1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved slow computer

Discussion in 'Malware and Virus Removal Archive' started by light, 2010/05/09.

Page 1 of 3
  1. 2010/05/09
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    [Resolved] slow computer

    hi

    my moms computer has got slower by the time (about a year or 2) so i dont really now whats wrong


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Webbook at 15:06:51.50 on 2010-05-09
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_12
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.959.298 [GMT 2:00]

    AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program\Microsoft IntelliPoint\ipoint.exe
    C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program\Brother\ControlCenter3\brccMCtl.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program\ALWILS~1\Avast5\avastUI.exe
    C:\Program\Java\jre6\bin\jusched.exe
    C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program\Delade filer\LightScribe\LightScribeControlPanel.exe
    C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program\Windows Live\Messenger\msnmsgr.exe
    C:\Program\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program\Bonjour\mDNSResponder.exe
    svchost.exe
    C:\Program\Hotspot Shield\bin\openvpnas.exe
    C:\Program\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Program\Java\jre6\bin\jqs.exe
    C:\Program\Delade filer\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program\Canon\CAL\CALMAIN.exe
    C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
    C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program\Internet Explorer\iexplore.exe
    C:\Program\Hotspot Shield\bin\openvpntray.exe
    C:\Program\Internet Explorer\iexplore.exe
    C:\Program\Internet Explorer\iexplore.exe
    C:\Program\Java\jre6\bin\jucheck.exe
    C:\Program\WinRAR 3.51\WinRAR.exe
    C:\DOCUME~1\Webbook\LOKALA~1\Temp\Rar$DI02.282\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://bl108w.blu108.mail.live.com/mail/TodayLight.aspx?n=4629124
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program\hotspot_shield\tbHot1.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
    BHO: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program\hotspot_shield\tbHot1.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program\hotspot shield\hssie\HssIE.dll
    TB: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program\hotspot_shield\tbHot1.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    uRun: [LightScribe Control Panel] c:\program\delade filer\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program\delade filer\ahead\lib\NMBgMonitor.exe "
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [msnmsgr] "c:\program\windows live\messenger\msnmsgr.exe" /background
    uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 - "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" - "http://www.sherwooddungeon.com/SherwoodDungeon.htm "
    mRun: [VTTimer] VTTimer.exe
    mRun: [VTTrayp] VTtrayp.exe
    mRun: [NeroFilterCheck] c:\program\delade filer\ahead\lib\NeroCheck.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [IntelliPoint] "c:\program\microsoft intellipoint\ipoint.exe "
    mRun: [Adobe Photo Downloader] "c:\program\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe "
    mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime
    mRun: [SSBkgdUpdate] "c:\program\delade filer\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [PaperPort PTD] "c:\program\scansoft\paperport\pptd40nt.exe "
    mRun: [IndexSearch] "c:\program\scansoft\paperport\IndexSearch.exe "
    mRun: [ControlCenter3] c:\program\brother\controlcenter3\brctrcen.exe /autorun
    mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe "
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [avast5] c:\program\alwils~1\avast5\avastUI.exe /nogui
    mRun: [SunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe "
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bttray.lnk - c:\program\widcomm\bluetooth software\BTTray.exe
    IE: Google Sidewiki... - c:\program\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: Skicka till &Bluetooth-enhet... - c:\program\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Skicka till Bluetooth - c:\program\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program\widcomm\bluetooth software\btsendto_ie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} - hxxp://www.activeworlds.com/products/ActiveWorldsDownload.cab
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://kusten.axiscam.net/activex/AMC.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
    DPF: {C4D6755D-2123-4EEF-BAA0-94B22F1C2271} - hxxps://www.hostilespace.com/Portal/IAHSOCX20019.CAB
    DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program\delade filer\lightscribe\LSRunOnce.exe "

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-25 162640]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-25 19024]
    R2 avast! Antivirus;avast! Antivirus;c:\program\alwil software\avast5\AvastSvc.exe [2010-3-25 40384]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program\alwil software\avast5\AvastSvc.exe [2010-3-25 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program\alwil software\avast5\AvastSvc.exe [2010-3-25 40384]
    S2 gupdate1c98d4dbe9cdb1e;Google Update Service (gupdate1c98d4dbe9cdb1e);c:\program\google\update\GoogleUpdate.exe [2009-2-12 133104]
    S3 GWHid;VL807 Hidmini driver;c:\windows\system32\drivers\GWHid.sys [2009-11-23 18992]
    S3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [2008-9-26 7936]
    S3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\drivers\nordecr.sys [2007-10-30 23040]
    S3 VL807;VL807 Filter;c:\windows\system32\drivers\VL807.sys [2009-11-23 27184]
    S3 XDva223;XDva223;\??\c:\windows\system32\xdva223.sys --> c:\windows\system32\XDva223.sys [?]

    ============== File Associations ===============

    .txt=Word Reader-TXT

    =============== Created Last 30 ================


    ==================== Find3M ====================

    2010-03-28 05:37:17 84474 ----a-w- c:\windows\system32\perfc01D.dat
    2010-03-28 05:37:17 446198 ----a-w- c:\windows\system32\perfh01D.dat
    2010-03-10 06:17:42 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-25 06:19:40 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-17 12:09:32 2190720 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 19:09:30 2067584 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 10:03:03 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-02-12 04:35:03 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2009-11-14 14:55:56 1412552 ----a-w- c:\program\TrueCrypt.exe
    2009-05-01 16:14:25 924 ----a-w- c:\program\Genväg till vbexpress.lnk
    2009-04-04 07:09:54 4608 --sha-w- c:\program\Thumbs.db
    2009-03-22 13:26:14 111994 ----a-w- c:\program\test 1.bmp
    2009-06-09 17:16:07 56 --sh--r- c:\windows\system32\B83B0A0547.sys
    2009-08-04 12:44:20 1056 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2008-09-24 11:10:59 32768 --sha-w- c:\windows\system32\config\systemprofile\lokala inställningar\tidigare\history.ie5\mshist012008092420080925\index.dat

    ============= FINISH: 15:08:23.50 ===============
     
    light,
    #1
  2. 2010/05/09
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2008-09-24 15:21:28
    System Uptime: 2010-05-09 13:42:16 (2 hours ago)

    Motherboard: RCC | | Nbx 8010
    Processor: VIA C7-M Processor 1600MHz | CPU 1 | 1595/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 69 GiB total, 24.81 GiB free.
    D: is Removable
    E: is Removable
    K: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP273: 2010-02-07 11:20:28 - Systemkontrollpunkt
    RP274: 2010-02-07 20:23:00 - Borttagen Mobile Connect
    RP275: 2010-02-09 13:32:49 - Systemkontrollpunkt
    RP276: 2010-02-10 17:52:19 - Software Distribution Service 3.0
    RP277: 2010-02-15 14:12:13 - Systemkontrollpunkt
    RP278: 2010-02-16 16:07:39 - Systemkontrollpunkt
    RP279: 2010-02-18 11:22:03 - Systemkontrollpunkt
    RP280: 2010-02-19 16:54:28 - Systemkontrollpunkt
    RP281: 2010-02-24 07:16:12 - Software Distribution Service 3.0
    RP282: 2010-02-27 09:38:40 - Systemkontrollpunkt
    RP283: 2010-03-01 07:50:45 - Systemkontrollpunkt
    RP284: 2010-03-04 09:42:09 - Systemkontrollpunkt
    RP285: 2010-03-06 07:41:20 - Systemkontrollpunkt
    RP286: 2010-03-07 11:21:37 - Systemkontrollpunkt
    RP287: 2010-03-09 16:56:24 - Systemkontrollpunkt
    RP288: 2010-03-10 18:42:07 - Software Distribution Service 3.0
    RP289: 2010-03-12 11:08:18 - Systemkontrollpunkt
    RP290: 2010-03-15 15:19:14 - Systemkontrollpunkt
    RP291: 2010-03-18 12:32:34 - Systemkontrollpunkt
    RP292: 2010-03-23 09:35:10 - Systemkontrollpunkt
    RP293: 2010-03-24 16:12:51 - Systemkontrollpunkt
    RP294: 2010-03-25 17:35:21 - psc 9.01 build 105 Installation
    RP295: 2010-03-25 19:02:23 - Removed Logitech Gaming Software
    RP296: 2010-03-25 21:06:22 - avast! Free Antivirus Setup
    RP297: 2010-03-25 21:48:51 - Installed Java(TM) 6 Update 17
    RP298: 2010-03-30 10:14:00 - Systemkontrollpunkt
    RP299: 2010-03-30 13:15:08 - TuneUp Utilities installerades
    RP300: 2010-03-31 19:18:15 - Systemkontrollpunkt
    RP301: 2010-03-31 19:52:16 - Software Distribution Service 3.0
    RP302: 2010-04-01 16:14:04 - TuneUp Utilities togs bort
    RP303: 2010-04-01 16:15:03 - Removed TuneUp Utilities Language Pack (en-US)
    RP304: 2010-04-03 12:59:07 - Systemkontrollpunkt
    RP305: 2010-04-04 13:20:57 - Systemkontrollpunkt
    RP306: 2010-04-05 14:13:46 - Systemkontrollpunkt
    RP307: 2010-04-06 18:10:28 - Systemkontrollpunkt
    RP308: 2010-04-13 13:04:55 - Systemkontrollpunkt
    RP309: 2010-04-14 19:50:58 - Software Distribution Service 3.0
    RP310: 2010-04-15 18:20:58 - Software Distribution Service 3.0
    RP311: 2010-04-17 12:49:34 - Systemkontrollpunkt
    RP312: 2010-04-18 18:06:53 - Systemkontrollpunkt
    RP313: 2010-04-21 11:22:28 - Systemkontrollpunkt
    RP314: 2010-04-22 13:15:02 - Systemkontrollpunkt
    RP315: 2010-04-25 17:55:28 - Systemkontrollpunkt
    RP316: 2010-04-28 09:15:01 - Systemkontrollpunkt
    RP317: 2010-05-04 11:24:33 - Systemkontrollpunkt
    RP318: 2010-05-05 19:40:20 - Systemkontrollpunkt

    ==== Installed Programs ======================

    Abandoned Castle Studios Kingdoms of War v1_12
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color Common Settings
    Adobe Color EU Recommended Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Extra Settings
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash CS3
    Adobe Flash CS3 Professional
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Flash Video Encoder
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe Media Player
    Adobe PDF Library Files
    Adobe Reader 9.2 - Svenska
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe® Photoshop® Album Starter Edition 3.0
    Apple Mobile Device Support
    Apple Software Update
    Artifact 2
    avast! Free Antivirus
    AVIConverter 5.1.0
    AXIS Media Control
    Bonjour
    Brother BRAdmin Light 1.09
    Brother MFL-Pro Suite
    Canon Camera Access Library
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon Internet Library for ZoomBrowser EX
    Canon MovieEdit Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Facebook Plug-In
    FaceFilter Studio Brother Edition
    Google Chrome
    Google Earth
    Google SketchUp 7
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    Hostile Space
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB976002-v5)
    Hotspot Shield 1.34
    Hotspot_Shield Toolbar
    HyperCam 2
    ijji Auto Installer
    iTunes
    IZArc 3.81
    J2SE Runtime Environment 5.0 Update 12
    Java(TM) 6 Update 17
    Java(TM) 6 Update 2
    Java(TM) 6 Update 7
    LightScribe System Software 1.12.29.2
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 1.1 Swedish Language Pack
    Microsoft .NET Framework 2.0 Language Pack - SVE
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft IntelliPoint 6.2
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Silverlight
    Microsoft SQL Server 2008 Management Objects
    Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft Text-to-Speech Engine 4.0 (English)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Move Networks Media Player for Internet Explorer
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML4 Parser
    Nero 7 Essentials
    neroxml
    Netrek XP Mod
    Nokia Connectivity Cable Driver
    OpenOffice.org 3.0
    PaperPort Image Printer
    PDF Settings
    Perfect Uninstaller v6.3.3.7
    Pixillion Image Converter
    PlayNC Launcher
    Prism Video Converter
    QuickTime
    Realtek High Definition Audio Driver
    RGSS-RTP Standard
    Roblox for Webbook
    RPG Maker 2000 1.05
    RPG Maker VX
    RPG Maker VX RTP
    Samsung SpeedPlus Driver
    ScanSoft PaperPort 11
    Segoe UI
    Snabbkorrigering för Windows Media Player 11 (KB939683)
    Snabbkorrigering för Windows XP (KB942288-v3)
    Snabbkorrigering för Windows XP (KB952287)
    Snabbkorrigering för Windows XP (KB961118)
    Snabbkorrigering för Windows XP (KB970653-v3)
    Snabbkorrigering för Windows XP (KB976098-v2)
    Snabbkorrigering för Windows XP (KB979306)
    Säkerhetsuppdatering för Windows Internet Explorer 7 (KB938127-v2)
    Säkerhetsuppdatering för Windows Internet Explorer 7 (KB950759)
    Säkerhetsuppdatering för Windows Internet Explorer 7 (KB953838)
    Säkerhetsuppdatering för Windows Internet Explorer 7 (KB956390)
    Säkerhetsuppdatering för Windows Internet Explorer 7 (KB958215)
    Säkerhetsuppdatering för Windows Internet Explorer 7 (KB960714)
    Säkerhetsuppdatering för Windows Internet Explorer 7 (KB961260)
    Säkerhetsuppdatering för Windows Internet Explorer 7 (KB963027)
    Säkerhetsuppdatering för Windows Internet Explorer 7 (KB969897)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB969897)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB971961)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB972260)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB974455)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB976325)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB978207)
    Säkerhetsuppdatering för Windows Internet Explorer 8 (KB981332)
    Säkerhetsuppdatering för Windows Media Player (KB952069)
    Säkerhetsuppdatering för Windows Media Player (KB954155)
    Säkerhetsuppdatering för Windows Media Player (KB968816)
    Säkerhetsuppdatering för Windows Media Player (KB973540)
    Säkerhetsuppdatering för Windows Media Player 11 (KB936782)
    Säkerhetsuppdatering för Windows Media Player 11 (KB954154)
    Säkerhetsuppdatering för Windows XP (KB923561)
    Säkerhetsuppdatering för Windows XP (KB923789)
    Säkerhetsuppdatering för Windows XP (KB938464)
    Säkerhetsuppdatering för Windows XP (KB941569)
    Säkerhetsuppdatering för Windows XP (KB946648)
    Säkerhetsuppdatering för Windows XP (KB950760)
    Säkerhetsuppdatering för Windows XP (KB950762)
    Säkerhetsuppdatering för Windows XP (KB950974)
    Säkerhetsuppdatering för Windows XP (KB951066)
    Säkerhetsuppdatering för Windows XP (KB951376-v2)
    Säkerhetsuppdatering för Windows XP (KB951376)
    Säkerhetsuppdatering för Windows XP (KB951698)
    Säkerhetsuppdatering för Windows XP (KB951748)
    Säkerhetsuppdatering för Windows XP (KB952004)
    Säkerhetsuppdatering för Windows XP (KB952954)
    Säkerhetsuppdatering för Windows XP (KB953839)
    Säkerhetsuppdatering för Windows XP (KB954211)
    Säkerhetsuppdatering för Windows XP (KB954459)
    Säkerhetsuppdatering för Windows XP (KB954600)
    Säkerhetsuppdatering för Windows XP (KB955069)
    Säkerhetsuppdatering för Windows XP (KB956391)
    Säkerhetsuppdatering för Windows XP (KB956572)
    Säkerhetsuppdatering för Windows XP (KB956744)
    Säkerhetsuppdatering för Windows XP (KB956802)
    Säkerhetsuppdatering för Windows XP (KB956803)
    Säkerhetsuppdatering för Windows XP (KB956841)
    Säkerhetsuppdatering för Windows XP (KB956844)
    Säkerhetsuppdatering för Windows XP (KB957095)
    Säkerhetsuppdatering för Windows XP (KB957097)
    Säkerhetsuppdatering för Windows XP (KB958644)
    Säkerhetsuppdatering för Windows XP (KB958687)
    Säkerhetsuppdatering för Windows XP (KB958690)
    Säkerhetsuppdatering för Windows XP (KB958869)
    Säkerhetsuppdatering för Windows XP (KB959426)
    Säkerhetsuppdatering för Windows XP (KB960225)
    Säkerhetsuppdatering för Windows XP (KB960715)
    Säkerhetsuppdatering för Windows XP (KB960803)
    Säkerhetsuppdatering för Windows XP (KB960859)
    Säkerhetsuppdatering för Windows XP (KB961371)
    Säkerhetsuppdatering för Windows XP (KB961373)
    Säkerhetsuppdatering för Windows XP (KB961501)
    Säkerhetsuppdatering för Windows XP (KB968537)
    Säkerhetsuppdatering för Windows XP (KB969059)
    Säkerhetsuppdatering för Windows XP (KB969898)
    Säkerhetsuppdatering för Windows XP (KB969947)
    Säkerhetsuppdatering för Windows XP (KB970238)
    Säkerhetsuppdatering för Windows XP (KB970430)
    Säkerhetsuppdatering för Windows XP (KB971468)
    Säkerhetsuppdatering för Windows XP (KB971486)
    Säkerhetsuppdatering för Windows XP (KB971557)
    Säkerhetsuppdatering för Windows XP (KB971633)
    Säkerhetsuppdatering för Windows XP (KB971657)
    Säkerhetsuppdatering för Windows XP (KB972270)
    Säkerhetsuppdatering för Windows XP (KB973346)
    Säkerhetsuppdatering för Windows XP (KB973354)
    Säkerhetsuppdatering för Windows XP (KB973507)
    Säkerhetsuppdatering för Windows XP (KB973525)
    Säkerhetsuppdatering för Windows XP (KB973869)
    Säkerhetsuppdatering för Windows XP (KB973904)
    Säkerhetsuppdatering för Windows XP (KB974112)
    Säkerhetsuppdatering för Windows XP (KB974318)
    Säkerhetsuppdatering för Windows XP (KB974392)
    Säkerhetsuppdatering för Windows XP (KB974571)
    Säkerhetsuppdatering för Windows XP (KB975025)
    Säkerhetsuppdatering för Windows XP (KB975467)
    Säkerhetsuppdatering för Windows XP (KB975560)
    Säkerhetsuppdatering för Windows XP (KB975561)
    Säkerhetsuppdatering för Windows XP (KB975713)
    Säkerhetsuppdatering för Windows XP (KB977165)
    Säkerhetsuppdatering för Windows XP (KB977816)
    Säkerhetsuppdatering för Windows XP (KB977914)
    Säkerhetsuppdatering för Windows XP (KB978037)
    Säkerhetsuppdatering för Windows XP (KB978251)
    Säkerhetsuppdatering för Windows XP (KB978262)
    Säkerhetsuppdatering för Windows XP (KB978338)
    Säkerhetsuppdatering för Windows XP (KB978601)
    Säkerhetsuppdatering för Windows XP (KB978706)
    Säkerhetsuppdatering för Windows XP (KB979309)
    Säkerhetsuppdatering för Windows XP (KB979683)
    Säkerhetsuppdatering för Windows XP (KB980232)
    Sony Ericsson Media Manager 1.2
    SQL Server System CLR Types
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Uppdatering för Windows Internet Explorer 8 (KB971930)
    Uppdatering för Windows Internet Explorer 8 (KB976662)
    Uppdatering för Windows Internet Explorer 8 (KB976749)
    Uppdatering för Windows Internet Explorer 8 (KB980182)
    Uppdatering för Windows XP (KB898461)
    Uppdatering för Windows XP (KB942763)
    Uppdatering för Windows XP (KB951072-v2)
    Uppdatering för Windows XP (KB951978)
    Uppdatering för Windows XP (KB955759)
    Uppdatering för Windows XP (KB955839)
    Uppdatering för Windows XP (KB961503)
    Uppdatering för Windows XP (KB967715)
    Uppdatering för Windows XP (KB968389)
    Uppdatering för Windows XP (KB971737)
    Uppdatering för Windows XP (KB973687)
    Uppdatering för Windows XP (KB973815)
    WebFldrs XP
    VIA/S3G Display Driver 6.14.10.0368
    WIDCOMM Bluetooth Software
    Viktig uppdatering för Windows Media Player 11 (KB959772)
    Windows Driver Package - Intel (NETw4x32) net (03/13/2008 11.5.1.15)
    Windows Driver Package - Intel (w29n51) net (12/19/2007 9.0.4.39)
    Windows Driver Package - Intel net (03/13/2008 11.5.1.15)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live inloggningsassistenten
    Windows Live Messenger
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    vixy converter uninstall
    XnView 1.96.2
    YouTube Downloader 2.5.3

    ==== End Of File ===========================
     
    light,
    #2


  3. to hide this advert.

  4. 2010/05/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***


    STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.

    RESTART COMPUTER

    STEP 3. Download HijackThis:
    http://free.antivirus.com/hijackthis/
    by clicking on Installer under Version 2.0.4
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #3
  5. 2010/05/09
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    hm why does it say that i need login to download malware bytes?
     
    light,
    #4
  6. 2010/05/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #5
  7. 2010/05/09
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    nja ts ok, it was rather weird cause it appered when i pressed download free version as i did on my cpu

    well i have it now
     
    light,
    #6
  8. 2010/05/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok :)
     
    broni,
    #7
  9. 2010/05/09
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    ok heres the malware bytes log (its in swedish)




    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Databasversion: 4084

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    2010-05-09 21:21:21
    mbam-log-2010-05-09 (21-21-21).txt

    Skanningstyp: Snabbskanning
    Antal skannade objekt: 119738
    Förfluten tid: 18 minut(er), 15 sekund(er)

    Infekterade minnesprocesser: 0
    Infekterade minnesmoduler: 0
    Infekterade registernycklar: 1
    Infekterade registervärden: 0
    Infekterade registerdataposter: 0
    Infekterade mappar: 0
    Infekterade filer: 0

    Infekterade minnesprocesser:
    (Inga illasinnade poster hittades)

    Infekterade minnesmoduler:
    (Inga illasinnade poster hittades)

    Infekterade registernycklar:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Infekterade registervärden:
    (Inga illasinnade poster hittades)

    Infekterade registerdataposter:
    (Inga illasinnade poster hittades)

    Infekterade mappar:
    (Inga illasinnade poster hittades)

    Infekterade filer:
    (Inga illasinnade poster hittades)
     
    light,
    #8
  10. 2010/05/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Still waiting for other logs.
     
    broni,
    #9
  11. 2010/05/11
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    yeah sry about that i had very limited time

    i problably send today (theres a small chance i need to send tomorow)
     
    light,
    #10
  12. 2010/05/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok :)
     
    broni,
    #11
  13. 2010/05/12
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-05-11 02:01:02
    Windows 5.1.2600 Service Pack 3
    Running: wedoeyd0.exe; Driver: C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\awtdypow.sys


    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Fastfat \Fat F6C75D20

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e0a000403
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e0a000403 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001e0a000403 (not active ControlSet)
    Reg HKLM\SOFTWARE\Classes\CLSID\{6226BB20-A4E9-DEBE-E2EF-AE13E43088FF}\Implemented Categories\{0DE86A54-2BAA-11CF-A229-00AA003D7352}
    Reg HKLM\SOFTWARE\Classes\CLSID\{6226BB20-A4E9-DEBE-E2EF-AE13E43088FF}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
    Reg HKLM\SOFTWARE\Classes\CLSID\{6226BB20-A4E9-DEBE-E2EF-AE13E43088FF}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
    Reg HKLM\SOFTWARE\Classes\CLSID\{6226BB20-A4E9-DEBE-E2EF-AE13E43088FF}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
    Reg HKLM\SOFTWARE\Classes\CLSID\{6226BB20-A4E9-DEBE-E2EF-AE13E43088FF}\InprocServer32@ C:\WINDOWS\system32\msvidctl.dll
    Reg HKLM\SOFTWARE\Classes\CLSID\{6226BB20-A4E9-DEBE-E2EF-AE13E43088FF}\InprocServer32@ThreadingModel Both
    Reg HKLM\SOFTWARE\Classes\CLSID\{6226BB20-A4E9-DEBE-E2EF-AE13E43088FF}\ProgID@ BDATuner.ChannelTuneRequest.1
    Reg HKLM\SOFTWARE\Classes\CLSID\{6226BB20-A4E9-DEBE-E2EF-AE13E43088FF}\TypeLib@ {9B085638-018E-11D3-9D8E-00C04F72D980}
    Reg HKLM\SOFTWARE\Classes\CLSID\{6226BB20-A4E9-DEBE-E2EF-AE13E43088FF}\VersionIndependentProgID@ BDATuner.ChannelTuneRequest
    Reg HKLM\SOFTWARE\Classes\CLSID\{A24BFC2C-895E-7D27-029E-88B8CF9C0B10}\InprocServer32@ C:\WINDOWS\system32\wbem\fastprox.dll
    Reg HKLM\SOFTWARE\Classes\CLSID\{A24BFC2C-895E-7D27-029E-88B8CF9C0B10}\InprocServer32@ThreadingModel Both

    ---- EOF - GMER 1.0.15 ----
     
    light,
    #12
  14. 2010/05/12
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 14:47:28, on 2010-05-12
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program\Microsoft IntelliPoint\ipoint.exe
    C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program\ALWILS~1\Avast5\avastUI.exe
    C:\Program\Brother\ControlCenter3\brccMCtl.exe
    C:\Program\Java\jre6\bin\jusched.exe
    C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program\Delade filer\LightScribe\LightScribeControlPanel.exe
    C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program\Windows Live\Messenger\msnmsgr.exe
    C:\Program\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program\Bonjour\mDNSResponder.exe
    C:\Program\Hotspot Shield\bin\openvpnas.exe
    C:\Program\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Program\Java\jre6\bin\jqs.exe
    C:\Program\Delade filer\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program\Canon\CAL\CALMAIN.exe
    C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
    C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program\Hotspot Shield\bin\openvpntray.exe
    C:\Program\Java\jre6\bin\jucheck.exe
    C:\Program\Google\Chrome\Application\chrome.exe
    C:\Program\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bl108w.blu108.mail.live.com/mail/TodayLight.aspx?n=4629124
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
    R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program\Hotspot_Shield\tbHot1.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program\Hotspot_Shield\tbHot1.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program\Hotspot Shield\hssie\HssIE.dll
    O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program\Hotspot_Shield\tbHot1.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\ipoint.exe "
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program\Delade filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program\ScanSoft\PaperPort\pptd40nt.exe "
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program\ScanSoft\PaperPort\IndexSearch.exe "
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe "
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [avast5] C:\Program\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe "
    O4 - HKCU\..\Run: [swg] "C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program\Delade filer\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 - "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" - "http://www.sherwooddungeon.com/SherwoodDungeon.htm "
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O8 - Extra context menu item: Skicka till &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Skicka till Bluetooth - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://kusten.axiscam.net/activex/AMC.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
    O16 - DPF: {C4D6755D-2123-4EEF-BAA0-94B22F1C2271} (IAHSOCX.HOSTILESPACE) - https://www.hostilespace.com/Portal/IAHSOCX20019.CAB
    O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c98d4dbe9cdb1e) (gupdate1c98d4dbe9cdb1e) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program\Hotspot Shield\HssWPR\hsssrv.exe
    O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program\Hotspot Shield\bin\HssTrayService.EXE
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
    O24 - Desktop Component 0: (no name) - http://gfx1.hotmail.com/mail/w4/pr01/ltr/im/offline16.png
    O24 - Desktop Component 1: (no name) - http://www.sprakservice.nu/bilder/map.jpg
    O24 - Desktop Component 2: (no name) - http://www.natnapa.ac.th/image/O_Icon_n3.gif
    O24 - Desktop Component 3: (no name) - http://www.natnapa.ac.th/image/Apply_Pic1.gif
    O24 - Desktop Component 4: (no name) - http://gfx2.hotmail.com/mail/w4/pr01/ltr/im/offline16.png
    O24 - Desktop Component 5: (no name) - http://marknad.akelius.se/images/historyback.gif
    O24 - Desktop Component 6: (no name) - http://www.granit.com/filearchive/2/2427/Oslo-2.jpg
    O24 - Desktop Component 7: (no name) - http://photos-g.ak.fbcdn.net/hphoto..._378895444060_712559060_3532088_2415681_n.jpg
    O24 - Desktop Component 8: (no name) - http://photos-a.ak.fbcdn.net/hphoto..._378889999060_712559060_3532002_8042006_s.jpg
    O24 - Desktop Component 9: (no name) - https://www3.skatteverket.se/ef/ef_webapp/bilder/global/imgrsvprint.png

    --
    End of file - 12770 bytes
     
    light,
    #13
  15. 2010/05/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    How much RAM do you have?

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #14
  16. 2010/05/13
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    it has 960 mb RAM i tink
     
    light,
    #15
  17. 2010/05/13
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    ComboFix 10-05-12.04 - Webbook 2010-05-13 15:58:19.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.959.383 [GMT 2:00]
    Körs från: c:\documents and settings\Webbook\Skrivbord\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ADS - WINDOWS: deleted 24 bytes in 1 streams.

    ((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Webbook\Recent\Utlandsbetalning1.url
    c:\windows\system32\Thumbs.db
    c:\windows\system32\Vb40032.dll

    .
    (((((((((((((((((((((((( Filer Skapade från 2010-04-13 till 2010-05-13 ))))))))))))))))))))))))))))))
    .

    2010-05-12 12:45 . 2010-05-12 12:45 388096 ----a-r- c:\documents and settings\Webbook\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-05-10 13:07 . 2010-05-10 13:08 -------- d-----w- c:\documents and settings\Administratör
    2010-05-09 18:59 . 2010-05-09 18:59 -------- d-----w- c:\documents and settings\Webbook\Application Data\Malwarebytes
    2010-05-09 18:58 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-05-09 18:58 . 2010-05-09 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-05-09 18:58 . 2010-05-09 18:58 -------- d-----w- c:\program\Malwarebytes' Anti-Malware
    2010-05-09 18:58 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-09 16:28 . 2009-01-22 19:37 1 ----a-w- c:\documents and settings\Webbook\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-05-09 13:12 . 2009-02-20 18:52 -------- d-----w- c:\program\iTunes
    2010-05-09 13:12 . 2009-02-20 18:47 -------- d-----w- c:\program\Delade filer\Apple
    2010-05-06 20:59 . 2010-03-25 20:06 38848 ----a-w- c:\windows\system32\avastSS.scr
    2010-05-06 20:59 . 2010-03-25 20:06 165032 ----a-w- c:\windows\system32\aswBoot.exe
    2010-05-06 20:39 . 2010-03-25 20:06 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-05-06 20:39 . 2010-03-25 20:07 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-05-06 20:34 . 2010-03-25 20:07 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-05-06 20:33 . 2010-03-25 20:06 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-05-06 20:33 . 2010-03-25 20:06 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-05-06 20:33 . 2010-03-25 20:07 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-05-06 20:33 . 2010-03-25 20:06 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-03-30 11:59 . 2008-09-26 18:13 -------- d-----w- c:\documents and settings\Webbook\Application Data\U3
    2010-03-30 11:15 . 2010-03-30 11:15 -------- d-----w- c:\documents and settings\Webbook\Application Data\TuneUp Software
    2010-03-30 11:15 . 2010-03-30 11:14 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
    2010-03-30 11:14 . 2010-03-30 11:14 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
    2010-03-30 11:09 . 2010-03-25 20:17 -------- d-----w- c:\program\Perfect Uninstaller
    2010-03-28 05:37 . 2006-03-02 12:00 84474 ----a-w- c:\windows\system32\perfc01D.dat
    2010-03-28 05:37 . 2006-03-02 12:00 446198 ----a-w- c:\windows\system32\perfh01D.dat
    2010-03-25 20:49 . 2008-09-24 18:22 -------- d-----w- c:\program\Java
    2010-03-25 20:47 . 2010-03-25 20:47 152576 ----a-w- c:\documents and settings\Webbook\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2010-03-25 20:47 . 2010-03-25 20:47 79488 ----a-w- c:\documents and settings\Webbook\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2010-03-25 20:28 . 2008-09-30 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
    2010-03-25 20:06 . 2010-03-25 20:06 -------- d-----w- c:\program\Alwil Software
    2010-03-25 20:06 . 2010-03-25 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-03-25 16:33 . 2008-09-30 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
    2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\16022\AdobeARM.exe
    2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\16022\AdobeExtractFiles.dll
    2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\16022\ReaderUpdater.exe
    2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\16022\AcrobatUpdater.exe
    2010-03-22 18:33 . 2010-03-22 18:33 -------- d-----w- c:\program\YouTube Downloader
    2010-03-10 06:17 . 2006-03-02 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-07 14:04 . 2010-02-18 06:37 50354 ----a-w- c:\documents and settings\Webbook\Application Data\Facebook\uninstall.exe
    2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Webbook\Application Data\Facebook\npfbplugin_1_0_3.dll
    2010-03-02 07:23 . 2010-03-02 07:23 0 ----a-w- c:\windows\system32\cd.dat
    2010-02-25 06:19 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2006-03-02 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-17 12:09 . 2006-03-02 12:00 2190720 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 19:09 . 2004-08-04 01:24 2067584 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2009-11-14 14:55 . 2009-11-14 14:55 1412552 ----a-w- c:\program\TrueCrypt.exe
    2009-05-01 16:14 . 2009-05-01 16:14 924 ----a-w- c:\program\Genväg till vbexpress.lnk
    2009-04-04 07:09 . 2009-04-04 07:09 4608 --sha-w- c:\program\Thumbs.db
    2009-03-22 13:26 . 2009-03-22 13:00 111994 ----a-w- c:\program\test 1.bmp
    2009-06-09 17:16 . 2009-06-09 16:26 56 --sh--r- c:\windows\system32\B83B0A0547.sys
    2009-08-04 12:44 . 2009-06-09 16:26 1056 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    (((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Not* Tomma poster & legitima standardposter visas inte.
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{c95a4e8e-816d-4655-8c79-d736da1adb6d} "= "c:\program\Hotspot_Shield\tbHot1.dll" [2010-02-12 2349080]

    [HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
    2010-02-12 11:55 2349080 ----a-w- c:\program\Hotspot_Shield\tbHot1.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
    2009-11-22 19:09 218160 ----a-w- c:\program\hotspot shield\HssIE\HssIE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{c95a4e8e-816d-4655-8c79-d736da1adb6d} "= "c:\program\Hotspot_Shield\tbHot1.dll" [2010-02-12 2349080]

    [HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} "= "c:\program\Hotspot_Shield\tbHot1.dll" [2010-02-12 2349080]

    [HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-21 68856]
    "LightScribe Control Panel "= "c:\program\Delade filer\LightScribe\LightScribeControlPanel.exe" [2008-01-24 2289664]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "c:\program\Delade filer\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
    "msnmsgr "= "c:\program\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Shockwave Updater "= "c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VTTimer "= "VTTimer.exe" [2006-09-21 53248]
    "VTTrayp "= "VTtrayp.exe" [2007-06-11 176128]
    "NeroFilterCheck "= "c:\program\Delade filer\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "RTHDCPL "= "RTHDCPL.EXE" [2008-07-03 16876032]
    "IntelliPoint "= "c:\program\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
    "Adobe Photo Downloader "= "c:\program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 57344]
    "QuickTime Task "= "c:\program\QuickTime\qttask.exe" [2009-01-05 413696]
    "SSBkgdUpdate "= "c:\program\Delade filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "PaperPort PTD "= "c:\program\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
    "IndexSearch "= "c:\program\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
    "ControlCenter3 "= "c:\program\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
    "Adobe ARM "= "c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
    "BluetoothAuthenticationAgent "= "bthprops.cpl" [2008-04-14 110592]
    "avast5 "= "c:\program\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
    "SunJavaUpdateSched "= "c:\program\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Start-meny\Program\Autostart\
    BTTray.lnk - c:\program\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-6 576104]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "iTunesHelper "= "c:\program\iTunes\iTunesHelper.exe "
    "PPort11reminder "= "c:\program\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
    "BrMfcWnd "=c:\program\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    "Adobe Reader Speed Launcher "= "c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe "

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program\\Nero\\Nero 7\\Nero Home\\NeroHome.exe "=
    "c:\\Program\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe "=
    "c:\\Program\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program\\Microsoft Games\\unreal softwear\\counter strike 2d\\CounterStrike2D.exe "=
    "c:\\Program\\Brother\\BRAdmin Light\\BRAdmLight.exe "=
    "c:\\WINDOWS\\system32\\dplaysvr.exe "=
    "c:\\Documents and Settings\\Webbook\\Mina dokument\\YoYoGames\\74631\\Battles And Battalions.exe "=
    "c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe "=

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-03-25 164048]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-03-25 19024]
    S2 gupdate1c98d4dbe9cdb1e;Google Update Service (gupdate1c98d4dbe9cdb1e);c:\program\Google\Update\GoogleUpdate.exe [2009-02-12 133104]
    S3 GWHid;VL807 Hidmini driver;c:\windows\system32\drivers\GWHid.sys [2009-11-23 18992]
    S3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [2008-09-26 7936]
    S3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\drivers\nordecr.sys [2007-10-30 23040]
    S3 VL807;VL807 Filter;c:\windows\system32\drivers\VL807.sys [2009-11-23 27184]
    S3 XDva223;XDva223;\??\c:\windows\system32\XDva223.sys --> c:\windows\system32\XDva223.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-01-24 10:30 451872 ----a-w- c:\program\Delade filer\LightScribe\LSRunOnce.exe
    .
    Innehållet i mappen 'Schemalagda aktiviteter':

    2010-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2010-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program\Google\Update\GoogleUpdate.exe [2009-02-12 20:08]

    2010-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program\Google\Update\GoogleUpdate.exe [2009-02-12 20:08]

    2009-04-25 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
    - c:\program\Microsoft IntelliPoint\ipoint.exe [2007-08-31 19:01]

    2010-05-13 c:\windows\Tasks\User_Feed_Synchronization-{BD4CCDEB-FFAA-44E1-BCDC-985BBEEA2DD4}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
    .
    .
    ------- Extra genomsökning -------
    .
    uStart Page = hxxp://bl108w.blu108.mail.live.com/mail/TodayLight.aspx?n=4629124
    uInternet Settings,ProxyOverride = *.local
    IE: Google Sidewiki... - c:\program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: Skicka till &Bluetooth-enhet... - c:\program\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Skicka till Bluetooth - c:\program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} - hxxp://www.activeworlds.com/products/ActiveWorldsDownload.cab
    DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
    DPF: {C4D6755D-2123-4EEF-BAA0-94B22F1C2271} - hxxps://www.hostilespace.com/Portal/IAHSOCX20019.CAB
    .
    .
    ------- Filassociationer -------
    .
    .txt=Word Reader-TXT
    .
    - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

    AddRemove-Artifact_is1 - i:\documents\games\Artifact\unins000.exe
    AddRemove-HyperCam 2 - i:\documents\program\UnHyCam2.exe
    AddRemove-Netrek XP Mod - i:\documents\games\netrek (low Q)\UnInstall_17828.exe
    AddRemove-RPG Maker VX RTP_is1 - i:\documents\program\RPGVX\unins001.exe
    AddRemove-RPG Maker VX_is1 - i:\documents\program\RPGVX\unins000.exe
    AddRemove-{97C82B44-D408-4F14-9252-47FC1636D23E}_is1 - i:\documents\program\IZArc\unins000.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-13 16:18
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\INIDVD]
    "ImagePath "=multi: "system32\DRIVERS\inidvd.sys\00 "

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\INIDVD]
    "ImagePath "=multi: "system32\DRIVERS\inidvd.sys\00 "
    .
    Sluttid: 2010-05-13 16:24:35
    ComboFix-quarantined-files.txt 2010-05-13 14:24

    Före genomsökningen: 26*545*623*040 byte ledigt
    Efter genomsökningen: 27*976*052*736 byte ledigt

    WindowsXP-KB310994-SP2-Home-BootDisk-SVE.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - 06644DAA551F25EE2FE92A9071FFAA4E
     
    light,
    #16
  18. 2010/05/13
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 17:33:02, on 2010-05-13
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program\Microsoft IntelliPoint\ipoint.exe
    C:\Program\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program\ALWILS~1\Avast5\avastUI.exe
    C:\Program\Brother\ControlCenter3\brccMCtl.exe
    C:\Program\Java\jre6\bin\jusched.exe
    C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program\Delade filer\LightScribe\LightScribeControlPanel.exe
    C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program\Bonjour\mDNSResponder.exe
    C:\Program\Hotspot Shield\bin\openvpnas.exe
    C:\Program\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Program\Java\jre6\bin\jqs.exe
    C:\Program\Delade filer\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program\Canon\CAL\CALMAIN.exe
    C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
    C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program\Hotspot Shield\bin\openvpntray.exe
    C:\Program\Java\jre6\bin\jucheck.exe
    C:\WINDOWS\explorer.exe
    C:\Program\Google\Chrome\Application\chrome.exe
    C:\Program\Google\Chrome\Application\chrome.exe
    C:\Program\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bl108w.blu108.mail.live.com/mail/TodayLight.aspx?n=4629124
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
    R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program\Hotspot_Shield\tbHot1.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program\Hotspot_Shield\tbHot1.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program\Hotspot Shield\hssie\HssIE.dll
    O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program\Hotspot_Shield\tbHot1.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\ipoint.exe "
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program\Delade filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program\ScanSoft\PaperPort\pptd40nt.exe "
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program\ScanSoft\PaperPort\IndexSearch.exe "
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe "
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [avast5] C:\Program\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe "
    O4 - HKCU\..\Run: [swg] "C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program\Delade filer\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe "
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 - "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" - "http://www.sherwooddungeon.com/SherwoodDungeon.htm "
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O8 - Extra context menu item: Skicka till &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Skicka till Bluetooth - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://kusten.axiscam.net/activex/AMC.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
    O16 - DPF: {C4D6755D-2123-4EEF-BAA0-94B22F1C2271} (IAHSOCX.HOSTILESPACE) - https://www.hostilespace.com/Portal/IAHSOCX20019.CAB
    O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c98d4dbe9cdb1e) (gupdate1c98d4dbe9cdb1e) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program\Hotspot Shield\HssWPR\hsssrv.exe
    O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program\Hotspot Shield\bin\HssTrayService.EXE
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
    O24 - Desktop Component 0: (no name) - http://gfx1.hotmail.com/mail/w4/pr01/ltr/im/offline16.png
    O24 - Desktop Component 1: (no name) - http://www.sprakservice.nu/bilder/map.jpg
    O24 - Desktop Component 2: (no name) - http://www.natnapa.ac.th/image/O_Icon_n3.gif
    O24 - Desktop Component 3: (no name) - http://www.natnapa.ac.th/image/Apply_Pic1.gif
    O24 - Desktop Component 4: (no name) - http://gfx2.hotmail.com/mail/w4/pr01/ltr/im/offline16.png
    O24 - Desktop Component 5: (no name) - http://marknad.akelius.se/images/historyback.gif
    O24 - Desktop Component 6: (no name) - http://www.granit.com/filearchive/2/2427/Oslo-2.jpg
    O24 - Desktop Component 7: (no name) - http://photos-g.ak.fbcdn.net/hphoto..._378895444060_712559060_3532088_2415681_n.jpg
    O24 - Desktop Component 8: (no name) - http://photos-a.ak.fbcdn.net/hphoto..._378889999060_712559060_3532002_8042006_s.jpg
    O24 - Desktop Component 9: (no name) - https://www3.skatteverket.se/ef/ef_webapp/bilder/global/imgrsvprint.png

    --
    End of file - 12291 bytes
     
    light,
    #17
  19. 2010/05/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok...
     
    broni,
    #18
  20. 2010/05/14
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    ehh whaats wrong?
     
    light,
    #19
  21. 2010/05/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Haha, sorry for that.
    I have no clue, why I said just OK....

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Click OK (Vista users - press Enter).
    Restart computer.

    ================================================================

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

    Post fresh HijackThis log as well.
     
    broni,
    #20
Page 1 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...