mixbox
2008-09-12, 03:07
ComboFix log:
ComboFix 08-09-10.04 - William 2008-09-12 2:42:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.1313 [GMT 2:00]
Running from: C:\Documents and Settings\William\Mina dokument\Nedladdade filer\ComboFix.exe
Command switches used :: C:\Documents and Settings\William\Mina dokument\Nedladdade filer\WindowsXP-KB310994-SP2-Home-BootDisk-SVE.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMa3ea52f2.txt
C:\WINDOWS\BMa3ea52f2.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aasuxa.dll
C:\WINDOWS\system32\ahtton.dll
C:\WINDOWS\system32\ajxyga.dll
C:\WINDOWS\system32\almbhbyo.dll
C:\WINDOWS\system32\bbdbqfnv.dll
C:\WINDOWS\system32\bcudpvje.dll
C:\WINDOWS\system32\bymryodo.dll
C:\WINDOWS\system32\cbXRIYsQ.dll
C:\WINDOWS\system32\cdioyioj.dll
C:\WINDOWS\system32\ehtouyov.dll
C:\WINDOWS\system32\eulipvxc.dll
C:\WINDOWS\system32\fbcihaqi.dll
C:\WINDOWS\system32\frercl.dll
C:\WINDOWS\system32\GLAPILIB.dll
C:\WINDOWS\system32\idqmxwww.dll
C:\WINDOWS\system32\joiyoidc.ini
C:\WINDOWS\system32\joruoepv.ini
C:\WINDOWS\system32\lokpcq.dll
C:\WINDOWS\system32\lqmhmngm.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mgdhkvho.ini
C:\WINDOWS\system32\mhfhxqxx.dll
C:\WINDOWS\system32\mlJAQJAP.dll
C:\WINDOWS\system32\ofdmhsky.ini
C:\WINDOWS\system32\ogatdyda.dll
C:\WINDOWS\system32\ohvkhdgm.dll
C:\WINDOWS\system32\osdvpprn.dll
C:\WINDOWS\system32\oybhbmla.ini
C:\WINDOWS\system32\PAJQAJlm.ini
C:\WINDOWS\system32\PAJQAJlm.ini2
C:\WINDOWS\system32\RBJQAJjl.ini
C:\WINDOWS\system32\ssnnvtxk.dll
C:\WINDOWS\system32\svfyfjml.dll
C:\WINDOWS\system32\tftvrxqa.dll
C:\WINDOWS\system32\ukblusbu.dll
C:\WINDOWS\system32\upenisfj.dll
C:\WINDOWS\system32\uullhbmm.dll
C:\WINDOWS\system32\uwdriceb.dll
C:\WINDOWS\system32\waskmgmu.dll
C:\WINDOWS\system32\vpeouroj.dll
C:\WINDOWS\system32\ykshmdfo.dll
C:\WINDOWS\system32\ysqjtgan.dll
.
((((((((((((((((((((((((( Files Created from 2008-08-12 to 2008-09-12 )))))))))))))))))))))))))))))))
.
2008-09-12 02:31 . 2008-09-12 02:31 <KAT> d-------- C:\Program\Trend Micro
2008-09-11 23:56 . 2008-09-11 23:56 149 --a------ C:\WINDOWS\wininit.ini
2008-09-10 23:18 . 2008-09-10 23:21 <KAT> d-------- C:\Documents and Settings\William\Application Data\GrabIt
2008-09-10 23:17 . 2008-09-10 23:17 <KAT> d-------- C:\Program\GrabIt
2008-09-10 23:15 . 2008-09-10 23:15 <KAT> d-------- C:\Program\Giganews Accelerator
2008-09-10 22:01 . 2008-09-10 22:01 <KAT> d-------- C:\Documents and Settings\William\Application Data\Lavasoft
2008-09-10 21:59 . 2008-09-10 23:08 <KAT> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-10 21:59 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-10 21:59 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-10 21:59 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-10 21:59 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-09-10 21:58 . 2008-09-10 21:58 <KAT> d-------- C:\Program\Webroot
2008-09-10 21:58 . 2008-09-10 22:00 <KAT> d-------- C:\Program\Spyware Doctor
2008-09-10 21:58 . 2008-09-10 21:58 <KAT> d-------- C:\Documents and Settings\William\Application Data\PC Tools
2008-09-10 21:58 . 2008-09-10 21:58 <KAT> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-09-10 21:58 . 2008-09-10 21:58 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-09-10 21:58 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-09-10 21:58 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-09-10 21:58 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-09-10 21:58 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2008-09-10 21:58 . 2008-09-10 21:58 164 --a------ C:\install.dat
2008-09-10 21:57 . 2008-09-10 21:57 <KAT> d-------- C:\Program\TeaTimer (Spybot - Search & Destroy)
2008-09-10 21:57 . 2008-09-10 21:57 <KAT> d-------- C:\Documents and Settings\William\Application Data\Webroot
2008-09-10 21:56 . 2008-09-11 23:14 <KAT> d-------- C:\Program\Spybot - Search & Destroy
2008-09-10 21:56 . 2008-09-11 23:03 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-10 21:55 . 2008-09-10 21:55 <KAT> d-------- C:\Program\Lavasoft
2008-09-10 21:53 . 2008-09-10 21:53 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-09-10 21:46 . 2008-09-10 21:46 <KAT> d-------- C:\WINDOWS\system32\GroupPolicy
2008-09-10 21:46 . 2008-09-11 23:10 <KAT> d-------- C:\Program\Hitman Pro
2008-09-10 21:06 . 2008-09-10 23:22 <KAT> d-------- C:\Documents and Settings\William\Downloads
2008-09-10 21:06 . 2008-09-10 21:18 <KAT> d-------- C:\Documents and Settings\William\Application Data\NewsLeecher
2008-09-10 21:05 . 2008-09-10 21:05 <KAT> d-------- C:\Program\NewsLeecher
2008-09-10 20:59 . 2008-09-10 20:59 95,232 --a------ C:\WINDOWS\system32\yotzyf.dll__DELETE_ON_REBOOT
2008-09-10 20:56 . 2008-09-10 20:56 236,544 --a------ C:\WINDOWS\system32\ljJAQJBR.dll__DELETE_ON_REBOOT
2008-09-07 23:47 . 2008-09-07 23:47 <KAT> d-------- C:\Program\Microsoft Games
2008-09-07 23:47 . 1999-09-27 14:07 135 --a------ C:\DVNAOE2.cue
2008-09-07 23:45 . 1999-09-27 14:02 683,418,288 --a------ C:\DVNAOE2.bin
2008-09-06 00:54 . 2008-08-09 16:53 3,987,298,304 --a------ C:\geeks-tsm.swe.no.dk.vol2.img
2008-09-05 23:37 . 2008-08-09 14:57 3,699,501,056 --a------ C:\geeks-tsm.swe.no.dk.vol1.img
2008-09-05 12:55 . 2008-09-11 15:40 <KAT> d-------- C:\Skolan
2008-09-05 12:55 . 2008-09-05 12:55 <KAT> d-------- C:\Program\Packet Tracer 3.2
2008-09-03 17:30 . 2008-09-11 23:02 <KAT> d-------- C:\Program\Actual Window Minimizer
2008-09-03 17:30 . 2008-09-03 17:30 <KAT> d-------- C:\Documents and Settings\William\Application Data\Actual Tools
2008-09-03 17:20 . 2008-09-03 17:20 <KAT> d-------- C:\Documents and Settings\William\WINDOWS
2008-09-03 17:20 . 1996-04-11 22:42 269,317 --a------ C:\WINDOWS\uninst.exe
2008-09-01 21:47 . 2008-09-01 21:48 <KAT> d-------- C:\CryptLoad_1.0.5
2008-09-01 18:16 . 2008-09-01 18:16 <KAT> d-------- C:\My Flash Disk
2008-09-01 17:12 . 2008-09-01 18:40 <KAT> d-------- C:\Program\POI-Warner MN6 Edition
2008-09-01 17:10 . 2008-09-01 17:29 <KAT> d-------- C:\Program\Microsoft ActiveSync
2008-08-31 23:10 . 2008-08-31 23:10 <KAT> d-------- C:\Program\Personal
2008-08-26 23:17 . 2008-08-26 23:17 <KAT> d-------- C:\Program\TightVNC
2008-08-25 23:53 . 2008-08-25 23:56 <KAT> d-------- C:\Program\SSH Explorer
2008-08-25 16:58 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-08-25 16:56 . 2008-08-25 16:56 <KAT> d-------- C:\Program\Microsoft Works
2008-08-25 16:55 . 2008-08-25 16:55 <KAT> d-------- C:\Program\Microsoft.NET
2008-08-25 16:52 . 2008-08-25 16:55 <KAT> d-------- C:\WINDOWS\SHELLNEW
2008-08-25 16:52 . 2008-08-25 16:52 <KAT> d-------- C:\Program\Microsoft Visual Studio 8
2008-08-25 16:51 . 2008-08-25 16:51 <KAT> dr-h----- C:\MSOCache
2008-08-25 16:51 . 2008-08-25 17:03 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-21 17:14 . 2008-08-21 17:14 <KAT> d-------- C:\Program\Hotspot Shield
2008-08-21 01:44 . 2008-08-21 01:44 <KAT> d-------- C:\Program\Iconic Tray
2008-08-21 01:42 . 2008-08-21 01:45 <KAT> d-------- C:\Program\Taskbar Hide
2008-08-19 23:10 . 2008-08-19 23:10 <KAT> d-------- C:\Program\Tracker Checker 2
2008-08-19 22:13 . 2008-08-19 22:13 <KAT> d-------- C:\Program\Playlogic
2008-08-14 23:07 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-14 23:07 . 2008-05-01 16:37 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 23:25 . 2008-09-11 20:25 <KAT> d-------- C:\Program\ESET
2008-08-13 23:25 . 2008-08-13 23:25 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\ESET
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-12 00:47 --------- d-----w C:\Documents and Settings\William\Application Data\uTorrent
2008-09-12 00:31 --------- d-----w C:\Documents and Settings\William\Application Data\NoNameScript
2008-09-11 22:53 --------- d-----w C:\Program\Mozilla Firefox 3 Beta 5
2008-09-11 22:53 --------- d-----w C:\Program\mIRC
2008-09-08 15:24 --------- d-----w C:\Program\SwebitsTV
2008-09-02 21:14 --------- d-----w C:\Program\foobar2000
2008-09-02 14:44 --------- d-----w C:\Program\DVBT
2008-09-01 21:12 --------- d-----w C:\Program\FlashGet
2008-08-30 00:03 --------- d-----w C:\Documents and Settings\William\Application Data\LimeWire
2008-08-29 13:17 --------- d-----w C:\Documents and Settings\William\Application Data\dvdcss
2008-08-27 00:23 --------- d-----w C:\Program\Java
2008-08-25 14:56 --------- d-----w C:\Program\MSBuild
2008-08-23 23:08 --------- d-----w C:\Program\Delade filer\Adobe
2008-08-19 20:13 --------- d--h--w C:\Program\InstallShield Installation Information
2008-08-17 18:35 --------- d-----w C:\Program\TVUPlayer
2008-08-17 17:07 --------- d-----w C:\Program\Streamripper
2008-08-14 13:36 --------- d-----w C:\Documents and Settings\William\Application Data\mIRC
2008-08-08 09:59 --------- d-----w C:\Program\Symantec
2008-08-08 09:31 --------- d-----w C:\Documents and Settings\William\Application Data\DivX
2008-08-08 09:25 --------- d-----w C:\Program\DivX
2008-08-07 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-08-07 01:04 --------- d-----w C:\Documents and Settings\William\Application Data\TVU Networks
2008-08-07 01:02 --------- d-----w C:\Program\StreamingStar
2008-08-06 14:36 --------- d-----w C:\Program\DVBViewer
2008-08-06 00:22 --------- d-----w C:\Documents and Settings\William\Application Data\X-Chat 2
2008-08-06 00:06 --------- d-----w C:\Program\X-Chat 2
2008-08-05 21:45 --------- d-----w C:\Program\Winamp
2008-08-04 16:35 --------- d-----w C:\Program\winlirc
2008-08-04 16:08 --------- d-----w C:\Program\Delade filer\InstallShield
2008-08-04 01:08 --------- d-----w C:\Program\Last.fm
2008-08-04 01:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Last.fm
2008-08-04 00:18 --------- d-----w C:\Program\Real Alternative
2008-08-03 17:53 --------- d-----w C:\Program\Xvid
2008-08-03 17:53 --------- d-----w C:\Program\MKVtoolnix
2008-08-03 17:52 --------- d-----w C:\Program\StaxRip
2008-08-03 00:42 --------- d-----w C:\Documents and Settings\William\Application Data\streamripper
2008-08-03 00:30 --------- d-----w C:\Program\Ratajik Software
2008-08-01 21:16 --------- d-----w C:\Program\Google
2008-07-31 22:41 192,016 ----a-w C:\oldcool.exe
2008-07-31 21:25 454,656 ----a-w C:\putty.exe
2008-07-31 18:41 --------- d-----w C:\Documents and Settings\William\Application Data\Joost
2008-07-31 00:08 --------- d-----w C:\Program\Raxco
2008-07-31 00:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-07-20 20:44 --------- d-----w C:\Program\Cerberus
2008-07-15 13:26 --------- d-----w C:\Documents and Settings\William\Application Data\Winamp
2008-07-14 09:35 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-07-14 09:33 21,672 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2008-07-14 09:33 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys
2008-07-14 09:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-07-14 09:31 --------- d-----w C:\Program\Sony Ericsson
2008-07-14 09:24 --------- d-----w C:\Program\Avanquest update
2008-07-14 09:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-04-28 18:28 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-05-21 22:15 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\MSHist012008052220080523\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="C:\Program\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"TrackerChecker2"="C:\Program\Tracker Checker 2\Tracker Checker 2.exe" [2007-08-06 77824]
"Iconic Tray"="C:\Program\Iconic Tray\it.exe" [2002-11-09 37888]
"H/PC Connection Agent"="C:\Program\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"Actual Window Minimizer"="C:\Program\Actual Window Minimizer\ActualWindowMinimizerCenter.exe" [2008-05-15 770048]
"nodenable"="C:\Program\eset\nodenable.exe" [2008-09-04 326909]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program\Analog Devices\Core\smax4pnp.exe" [2006-02-26 1404928]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"egui"="C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Logitech SetPoint.lnk - C:\Program\Logitech\SetPoint\SetPoint.exe [2008-09-08 805392]
Personal.lnk - C:\Program\Personal\bin\Personal.exe [2008-08-31 910864]
Privoxy.lnk - C:\Program\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 12:30 72208 c:\Program\Delade filer\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=aasuxa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= C:\WINDOWS\system32\xvidvfw.dll
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program\\uTorrent\\uTorrent.exe"=
"C:\\Program\\FlashFXP\\FlashFXP.exe"=
"C:\\Program\\mIRC\\mirc.exe"=
"C:\\Program\\Bonjour\\mDNSResponder.exe"=
"C:\\Program\\iTunes\\iTunes.exe"=
"C:\\Program\\Skype\\Phone\\Skype.exe"=
"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program\\LimeWire\\LimeWire.exe"=
"C:\\Program\\Cerberus\\Cerberus.exe"=
"C:\\Program\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\Program\Microsoft ActiveSync\rapimgr.exe"= C:\Program\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program\Microsoft ActiveSync\wcescomm.exe"= C:\Program\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program\Microsoft ActiveSync\WCESMgr.exe"= C:\Program\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 Cerberus FTP Server;Cerberus FTP Server;C:\Program\Cerberus\Cerberus.exe [2008-06-26 3949184]
R2 DVBWebScheduler;DVB Web Scheduler Service;C:\Program\WebScheduler\wrapper.exe [2004-10-01 135168]
R2 PD91Agent;PD91Agent;C:\Program\Raxco\PerfectDisk2008\PD91Agent.exe [2008-07-18 693512]
R3 EC168BDA;EC168BDA service;C:\WINDOWS\system32\DRIVERS\EC168BDA.sys [2007-09-11 87296]
R3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
S2 gupdate1c8e37c474cb65e;Google Update Service (gupdate1c8e37c474cb65e);C:\Program\Google\Update\GoogleUpdate.exe [2008-08-30 133104]
S2 SSPORT;SSPORT;C:\WINDOWS\system32\Drivers\SSPORT.sys [ ]
S3 bdacap;PC-DTV Receiver;C:\WINDOWS\system32\drivers\bdacap.sys [2006-02-14 217728]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-07-14 13352]
S3 GLHIDKBFILTER;GLHIDKBFILTER;C:\WINDOWS\system32\DRIVERS\GLKbFilter.sys [2006-01-06 11264]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2008-05-22 34576]
S3 PD91Engine;PD91Engine;C:\Program\Raxco\PerfectDisk2008\PD91Engine.exe [2008-07-18 910600]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
BHO-{03B6722B-93CE-4564-8161-2C5F10172458} - C:\WINDOWS\system32\ukblusbu.dll
BHO-{6a06d40d-4eb3-48e2-9a96-797da468cb23} - C:\WINDOWS\system32\aasuxa.dll
BHO-{A635A9F5-3116-43DF-B342-A5B6D434A32D} - C:\WINDOWS\system32\mlJAQJAP.dll
BHO-{D4D42645-89A0-40C4-8D7B-181F412E010D} - C:\WINDOWS\system32\ljJAQJBR.dll
HKCU-Run-Google Update - C:\Documents and Settings\William\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe
HKLM-Run-a0d9616e - C:\WINDOWS\system32\almbhbyo.dll
HKLM-Run-BMa3ea52f2 - C:\WINDOWS\system32\idqmxwww.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\lxoqoi9f.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxps://swebits.org/|http://www.softtorrents.org/login.php?returnto=%2Fbrowse|http://www.torrentleech.org/browse.php
FF -: plugin - C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\lxoqoi9f.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF -: plugin - C:\Documents and Settings\William\Lokala inställningar\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program\Google\Lively\nplively.dll
FF -: plugin - C:\Program\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\np-mswmp.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\npJoostPlugin.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\npLegitCheckPlugin.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\npnul32.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\NPOFF12.DLL
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\nppdf32.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\nppl3260.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\npqtplugin.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\npqtplugin2.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\npqtplugin3.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\npqtplugin4.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\npqtplugin5.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\npqtplugin6.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\npqtplugin7.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\nprpjplug.dll
FF -: plugin - C:\Program\Personal\bin\np_prsnl.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-12 02:49:41
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program\Java\jre1.6.0_05\bin\java.exe
C:\Program\Hotspot Shield\bin\openvpnas.exe
C:\Program\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program\MI3AA1~1\rapimgr.exe
C:\Program\Delade filer\Logishrd\KHAL2\KHALMNPR.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2008-09-12 2:55:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-12 00:55:08
Pre-Run: 4,694,155,264 byte ledigt
Post-Run: 6,783,852,544 byte ledigt
WindowsXP-KB310994-SP2-Home-BootDisk-SVE.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT
339 --- E O F --- 2008-08-15 01:02:27
[b]uninstall list
123 AVI to GIF Converter 3.2
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
AC3Filter (remove only)
ActivePerl 5.8.8 Build 822
Actual Window Minimizer 5.1
Ad-Aware SE Personal
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 8.1.2
Adobe Setup
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AMIP (remove only)
Apple Mobile Device Support
Apple Software Update
Auto Gordian Knot 2.45
Avanquest update
AviSynth 2.5
BOINC
Bonjour
CDDRV_Installer
Cerberus FTP Server
CoreAVC Professional Edition (remove only)
Diino 4.2.1.2
DirectVobSub (remove only)
DivX Codec
DivX Converter
Dupe Checker
DVB Web Scheduler
DVBT
DVBT Driver
DVBViewer Pro
DVD Decrypter (Remove Only)
DVD Shrink 3.2
ESET NOD32 Antivirus
ffdshow [rev 1928] [2008-04-10]
FlashFXP v3
FlashGet(JetCar)
foobar2000 v0.9.5.2
Giganews Accelerator
GoldWave v5.25
Google Gears
Google Update
GrabIt 1.7.2 Beta 2 (build 994)
Graboid Video 1.2
Haali Media Splitter
HijackThis 2.0.2
Hitman Pro
hkSFV (remove only)
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotspot Shield 1.06
HyperCam 2
Iconic Tray (remove only)
ImgBurn
Intel(R) Extreme Graphics 2 Driver
Intel(R) Network Connections 12.4.38.0
iTunes
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Joost (tm) Beta 1.1.4
KhalInstallWrapper
Last.fm 1.5.2.38918
LimeWire 4.18.3
Lively by Google
Logitech SetPoint
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 Swedish Language Pack
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - SVE
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - SVE
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 Language Pack - sve
Microsoft ActiveSync
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (Swedish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Swedish) 2007
Microsoft Office Groove MUI (Swedish) 2007
Microsoft Office InfoPath MUI (Swedish) 2007
Microsoft Office OneNote MUI (Swedish) 2007
Microsoft Office Outlook MUI (Swedish) 2007
Microsoft Office PowerPoint MUI (Swedish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (Swedish) 2007
Microsoft Office Publisher MUI (Swedish) 2007
Microsoft Office Shared MUI (Swedish) 2007
Microsoft Office Word MUI (Swedish) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIRC
MKVtoolnix 2.2.0
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (2.0.0.13)
Mozilla Firefox (3.0.1)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
navigating.de POI-Warner MN6 Edition
NewsLeecher v3.9 Final
Norton PartitionMagic 8.0
OpenVPN 2.0.9-gui-1.0.3
P2P TV Recorder
Packet Tracer 3.2
PC-DTV Receiver
PDF Settings
PerfectDisk 2008 Professional
Personal 4.9.3
POIWarner
Privoxy 3.0.6
QuickTime
Real Alternative 1.8.2
Samsung CLP-300 Series
SecondLife (remove only)
Skype™ 3.6
Snabbkorrigering för Windows Internet Explorer 7 (KB947864)
Snabbkorrigering för Windows Media Player 11 (KB939683)
Snabbkorrigering för Windows XP (KB952287)
Sony Ericsson PC Suite 3.209.00
SopCast 3.0.3
Språkpaket för Microsoft .NET Framework 3.5 - Swedish
Spy Sweeper
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Spyware Doctor 6.0
SSH Explorer
StationRipper 2.90J
StaxRip 1.1.1.0
Streamripper (Remove only)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB938127)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB950759)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB953838)
Säkerhetsuppdatering för Windows Media Player 11 (KB936782)
Säkerhetsuppdatering för Windows XP (KB923789)
Säkerhetsuppdatering för Windows XP (KB941569)
Säkerhetsuppdatering för Windows XP (KB946648)
Säkerhetsuppdatering för Windows XP (KB950760)
Säkerhetsuppdatering för Windows XP (KB950762)
Säkerhetsuppdatering för Windows XP (KB950974)
Säkerhetsuppdatering för Windows XP (KB951066)
Säkerhetsuppdatering för Windows XP (KB951376)
Säkerhetsuppdatering för Windows XP (KB951376-v2)
Säkerhetsuppdatering för Windows XP (KB951698)
Säkerhetsuppdatering för Windows XP (KB951748)
Säkerhetsuppdatering för Windows XP (KB952954)
Säkerhetsuppdatering för Windows XP (KB953839)
Taskbar Hide
TightVNC 1.3.9
Tor 0.1.2.19
TrueCrypt
TVUBroadcast 2.0.0.1
TVUPlayer 2.3.7.1
Update Service
Uppdatering för Windows XP (KB951072-v2)
Uppdatering för Windows XP (KB951978)
URL Snooper v2.22.01
Vidalia 0.0.16
VideoLAN VLC media player 0.8.6i
Winamp
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Service Pack 3
winLAME prerelease4
WinPcap 4.1 beta4
WinRAR
vixy converter uninstall
VobSub v2.23 (Remove Only)
World Racing 2 Demo
X-Chat 2.8.4-1
XML Paper Specification Shared Components Language Pack 1.0
Xvid 1.1.3 final uninstall
XviD MPEG4 Video Codec (remove only)
Fresh hijack log (after running ComboFix):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:32:26, on 2008-09-12
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\WebScheduler\wrapper.exe
C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program\Java\jre1.6.0_05\bin\java.exe
C:\Program\Google\Update\GoogleUpdate.exe
C:\Program\Hotspot Shield\bin\openvpnas.exe
C:\Program\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\William\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program\Java\jre1.6.0_07\bin\jusched.exe
C:\Program\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program\DAEMON Tools Lite\daemon.exe
C:\Program\Microsoft ActiveSync\Wcescomm.exe
C:\Program\Actual Window Minimizer\ActualWindowMinimizerCenter.exe
C:\Program\MI3AA1~1\rapimgr.exe
C:\Program\Logitech\SetPoint\SetPoint.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program\Delade filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program\uTorrent\uTorrent.exe
C:\WINDOWS\explorer.exe
C:\Program\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Last.fm\LastFM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.handelsbanken.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [a0d9616e] rundll32.exe "C:\WINDOWS\system32\almbhbyo.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [TrackerChecker2] "C:\Program\Tracker Checker 2\Tracker Checker 2.exe"
O4 - HKCU\..\Run: [Iconic Tray] C:\Program\Iconic Tray\it.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\William\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Actual Window Minimizer] "C:\Program\Actual Window Minimizer\ActualWindowMinimizerCenter.exe"
O4 - HKCU\..\Run: [nodenable] C:\Program\eset\nodenable.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Lokala inställningar\Temp" (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Lokala inställningar\Temp" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: The Icon Corral.lnk = C:\Program Files\IconCorral\IconCorral.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O4 - Global Startup: Privoxy.lnk = C:\Program\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Skapa mobilfavorit ... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208197763587
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: aasuxa.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Cerberus FTP Server - Cerberus, LLC - C:\Program\Cerberus\Cerberus.exe
O23 - Service: DVB Web Scheduler Service (DVBWebScheduler) - Unknown owner - C:\Program\WebScheduler\wrapper.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8e37c474cb65e) (gupdate1c8e37c474cb65e) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program\Delade filer\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program\OpenVPN\bin\openvpnserv.exe (file missing)
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 10601 bytes
:santa:
ComboFix 08-09-10.04 - William 2008-09-12 2:42:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.1313 [GMT 2:00]
Running from: C:\Documents and Settings\William\Mina dokument\Nedladdade filer\ComboFix.exe
Command switches used :: C:\Documents and Settings\William\Mina dokument\Nedladdade filer\WindowsXP-KB310994-SP2-Home-BootDisk-SVE.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMa3ea52f2.txt
C:\WINDOWS\BMa3ea52f2.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aasuxa.dll
C:\WINDOWS\system32\ahtton.dll
C:\WINDOWS\system32\ajxyga.dll
C:\WINDOWS\system32\almbhbyo.dll
C:\WINDOWS\system32\bbdbqfnv.dll
C:\WINDOWS\system32\bcudpvje.dll
C:\WINDOWS\system32\bymryodo.dll
C:\WINDOWS\system32\cbXRIYsQ.dll
C:\WINDOWS\system32\cdioyioj.dll
C:\WINDOWS\system32\ehtouyov.dll
C:\WINDOWS\system32\eulipvxc.dll
C:\WINDOWS\system32\fbcihaqi.dll
C:\WINDOWS\system32\frercl.dll
C:\WINDOWS\system32\GLAPILIB.dll
C:\WINDOWS\system32\idqmxwww.dll
C:\WINDOWS\system32\joiyoidc.ini
C:\WINDOWS\system32\joruoepv.ini
C:\WINDOWS\system32\lokpcq.dll
C:\WINDOWS\system32\lqmhmngm.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mgdhkvho.ini
C:\WINDOWS\system32\mhfhxqxx.dll
C:\WINDOWS\system32\mlJAQJAP.dll
C:\WINDOWS\system32\ofdmhsky.ini
C:\WINDOWS\system32\ogatdyda.dll
C:\WINDOWS\system32\ohvkhdgm.dll
C:\WINDOWS\system32\osdvpprn.dll
C:\WINDOWS\system32\oybhbmla.ini
C:\WINDOWS\system32\PAJQAJlm.ini
C:\WINDOWS\system32\PAJQAJlm.ini2
C:\WINDOWS\system32\RBJQAJjl.ini
C:\WINDOWS\system32\ssnnvtxk.dll
C:\WINDOWS\system32\svfyfjml.dll
C:\WINDOWS\system32\tftvrxqa.dll
C:\WINDOWS\system32\ukblusbu.dll
C:\WINDOWS\system32\upenisfj.dll
C:\WINDOWS\system32\uullhbmm.dll
C:\WINDOWS\system32\uwdriceb.dll
C:\WINDOWS\system32\waskmgmu.dll
C:\WINDOWS\system32\vpeouroj.dll
C:\WINDOWS\system32\ykshmdfo.dll
C:\WINDOWS\system32\ysqjtgan.dll
.
((((((((((((((((((((((((( Files Created from 2008-08-12 to 2008-09-12 )))))))))))))))))))))))))))))))
.
2008-09-12 02:31 . 2008-09-12 02:31 <KAT> d-------- C:\Program\Trend Micro
2008-09-11 23:56 . 2008-09-11 23:56 149 --a------ C:\WINDOWS\wininit.ini
2008-09-10 23:18 . 2008-09-10 23:21 <KAT> d-------- C:\Documents and Settings\William\Application Data\GrabIt
2008-09-10 23:17 . 2008-09-10 23:17 <KAT> d-------- C:\Program\GrabIt
2008-09-10 23:15 . 2008-09-10 23:15 <KAT> d-------- C:\Program\Giganews Accelerator
2008-09-10 22:01 . 2008-09-10 22:01 <KAT> d-------- C:\Documents and Settings\William\Application Data\Lavasoft
2008-09-10 21:59 . 2008-09-10 23:08 <KAT> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-10 21:59 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-10 21:59 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-10 21:59 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-10 21:59 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-09-10 21:58 . 2008-09-10 21:58 <KAT> d-------- C:\Program\Webroot
2008-09-10 21:58 . 2008-09-10 22:00 <KAT> d-------- C:\Program\Spyware Doctor
2008-09-10 21:58 . 2008-09-10 21:58 <KAT> d-------- C:\Documents and Settings\William\Application Data\PC Tools
2008-09-10 21:58 . 2008-09-10 21:58 <KAT> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-09-10 21:58 . 2008-09-10 21:58 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-09-10 21:58 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-09-10 21:58 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-09-10 21:58 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-09-10 21:58 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2008-09-10 21:58 . 2008-09-10 21:58 164 --a------ C:\install.dat
2008-09-10 21:57 . 2008-09-10 21:57 <KAT> d-------- C:\Program\TeaTimer (Spybot - Search & Destroy)
2008-09-10 21:57 . 2008-09-10 21:57 <KAT> d-------- C:\Documents and Settings\William\Application Data\Webroot
2008-09-10 21:56 . 2008-09-11 23:14 <KAT> d-------- C:\Program\Spybot - Search & Destroy
2008-09-10 21:56 . 2008-09-11 23:03 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-10 21:55 . 2008-09-10 21:55 <KAT> d-------- C:\Program\Lavasoft
2008-09-10 21:53 . 2008-09-10 21:53 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-09-10 21:46 . 2008-09-10 21:46 <KAT> d-------- C:\WINDOWS\system32\GroupPolicy
2008-09-10 21:46 . 2008-09-11 23:10 <KAT> d-------- C:\Program\Hitman Pro
2008-09-10 21:06 . 2008-09-10 23:22 <KAT> d-------- C:\Documents and Settings\William\Downloads
2008-09-10 21:06 . 2008-09-10 21:18 <KAT> d-------- C:\Documents and Settings\William\Application Data\NewsLeecher
2008-09-10 21:05 . 2008-09-10 21:05 <KAT> d-------- C:\Program\NewsLeecher
2008-09-10 20:59 . 2008-09-10 20:59 95,232 --a------ C:\WINDOWS\system32\yotzyf.dll__DELETE_ON_REBOOT
2008-09-10 20:56 . 2008-09-10 20:56 236,544 --a------ C:\WINDOWS\system32\ljJAQJBR.dll__DELETE_ON_REBOOT
2008-09-07 23:47 . 2008-09-07 23:47 <KAT> d-------- C:\Program\Microsoft Games
2008-09-07 23:47 . 1999-09-27 14:07 135 --a------ C:\DVNAOE2.cue
2008-09-07 23:45 . 1999-09-27 14:02 683,418,288 --a------ C:\DVNAOE2.bin
2008-09-06 00:54 . 2008-08-09 16:53 3,987,298,304 --a------ C:\geeks-tsm.swe.no.dk.vol2.img
2008-09-05 23:37 . 2008-08-09 14:57 3,699,501,056 --a------ C:\geeks-tsm.swe.no.dk.vol1.img
2008-09-05 12:55 . 2008-09-11 15:40 <KAT> d-------- C:\Skolan
2008-09-05 12:55 . 2008-09-05 12:55 <KAT> d-------- C:\Program\Packet Tracer 3.2
2008-09-03 17:30 . 2008-09-11 23:02 <KAT> d-------- C:\Program\Actual Window Minimizer
2008-09-03 17:30 . 2008-09-03 17:30 <KAT> d-------- C:\Documents and Settings\William\Application Data\Actual Tools
2008-09-03 17:20 . 2008-09-03 17:20 <KAT> d-------- C:\Documents and Settings\William\WINDOWS
2008-09-03 17:20 . 1996-04-11 22:42 269,317 --a------ C:\WINDOWS\uninst.exe
2008-09-01 21:47 . 2008-09-01 21:48 <KAT> d-------- C:\CryptLoad_1.0.5
2008-09-01 18:16 . 2008-09-01 18:16 <KAT> d-------- C:\My Flash Disk
2008-09-01 17:12 . 2008-09-01 18:40 <KAT> d-------- C:\Program\POI-Warner MN6 Edition
2008-09-01 17:10 . 2008-09-01 17:29 <KAT> d-------- C:\Program\Microsoft ActiveSync
2008-08-31 23:10 . 2008-08-31 23:10 <KAT> d-------- C:\Program\Personal
2008-08-26 23:17 . 2008-08-26 23:17 <KAT> d-------- C:\Program\TightVNC
2008-08-25 23:53 . 2008-08-25 23:56 <KAT> d-------- C:\Program\SSH Explorer
2008-08-25 16:58 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-08-25 16:56 . 2008-08-25 16:56 <KAT> d-------- C:\Program\Microsoft Works
2008-08-25 16:55 . 2008-08-25 16:55 <KAT> d-------- C:\Program\Microsoft.NET
2008-08-25 16:52 . 2008-08-25 16:55 <KAT> d-------- C:\WINDOWS\SHELLNEW
2008-08-25 16:52 . 2008-08-25 16:52 <KAT> d-------- C:\Program\Microsoft Visual Studio 8
2008-08-25 16:51 . 2008-08-25 16:51 <KAT> dr-h----- C:\MSOCache
2008-08-25 16:51 . 2008-08-25 17:03 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-21 17:14 . 2008-08-21 17:14 <KAT> d-------- C:\Program\Hotspot Shield
2008-08-21 01:44 . 2008-08-21 01:44 <KAT> d-------- C:\Program\Iconic Tray
2008-08-21 01:42 . 2008-08-21 01:45 <KAT> d-------- C:\Program\Taskbar Hide
2008-08-19 23:10 . 2008-08-19 23:10 <KAT> d-------- C:\Program\Tracker Checker 2
2008-08-19 22:13 . 2008-08-19 22:13 <KAT> d-------- C:\Program\Playlogic
2008-08-14 23:07 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-14 23:07 . 2008-05-01 16:37 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 23:25 . 2008-09-11 20:25 <KAT> d-------- C:\Program\ESET
2008-08-13 23:25 . 2008-08-13 23:25 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\ESET
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-12 00:47 --------- d-----w C:\Documents and Settings\William\Application Data\uTorrent
2008-09-12 00:31 --------- d-----w C:\Documents and Settings\William\Application Data\NoNameScript
2008-09-11 22:53 --------- d-----w C:\Program\Mozilla Firefox 3 Beta 5
2008-09-11 22:53 --------- d-----w C:\Program\mIRC
2008-09-08 15:24 --------- d-----w C:\Program\SwebitsTV
2008-09-02 21:14 --------- d-----w C:\Program\foobar2000
2008-09-02 14:44 --------- d-----w C:\Program\DVBT
2008-09-01 21:12 --------- d-----w C:\Program\FlashGet
2008-08-30 00:03 --------- d-----w C:\Documents and Settings\William\Application Data\LimeWire
2008-08-29 13:17 --------- d-----w C:\Documents and Settings\William\Application Data\dvdcss
2008-08-27 00:23 --------- d-----w C:\Program\Java
2008-08-25 14:56 --------- d-----w C:\Program\MSBuild
2008-08-23 23:08 --------- d-----w C:\Program\Delade filer\Adobe
2008-08-19 20:13 --------- d--h--w C:\Program\InstallShield Installation Information
2008-08-17 18:35 --------- d-----w C:\Program\TVUPlayer
2008-08-17 17:07 --------- d-----w C:\Program\Streamripper
2008-08-14 13:36 --------- d-----w C:\Documents and Settings\William\Application Data\mIRC
2008-08-08 09:59 --------- d-----w C:\Program\Symantec
2008-08-08 09:31 --------- d-----w C:\Documents and Settings\William\Application Data\DivX
2008-08-08 09:25 --------- d-----w C:\Program\DivX
2008-08-07 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-08-07 01:04 --------- d-----w C:\Documents and Settings\William\Application Data\TVU Networks
2008-08-07 01:02 --------- d-----w C:\Program\StreamingStar
2008-08-06 14:36 --------- d-----w C:\Program\DVBViewer
2008-08-06 00:22 --------- d-----w C:\Documents and Settings\William\Application Data\X-Chat 2
2008-08-06 00:06 --------- d-----w C:\Program\X-Chat 2
2008-08-05 21:45 --------- d-----w C:\Program\Winamp
2008-08-04 16:35 --------- d-----w C:\Program\winlirc
2008-08-04 16:08 --------- d-----w C:\Program\Delade filer\InstallShield
2008-08-04 01:08 --------- d-----w C:\Program\Last.fm
2008-08-04 01:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Last.fm
2008-08-04 00:18 --------- d-----w C:\Program\Real Alternative
2008-08-03 17:53 --------- d-----w C:\Program\Xvid
2008-08-03 17:53 --------- d-----w C:\Program\MKVtoolnix
2008-08-03 17:52 --------- d-----w C:\Program\StaxRip
2008-08-03 00:42 --------- d-----w C:\Documents and Settings\William\Application Data\streamripper
2008-08-03 00:30 --------- d-----w C:\Program\Ratajik Software
2008-08-01 21:16 --------- d-----w C:\Program\Google
2008-07-31 22:41 192,016 ----a-w C:\oldcool.exe
2008-07-31 21:25 454,656 ----a-w C:\putty.exe
2008-07-31 18:41 --------- d-----w C:\Documents and Settings\William\Application Data\Joost
2008-07-31 00:08 --------- d-----w C:\Program\Raxco
2008-07-31 00:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-07-20 20:44 --------- d-----w C:\Program\Cerberus
2008-07-15 13:26 --------- d-----w C:\Documents and Settings\William\Application Data\Winamp
2008-07-14 09:35 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-07-14 09:33 21,672 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2008-07-14 09:33 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys
2008-07-14 09:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-07-14 09:31 --------- d-----w C:\Program\Sony Ericsson
2008-07-14 09:24 --------- d-----w C:\Program\Avanquest update
2008-07-14 09:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-04-28 18:28 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-05-21 22:15 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\MSHist012008052220080523\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="C:\Program\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"TrackerChecker2"="C:\Program\Tracker Checker 2\Tracker Checker 2.exe" [2007-08-06 77824]
"Iconic Tray"="C:\Program\Iconic Tray\it.exe" [2002-11-09 37888]
"H/PC Connection Agent"="C:\Program\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"Actual Window Minimizer"="C:\Program\Actual Window Minimizer\ActualWindowMinimizerCenter.exe" [2008-05-15 770048]
"nodenable"="C:\Program\eset\nodenable.exe" [2008-09-04 326909]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program\Analog Devices\Core\smax4pnp.exe" [2006-02-26 1404928]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"egui"="C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Logitech SetPoint.lnk - C:\Program\Logitech\SetPoint\SetPoint.exe [2008-09-08 805392]
Personal.lnk - C:\Program\Personal\bin\Personal.exe [2008-08-31 910864]
Privoxy.lnk - C:\Program\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 12:30 72208 c:\Program\Delade filer\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=aasuxa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= C:\WINDOWS\system32\xvidvfw.dll
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program\\uTorrent\\uTorrent.exe"=
"C:\\Program\\FlashFXP\\FlashFXP.exe"=
"C:\\Program\\mIRC\\mirc.exe"=
"C:\\Program\\Bonjour\\mDNSResponder.exe"=
"C:\\Program\\iTunes\\iTunes.exe"=
"C:\\Program\\Skype\\Phone\\Skype.exe"=
"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program\\LimeWire\\LimeWire.exe"=
"C:\\Program\\Cerberus\\Cerberus.exe"=
"C:\\Program\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\Program\Microsoft ActiveSync\rapimgr.exe"= C:\Program\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program\Microsoft ActiveSync\wcescomm.exe"= C:\Program\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program\Microsoft ActiveSync\WCESMgr.exe"= C:\Program\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 Cerberus FTP Server;Cerberus FTP Server;C:\Program\Cerberus\Cerberus.exe [2008-06-26 3949184]
R2 DVBWebScheduler;DVB Web Scheduler Service;C:\Program\WebScheduler\wrapper.exe [2004-10-01 135168]
R2 PD91Agent;PD91Agent;C:\Program\Raxco\PerfectDisk2008\PD91Agent.exe [2008-07-18 693512]
R3 EC168BDA;EC168BDA service;C:\WINDOWS\system32\DRIVERS\EC168BDA.sys [2007-09-11 87296]
R3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
S2 gupdate1c8e37c474cb65e;Google Update Service (gupdate1c8e37c474cb65e);C:\Program\Google\Update\GoogleUpdate.exe [2008-08-30 133104]
S2 SSPORT;SSPORT;C:\WINDOWS\system32\Drivers\SSPORT.sys [ ]
S3 bdacap;PC-DTV Receiver;C:\WINDOWS\system32\drivers\bdacap.sys [2006-02-14 217728]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-07-14 13352]
S3 GLHIDKBFILTER;GLHIDKBFILTER;C:\WINDOWS\system32\DRIVERS\GLKbFilter.sys [2006-01-06 11264]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2008-05-22 34576]
S3 PD91Engine;PD91Engine;C:\Program\Raxco\PerfectDisk2008\PD91Engine.exe [2008-07-18 910600]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
BHO-{03B6722B-93CE-4564-8161-2C5F10172458} - C:\WINDOWS\system32\ukblusbu.dll
BHO-{6a06d40d-4eb3-48e2-9a96-797da468cb23} - C:\WINDOWS\system32\aasuxa.dll
BHO-{A635A9F5-3116-43DF-B342-A5B6D434A32D} - C:\WINDOWS\system32\mlJAQJAP.dll
BHO-{D4D42645-89A0-40C4-8D7B-181F412E010D} - C:\WINDOWS\system32\ljJAQJBR.dll
HKCU-Run-Google Update - C:\Documents and Settings\William\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe
HKLM-Run-a0d9616e - C:\WINDOWS\system32\almbhbyo.dll
HKLM-Run-BMa3ea52f2 - C:\WINDOWS\system32\idqmxwww.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\lxoqoi9f.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxps://swebits.org/|http://www.softtorrents.org/login.php?returnto=%2Fbrowse|http://www.torrentleech.org/browse.php
FF -: plugin - C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\lxoqoi9f.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF -: plugin - C:\Documents and Settings\William\Lokala inställningar\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program\Google\Lively\nplively.dll
FF -: plugin - C:\Program\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\np-mswmp.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\npJoostPlugin.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\npLegitCheckPlugin.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\npnul32.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\NPOFF12.DLL
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\nppdf32.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\nppl3260.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\npqtplugin.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\npqtplugin2.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\npqtplugin3.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\npqtplugin4.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\npqtplugin5.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\npqtplugin6.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\npqtplugin7.dll
FF -: plugin - C:\Program\Mozilla Firefox 3 Beta 5\plugins\nprpjplug.dll
FF -: plugin - C:\Program\Personal\bin\np_prsnl.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-12 02:49:41
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program\Java\jre1.6.0_05\bin\java.exe
C:\Program\Hotspot Shield\bin\openvpnas.exe
C:\Program\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program\MI3AA1~1\rapimgr.exe
C:\Program\Delade filer\Logishrd\KHAL2\KHALMNPR.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2008-09-12 2:55:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-12 00:55:08
Pre-Run: 4,694,155,264 byte ledigt
Post-Run: 6,783,852,544 byte ledigt
WindowsXP-KB310994-SP2-Home-BootDisk-SVE.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT
339 --- E O F --- 2008-08-15 01:02:27
[b]uninstall list
123 AVI to GIF Converter 3.2
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
AC3Filter (remove only)
ActivePerl 5.8.8 Build 822
Actual Window Minimizer 5.1
Ad-Aware SE Personal
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 8.1.2
Adobe Setup
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AMIP (remove only)
Apple Mobile Device Support
Apple Software Update
Auto Gordian Knot 2.45
Avanquest update
AviSynth 2.5
BOINC
Bonjour
CDDRV_Installer
Cerberus FTP Server
CoreAVC Professional Edition (remove only)
Diino 4.2.1.2
DirectVobSub (remove only)
DivX Codec
DivX Converter
Dupe Checker
DVB Web Scheduler
DVBT
DVBT Driver
DVBViewer Pro
DVD Decrypter (Remove Only)
DVD Shrink 3.2
ESET NOD32 Antivirus
ffdshow [rev 1928] [2008-04-10]
FlashFXP v3
FlashGet(JetCar)
foobar2000 v0.9.5.2
Giganews Accelerator
GoldWave v5.25
Google Gears
Google Update
GrabIt 1.7.2 Beta 2 (build 994)
Graboid Video 1.2
Haali Media Splitter
HijackThis 2.0.2
Hitman Pro
hkSFV (remove only)
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotspot Shield 1.06
HyperCam 2
Iconic Tray (remove only)
ImgBurn
Intel(R) Extreme Graphics 2 Driver
Intel(R) Network Connections 12.4.38.0
iTunes
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Joost (tm) Beta 1.1.4
KhalInstallWrapper
Last.fm 1.5.2.38918
LimeWire 4.18.3
Lively by Google
Logitech SetPoint
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 Swedish Language Pack
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - SVE
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - SVE
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 Language Pack - sve
Microsoft ActiveSync
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (Swedish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Swedish) 2007
Microsoft Office Groove MUI (Swedish) 2007
Microsoft Office InfoPath MUI (Swedish) 2007
Microsoft Office OneNote MUI (Swedish) 2007
Microsoft Office Outlook MUI (Swedish) 2007
Microsoft Office PowerPoint MUI (Swedish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (Swedish) 2007
Microsoft Office Publisher MUI (Swedish) 2007
Microsoft Office Shared MUI (Swedish) 2007
Microsoft Office Word MUI (Swedish) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIRC
MKVtoolnix 2.2.0
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (2.0.0.13)
Mozilla Firefox (3.0.1)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
navigating.de POI-Warner MN6 Edition
NewsLeecher v3.9 Final
Norton PartitionMagic 8.0
OpenVPN 2.0.9-gui-1.0.3
P2P TV Recorder
Packet Tracer 3.2
PC-DTV Receiver
PDF Settings
PerfectDisk 2008 Professional
Personal 4.9.3
POIWarner
Privoxy 3.0.6
QuickTime
Real Alternative 1.8.2
Samsung CLP-300 Series
SecondLife (remove only)
Skype™ 3.6
Snabbkorrigering för Windows Internet Explorer 7 (KB947864)
Snabbkorrigering för Windows Media Player 11 (KB939683)
Snabbkorrigering för Windows XP (KB952287)
Sony Ericsson PC Suite 3.209.00
SopCast 3.0.3
Språkpaket för Microsoft .NET Framework 3.5 - Swedish
Spy Sweeper
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Spyware Doctor 6.0
SSH Explorer
StationRipper 2.90J
StaxRip 1.1.1.0
Streamripper (Remove only)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB938127)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB950759)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB953838)
Säkerhetsuppdatering för Windows Media Player 11 (KB936782)
Säkerhetsuppdatering för Windows XP (KB923789)
Säkerhetsuppdatering för Windows XP (KB941569)
Säkerhetsuppdatering för Windows XP (KB946648)
Säkerhetsuppdatering för Windows XP (KB950760)
Säkerhetsuppdatering för Windows XP (KB950762)
Säkerhetsuppdatering för Windows XP (KB950974)
Säkerhetsuppdatering för Windows XP (KB951066)
Säkerhetsuppdatering för Windows XP (KB951376)
Säkerhetsuppdatering för Windows XP (KB951376-v2)
Säkerhetsuppdatering för Windows XP (KB951698)
Säkerhetsuppdatering för Windows XP (KB951748)
Säkerhetsuppdatering för Windows XP (KB952954)
Säkerhetsuppdatering för Windows XP (KB953839)
Taskbar Hide
TightVNC 1.3.9
Tor 0.1.2.19
TrueCrypt
TVUBroadcast 2.0.0.1
TVUPlayer 2.3.7.1
Update Service
Uppdatering för Windows XP (KB951072-v2)
Uppdatering för Windows XP (KB951978)
URL Snooper v2.22.01
Vidalia 0.0.16
VideoLAN VLC media player 0.8.6i
Winamp
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Service Pack 3
winLAME prerelease4
WinPcap 4.1 beta4
WinRAR
vixy converter uninstall
VobSub v2.23 (Remove Only)
World Racing 2 Demo
X-Chat 2.8.4-1
XML Paper Specification Shared Components Language Pack 1.0
Xvid 1.1.3 final uninstall
XviD MPEG4 Video Codec (remove only)
Fresh hijack log (after running ComboFix):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:32:26, on 2008-09-12
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\WebScheduler\wrapper.exe
C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program\Java\jre1.6.0_05\bin\java.exe
C:\Program\Google\Update\GoogleUpdate.exe
C:\Program\Hotspot Shield\bin\openvpnas.exe
C:\Program\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\William\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program\Java\jre1.6.0_07\bin\jusched.exe
C:\Program\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program\DAEMON Tools Lite\daemon.exe
C:\Program\Microsoft ActiveSync\Wcescomm.exe
C:\Program\Actual Window Minimizer\ActualWindowMinimizerCenter.exe
C:\Program\MI3AA1~1\rapimgr.exe
C:\Program\Logitech\SetPoint\SetPoint.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program\Delade filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program\uTorrent\uTorrent.exe
C:\WINDOWS\explorer.exe
C:\Program\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Last.fm\LastFM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.handelsbanken.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [a0d9616e] rundll32.exe "C:\WINDOWS\system32\almbhbyo.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [TrackerChecker2] "C:\Program\Tracker Checker 2\Tracker Checker 2.exe"
O4 - HKCU\..\Run: [Iconic Tray] C:\Program\Iconic Tray\it.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\William\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Actual Window Minimizer] "C:\Program\Actual Window Minimizer\ActualWindowMinimizerCenter.exe"
O4 - HKCU\..\Run: [nodenable] C:\Program\eset\nodenable.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Lokala inställningar\Temp" (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Lokala inställningar\Temp" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: The Icon Corral.lnk = C:\Program Files\IconCorral\IconCorral.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O4 - Global Startup: Privoxy.lnk = C:\Program\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Skapa mobilfavorit ... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208197763587
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: aasuxa.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Cerberus FTP Server - Cerberus, LLC - C:\Program\Cerberus\Cerberus.exe
O23 - Service: DVB Web Scheduler Service (DVBWebScheduler) - Unknown owner - C:\Program\WebScheduler\wrapper.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8e37c474cb65e) (gupdate1c8e37c474cb65e) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program\Delade filer\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program\OpenVPN\bin\openvpnserv.exe (file missing)
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 10601 bytes
:santa: