Programfiler\Nero\Nero 11\Nero BackItUp\NBAgent.exe
C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Documents and Settings\HP_Eier\Skrivebord\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: BHO - {2EF1BAF9-1988-42a1-82BC-5CB6197AED28} - C:\Programfiler\Telenor Norway\Telenorhjelpen\BHO\IEBHO.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programfiler\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programfiler\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programfiler\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Programfiler\Fellesfiler\Simple Adblock\SimpleAdblock.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programfiler\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Programfiler\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Programfiler\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Programfiler\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Programfiler\Fellesfiler\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Programfiler\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [NBAgent] "C:\Programfiler\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKCU\..\Run: [WinPatrol] C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O8 - Extra context menu item: Download files with BH - C:\Programfiler\BilderHerunterlader\IEPlugin\BHIEScript.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://stein-vidar.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349787841203
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Programfiler\Alwil Software\Avast5\afwServ.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programfiler\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programfiler\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programfiler\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Programfiler\Nero\Update\NASvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Prio Service (prio_svc) - Unknown owner - C:\Programfiler\Prio\prio_svc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Programfiler\Fellesfiler\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programfiler\WinPcap\rpcapd.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Programfiler\Sony\Sony PC Companion\PCCService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows ® Codename Longhorn DDK provider - C:\Programfiler\UPHClean\uphclean.exe

--
End of file - 11927 bytes

Aphasia · February 4, 2014

For some reason, some parts of the HiJackThis log gets removed when I paste the log here, so I will just post it as an attachment.

Aphasia · February 4, 2014

Sorry, HERE is the attached log. (Why can't I edit posts?)

hijackthis.log

gringo_pr · February 5, 2014

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional

These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

Run HijackThis (rightclick and run as admin)
Click on the Scan button
Put a check beside all of the items listed below (if present):
- O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
  O4 - HKLM\..\Run: [HPHUPD08] c:\Programfiler\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
  O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
  O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
  O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Programfiler\Sony\Content Transfer\ContentTransferWMDetector.exe
  O4 - HKLM\..\Run: [APSDaemon] "C:\Programfiler\Fellesfiler\Apple\Apple Application Support\APSDaemon.exe"
  O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
  O4 - HKLM\..\Run: [Adobe ARM] "C:\Programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe"
  O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe"
  O4 - HKLM\..\Run: [NBAgent] "C:\Programfiler\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.
- NOTE**You can research each of those lines >here< and see if you want to keep them or not
  just copy the name between the brackets and paste into the search space
  O4 - HKLM\..\Run: [IntelliPoint]

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
- Click Start
When asked, allow the add/on to be installed
- Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings, ensure the options
- Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

When the scan is complete

If no threats were found
- put a checkmark in "Uninstall application on close"
- close program
- report to me that nothing was found

If threats were found
- click on "list of threats found"
- click on "export to text file" and save it as ESET SCAN and save to the desktop
- Click on back
- put a checkmark in "Uninstall application on close"
- click on finish
- close program
- copy and paste the report here

Gringo

Aphasia · February 6, 2014

ESET found 4 files:

C:\System Volume Information\_restore{3CDDF21C-93F9-4740-898C-6EBEAA821307}\RP2386\A0618659.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\System Volume Information\_restore{3CDDF21C-93F9-4740-898C-6EBEAA821307}\RP2408\A0628589.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\System Volume Information\_restore{3CDDF21C-93F9-4740-898C-6EBEAA821307}\RP2425\A0632132.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\System Volume Information\_restore{3CDDF21C-93F9-4740-898C-6EBEAA821307}\RP2449\A0643754.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application

gringo_pr · February 8, 2014

Hello Aphasia

The Online scan looks very good!! It is only reporting backups created during the course of this fix!!

C:\System Volume Information\<-- System restore

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.
The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

To re-enable your Emulation drivers, double click

DeFogger to run the tool.

- The application window will appear
- Click the Re-enable button to re-enable your CD Emulation drivers
- Click Yes to continue
- A 'Finished!' message will appear
- Click OK
- DeFogger will now ask to reboot the machine - click OK.

Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

turn off all active protection software
push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
please copy and past the following into the box ComboFix /Uninstall and click OK.
Note the space between the X and the /Uninstall, it needs to be there.

:Remove the rest of our tools:

Please download DelFix and save it to desktop. This tool will remove all the tools we used to clean your pc.

Double-click DelFix.exe.
select all options avalible
Click the Run button.
The tool will delete itself once it finishes, if not delete it by yourself.
If asked to restart the computer, please do so

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls
CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner
Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)
Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

As Java seems to get exploited on a daily basis I advise to disable java in your web browsers - How to disable java in your web browsers - Disable Java

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety
Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion
There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Gringo

Aphasia · February 8, 2014

OK, I've uninstalled ComboFix and run DelFix.

I've just run a quick scan with both Avast Internet Security and MBAM Pro, and both scans came up clean.

gringo_pr · February 8, 2014

Very good then we are done

gringo

gringo_pr · February 13, 2014

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

iTunes.msi infected by Malware.Packer.as

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information