dooniem
2011-05-31, 21:20
It all started when I was trying to recover my iPod after Spotify deleting all its songs. I stupidly downloaded a virus and got owned.
"Portable Data Doctor Recovery PRO -14 in 1 FIXED 1000%CLEAN [h33t][trees]"
was the name of the file :p I had the feeling of seeing the h33t name before and therefore found it safe...
When I connect usb-disks to my computer, hidden files with porn show up.
This is what I have done prior to coming here:
I have uninstalled Vuze.
run Spybot S&D, Malwarebytes anti Malware, HiJackThis
& Avira Antivirus has been run.
I have tried to remove things not to my liking of what these softwares have found. Malwarebytes found 2 registry entries about a imagepath.. like this:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Delete on reboot.
All in safe mode.
Yeah, and I've disabled system restore before I came to this forum...
Malwarebytes and Avira Antivirus is the only thing that has runned since I disabled system restore.
COPY AND PASE FROM DDS-log: (did not pop out, had to search for file manually after run)
.
DDS (Ver_11-05-19.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22
Run by Administrator at 19:11:57 on 2011-05-31
Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2046.1732 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\#a\dds.com
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - d:\programfiler\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programfiler\fellesfiler\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programfiler\fellesfiler\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - d:\programfiler\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\programfiler\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - d:\programfiler\flashfxp\IEFlash.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\programfiler\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - d:\programfiler\orbitdownloader\GrabPro.dll
uRun: [MsnMsgr] "d:\programfiler\windows live\messenger\MsnMsgr.Exe" /background
uRun: [USB Safely Remove] d:\programfiler\usb safely remove\USBSafelyRemove.exe /startup
uRun: [AnyDVD] d:\programfiler\slysoft\anydvd\AnyDVDtray.exe
uRun: [45876AEC5F6FF952D035DE552C43AFE275C48CF6._service_run] "c:\documents and settings\administrator\lokale innstillinger\programdata\google\chrome\application\chrome.exe" --type=service
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [avgnt] "d:\programfiler\avira\antivir desktop\avgnt.exe" /min
mRun: [D-Link AirPlus XtremeG DWL-G122] d:\programfiler\d-link\airplus xtremeg dwl-g122\AirGCFG.exe
mRun: [ANIWZCS2Service] d:\programfiler\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HTC Sync Loader] "d:\programfiler\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [Habu] d:\programfiler\razer\habu\razerhid.exe
mRun: [ArcSoft Connection Service] c:\programfiler\fellesfiler\arcsoft\connection service\bin\ACDaemon.exe
mRun: [QuickTime Task] "d:\programfiler\qt lite\qttask.exe" -atboottime
mRun: [iTunesHelper] "d:\programfiler\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "d:\programfiler\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\admini~1\start-~1\progra~1\oppstart\dropbox.lnk - c:\documents and settings\administrator\programdata\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\admini~1\start-~1\progra~1\oppstart\gmotes~1.lnk - d:\programfiler\gmoteserver\GmoteServer.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\logite~1.lnk - d:\programfiler\logitech\setpoint\SetPoint.exe
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: &Download by Orbit - d:\programfiler\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\programfiler\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Playlist - d:\programfiler\packetvideo\twonkybeam\internet explorer\TwonkyIEPlugin.dll/314
IE: Do&wnload selected by Orbit - d:\programfiler\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\programfiler\orbitdownloader\orbitmxt.dll/202
IE: E&ksporter til Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\programfiler\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: facebook.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1273848544531
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1273848623843
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {DB1009C9-9555-43D5-97A6-02A844332146} - hxxp://66.199.185.32/activex/app/WebLauncher.cab
TCP: {666A5542-3499-489A-8766-F06343755B2C} = 217.13.7.140,217.13.4.24
TCP: {CBFBA419-F6BC-46B0-B92B-00023ECD1690} = 192.168.0.50
Notify: LBTWlgn - c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {1DBD3F8D-ABC8-4FBA-9CDB-0FEFA3C5AF84} - No File
mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - d:\programfiler\pixiepack codec pack\InstallerHelper.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\programdata\mozilla\firefox\profiles\gbu7fnqv.default\
FF - prefs.js: browser.startup.homepage - hxxp://thefreevpn.com/home.php
FF - component: c:\documents and settings\administrator\programdata\mozilla\firefox\profiles\gbu7fnqv.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\administrator\lokale innstillinger\programdata\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\administrator\lokale innstillinger\programdata\myvrnpapi\npmyvr-1.50000.dll
FF - plugin: c:\documents and settings\administrator\lokale innstillinger\programdata\myvrnpapi\npmyvr.dll
FF - plugin: c:\documents and settings\administrator\programdata\mozilla\firefox\profiles\gbu7fnqv.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\administrator\programdata\mozilla\firefox\profiles\gbu7fnqv.default\extensions\technicianconsole@logmeinrescue.com\platform\winnt\plugins\npRescue.dll
FF - plugin: c:\programfiler\opera 9\program\plugins\nporbit.dll
FF - plugin: c:\programfiler\opera 9\program\plugins\npqtplugin.dll
FF - plugin: c:\programfiler\opera 9\program\plugins\npqtplugin2.dll
FF - plugin: c:\programfiler\opera 9\program\plugins\npqtplugin3.dll
FF - plugin: c:\programfiler\opera 9\program\plugins\npqtplugin4.dll
FF - plugin: c:\programfiler\opera 9\program\plugins\npqtplugin5.dll
FF - plugin: c:\programfiler\opera 9\program\plugins\npqtplugin6.dll
FF - plugin: c:\programfiler\opera 9\program\plugins\npqtplugin7.dll
FF - plugin: c:\programfiler\opera 9\program\plugins\NPSWF32.dll
FF - plugin: c:\programfiler\windows media player\npdrmv2.dll
FF - plugin: c:\programfiler\windows media player\npdsplay.dll
FF - plugin: c:\programfiler\windows media player\npwmsdrm.dll
FF - plugin: d:\programfiler\divx\divx plus web player\npdivx32.dll
FF - plugin: d:\programfiler\google\picasa3\npPicasa3.dll
FF - plugin: d:\programfiler\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: d:\programfiler\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: d:\programfiler\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: d:\programfiler\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\programfiler\microsoft\office live\npOLW.dll
FF - plugin: d:\programfiler\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: d:\programfiler\octoshape streaming services\administrator\octoprogram-l03-n00-u00-c00_0712211_000\npoctoshape.dll
FF - plugin: d:\programfiler\qt lite\plugins\npqtplugin.dll
FF - plugin: d:\programfiler\qt lite\plugins\npqtplugin2.dll
FF - plugin: d:\programfiler\qt lite\plugins\npqtplugin3.dll
FF - plugin: d:\programfiler\qt lite\plugins\npqtplugin4.dll
FF - plugin: d:\programfiler\qt lite\plugins\npqtplugin5.dll
FF - plugin: d:\programfiler\qt lite\plugins\npqtplugin6.dll
FF - plugin: d:\programfiler\qt lite\plugins\npqtplugin7.dll
FF - plugin: d:\programfiler\vizky\npVizky.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2008-1-15 16640]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-10-3 27632]
S1 avgio;avgio;d:\programfiler\avira\antivir desktop\avgio.sys [2009-5-19 11608]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\programfiler\avira\antivir desktop\sched.exe [2009-5-19 136360]
S2 AntiVirService;Avira AntiVir Guard;d:\programfiler\avira\antivir desktop\avguard.exe [2009-5-19 269480]
S2 AutoExNT;AutoExNT;c:\windows\system32\Autoexnt.exe [2008-3-16 5904]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-19 61960]
S2 gupdate;Googles oppdateringstjeneste (gupdate);d:\programfiler\google\update\GoogleUpdate.exe [2010-5-26 136176]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S2 MBAMService;MBAMService;d:\programfiler\malwarebytes' anti-malware\mbamservice.exe [2010-11-9 363344]
S2 PassThru Service;Internet Pass-Through Service;d:\programfiler\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80896]
S2 srv858;srv858;c:\windows\system32\svchost.exe -k netsvcs [2008-5-8 14336]
S3 arusb(Atheros);D-Link Wireless Network Adapter Service;c:\windows\system32\drivers\dwarusb.sys [2010-8-24 457728]
S3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [2008-1-15 1310720]
S3 cpuz132;cpuz132; [x]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-6-30 13224]
S3 gupdatem;Google-oppdatering-tjenesten (gupdatem);d:\programfiler\google\update\GoogleUpdate.exe [2010-5-26 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-5-20 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-9 20952]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-7-18 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-7-18 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-7-18 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-7-18 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-7-18 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-7-18 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-7-18 109864]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2008-8-23 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2008-8-23 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2008-8-23 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2008-8-23 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2008-8-23 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2008-8-23 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2008-8-23 110120]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-1-21 41984]
.
=============== File Associations ===============
.
regfile=regedit.exe "%1" %*
scrfile="%1" %*
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-05-31 16:46:34 -------- d-----w- C:\#a
2011-05-31 14:10:36 -------- d-----w- C:\!KillBox
2011-05-29 16:43:46 -------- d-----w- d:\programfiler\Spybot - Search & Destroy
2011-05-29 16:34:57 819200 ----a-w- c:\windows\system32\xvidcore.dll
2011-05-29 16:34:57 77824 ----a-w- c:\windows\system32\xvid.ax
2011-05-29 16:18:18 388096 ----a-r- c:\documents and settings\administrator\programdata\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-29 10:49:07 -------- d--h--r- c:\documents and settings\administrator\Siste
2011-05-20 16:04:36 -------- d-----w- c:\documents and settings\administrator\programdata\Foxit Software
2011-05-08 21:44:10 -------- d-----w- c:\documents and settings\administrator\programdata\KeePass
.
==================== Find3M ====================
.
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-09 14:27:03 6630 --sha-w- c:\documents and settings\all users\programdata\KGyGaAvL.sys
2011-03-04 19:44:14 59888 ------w- c:\windows\system32\pxwma.dll
2011-03-04 19:44:14 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2011-03-04 19:44:14 133616 ------w- c:\windows\system32\pxafs.dll
2011-03-04 19:44:12 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2011-03-04 19:44:12 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2011-03-04 19:44:12 126448 ------w- c:\windows\system32\pxinsi64.exe
2011-03-04 19:44:12 123888 ------w- c:\windows\system32\pxcpyi64.exe
.
============= FINISH: 19:12:14,93 ===============
SPYBOT S&D LOG: (I saved the whole log if needed)
--- Search result list ---
MediaPlex: Sporer cookie (Chrome: Chrome) (Cookie, nothing done)
FastClick: Sporer cookie (Chrome: Chrome) (Cookie, nothing done)
FastClick: Sporer cookie (Chrome: Chrome) (Cookie, nothing done)
FastClick: Sporer cookie (Chrome: Chrome) (Cookie, nothing done)
FastClick: Sporer cookie (Chrome: Chrome) (Cookie, nothing done)
DoubleClick: Sporer cookie (Chrome: Chrome) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
"Portable Data Doctor Recovery PRO -14 in 1 FIXED 1000%CLEAN [h33t][trees]"
was the name of the file :p I had the feeling of seeing the h33t name before and therefore found it safe...
When I connect usb-disks to my computer, hidden files with porn show up.
This is what I have done prior to coming here:
I have uninstalled Vuze.
run Spybot S&D, Malwarebytes anti Malware, HiJackThis
& Avira Antivirus has been run.
I have tried to remove things not to my liking of what these softwares have found. Malwarebytes found 2 registry entries about a imagepath.. like this:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Delete on reboot.
All in safe mode.
Yeah, and I've disabled system restore before I came to this forum...
Malwarebytes and Avira Antivirus is the only thing that has runned since I disabled system restore.
COPY AND PASE FROM DDS-log: (did not pop out, had to search for file manually after run)
.
DDS (Ver_11-05-19.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22
Run by Administrator at 19:11:57 on 2011-05-31
Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2046.1732 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\#a\dds.com
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - d:\programfiler\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programfiler\fellesfiler\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programfiler\fellesfiler\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - d:\programfiler\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\programfiler\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - d:\programfiler\flashfxp\IEFlash.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\programfiler\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - d:\programfiler\orbitdownloader\GrabPro.dll
uRun: [MsnMsgr] "d:\programfiler\windows live\messenger\MsnMsgr.Exe" /background
uRun: [USB Safely Remove] d:\programfiler\usb safely remove\USBSafelyRemove.exe /startup
uRun: [AnyDVD] d:\programfiler\slysoft\anydvd\AnyDVDtray.exe
uRun: [45876AEC5F6FF952D035DE552C43AFE275C48CF6._service_run] "c:\documents and settings\administrator\lokale innstillinger\programdata\google\chrome\application\chrome.exe" --type=service
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [avgnt] "d:\programfiler\avira\antivir desktop\avgnt.exe" /min
mRun: [D-Link AirPlus XtremeG DWL-G122] d:\programfiler\d-link\airplus xtremeg dwl-g122\AirGCFG.exe
mRun: [ANIWZCS2Service] d:\programfiler\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HTC Sync Loader] "d:\programfiler\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [Habu] d:\programfiler\razer\habu\razerhid.exe
mRun: [ArcSoft Connection Service] c:\programfiler\fellesfiler\arcsoft\connection service\bin\ACDaemon.exe
mRun: [QuickTime Task] "d:\programfiler\qt lite\qttask.exe" -atboottime
mRun: [iTunesHelper] "d:\programfiler\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "d:\programfiler\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\admini~1\start-~1\progra~1\oppstart\dropbox.lnk - c:\documents and settings\administrator\programdata\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\admini~1\start-~1\progra~1\oppstart\gmotes~1.lnk - d:\programfiler\gmoteserver\GmoteServer.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\logite~1.lnk - d:\programfiler\logitech\setpoint\SetPoint.exe
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: &Download by Orbit - d:\programfiler\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\programfiler\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Playlist - d:\programfiler\packetvideo\twonkybeam\internet explorer\TwonkyIEPlugin.dll/314
IE: Do&wnload selected by Orbit - d:\programfiler\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\programfiler\orbitdownloader\orbitmxt.dll/202
IE: E&ksporter til Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\programfiler\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: facebook.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1273848544531
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1273848623843
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {DB1009C9-9555-43D5-97A6-02A844332146} - hxxp://66.199.185.32/activex/app/WebLauncher.cab
TCP: {666A5542-3499-489A-8766-F06343755B2C} = 217.13.7.140,217.13.4.24
TCP: {CBFBA419-F6BC-46B0-B92B-00023ECD1690} = 192.168.0.50
Notify: LBTWlgn - c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {1DBD3F8D-ABC8-4FBA-9CDB-0FEFA3C5AF84} - No File
mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - d:\programfiler\pixiepack codec pack\InstallerHelper.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\programdata\mozilla\firefox\profiles\gbu7fnqv.default\
FF - prefs.js: browser.startup.homepage - hxxp://thefreevpn.com/home.php
FF - component: c:\documents and settings\administrator\programdata\mozilla\firefox\profiles\gbu7fnqv.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\administrator\lokale innstillinger\programdata\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\administrator\lokale innstillinger\programdata\myvrnpapi\npmyvr-1.50000.dll
FF - plugin: c:\documents and settings\administrator\lokale innstillinger\programdata\myvrnpapi\npmyvr.dll
FF - plugin: c:\documents and settings\administrator\programdata\mozilla\firefox\profiles\gbu7fnqv.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\administrator\programdata\mozilla\firefox\profiles\gbu7fnqv.default\extensions\technicianconsole@logmeinrescue.com\platform\winnt\plugins\npRescue.dll
FF - plugin: c:\programfiler\opera 9\program\plugins\nporbit.dll
FF - plugin: c:\programfiler\opera 9\program\plugins\npqtplugin.dll
FF - plugin: c:\programfiler\opera 9\program\plugins\npqtplugin2.dll
FF - plugin: c:\programfiler\opera 9\program\plugins\npqtplugin3.dll
FF - plugin: c:\programfiler\opera 9\program\plugins\npqtplugin4.dll
FF - plugin: c:\programfiler\opera 9\program\plugins\npqtplugin5.dll
FF - plugin: c:\programfiler\opera 9\program\plugins\npqtplugin6.dll
FF - plugin: c:\programfiler\opera 9\program\plugins\npqtplugin7.dll
FF - plugin: c:\programfiler\opera 9\program\plugins\NPSWF32.dll
FF - plugin: c:\programfiler\windows media player\npdrmv2.dll
FF - plugin: c:\programfiler\windows media player\npdsplay.dll
FF - plugin: c:\programfiler\windows media player\npwmsdrm.dll
FF - plugin: d:\programfiler\divx\divx plus web player\npdivx32.dll
FF - plugin: d:\programfiler\google\picasa3\npPicasa3.dll
FF - plugin: d:\programfiler\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: d:\programfiler\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: d:\programfiler\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: d:\programfiler\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\programfiler\microsoft\office live\npOLW.dll
FF - plugin: d:\programfiler\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: d:\programfiler\octoshape streaming services\administrator\octoprogram-l03-n00-u00-c00_0712211_000\npoctoshape.dll
FF - plugin: d:\programfiler\qt lite\plugins\npqtplugin.dll
FF - plugin: d:\programfiler\qt lite\plugins\npqtplugin2.dll
FF - plugin: d:\programfiler\qt lite\plugins\npqtplugin3.dll
FF - plugin: d:\programfiler\qt lite\plugins\npqtplugin4.dll
FF - plugin: d:\programfiler\qt lite\plugins\npqtplugin5.dll
FF - plugin: d:\programfiler\qt lite\plugins\npqtplugin6.dll
FF - plugin: d:\programfiler\qt lite\plugins\npqtplugin7.dll
FF - plugin: d:\programfiler\vizky\npVizky.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2008-1-15 16640]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-10-3 27632]
S1 avgio;avgio;d:\programfiler\avira\antivir desktop\avgio.sys [2009-5-19 11608]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\programfiler\avira\antivir desktop\sched.exe [2009-5-19 136360]
S2 AntiVirService;Avira AntiVir Guard;d:\programfiler\avira\antivir desktop\avguard.exe [2009-5-19 269480]
S2 AutoExNT;AutoExNT;c:\windows\system32\Autoexnt.exe [2008-3-16 5904]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-19 61960]
S2 gupdate;Googles oppdateringstjeneste (gupdate);d:\programfiler\google\update\GoogleUpdate.exe [2010-5-26 136176]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S2 MBAMService;MBAMService;d:\programfiler\malwarebytes' anti-malware\mbamservice.exe [2010-11-9 363344]
S2 PassThru Service;Internet Pass-Through Service;d:\programfiler\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80896]
S2 srv858;srv858;c:\windows\system32\svchost.exe -k netsvcs [2008-5-8 14336]
S3 arusb(Atheros);D-Link Wireless Network Adapter Service;c:\windows\system32\drivers\dwarusb.sys [2010-8-24 457728]
S3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [2008-1-15 1310720]
S3 cpuz132;cpuz132; [x]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-6-30 13224]
S3 gupdatem;Google-oppdatering-tjenesten (gupdatem);d:\programfiler\google\update\GoogleUpdate.exe [2010-5-26 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-5-20 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-9 20952]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-7-18 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-7-18 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-7-18 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-7-18 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-7-18 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-7-18 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-7-18 109864]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2008-8-23 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2008-8-23 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2008-8-23 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2008-8-23 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2008-8-23 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2008-8-23 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2008-8-23 110120]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-1-21 41984]
.
=============== File Associations ===============
.
regfile=regedit.exe "%1" %*
scrfile="%1" %*
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-05-31 16:46:34 -------- d-----w- C:\#a
2011-05-31 14:10:36 -------- d-----w- C:\!KillBox
2011-05-29 16:43:46 -------- d-----w- d:\programfiler\Spybot - Search & Destroy
2011-05-29 16:34:57 819200 ----a-w- c:\windows\system32\xvidcore.dll
2011-05-29 16:34:57 77824 ----a-w- c:\windows\system32\xvid.ax
2011-05-29 16:18:18 388096 ----a-r- c:\documents and settings\administrator\programdata\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-29 10:49:07 -------- d--h--r- c:\documents and settings\administrator\Siste
2011-05-20 16:04:36 -------- d-----w- c:\documents and settings\administrator\programdata\Foxit Software
2011-05-08 21:44:10 -------- d-----w- c:\documents and settings\administrator\programdata\KeePass
.
==================== Find3M ====================
.
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-09 14:27:03 6630 --sha-w- c:\documents and settings\all users\programdata\KGyGaAvL.sys
2011-03-04 19:44:14 59888 ------w- c:\windows\system32\pxwma.dll
2011-03-04 19:44:14 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2011-03-04 19:44:14 133616 ------w- c:\windows\system32\pxafs.dll
2011-03-04 19:44:12 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2011-03-04 19:44:12 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2011-03-04 19:44:12 126448 ------w- c:\windows\system32\pxinsi64.exe
2011-03-04 19:44:12 123888 ------w- c:\windows\system32\pxcpyi64.exe
.
============= FINISH: 19:12:14,93 ===============
SPYBOT S&D LOG: (I saved the whole log if needed)
--- Search result list ---
MediaPlex: Sporer cookie (Chrome: Chrome) (Cookie, nothing done)
FastClick: Sporer cookie (Chrome: Chrome) (Cookie, nothing done)
FastClick: Sporer cookie (Chrome: Chrome) (Cookie, nothing done)
FastClick: Sporer cookie (Chrome: Chrome) (Cookie, nothing done)
FastClick: Sporer cookie (Chrome: Chrome) (Cookie, nothing done)
DoubleClick: Sporer cookie (Chrome: Chrome) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---