Hi

My computer is very slow in starting. It takes for ever. When I run the new IE 8 it waits for several second before showing the little hand over a link. It also takes several seconds to start Microsoft Access which I do frequently. On my older laptop (much slower computer) this goes very quick.

I have made a log with HiJackThis. Can anyone see any problems here?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:43, on 2009-06-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Google\Update\GoogleUpdate.exe
C:\Program\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program\Network Associates\Common Framework\FrameworkService.exe
C:\Program\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Telia\Supportassistent\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program\QuickTime\QTTask.exe
C:\Program\Network Associates\Common Framework\UdaterUI.exe
C:\Program\HP\hpcoretech\hpcmpmgr.exe
C:\Program\Canon\CAL\CALMAIN.exe
C:\Program\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\Program\Network Associates\Common Framework\McTray.exe
C:\Program\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Windows Media Player\WMPNSCFG.exe
C:\Program\Digital Line Detect\DLG.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\Plustek\OpticFilm 7200i\QuickScan.exe
C:\Program\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program\HP\hpcoretech\comp\hptskmgr.exe
C:\Program\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program\Trend Micro\HijackThis\HijackThis.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O4 - Global Startup: QuickScan (OpticFilm 7200i).lnk = C:\Program\Plustek\OpticFilm 7200i\QuickScan.exe
O4 - Global Startup: Windows Search.lnk = C:\Program\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197449922828
O16 - DPF: {76392179-60A8-462D-8961-B95C14DAADF4} (PrintEngine ActiveX Control v4.2) - https://eredovisning.plusgirot.se/ddrint/co...printengine.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8e0e320912ea) (gupdate1c8e0e320912ea) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Qdpidblt - Sonic Solutions - (no file)
O23 - Service: SupportSoft Sprocket Service (telia) (sprtsvc_telia) - SupportSoft, Inc. - C:\Program\Telia\Supportassistent\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program\Delade filer\SupportSoft\bin\ssrc.exe

--
End of file - 11819 bytes

Hi Mats,



My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for the issues on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.

Nothing obvious showing. Let's do a little poking around.

Download TFC to your desktop

• Close any open windows.
• Double click the TFC icon to run the program
• TFC will close all open programs itself in order to run,
• Click the Start button to begin the process.
• Allow TFC to run uninterrupted.
• The program should not take long to finish it's job
• Once its finished it should automatically reboot your machine,
• if it doesn't, manually reboot to ensure a complete clean

Then

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).

Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

Hi Tomk

Many thanks to you for looking into this. I really appreciate it :-))

I have run TFC, rebooted, run Anti-Malware, deleted infected items and rebooted. Then I run HiJackThis again.

During this processes nothing strange happened. After this the computer was a bit quicker but the behaviour in IE (strange paus before the the little hand on a link) and slow start of MS Access is still there.

All the best

Mats

Log from Anti_malware:

Malwarebytes' Anti-Malware 1.38
Databasversion: 2366
Windows 5.1.2600 Service Pack 3

2009-07-03 09:32:58
mbam-log-2009-07-03 (09-32-49).txt

Skanningstyp: Snabb skanning
Antal skannade objekt: 130771
Förfluten tid: 6 minute(s), 24 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 7
Infekterade registervärden: 1
Infekterade registerdataposter: 2
Infekterade mappar: 0
Infekterade filer: 1

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7aa32fc7-133b-4ae7-998e-ced0d9829b12} (Trojan.Dialer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> No action taken.

Infekterade registervärden:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program\Delade filer\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> No action taken.

Infekterade registerdataposter:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
C:\Program\Delade filer\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> No action taken.

Log from HiJackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:31, on 2009-07-03
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program\Network Associates\Common Framework\FrameworkService.exe
C:\Program\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Telia\Supportassistent\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program\QuickTime\QTTask.exe
C:\Program\Network Associates\Common Framework\UdaterUI.exe
C:\Program\HP\hpcoretech\hpcmpmgr.exe
C:\Program\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\Program\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\Network Associates\Common Framework\McTray.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Windows Media Player\WMPNSCFG.exe
C:\Program\Digital Line Detect\DLG.exe
C:\Program\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O4 - Global Startup: QuickScan (OpticFilm 7200i).lnk = C:\Program\Plustek\OpticFilm 7200i\QuickScan.exe
O4 - Global Startup: Windows Search.lnk = C:\Program\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197449922828
O16 - DPF: {76392179-60A8-462D-8961-B95C14DAADF4} (PrintEngine ActiveX Control v4.2) - https://eredovisning.plusgirot.se/ddrint/co...printengine.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8e0e320912ea) (gupdate1c8e0e320912ea) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Qdpidblt - Sonic Solutions - (no file)
O23 - Service: SupportSoft Sprocket Service (telia) (sprtsvc_telia) - SupportSoft, Inc. - C:\Program\Telia\Supportassistent\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program\Delade filer\SupportSoft\bin\ssrc.exe

--
End of file - 11727 bytes

Mats,


Please go to Kaspersky website and perform an online antivirus scan.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

Hi Tomk

thanks for your help. I did a scan with Kapersky which took a really long time (overnight). It found som items:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, July 4, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, July 03, 2009 15:16:59
Records in database: 2419886
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 452687
Threat name: 2
Infected objects: 1
Suspicious objects: 3
Duration of the scan: 06:46:31


File name / Threat name / Threats count
C:\Documents and Settings\Gunilla\Lokala inställningar\Application Data\Microsoft\Outlook\archive.pst Infected: Email-Worm.Win32.Swen 1
C:\Documents and Settings\Gunilla\Lokala inställningar\Application Data\Microsoft\Outlook\archive.pst Suspicious: Exploit.HTML.Iframe.FileDownload 2
C:\gamla mail\archive 2000-08 2004-06.pst Suspicious: Exploit.HTML.Iframe.FileDownload 1

The selected area was scanned.


Best regards

Mats

Mats,

Everything found is related to email. Unfortunately I can't tell which emails are infected. All I know is that they are in your Outlook archive folder and an old archive folder that appears to contain email from 2000 through 2004. Please go into these folders and deleted all emails that you don't want/need/recognize. Odds are that the infected email will have an attachment or at least a link. Don't open any attachments or click on any links. After you've deleted everything. Please empty your deleted mail folder.

Then let me have another HijackThis log and let me know how your computer is running.

Hi Tomk

I have now deleted the mail with dangerous stuff. Computer is still behaving like before. IE is very slow to open a new tab takes for ever and IE kind of stops for ca 5 seconds sometimes. I ran TFC again. A new logfile from HiJackThis is here:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:03:29, on 2009-07-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program\Network Associates\Common Framework\UdaterUI.exe
C:\Program\HP\hpcoretech\hpcmpmgr.exe
C:\Program\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\Program\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\Network Associates\Common Framework\McTray.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Windows Media Player\WMPNSCFG.exe
C:\Program\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program\Network Associates\Common Framework\FrameworkService.exe
C:\Program\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\Plustek\OpticFilm 7200i\QuickScan.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Telia\Supportassistent\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program\Canon\CAL\CALMAIN.exe
C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O4 - Global Startup: QuickScan (OpticFilm 7200i).lnk = C:\Program\Plustek\OpticFilm 7200i\QuickScan.exe
O4 - Global Startup: Windows Search.lnk = C:\Program\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197449922828
O16 - DPF: {76392179-60A8-462D-8961-B95C14DAADF4} (PrintEngine ActiveX Control v4.2) - https://eredovisning.plusgirot.se/ddrint/co...printengine.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8e0e320912ea) (gupdate1c8e0e320912ea) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Qdpidblt - Sonic Solutions - (no file)
O23 - Service: SupportSoft Sprocket Service (telia) (sprtsvc_telia) - SupportSoft, Inc. - C:\Program\Telia\Supportassistent\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program\Delade filer\SupportSoft\bin\ssrc.exe

--
End of file - 11732 bytes


Thank you for helping me out

Best regards from a cloudy Sweden

Mats

Mats,

It appears that your windows is trying to update. That may be part of your slowdown.

Let's get a different log.

Please download DDS by sUBs from one of the following links and save it to your desktop.

• DDS.scr
• DDS.pif
• Disable any script blocking protection (How to Disable your Security Programs)
• Double click DDS icon to run the tool (may take up to 3 minutes to run)
• When done, DDS.txt will open.
• After a few moments, attach.txt will open in a second window.
• Save both reports to your desktop.

---------------------------------------------------

• Post the contents of the DDS.txt report in your next reply
• Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and the click UPLOAD.

Hi Tomk

Windows automatic updates are turned on. When the exclamation mark on yellow background appears in the lower right it takes for ever to finish. I usually go to Microsoft update and make the update quickly from there to get rid of the exclamation mark. Microsoft update says it can't install the update since automatic update is running. Since the exclamation mark disappears I assume everything is working.

My computer is extremely slow today. It's very annoying. I really hope you can help me to fix this.

Best regards from a cold Sweden (14 degrees C)

Mats


DDS (Ver_09-06-26.01) - NTFSx86
Run by Mats at 17:19:27,83 on 2009-07-06
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2302.1636 [GMT 2:00]

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program\Network Associates\Common Framework\UdaterUI.exe
C:\Program\HP\hpcoretech\hpcmpmgr.exe
C:\Program\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\Program\HP\ToolBoxFX\bin\HPTLBXFX.exe
svchost.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\Network Associates\Common Framework\McTray.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Windows Media Player\WMPNSCFG.exe
C:\Program\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program\Network Associates\Common Framework\FrameworkService.exe
C:\Program\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\Plustek\OpticFilm 7200i\QuickScan.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Telia\Supportassistent\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program\Canon\CAL\CALMAIN.exe
C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Mats\Skrivbord\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.se/
uDefault_Page_URL = hxxp://www.euro.dell.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program\mcafee\virusscan enterprise\scriptcl.dll
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Referensinformation: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\program\micros~2\office11\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program\windows media player\WMPNSCFG.exe
mRun: [IAAnotif] c:\program\intel\intel application accelerator\iaanotif.exe
mRun: [DVDLauncher] "c:\program\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program\delade filer\sonic\update manager\sgtray.exe" /r
mRun: [QuickTime Task] "c:\program\quicktime\QTTask.exe" -atboottime
mRun: [McAfeeUpdaterUI] "c:\program\network associates\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [HP Component Manager] "c:\program\hp\hpcoretech\hpcmpmgr.exe"
mRun: [MaxtorOneTouch] c:\program\maxtor\onetouch\utils\Onetouch.exe
mRun: [mxomssmenu] "c:\program\maxtor\onetouch status\maxmenumgr.exe"
mRun: [Acrobat Assistant 8.0] "c:\program\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [ShStatEXE] "c:\program\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [PDUiP6700DMon] c:\program\canon\memory card utility\ip6700d\PDUiP6700DMon.exe
mRun: [Easy-PrintToolBox] c:\program\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [ToolBoxFX] "c:\program\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
mRun: [HP Software Update] c:\program\hp\hp software update\HPWuSchd2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\digita~1.lnk - c:\program\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\hpdigi~1.lnk - c:\program\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\hpimag~1.lnk - c:\program\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\personal.lnk - c:\program\personal\bin\Personal.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\quicks~1.lnk - c:\program\plustek\opticfilm 7200i\QuickScan.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\window~1.lnk - c:\program\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportera till Microsoft Excel - c:\program\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~2\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/d/c/8/dc8362b3-f410-4e7d-b672-209d6bd8fcea/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197449922828
DPF: {76392179-60A8-462D-8961-B95C14DAADF4} - hxxps://eredovisning.plusgirot.se/ddrint/content/ddiprintengine.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program\hp\hpcoretech\comp\hpuiprot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

P2 McShield;McAfee McShield;c:\program\mcafee\virusscan enterprise\Mcshield.exe [2007-8-13 144960]
R1 mferkdk;VSCore mferkdk;c:\program\mcafee\virusscan enterprise\mferkdk.sys [2007-8-13 32008]
R2 McAfeeFramework;McAfee Framework Service;c:\program\network associates\common framework\FrameworkService.exe [2005-9-8 104000]
R2 McTaskManager;McAfee Task Manager;c:\program\mcafee\virusscan enterprise\VsTskMgr.exe [2007-8-13 54608]
R2 sprtsvc_telia;SupportSoft Sprocket Service (telia);c:\program\telia\supportassistent\bin\sprtsvc.exe [2008-11-3 202016]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-7-10 72712]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-7-10 34184]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-7-10 171240]
S2 gupdate1c8e0e320912ea;Google Update Service (gupdate1c8e0e320912ea);c:\program\google\update\GoogleUpdate.exe [2008-7-15 133104]
S3 adr2k;adr2k;c:\windows\system32\drivers\adr2k.sys [2002-1-10 5760]
S3 bvrp_pci;bvrp_pci; [x]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2007-11-27 13224]
S3 Oseaook;Oseaook; [x]
S3 Qdpidblt;Qdpidblt; [x]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [2007-7-1 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2007-7-1 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2007-7-1 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [2007-7-1 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [2007-7-1 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [2007-7-1 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [2007-7-1 90800]
S4 LFCK;LF Connection Keeper Service;"c:\program\lennartfranzén\lfconnectionkeeper\lfck.exe" --startasservice --> c:\program\lennartfranzén\lfconnectionkeeper\lfck.exe [?]

=============== Created Last 30 ================

2009-07-03 09:24 <DIR> --d----- c:\docume~1\mats\applic~1\Malwarebytes
2009-07-03 09:24 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-03 09:24 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-03 09:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-03 09:24 <DIR> --d----- c:\program\Malwarebytes' Anti-Malware
2009-06-30 12:52 <DIR> --d----- c:\program\Procmon
2009-06-30 09:42 <DIR> --d----- c:\program\Trend Micro
2009-06-30 09:06 <DIR> --d----- c:\docume~1\mats\applic~1\Uniblue
2009-06-24 18:44 7,533 a------- c:\windows\system32\novak6.ctm
2009-06-24 18:44 23,704 a------- c:\windows\system32\novamnk6.dll
2009-06-24 18:44 18,584 a------- c:\windows\system32\novamik6.dll
2009-06-24 18:44 <DIR> --d----- c:\program\delade filer\StatSoft
2009-06-24 18:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\StatSoft
2009-06-24 18:37 <DIR> --d----- c:\program\StatSoft
2009-06-23 11:34 <DIR> --d----- c:\program\delade filer\ArcGIS
2009-06-23 09:14 <DIR> --d----- c:\docume~1\mats\applic~1\Golden Software
2009-06-23 09:14 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}
2009-06-12 11:17 215,465 a------- c:\windows\system32\nvapps.nvb
2009-06-12 11:12 3,386 a------- c:\windows\system32\wbem\Outlook_01c9eb3ddb37995a.mof
2009-06-12 10:13 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-06-12 10:13 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll

==================== Find3M ====================

2009-06-12 11:12 467,208 a------- c:\windows\system32\perfh01D.dat
2009-06-12 11:12 93,424 a------- c:\windows\system32\perfc01D.dat
2009-06-02 12:12 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-25 00:24 350,208 a------- c:\windows\system32\mssph.dll
2009-05-13 07:06 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 07:06 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-05-13 07:06 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
2009-05-12 15:12 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-05-07 17:33 347,648 a------- c:\windows\system32\localspl.dll
2009-05-07 17:33 347,648 -------- c:\windows\system32\dllcache\localspl.dll
2009-05-01 20:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-30 23:17 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 23:17 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 23:17 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 23:17 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 23:17 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 13:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-19 21:51 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-19 21:51 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 16:55 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 16:55 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2007-05-02 10:39 2,873 a------- c:\docume~1\mats\applic~1\WWB7_32.DAT
2006-06-30 13:50 630,784 a------- c:\documents and settings\mats\chatlnk.exe
2008-05-14 10:58 32,768 a--sh--- c:\windows\system32\config\systemprofile\lokala inställningar\tidigare\history.ie5\mshist012008051420080515\index.dat

============= FINISH: 17:21:07,88 ===============

Mats,

I cannot read the attach.txt file you attached. Please just copy/paste the information here.

OK

Thank you for working in this!


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2004-09-07 14:34:53
System Uptime: 2009-07-06 07:56:39 (10 hours ago)

Motherboard: Dell Inc. | | 0M3849
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 25,907 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 27,033 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP859: 2009-03-23 22:04:20 - Software Distribution Service 3.0
RP860: 2009-03-25 09:45:25 - Systemkontrollpunkt
RP861: 2009-03-27 08:22:33 - Software Distribution Service 3.0
RP862: 2009-03-31 12:42:50 - Software Distribution Service 3.0
RP863: 2009-04-02 22:29:52 - Software Distribution Service 3.0
RP864: 2009-04-07 23:54:26 - Software Distribution Service 3.0
RP865: 2009-04-09 10:22:40 - Software Distribution Service 3.0
RP866: 2009-04-13 17:08:14 - Installerade Windows XP WgaNotify.
RP867: 2009-04-13 17:12:35 - Java™ 6 Update 13 installerades
RP868: 2009-04-14 08:58:04 - Software Distribution Service 3.0
RP869: 2009-04-16 23:40:46 - Software Distribution Service 3.0
RP870: 2009-04-22 21:20:31 - Software Distribution Service 3.0
RP871: 2009-04-23 19:28:09 - Software Distribution Service 3.0
RP872: 2009-04-28 08:39:48 - Software Distribution Service 3.0
RP873: 2009-04-29 09:00:34 - Software Distribution Service 3.0
RP874: 2009-05-01 14:54:56 - Software Distribution Service 3.0
RP875: 2009-05-05 17:01:49 - Software Distribution Service 3.0
RP876: 2009-05-05 17:02:42 - Software Distribution Service 3.0
RP877: 2009-05-07 17:41:25 - Software Distribution Service 3.0
RP878: 2009-05-14 21:14:04 - Software Distribution Service 3.0
RP879: 2009-05-14 21:21:12 - Software Distribution Service 3.0
RP880: 2009-05-18 22:56:27 - Software Distribution Service 3.0
RP881: 2009-05-22 12:06:23 - Software Distribution Service 3.0
RP882: 2009-05-25 16:24:38 - Configured Camera Support Core Library
RP883: 2009-05-25 16:24:53 - Configured Camera Window
RP884: 2009-05-25 16:25:29 - Configured Internet Library
RP885: 2009-05-25 16:25:52 - Configured MovieEdit Task
RP886: 2009-05-25 16:26:13 - Configured RAW Image Task 1.1
RP887: 2009-05-25 16:27:47 - Configured RemoteCapture Task 1.0.3
RP888: 2009-05-25 16:28:19 - Removed Canon Utilities ZoomBrowser EX
RP889: 2009-05-25 16:52:39 - Removed PhotoStitch
RP890: 2009-05-26 08:56:26 - Software Distribution Service 3.0
RP891: 2009-05-30 09:27:32 - Software Distribution Service 3.0
RP892: 2009-06-02 08:55:17 - Software Distribution Service 3.0
RP893: 2009-06-05 09:46:18 - Software Distribution Service 3.0
RP894: 2009-06-08 19:33:41 - Software Distribution Service 3.0
RP895: 2009-06-12 10:47:27 - Software Distribution Service 3.0
RP896: 2009-06-12 10:49:52 - Software Distribution Service 3.0
RP897: 2009-06-12 11:16:02 - Software Distribution Service 3.0
RP898: 2009-06-14 11:47:06 - Systemkontrollpunkt
RP899: 2009-06-17 23:18:25 - Software Distribution Service 3.0
RP900: 2009-06-18 19:46:18 - Software Distribution Service 3.0
RP901: 2009-06-23 09:01:03 - Software Distribution Service 3.0
RP902: 2009-06-23 09:16:50 - Removed Surfer 8.
RP903: 2009-06-23 09:25:12 - Removed EndNote 9.0.1
RP904: 2009-06-23 09:25:55 - Removed EndNote X.0.2 Upgrade Edition
RP905: 2009-06-23 09:29:53 - Removed EndNote X1
RP906: 2009-06-23 09:36:00 - Removed SigmaPlot 10.0.1
RP907: 2009-06-24 18:27:44 - Removed STATISTICA
RP908: 2009-06-24 18:38:25 - Installed STATISTICA 9.0.231.9.
RP909: 2009-06-26 08:58:47 - Software Distribution Service 3.0
RP910: 2009-06-26 09:00:23 - Software Distribution Service 3.0
RP911: 2009-06-26 09:17:40 - Software Distribution Service 3.0
RP912: 2009-06-30 09:53:17 - Software Distribution Service 3.0
RP913: 2009-06-30 09:54:22 - Removed Windows Defender

==== Installed Programs ======================

Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.6 - CPSID_49167
Adobe Acrobat 8.1.6 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe SING CS3
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe WAS CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Allway Sync version 9.2.11
Apple Software Update
ArcGIS Desktop
ArcGIS Explorer
ArcSoft Panorama Maker 3.5
Avanquest update
Broadcom Advanced Control Suite 2
Broadcom ASF Management Applications
Calculator Powertoy for Windows XP
Canon Camera Access Library
Canon Camera Support Core Library
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon iP6700D
Canon iP6700D användarregistrering
Canon iP6700D Memory Card Utility
Canon MOV Decoder
Canon PhotoRecord
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.5
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner (remove only)
CD-LabelPrint
Compatibility Pack för Office 2007-systemet
Conexant D850 56K V.9x DFVc Modem
Copy
CorePLS_Full_QFolder
CorePLS_Min_QFolder
CreativeProjects
CreativeProjectsTemplates
Crystal Reports for ESRI
CueTour
DAS 4.4
Dell Solution Center
Destinations
Digital Line Detect
Director
Disc2Phone
DivX Content Uploader
DivX Web Player
DocProc
EndNote X2
ET GeoWizards 9.8
Franson CoordTrans v2.30
GdiplusUpgrade
Google Earth
Google Earth Plugin
Google Update Helper
Grapher 7
Gtrans 3.51
Gustavas ordböcker
Help and Support Customization
HighMAT-tillägg till Microsoft Windows XP-guiden Skriv till CD-skiva
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
HP Diagnostic Assistant
HP Image Zone 4.0
HP LaserJet P2015 Series 1.0
HP Scanjet 4600
HP Update
hpg4600
hppFonts
hppIOFiles
hppLJP2015
hppManualsP2015
hppTLBXFXP2015
hppWebRegMM
HPSystemDiagnostics
hpzTLBXFX
InstantShare
Intel Application Accelerator
Intel® Integrated Performance Primitives RTI 4.0
ISI ResearchSoft - Export Helper
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
Java™ 6 Update 13
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
K-Lite Codec Pack 2.76 Full
KU 2004
KU 2005
KU 2006
KU 2007
KU 2008
KU2006Fix
KU2008
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MATLAB Component Runtime
Maxtor Backup
Maxtor OneTouch III
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 Swedish Language Pack
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - SVE
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - SVE
Microsoft .NET Framework 3.0 Swedish Language Pack
Microsoft .NET Framework 3.5 Language Pack SP1 - sve
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access 2.0 Converter
Microsoft Office Live Add-in 1.3
Microsoft Office Professional Edition 2003
Microsoft Office Visio Professional 2003
Microsoft Office XP Web Components
Microsoft Pro Photo Tools
Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Microsoft Visual C++ 2005 Redistributable
Modem Helper
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
MWSnap 3
NASA World Wind 1.4
NetWaiting
NVIDIA Drivers
NVIDIA PhysX v8.09.04
OGA Notifier 1.7.0105.35.0
OpticFilm 7200i
Overland
PDF Settings
PE Builder 3.1.10a
Personal 4.5.2
PhotoGallery
Picasa 3
PowerDVD 5.1
Presto! PageManager 6.00
PRIMER 5
PRIMER 6
PrintScreen
Product_SF_Full_QFolder
Product_SF_Min_QFolder
Python 2.5 numpy-1.0.3
Python 2.5.1
QFolder
QuickProjects
QuickTime
Readiris Pro 8
RealPlayer
Scan
Security Update for CAPICOM (KB931906)
Security Update for Windows Search 4 - KB963093
ShareIns
SIE Testprogram
SigmaPlot 11.1.0
SilverFast SE CD Documentation 6.4.0
SilverFast UScan-SE
Skapa HP arkiv-CD
SkinsHP1
Snabbkorrigering för Windows Internet Explorer 7 (KB947864)
Snabbkorrigering för Windows Media Player 11 (KB939683)
Snabbkorrigering för Windows XP (KB952287)
Snabbkorrigering för Windows XP (KB961118)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB928090)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB929969)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB931768)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB933566)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB937143)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB938127)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB939653)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB942615)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB944533)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB950759)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB953838)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB956390)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB958215)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB960714)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB961260)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB963027)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB969897)
Säkerhetsuppdatering för Windows Media Player (KB911564)
Säkerhetsuppdatering för Windows Media Player (KB952069)
Säkerhetsuppdatering för Windows Media Player 10 (KB911565)
Säkerhetsuppdatering för Windows Media Player 10 (KB917734)
Säkerhetsuppdatering för Windows Media Player 11 (KB936782)
Säkerhetsuppdatering för Windows Media Player 11 (KB954154)
Säkerhetsuppdatering för Windows Media Player 6.4 (KB925398)
Säkerhetsuppdatering för Windows XP (KB923561)
Säkerhetsuppdatering för Windows XP (KB923689)
Säkerhetsuppdatering för Windows XP (KB938464)
Säkerhetsuppdatering för Windows XP (KB941569)
Säkerhetsuppdatering för Windows XP (KB946648)
Säkerhetsuppdatering för Windows XP (KB950760)
Säkerhetsuppdatering för Windows XP (KB950762)
Säkerhetsuppdatering för Windows XP (KB950974)
Säkerhetsuppdatering för Windows XP (KB951066)
Säkerhetsuppdatering för Windows XP (KB951376-v2)
Säkerhetsuppdatering för Windows XP (KB951376)
Säkerhetsuppdatering för Windows XP (KB951698)
Säkerhetsuppdatering för Windows XP (KB951748)
Säkerhetsuppdatering för Windows XP (KB952004)
Säkerhetsuppdatering för Windows XP (KB952954)
Säkerhetsuppdatering för Windows XP (KB953839)
Säkerhetsuppdatering för Windows XP (KB954211)
Säkerhetsuppdatering för Windows XP (KB954459)
Säkerhetsuppdatering för Windows XP (KB954600)
Säkerhetsuppdatering för Windows XP (KB955069)
Säkerhetsuppdatering för Windows XP (KB956391)
Säkerhetsuppdatering för Windows XP (KB956572)
Säkerhetsuppdatering för Windows XP (KB956802)
Säkerhetsuppdatering för Windows XP (KB956803)
Säkerhetsuppdatering för Windows XP (KB956841)
Säkerhetsuppdatering för Windows XP (KB957095)
Säkerhetsuppdatering för Windows XP (KB957097)
Säkerhetsuppdatering för Windows XP (KB958644)
Säkerhetsuppdatering för Windows XP (KB958687)
Säkerhetsuppdatering för Windows XP (KB958690)
Säkerhetsuppdatering för Windows XP (KB959426)
Säkerhetsuppdatering för Windows XP (KB960225)
Säkerhetsuppdatering för Windows XP (KB960715)
Säkerhetsuppdatering för Windows XP (KB960803)
Säkerhetsuppdatering för Windows XP (KB961373)
Säkerhetsuppdatering för Windows XP (KB961501)
Säkerhetsuppdatering för Windows XP (KB968537)
Säkerhetsuppdatering för Windows XP (KB969898)
Säkerhetsuppdatering för Windows XP (KB970238)
Sonic DVDit!
Sonic Update Manager
Sony Ericsson Media Manager 1.2
Sony Ericsson PC Suite 4.010.00
Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve
STATISTICA 9.0.231.9
STATNOVAPDF (novaPDF 6.1 printer)
Surfer 9
Telia Supportassistent
TextPad 4.7
TrayApp
Tweak UI
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Service
Uppdatering för Windows Internet Explorer 8 (KB968220)
Uppdatering för Windows Internet Explorer 8 (KB971180)
Uppdatering för Windows Internet Explorer 8 (KB971930)
Uppdatering för Windows XP (KB951072-v2)
Uppdatering för Windows XP (KB951618-v2)
Uppdatering för Windows XP (KB951978)
Uppdatering för Windows XP (KB955839)
Uppdatering för Windows XP (KB967715)
WebFldrs XP
WebReg
Verktyget Ta bort dolda data
Viktig uppdatering för Windows Media Player 11 (KB959772)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live inloggningsassistenten
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (SVE)
Windows Rights Management-klient bakåtkompatibilitet SP2
Windows Rights Management-klient med Service Pack 2
Windows Search 4.0
Windows XP Service Pack 3
WinZip
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
Workrave 1.9.0
XML Notepad 2007
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
ZipGenius 6 (6.0.3.1150)
Zoom and Export

==== End Of File ===========================

Mats,

Your Java is out of date and you have other old versions still on your computer, those old versions are now a security vulnerability:

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer - Version 6 update 14

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatthetech.com/How_Disable_...ams_t96260.html
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Hi Tomk

I'm surpised to see how much you know, thank you for all help!

I turned off the virusscan but it turned itself on time after time. One other thing when I turn off the computer a popup comes up saying that SyncServices.exe can't be closed down and I have to close it down manually (something like that anyway).

I have done what you asked and here is the log :

ComboFix 09-07-07.07 - Mats 2009-07-07 21:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2302.1749 [GMT 2:00]
Körs från: c:\documents and settings\Mats\Skrivbord\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\11a0837.msi
c:\windows\Installer\11a083e.msi
c:\windows\Installer\11a0845.msi
c:\windows\Installer\12c2a68.msp
c:\windows\Installer\172e49b.msp
c:\windows\Installer\185ae5.msi
c:\windows\Installer\1e0085.msp
c:\windows\Installer\220f1.msi
c:\windows\Installer\2770e.msi
c:\windows\Installer\33889.msi
c:\windows\Installer\4cb94.msi
c:\windows\Installer\4d360.msi
c:\windows\Installer\516b05c.msi
c:\windows\Installer\6457d.msi
c:\windows\Installer\67903.msi
c:\windows\Installer\693fa.msi
c:\windows\Installer\69efa.msi
c:\windows\Installer\77584.msi
c:\windows\Installer\8dc0c.msp
c:\windows\Installer\90a2a.msi
c:\windows\Installer\b77e1.msi
c:\windows\Installer\WinRMSrv.msi
c:\windows\system32\b7svinp.dll
c:\windows\system32\drivers\fad.sys
c:\windows\system32\prsgrc.dll

.
(((((((((((((((((((((((( Filer Skapade från 2009-06-07 till 2009-07-07 ))))))))))))))))))))))))))))))
.

2009-07-03 07:24 . 2009-07-03 07:24 -------- d-----w- c:\documents and settings\Mats\Application Data\Malwarebytes
2009-07-03 07:24 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-03 07:24 . 2009-07-03 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-03 07:24 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-03 07:24 . 2009-07-03 07:24 -------- d-----w- c:\program\Malwarebytes' Anti-Malware
2009-06-30 10:52 . 2009-06-30 10:52 -------- d-----w- c:\program\Procmon
2009-06-30 07:42 . 2009-06-30 07:42 -------- d-----w- c:\program\Trend Micro
2009-06-30 07:06 . 2009-06-30 07:06 -------- d-----w- c:\documents and settings\Mats\Application Data\Uniblue
2009-06-24 16:44 . 2009-02-06 13:57 23704 ----a-w- c:\windows\system32\novamnk6.dll
2009-06-24 16:44 . 2009-02-06 13:57 18584 ----a-w- c:\windows\system32\novamik6.dll
2009-06-24 16:44 . 2009-06-24 16:44 -------- d-----w- c:\program\Delade filer\StatSoft
2009-06-24 16:43 . 2009-06-24 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\StatSoft
2009-06-24 16:37 . 2009-06-24 16:37 -------- d-----w- c:\program\StatSoft
2009-06-23 10:01 . 2009-06-23 10:01 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\ESRI
2009-06-23 09:34 . 2009-06-23 09:34 -------- d-----w- c:\program\Delade filer\ArcGIS
2009-06-23 07:14 . 2009-06-23 07:14 -------- d-----w- c:\documents and settings\Mats\Application Data\Golden Software
2009-06-23 07:14 . 2009-05-18 14:22 2723432 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\Surfer(9.2.397)_Installer.exe
2009-06-23 07:14 . 2009-06-23 07:14 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}
2009-06-12 08:13 . 2009-04-30 21:17 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-12 08:13 . 2009-04-30 21:17 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 19:04 . 2008-12-16 21:22 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-07 18:57 . 2004-08-27 21:45 -------- d-----w- c:\program\Java
2009-07-06 05:40 . 2005-09-30 06:29 -------- d-----w- c:\program\Google
2009-07-04 21:10 . 2009-05-26 07:00 -------- d-----w- c:\documents and settings\Mats\Application Data\CameraWindowDC
2009-07-04 21:10 . 2009-05-26 07:01 -------- d-----w- c:\documents and settings\Mats\Application Data\ZoomBrowser EX
2009-06-24 16:28 . 2004-08-27 21:48 -------- d--h--w- c:\program\InstallShield Installation Information
2009-06-23 10:20 . 2004-09-08 08:50 -------- d-----w- c:\documents and settings\Mats\Application Data\ESRI
2009-06-23 09:32 . 2004-09-08 08:42 -------- d-----w- c:\program\ArcGIS
2009-06-23 07:37 . 2005-11-22 11:57 -------- d-----w- c:\program\SigmaPlot
2009-06-23 07:33 . 2006-06-08 17:01 -------- d-----w- c:\program\Delade filer\Wise Installation Wizard
2009-06-23 07:23 . 2005-09-06 17:14 -------- d-----w- c:\program\Golden Software
2009-06-22 11:10 . 2006-06-08 17:06 -------- d-----w- c:\documents and settings\Mats\Application Data\EndNote
2009-06-18 11:59 . 2007-07-08 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-12 09:12 . 2004-08-27 21:38 467208 ----a-w- c:\windows\system32\perfh01D.dat
2009-06-12 09:12 . 2004-08-27 21:38 93424 ----a-w- c:\windows\system32\perfc01D.dat
2009-06-12 09:01 . 2008-09-08 05:36 -------- d-----w- c:\program\Windows Desktop Search
2009-05-31 15:09 . 2008-02-14 13:04 -------- d-----w- c:\documents and settings\Gunilla\Application Data\EndNote
2009-05-26 07:18 . 2004-09-08 16:25 -------- d-----w- c:\program\Canon
2009-05-26 07:03 . 2009-05-26 07:03 -------- d-----w- c:\documents and settings\Mats\Application Data\Canon
2009-05-26 07:00 . 2009-05-26 07:00 -------- d-----w- c:\documents and settings\Mats\Application Data\CANON INC
2009-05-25 14:54 . 2009-05-25 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-05-25 14:50 . 2007-08-29 19:10 -------- d-----w- c:\program\Delade filer\CANON
2009-05-25 14:32 . 2009-05-25 14:32 -------- d-----w- c:\program\CCleaner
2009-05-24 22:24 . 2008-05-26 20:18 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-18 14:16 . 2009-06-23 07:11 4375552 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\318B4C59\B7602018\Surfer.exe
2009-05-18 14:12 . 2009-06-23 07:11 715264 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\C67D1E63\B7602018\GridLib.dll
2009-05-18 14:12 . 2009-06-23 07:11 126464 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\7FBA7249\B7602018\CoordLib.dll
2009-05-18 13:37 . 2009-06-23 07:11 27136 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\296AE232\C9CA8632\ioStacked.dll
2009-05-18 13:36 . 2009-06-23 07:11 64000 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\DB72A45A\C9CA8632\ioDat.dll
2009-05-18 13:36 . 2009-06-23 07:11 41984 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\E5AA589F\C9CA8632\ioBln.dll
2009-05-18 13:36 . 2009-06-23 07:11 20992 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\66E82084\C9CA8632\ioAsc.dll
2009-05-18 13:36 . 2009-06-23 07:11 34816 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\786ADFF\C9CA8632\ioGrd.dll
2009-05-18 13:36 . 2009-06-23 07:11 30208 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\B8E20497\C9CA8632\ioBmp.dll
2009-05-18 13:35 . 2009-06-23 07:11 21504 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\4CFA12D6\C9CA8632\ioAvsx.dll
2009-05-18 13:35 . 2009-06-23 07:11 27136 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\6A3DA568\C9CA8632\ioSun.dll
2009-05-18 13:35 . 2009-06-23 07:11 20992 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\6409405D\C9CA8632\ioGTopo30.dll
2009-05-18 13:35 . 2009-06-23 07:11 15360 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\BC719B1\C9CA8632\ioDted.dll
2009-05-18 13:35 . 2009-06-23 07:11 45056 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\41C7A931\C9CA8632\ioBna.dll
2009-05-18 13:35 . 2009-06-23 07:11 154624 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\1CEC19A9\C9CA8632\ioPng.dll
2009-05-18 13:35 . 2009-06-23 07:11 135680 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\F531E724\C9CA8632\ioJpeg.dll
2009-05-18 13:34 . 2009-06-23 07:11 39936 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\DE225989\C9CA8632\ioDem.dll
2009-05-18 13:34 . 2009-06-23 07:11 72704 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\4CCC9D3B\C9CA8632\ioGsb.dll
2009-05-18 13:34 . 2009-06-23 07:11 34304 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\27CC553C\C9CA8632\ioSdtsDem.dll
2009-05-18 13:34 . 2009-06-23 07:11 41472 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\5F4956CF\C9CA8632\ioGxf.dll
2009-05-18 13:33 . 2009-06-23 07:11 20480 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\4E461038\C9CA8632\ioDbf.dll
2009-05-18 13:33 . 2009-06-23 07:11 48128 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\86028631\C9CA8632\ioSlk.dll
2009-05-18 13:33 . 2009-06-23 07:11 22528 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\168BCFA3\C9CA8632\ioWks.dll
2009-05-18 13:33 . 2009-06-23 07:11 35328 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\67A51DC9\C9CA8632\ioGif.dll
2009-05-18 13:33 . 2009-06-23 07:11 116224 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\FDA495CE\C9CA8632\ioXlsx.dll
2009-05-18 13:33 . 2009-06-23 07:11 26112 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\457CBF06\C9CA8632\ioSgi.dll
2009-05-18 13:33 . 2009-06-23 07:11 27136 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\D99EEBD7\C9CA8632\ioPnm.dll
2009-05-18 13:32 . 2009-06-23 07:11 115712 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\D2EF6DF7\C9CA8632\ioXls.dll
2009-05-18 13:32 . 2009-06-23 07:11 15360 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\23FA7DF2\C9CA8632\ioXyz.dll
2009-05-18 13:32 . 2009-06-23 07:11 43520 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\377CF50C\C9CA8632\ioPlt.dll
2009-05-18 13:32 . 2009-06-23 07:11 541184 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\7D4689F\C9CA8632\ioTiff.dll
2009-05-18 13:31 . 2009-06-23 07:11 29184 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\4EBFEFB3\C9CA8632\ioPcx.dll
2009-05-18 13:31 . 2009-06-23 07:11 14336 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\148576A6\C9CA8632\ioETopo5.dll
2009-05-18 13:31 . 2009-06-23 07:11 15360 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\32A18AAA\C9CA8632\ioGlobe.dll
2009-05-18 13:31 . 2009-06-23 07:11 42496 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\CF9EF29A\C9CA8632\ioRaw.dll
2009-05-18 13:31 . 2009-06-23 07:11 32256 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\A7C78909\C9CA8632\ioBnd.dll
2009-05-18 13:30 . 2009-06-23 07:11 145920 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\A39AD675\C9CA8632\ioAdf.dll
2009-05-18 13:30 . 2009-06-23 07:11 283648 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\8438608\C9CA8632\ioDxf.dll
2009-05-18 13:30 . 2009-06-23 07:11 18432 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\91331941\C9CA8632\ioGeo.dll
2009-05-18 13:30 . 2009-06-23 07:11 23552 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\B76DAEDE\C9CA8632\ioIdr.dll
2009-05-18 13:30 . 2009-06-23 07:11 25088 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\5B1BB0D4\C9CA8632\ioErs.dll
2009-05-18 13:29 . 2009-06-23 07:11 20992 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\DB3B93AB\C9CA8632\ioFlt.dll
2009-05-18 13:29 . 2009-06-23 07:11 77312 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\41958665\C9CA8632\ioHdf.dll
2009-05-18 13:29 . 2009-06-23 07:11 25088 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\460B2AC0\C9CA8632\ioTga.dll
2009-05-18 13:28 . 2009-06-23 07:11 32768 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\7B67808\C9CA8632\ioAnalyze.dll
2009-05-18 13:28 . 2009-06-23 07:11 15872 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\EE191B40\C9CA8632\ioCps.dll
2009-05-18 13:28 . 2009-06-23 07:11 16384 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\3E23A8AB\C9CA8632\ioLeica.dll
2009-05-18 13:28 . 2009-06-23 07:11 70144 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\D733193C\C9CA8632\ioAvs.dll
2009-05-18 13:28 . 2009-06-23 07:11 28160 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\92DEB5D2\C9CA8632\ioStk.dll
2009-05-18 13:28 . 2009-06-23 07:11 81408 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\92FADD91\C9CA8632\ioVtk.dll
2009-05-18 13:28 . 2009-06-23 07:11 78336 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\DECBCBDE\C9CA8632\ioAmira.dll
2009-05-18 13:27 . 2009-06-23 07:11 49664 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\7F96F5D7\C9CA8632\ioLat.dll
2009-05-18 13:27 . 2009-06-23 07:11 354304 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\B5B703C8\C9CA8632\ioDicom.dll
2009-05-18 13:27 . 2009-06-23 07:11 15360 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\EC274E50\C9CA8632\ioZmap.dll
2009-05-18 13:27 . 2009-06-23 07:11 57344 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\4535ABA0\C9CA8632\ioMdb.dll
2009-05-18 13:27 . 2009-06-23 07:11 36352 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\6DB2F903\C9CA8632\ioCgm.dll
2009-05-18 13:27 . 2009-06-23 07:11 155136 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\F423B6C5\C9CA8632\ioEmf.dll
2009-05-18 13:25 . 2009-06-23 07:11 32768 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\8AD06145\C9CA8632\ioEps.dll
2009-05-18 13:25 . 2009-06-23 07:11 95232 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\7D27BD20\C9CA8632\ioPdf.dll
2009-05-18 13:25 . 2009-06-23 07:11 47104 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\D95B0FDF\C9CA8632\ioGsi.dll
2009-05-18 13:24 . 2009-06-23 07:11 96256 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\B69C4BB2\C9CA8632\ioE00.dll
2009-05-18 13:24 . 2009-06-23 07:11 69120 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\FD4F87A5\C9CA8632\ioDlg.dll
2009-05-18 13:23 . 2009-06-23 07:11 70656 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\E355C2\C9CA8632\ioShp.dll
2009-05-18 13:23 . 2009-06-23 07:11 58880 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\33066A8\C9CA8632\ioSdtsTvp.dll
2009-05-18 13:23 . 2009-06-23 07:11 82432 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\6A1F9353\C9CA8632\ioMif.dll
2009-05-18 13:23 . 2009-06-23 07:11 44032 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\7E96F0AE\C9CA8632\ioPly.dll
2009-05-18 13:22 . 2009-06-23 07:11 143872 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\793C8817\C9CA8632\ioSid.dll
2009-05-18 13:22 . 2009-06-23 07:11 41984 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\2FAA8AB\C9CA8632\ioEcw.dll
2009-05-18 13:21 . 2009-06-23 07:11 40448 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\A4D9FC99\C9CA8632\ioLib.dll
2009-05-18 13:21 . 2009-06-23 07:11 126464 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\E98D73B9\C24319EE\Scripter.exe
2009-05-18 13:21 . 2009-06-23 07:11 64512 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\D62DB906\C9CA8632\RendererGSIO.dll
2009-05-18 13:21 . 2009-06-23 07:11 35328 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\75BECB80\C9CA8632\RendererBitmap.dll
2009-05-18 13:21 . 2009-06-23 07:11 55808 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\6C5549DA\C9CA8632\RendererGDI.dll
2009-05-18 13:20 . 2009-06-23 07:11 212992 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\9A614BBA\C9CA8632\GsDraw.dll
2009-05-18 13:19 . 2009-06-23 07:11 242688 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\450674E8\C9CA8632\GSWks2.dll
2009-05-18 13:18 . 2009-06-23 07:11 219648 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\BFFAEFCC\C9CA8632\gsio.dll
.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="c:\program\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"DVDLauncher"="c:\program\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"UpdateManager"="c:\program\Delade filer\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2009-01-05 413696]
"McAfeeUpdaterUI"="c:\program\Network Associates\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"HP Component Manager"="c:\program\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"MaxtorOneTouch"="c:\program\Maxtor\OneTouch\utils\Onetouch.exe" [2005-11-09 634880]
"mxomssmenu"="c:\program\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 81920]
"Acrobat Assistant 8.0"="c:\program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"ShStatEXE"="c:\program\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-08-13 111952]
"PDUiP6700DMon"="c:\program\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe" [2006-10-03 75376]
"Easy-PrintToolBox"="c:\program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"ToolBoxFX"="c:\program\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-06-15 49152]
"HP Software Update"="c:\program\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-07-07 148888]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2009-03-27 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start-meny\Program\Autostart\
Digital Line Detect.lnk - c:\program\Digital Line Detect\DLG.exe [2004-8-27 24576]
HP Digital Imaging Monitor.lnk - c:\program\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-14 241664]
HP Image Zone Snabbstarta.lnk - c:\program\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-14 53248]
Personal.lnk - c:\program\Personal\bin\Personal.exe [2007-2-2 722728]
QuickScan (OpticFilm 7200i).lnk - c:\program\Plustek\OpticFilm 7200i\QuickScan.exe [2006-10-20 290816]
Windows Search.lnk - c:\program\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"telia"="c:\program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"c:\\Program\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program\\Bonjour\\mDNSResponder.exe"=
"c:\\Program\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\WINDOWS\\SYSTEM32\\ftp.exe"=
"c:\\Program\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=

R2 sprtsvc_telia;SupportSoft Sprocket Service (telia);c:\program\Telia\Supportassistent\bin\sprtsvc.exe [2008-11-03 202016]
S2 gupdate1c8e0e320912ea;Google Update Service (gupdate1c8e0e320912ea);c:\program\Google\Update\GoogleUpdate.exe [2008-07-15 133104]
S3 adr2k;adr2k;c:\windows\SYSTEM32\DRIVERS\adr2k.sys [2002-01-10 5760]
S3 bvrp_pci;bvrp_pci; [x]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\SYSTEM32\DRIVERS\ggflt.sys [2007-11-27 13224]
S3 Oseaook;Oseaook; [x]
S3 Qdpidblt;Qdpidblt; [x]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\SYSTEM32\DRIVERS\sea1bus.sys [2007-07-01 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\SYSTEM32\DRIVERS\sea1mdfl.sys [2007-07-01 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\SYSTEM32\DRIVERS\sea1mdm.sys [2007-07-01 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\SYSTEM32\DRIVERS\sea1mgmt.sys [2007-07-01 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\SYSTEM32\DRIVERS\sea1nd5.sys [2007-07-01 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\SYSTEM32\DRIVERS\sea1obex.sys [2007-07-01 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\SYSTEM32\DRIVERS\sea1unic.sys [2007-07-01 90800]
S4 LFCK;LF Connection Keeper Service;"c:\program\LennartFranzén\LFConnectionKeeper\lfck.exe" --startAsService --> c:\program\LennartFranzén\LFConnectionKeeper\lfck.exe [?]

--- Övriga tjänster/drivrutiner i minnet ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Innehållet i mappen 'Schemalagda aktiviteter':

2009-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program\Google\Update\GoogleUpdate.exe [2008-07-15 13:44]

2009-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program\Google\Update\GoogleUpdate.exe [2008-07-15 13:44]

2009-07-07 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-07-07 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.google.se/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {76392179-60A8-462D-8961-B95C14DAADF4} - hxxps://eredovisning.plusgirot.se/ddrint/content/ddiprintengine.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 21:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

c:\program\McAfee\VirusScan Enterprise\Mcshield.exe [3248] 0x89238A40

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------

[HKEY_USERS\S-1-5-21-1773558433-214419653-2450776255-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"D140111900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
Sluttid: 2009-07-07 21:37
ComboFix-quarantined-files.txt 2009-07-07 19:37

Före genomsökningen: 28 100 222 976 byte ledigt
Efter genomsökningen: 28 049 907 712 byte ledigt

WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

291 --- E O F --- 2009-06-30 07:53

Mats,

COMBOFIX-Script

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  
  CODE
  Driver::
  
  bvrp_pci
  Oseaook
  Qdpidblt
  LFCK
  
• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Please go to Kaspersky website and perform an online antivirus scan.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

Hi Tomk

Thank you for working on this! My computer is extremely slow in some situations. Starting Word, Excel or Access can sometimes be very slow. Opening a new tab in IE can take forever.

I tried to disable my AV but it keeps turning itself on automatically. I don't know how to turn it off. However I ran CombFix according to your instructions. The program said it found a newer version which I said it was OK to use. After running ComboFix a while my AV popped up saying it found some virus in a tempfile, EICAR testfile. Unfortunately this file was removed by my AV. ComboFix continued and produced a logfile (see it below). The Kapersky scan I will run tonight since it takes several hours and I need to use my computer today. Meanwhile I send the ComboFix logfile:

ComboFix 09-07-07.A2 - Mats 2009-07-08 7:15.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2302.1744 [GMT 2:00]
Körs från: c:\documents and settings\Mats\Skrivbord\ComboFix.exe
Använda kommandoväxlar :: c:\documents and settings\Mats\Skrivbord\cfscript.txt
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LFCK
-------\Service_bvrp_pci
-------\Service_LFCK
-------\Service_Oseaook
-------\Service_Qdpidblt


(((((((((((((((((((((((( Filer Skapade från 2009-06-08 till 2009-07-08 ))))))))))))))))))))))))))))))
.

2009-07-03 07:24 . 2009-07-03 07:24 -------- d-----w- c:\documents and settings\Mats\Application Data\Malwarebytes
2009-07-03 07:24 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-03 07:24 . 2009-07-03 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-03 07:24 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-03 07:24 . 2009-07-03 07:24 -------- d-----w- c:\program\Malwarebytes' Anti-Malware
2009-06-30 10:52 . 2009-06-30 10:52 -------- d-----w- c:\program\Procmon
2009-06-30 07:42 . 2009-06-30 07:42 -------- d-----w- c:\program\Trend Micro
2009-06-30 07:06 . 2009-06-30 07:06 -------- d-----w- c:\documents and settings\Mats\Application Data\Uniblue
2009-06-24 16:44 . 2009-02-06 13:57 23704 ----a-w- c:\windows\system32\novamnk6.dll
2009-06-24 16:44 . 2009-02-06 13:57 18584 ----a-w- c:\windows\system32\novamik6.dll
2009-06-24 16:44 . 2009-06-24 16:44 -------- d-----w- c:\program\Delade filer\StatSoft
2009-06-24 16:43 . 2009-06-24 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\StatSoft
2009-06-24 16:37 . 2009-06-24 16:37 -------- d-----w- c:\program\StatSoft
2009-06-23 10:01 . 2009-06-23 10:01 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\ESRI
2009-06-23 09:34 . 2009-06-23 09:34 -------- d-----w- c:\program\Delade filer\ArcGIS
2009-06-23 07:14 . 2009-06-23 07:14 -------- d-----w- c:\documents and settings\Mats\Application Data\Golden Software
2009-06-23 07:14 . 2009-05-18 14:22 2723432 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\Surfer(9.2.397)_Installer.exe
2009-06-23 07:14 . 2009-06-23 07:14 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}
2009-06-12 08:13 . 2009-04-30 21:17 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-12 08:13 . 2009-04-30 21:17 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 19:04 . 2008-12-16 21:22 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-07 18:57 . 2004-08-27 21:45 -------- d-----w- c:\program\Java
2009-07-06 05:40 . 2005-09-30 06:29 -------- d-----w- c:\program\Google
2009-07-04 21:10 . 2009-05-26 07:00 -------- d-----w- c:\documents and settings\Mats\Application Data\CameraWindowDC
2009-07-04 21:10 . 2009-05-26 07:01 -------- d-----w- c:\documents and settings\Mats\Application Data\ZoomBrowser EX
2009-06-24 16:28 . 2004-08-27 21:48 -------- d--h--w- c:\program\InstallShield Installation Information
2009-06-23 10:20 . 2004-09-08 08:50 -------- d-----w- c:\documents and settings\Mats\Application Data\ESRI
2009-06-23 09:32 . 2004-09-08 08:42 -------- d-----w- c:\program\ArcGIS
2009-06-23 07:37 . 2005-11-22 11:57 -------- d-----w- c:\program\SigmaPlot
2009-06-23 07:33 . 2006-06-08 17:01 -------- d-----w- c:\program\Delade filer\Wise Installation Wizard
2009-06-23 07:23 . 2005-09-06 17:14 -------- d-----w- c:\program\Golden Software
2009-06-22 11:10 . 2006-06-08 17:06 -------- d-----w- c:\documents and settings\Mats\Application Data\EndNote
2009-06-18 11:59 . 2007-07-08 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-12 09:12 . 2004-08-27 21:38 467208 ----a-w- c:\windows\system32\perfh01D.dat
2009-06-12 09:12 . 2004-08-27 21:38 93424 ----a-w- c:\windows\system32\perfc01D.dat
2009-06-12 09:01 . 2008-09-08 05:36 -------- d-----w- c:\program\Windows Desktop Search
2009-05-31 15:09 . 2008-02-14 13:04 -------- d-----w- c:\documents and settings\Gunilla\Application Data\EndNote
2009-05-26 07:18 . 2004-09-08 16:25 -------- d-----w- c:\program\Canon
2009-05-26 07:03 . 2009-05-26 07:03 -------- d-----w- c:\documents and settings\Mats\Application Data\Canon
2009-05-26 07:00 . 2009-05-26 07:00 -------- d-----w- c:\documents and settings\Mats\Application Data\CANON INC
2009-05-25 14:54 . 2009-05-25 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-05-25 14:50 . 2007-08-29 19:10 -------- d-----w- c:\program\Delade filer\CANON
2009-05-25 14:32 . 2009-05-25 14:32 -------- d-----w- c:\program\CCleaner
2009-05-24 22:24 . 2008-05-26 20:18 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-18 14:16 . 2009-06-23 07:11 4375552 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\318B4C59\B7602018\Surfer.exe
2009-05-18 14:12 . 2009-06-23 07:11 715264 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\C67D1E63\B7602018\GridLib.dll
2009-05-18 14:12 . 2009-06-23 07:11 126464 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\7FBA7249\B7602018\CoordLib.dll
2009-05-18 13:37 . 2009-06-23 07:11 27136 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\296AE232\C9CA8632\ioStacked.dll
2009-05-18 13:36 . 2009-06-23 07:11 64000 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\DB72A45A\C9CA8632\ioDat.dll
2009-05-18 13:36 . 2009-06-23 07:11 41984 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\E5AA589F\C9CA8632\ioBln.dll
2009-05-18 13:36 . 2009-06-23 07:11 20992 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\66E82084\C9CA8632\ioAsc.dll
2009-05-18 13:36 . 2009-06-23 07:11 34816 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\786ADFF\C9CA8632\ioGrd.dll
2009-05-18 13:36 . 2009-06-23 07:11 30208 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\B8E20497\C9CA8632\ioBmp.dll
2009-05-18 13:35 . 2009-06-23 07:11 21504 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\4CFA12D6\C9CA8632\ioAvsx.dll
2009-05-18 13:35 . 2009-06-23 07:11 27136 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\6A3DA568\C9CA8632\ioSun.dll
2009-05-18 13:35 . 2009-06-23 07:11 20992 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\6409405D\C9CA8632\ioGTopo30.dll
2009-05-18 13:35 . 2009-06-23 07:11 15360 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\BC719B1\C9CA8632\ioDted.dll
2009-05-18 13:35 . 2009-06-23 07:11 45056 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\41C7A931\C9CA8632\ioBna.dll
2009-05-18 13:35 . 2009-06-23 07:11 154624 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\1CEC19A9\C9CA8632\ioPng.dll
2009-05-18 13:35 . 2009-06-23 07:11 135680 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\F531E724\C9CA8632\ioJpeg.dll
2009-05-18 13:34 . 2009-06-23 07:11 39936 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\DE225989\C9CA8632\ioDem.dll
2009-05-18 13:34 . 2009-06-23 07:11 72704 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\4CCC9D3B\C9CA8632\ioGsb.dll
2009-05-18 13:34 . 2009-06-23 07:11 34304 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\27CC553C\C9CA8632\ioSdtsDem.dll
2009-05-18 13:34 . 2009-06-23 07:11 41472 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\5F4956CF\C9CA8632\ioGxf.dll
2009-05-18 13:33 . 2009-06-23 07:11 20480 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\4E461038\C9CA8632\ioDbf.dll
2009-05-18 13:33 . 2009-06-23 07:11 48128 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\86028631\C9CA8632\ioSlk.dll
2009-05-18 13:33 . 2009-06-23 07:11 22528 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\168BCFA3\C9CA8632\ioWks.dll
2009-05-18 13:33 . 2009-06-23 07:11 35328 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\67A51DC9\C9CA8632\ioGif.dll
2009-05-18 13:33 . 2009-06-23 07:11 116224 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\FDA495CE\C9CA8632\ioXlsx.dll
2009-05-18 13:33 . 2009-06-23 07:11 26112 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\457CBF06\C9CA8632\ioSgi.dll
2009-05-18 13:33 . 2009-06-23 07:11 27136 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\D99EEBD7\C9CA8632\ioPnm.dll
2009-05-18 13:32 . 2009-06-23 07:11 115712 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\D2EF6DF7\C9CA8632\ioXls.dll
2009-05-18 13:32 . 2009-06-23 07:11 15360 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\23FA7DF2\C9CA8632\ioXyz.dll
2009-05-18 13:32 . 2009-06-23 07:11 43520 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\377CF50C\C9CA8632\ioPlt.dll
2009-05-18 13:32 . 2009-06-23 07:11 541184 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\7D4689F\C9CA8632\ioTiff.dll
2009-05-18 13:31 . 2009-06-23 07:11 29184 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\4EBFEFB3\C9CA8632\ioPcx.dll
2009-05-18 13:31 . 2009-06-23 07:11 14336 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\148576A6\C9CA8632\ioETopo5.dll
2009-05-18 13:31 . 2009-06-23 07:11 15360 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\32A18AAA\C9CA8632\ioGlobe.dll
2009-05-18 13:31 . 2009-06-23 07:11 42496 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\CF9EF29A\C9CA8632\ioRaw.dll
2009-05-18 13:31 . 2009-06-23 07:11 32256 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\A7C78909\C9CA8632\ioBnd.dll
2009-05-18 13:30 . 2009-06-23 07:11 145920 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\A39AD675\C9CA8632\ioAdf.dll
2009-05-18 13:30 . 2009-06-23 07:11 283648 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\8438608\C9CA8632\ioDxf.dll
2009-05-18 13:30 . 2009-06-23 07:11 18432 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\91331941\C9CA8632\ioGeo.dll
2009-05-18 13:30 . 2009-06-23 07:11 23552 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\B76DAEDE\C9CA8632\ioIdr.dll
2009-05-18 13:30 . 2009-06-23 07:11 25088 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\5B1BB0D4\C9CA8632\ioErs.dll
2009-05-18 13:29 . 2009-06-23 07:11 20992 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\DB3B93AB\C9CA8632\ioFlt.dll
2009-05-18 13:29 . 2009-06-23 07:11 77312 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\41958665\C9CA8632\ioHdf.dll
2009-05-18 13:29 . 2009-06-23 07:11 25088 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\460B2AC0\C9CA8632\ioTga.dll
2009-05-18 13:28 . 2009-06-23 07:11 32768 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\7B67808\C9CA8632\ioAnalyze.dll
2009-05-18 13:28 . 2009-06-23 07:11 15872 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\EE191B40\C9CA8632\ioCps.dll
2009-05-18 13:28 . 2009-06-23 07:11 16384 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\3E23A8AB\C9CA8632\ioLeica.dll
2009-05-18 13:28 . 2009-06-23 07:11 70144 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\D733193C\C9CA8632\ioAvs.dll
2009-05-18 13:28 . 2009-06-23 07:11 28160 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\92DEB5D2\C9CA8632\ioStk.dll
2009-05-18 13:28 . 2009-06-23 07:11 81408 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\92FADD91\C9CA8632\ioVtk.dll
2009-05-18 13:28 . 2009-06-23 07:11 78336 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\DECBCBDE\C9CA8632\ioAmira.dll
2009-05-18 13:27 . 2009-06-23 07:11 49664 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\7F96F5D7\C9CA8632\ioLat.dll
2009-05-18 13:27 . 2009-06-23 07:11 354304 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\B5B703C8\C9CA8632\ioDicom.dll
2009-05-18 13:27 . 2009-06-23 07:11 15360 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\EC274E50\C9CA8632\ioZmap.dll
2009-05-18 13:27 . 2009-06-23 07:11 57344 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\4535ABA0\C9CA8632\ioMdb.dll
2009-05-18 13:27 . 2009-06-23 07:11 36352 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\6DB2F903\C9CA8632\ioCgm.dll
2009-05-18 13:27 . 2009-06-23 07:11 155136 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\F423B6C5\C9CA8632\ioEmf.dll
2009-05-18 13:25 . 2009-06-23 07:11 32768 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\8AD06145\C9CA8632\ioEps.dll
2009-05-18 13:25 . 2009-06-23 07:11 95232 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\7D27BD20\C9CA8632\ioPdf.dll
2009-05-18 13:25 . 2009-06-23 07:11 47104 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\D95B0FDF\C9CA8632\ioGsi.dll
2009-05-18 13:24 . 2009-06-23 07:11 96256 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\B69C4BB2\C9CA8632\ioE00.dll
2009-05-18 13:24 . 2009-06-23 07:11 69120 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\FD4F87A5\C9CA8632\ioDlg.dll
2009-05-18 13:23 . 2009-06-23 07:11 70656 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\E355C2\C9CA8632\ioShp.dll
2009-05-18 13:23 . 2009-06-23 07:11 58880 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\33066A8\C9CA8632\ioSdtsTvp.dll
2009-05-18 13:23 . 2009-06-23 07:11 82432 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\6A1F9353\C9CA8632\ioMif.dll
2009-05-18 13:23 . 2009-06-23 07:11 44032 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\7E96F0AE\C9CA8632\ioPly.dll
2009-05-18 13:22 . 2009-06-23 07:11 143872 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\793C8817\C9CA8632\ioSid.dll
2009-05-18 13:22 . 2009-06-23 07:11 41984 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\2FAA8AB\C9CA8632\ioEcw.dll
2009-05-18 13:21 . 2009-06-23 07:11 40448 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\A4D9FC99\C9CA8632\ioLib.dll
2009-05-18 13:21 . 2009-06-23 07:11 126464 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\E98D73B9\C24319EE\Scripter.exe
2009-05-18 13:21 . 2009-06-23 07:11 64512 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\D62DB906\C9CA8632\RendererGSIO.dll
2009-05-18 13:21 . 2009-06-23 07:11 35328 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\75BECB80\C9CA8632\RendererBitmap.dll
2009-05-18 13:21 . 2009-06-23 07:11 55808 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\6C5549DA\C9CA8632\RendererGDI.dll
2009-05-18 13:20 . 2009-06-23 07:11 212992 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\9A614BBA\C9CA8632\GsDraw.dll
2009-05-18 13:19 . 2009-06-23 07:11 242688 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\450674E8\C9CA8632\GSWks2.dll
2009-05-18 13:18 . 2009-06-23 07:11 219648 -c--a-w- c:\documents and settings\All Users\Application Data\{DDA4ED42-F502-4538-9D2B-6492B946E8A8}\OFFLINE\BFFAEFCC\C9CA8632\gsio.dll
.

------- Sigcheck -------

[7] 2004-08-04 08:34 14336 22D8A75754B7B9ECC4753E3C09A56B18 c:\windows\$NtServicePackUninstall$\svchost.exe
[7] 2008-04-14 16:05 14336 6CCEF19D7301D9861F90E299C798AD3F c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 16:05 14336 6CCEF19D7301D9861F90E299C798AD3F c:\windows\SYSTEM32\svchost.exe
[7] 2008-04-14 16:05 14336 6CCEF19D7301D9861F90E299C798AD3F c:\windows\SYSTEM32\DLLCACHE\cache\svchost.exe

[-] 2005-03-02 18:21 577024 9E1D00980A3049018CA4F88A393039DF c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:51 578048 3E8B53E05155BCD52CA2D38D1F222DC0 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:39 577536 5F35963477143B0AA1527AF61B8BAB09 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-03-26 22:35 560128 9E2CBDA3E0604090F8AF33029ECC9EC4 c:\windows\$NtUninstallKB824141$\USER32.DLL
[7] 2004-08-04 08:34 577024 3E9523A6915656F639A49EBF8453CA00 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:19 577024 90E96B3930709ED71FFED80FE122DD39 c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2008-04-14 16:04 578560 E3CF0EC59316EA8E856DB1E1F442CD57 c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 16:04 578560 E3CF0EC59316EA8E856DB1E1F442CD57 c:\windows\SYSTEM32\user32.dll
[7] 2008-04-14 16:04 578560 E3CF0EC59316EA8E856DB1E1F442CD57 c:\windows\SYSTEM32\DLLCACHE\cache\user32.dll

[7] 2004-08-04 08:34 82944 CD46885DF74086059A723209990298A9 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[7] 2008-04-14 16:04 82432 45C8F895EE6D409FC3C5911C7749D60E c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 16:04 82432 45C8F895EE6D409FC3C5911C7749D60E c:\windows\SYSTEM32\ws2_32.dll
[7] 2008-04-14 16:04 82432 45C8F895EE6D409FC3C5911C7749D60E c:\windows\SYSTEM32\DLLCACHE\cache\ws2_32.dll

[-] 2004-09-29 18:47 657408 AF6C35DA0006DCFADB2A598E734B7D15 c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
[-] 2005-01-27 17:13 658432 6644224FF5B691FB8F113F97B1920312 c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[-] 2005-05-02 20:59 659456 D4D3A1F3E13F5294B60F16E42AE4078D c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[-] 2005-03-10 07:50 658432 DC73D1F1CC9E218116F97645225E15D7 c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
[-] 2005-09-02 23:55 660992 858630D7DDA6BADADCE01CD2A5C38766 c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2005-07-03 02:11 659968 BA9782F552ECFBF018FE99E4F9CF7715 c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[-] 2005-10-21 03:40 662016 D3B9F978B4927B4A674546896BF981EF c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2006-03-04 04:01 664064 819E02A05620B87947B36B7116BE7D8C c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-01-09 18:04 662528 028E29CC6403A6A02F6E051C2817CC95 c:\windows\$hf_mig$\KB912945\SP2QFE\wininet.dll
[-] 2006-05-10 05:27 664064 193EBB237B05182975EE44BDA3405AF1 c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-06-23 11:26 665088 466146844C05DD41E7DA573E2F52634A c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-09-14 08:37 665088 124B5B1D140B7A5DC8F23172B5125C81 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2006-10-23 15:35 665088 43CD9445A02B0EFC6C08CB86443A16AE c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[7] 2007-03-07 17:40 823296 4A3CD2AF6ED72409E24C8BCE4884BD7C c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[7] 2007-04-25 08:35 823808 CE6CEECC6C03C19021B3FA79D46220D6 c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[7] 2007-06-27 14:14 824320 E91E48460C63A978BF7698E4D5BFC63C c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[7] 2007-08-20 09:51 825344 8D8A997682F862B5911D2415673509A0 c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[7] 2007-10-10 23:42 825344 BDE874A25C35A9B2648B1BF510595F12 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[7] 2007-12-07 01:59 825344 520880D2467F57DD5325790F0C799B3E c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[7] 2008-03-01 12:49 827392 893312E4B19721A4DE83411C4BABAB61 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 04:21 827392 21FC0AE15F561EDC35D82C8DE85C2851 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-06-23 15:42 827904 763148C042469C197933AC956E566226 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 09:12 827904 27431705F27B772F4F7903E4BF96EFB2 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 19:50 827904 E54A023EEB7DCF92ADD34940679078E2 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:49 827904 25760D831FB2C82B6C7D14E27A00F9F3 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:17 828416 F43B023F7B8787130195B8022D7C9AB8 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-05-13 05:09 915456 F141583C843A96E3D3A293317C71202A c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2004-08-04 08:34 656896 9F721BD834534E75661D8F9BD1EFDCD7 c:\windows\$NtServicePackUninstall$\wininet.dll
[7] 2004-08-04 08:34 656896 9F721BD834534E75661D8F9BD1EFDCD7 c:\windows\$NtUninstallKB834707$\wininet.dll
[-] 2004-09-29 18:49 657408 B1D1A7C69296B367F8554BC0DCCFC13B c:\windows\$NtUninstallKB867282$\wininet.dll
[-] 2005-03-10 08:06 657408 76594474CADD23DB2C76B85611BBADE3 c:\windows\$NtUninstallKB883939$\wininet.dll
[-] 2005-01-27 17:14 657408 A80DCF2DDE92063733D9D51A75864716 c:\windows\$NtUninstallKB890923$\wininet.dll
[-] 2005-07-03 02:17 658944 9AC56896368DF693D6C6B1C49619F35B c:\windows\$NtUninstallKB896688$\wininet.dll
[-] 2005-05-02 20:57 658432 57B98D0B32975ED7673BCC835F8A586A c:\windows\$NtUninstallKB896727$\wininet.dll
[-] 2005-09-02 23:55 658944 4D4137857D9DACC4164CA392E489E40B c:\windows\$NtUninstallKB905915$\wininet.dll
[-] 2006-01-09 18:08 658944 4FC6A10B1C2D2D46F388DE7914D10932 c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2005-10-21 03:42 658944 86BF3664B86C59C669D8FF99B150F105 c:\windows\$NtUninstallKB912945$\wininet.dll
[-] 2006-03-04 03:36 658944 F433A7566F00377CCCB60641D54EB454 c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-05-10 05:25 658944 E9372769A6F16D88A5073A18D7271ECD c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-06-23 11:17 659456 31E0E3C26DC271DF369C5AC9069FEEC4 c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-10-23 15:19 659456 19EA0693BA34D729A4A1921A746F3250 c:\windows\$NtUninstallKB925454$\wininet.dll
[-] 2006-09-14 08:40 659456 87E6CD67BD79CF6C4C3FBD31C4686F88 c:\windows\$NtUninstallKB925454_0$\wininet.dll
[-] 2006-10-23 15:35 665088 43CD9445A02B0EFC6C08CB86443A16AE c:\windows\ie7\wininet.dll
[7] 2006-11-07 20:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB928090-IE7\wininet.dll
[7] 2007-01-12 08:27 822784 BE43D00D802C92F01C8CC952C6F483F8 c:\windows\ie7updates\KB931768-IE7\wininet.dll
[7] 2007-03-07 17:42 822784 A7260F689F6F2D14CE96EC5DDFDE62C6 c:\windows\ie7updates\KB933566-IE7\wininet.dll
[7] 2007-04-25 07:45 822784 38301DA426800FBC32929C91031D436D c:\windows\ie7updates\KB937143-IE7\wininet.dll
[7] 2007-06-27 14:10 823808 2BC70EE828BADCF36074F8790EBF21BF c:\windows\ie7updates\KB939653-IE7\wininet.dll
[7] 2007-08-20 10:02 824832 A6595B9A6DA2527C3677F24FB3D9A5E1 c:\windows\ie7updates\KB942615-IE7\wininet.dll
[7] 2007-10-10 23:53 824832 41669FAD846F6C003C1FFD8B747C6FA4 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[7] 2007-12-07 02:14 824832 F8657486CE7494F9371057957642083A c:\windows\ie7updates\KB947864-IE7\wininet.dll
[7] 2008-03-01 13:02 826368 F51A84F3B4109769F91E6348D01E2AC1 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2008-04-23 04:22 826368 F95A6BD811247A0A8AE2C8B99DECD873 c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-06-23 16:42 826368 CE365A16790EC5C5DDDC78820949C02E c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-08-26 08:27 826368 91A76D98B206723D21612AECBC1D65CE c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:33 826368 046DA003D4E4664EBBF9EA40B79BDC28 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 23:03 826368 1AAB5F08D42E5C08F9614FF5EB1FF939 c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2009-03-03 00:16 826368 24B9709F1470B436A6CD2E8A9FA90BFE c:\windows\ie8\wininet.dll
[7] 2009-03-08 02:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[7] 2008-04-14 16:04 666624 B8D98F0CDF9B1429CD95497AD9995078 c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2009-05-13 05:06 915456 8E5C9B190A503287EDC58AFD72AB400F c:\windows\SYSTEM32\wininet.dll
[7] 2009-05-13 05:06 915456 8E5C9B190A503287EDC58AFD72AB400F c:\windows\SYSTEM32\DLLCACHE\wininet.dll
[7] 2009-05-13 05:06 915456 8E5C9B190A503287EDC58AFD72AB400F c:\windows\SYSTEM32\DLLCACHE\cache\wininet.dll

[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\SYSTEM32\DLLCACHE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\SYSTEM32\DLLCACHE\cache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\SYSTEM32\DRIVERS\tcpip.sys

[7] 2004-08-04 08:34 502272 3E080D3D4F81B0638766CCC4D7707D10 c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 16:05 507904 ABD2D070BE76A9386A0A283A332E3862 c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 16:05 507904 ABD2D070BE76A9386A0A283A332E3862 c:\windows\SYSTEM32\winlogon.exe
[7] 2008-04-14 16:05 507904 ABD2D070BE76A9386A0A283A332E3862 c:\windows\SYSTEM32\DLLCACHE\cache\winlogon.exe

[7] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SYSTEM32\DLLCACHE\cache\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SYSTEM32\DRIVERS\ndis.sys

[7] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SYSTEM32\DLLCACHE\cache\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SYSTEM32\DRIVERS\ip6fw.sys

[-] 2005-03-02 18:14 2057728 31D7044BCD9ABEBC6082E5ACAD95ADBB c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 18:47 2060160 629B04AA1544239F6A40F07658F858EA c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 16:09 2060160 80691B07CAC39B56DFB2DF5ABE78F18E c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2009-02-09 11:19 2066944 4F791E49AE659E3A0E148F88D887401D c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 17:28 2066816 238671F196B8CDBC299AF346BF4F3E22 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2007-02-28 16:04 2016768 D0D7BE1098D2D4DA3255D5F652C95FA0 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2004-03-26 22:35 1948672 54402979ECA37B3BBED0B3820A11AE55 c:\windows\$NtUninstallKB826939$\NTKRNLPA.EXE
[7] 2004-08-04 08:24 2057600 ACF426AC8F877FF7662C88338638F47F c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 18:09 2016256 DF6FD88788F648BF777A1F5489DA71D5 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2006-12-19 18:25 2016768 335DDA17D7A97D7CC8A38F260FC0C1A3 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-08-14 13:27 2024960 0029EE659FAC3F360AF19C4D8C496713 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-04-14 15:44 2024960 C0F26B28557E880BB160C3BBD1155F6C c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2009-02-10 17:10 2066816 81C4A213E88283B5C1989BE75E333815 c:\windows\Driver Cache\I386\ntkrnlpa.exe
[7] 2008-04-14 15:44 2066688 559891E5A025A92AC648D4A85EA757C5 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2009-02-09 11:27 2024960 381ECDBEDCAE721E43220FCC09D21C78 c:\windows\SYSTEM32\ntkrnlpa.exe
[7] 2009-02-10 17:10 2066816 81C4A213E88283B5C1989BE75E333815 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
[7] 2009-02-09 11:27 2024960 381ECDBEDCAE721E43220FCC09D21C78 c:\windows\SYSTEM32\DLLCACHE\cache\ntkrnlpa.exe

[-] 2005-03-02 18:15 2180352 EF7E05A2969B095C210B8FF6D429B640 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 18:47 2182784 2E12AE64594FB5EBDD5AB63403CE2F62 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 16:09 2182912 7BD1227FC18FADAF2433E72A20F65536 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2009-02-10 17:19 2189952 A9B77A48089BA2B465243F757EDB3691 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 17:28 2189952 1A43A9EF689A90E3D914FAC8BB71C084 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2007-02-28 16:04 2137088 EF4A2640686417F19714B2DD628C2B6F c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2004-03-26 22:34 2043008 C41196A731D9D60D365A736D11E901BD c:\windows\$NtUninstallKB826939$\NTOSKRNL.EXE
[7] 2004-08-04 08:25 2181760 99944110C274A14262976C73B7CDE99B c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 18:09 2136576 868737ADD0FEAAE327A7D897EBF24691 c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2006-12-19 18:25 2137088 066A8832037E356714A95065238BD909 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-08-14 13:27 2146304 FB99E283B569D3F621FA1D4380FB04B2 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-04-14 15:43 2146304 F1471E7F81CA6C20129D3A7529EDFD86 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2009-02-09 11:27 2189824 9997BBBC842F134DB32321E1618572C8 c:\windows\Driver Cache\I386\ntoskrnl.exe
[7] 2008-04-14 15:44 2189824 141A27527788DD5CE5C3D85BB937EE5E c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2009-02-09 11:27 2146304 9D1261FF3BDE3232A9C84ACA080A2448 c:\windows\SYSTEM32\ntoskrnl.exe
[7] 2009-02-09 11:27 2189824 9997BBBC842F134DB32321E1618572C8 c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
[7] 2009-02-09 11:27 2146304 9D1261FF3BDE3232A9C84ACA080A2448 c:\windows\SYSTEM32\DLLCACHE\cache\ntoskrnl.exe

[7] 2008-04-14 16:05 1034240 74BB7DCD2BFDCC0E52869DB3582CA781 c:\windows\explorer.exe
[-] 2007-06-13 13:12 1033728 75CF621935A2138BB0DD354BB72548FC c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 13:23 1033728 96D1DDE74E550113D2FCB97C8A4C43CB c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 08:34 1032704 87A3C8EAD27CF3591713D629D8BCB990 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 16:05 1034240 74BB7DCD2BFDCC0E52869DB3582CA781 c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 16:05 1034240 74BB7DCD2BFDCC0E52869DB3582CA781 c:\windows\SYSTEM32\DLLCACHE\cache\explorer.exe

[7] 2009-02-09 11:19 110592 5DD875F92626DC3C8F46AB3E6CC1C98E c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2004-08-04 08:34 108032 0DF00535E2F5AEFAEAD3A800F75137AF c:\windows\$NtServicePackUninstall$\services.exe
[7] 2008-04-14 16:05 108544 9436FEE6DF0F12AABDE97BEA8501B538 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 16:05 108544 9436FEE6DF0F12AABDE97BEA8501B538 c:\windows\ServicePackFiles\i386\services.exe
[7] 2009-02-09 11:27 110592 8870B0C4A094C1CE80CEA6F85FA38FF2 c:\windows\SYSTEM32\services.exe
[7] 2009-02-09 11:27 110592 8870B0C4A094C1CE80CEA6F85FA38FF2 c:\windows\SYSTEM32\DLLCACHE\services.exe
[7] 2009-02-09 11:27 110592 8870B0C4A094C1CE80CEA6F85FA38FF2 c:\windows\SYSTEM32\DLLCACHE\cache\services.exe

[7] 2004-08-04 08:34 13312 BA428312D9A0726E4C07C2037E882520 c:\windows\$NtServicePackUninstall$\lsass.exe
[7] 2008-04-14 16:05 13312 FF1805D5DAF41625AF5282750D4A3700 c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 16:05 13312 FF1805D5DAF41625AF5282750D4A3700 c:\windows\SYSTEM32\lsass.exe
[7] 2008-04-14 16:05 13312 FF1805D5DAF41625AF5282750D4A3700 c:\windows\SYSTEM32\DLLCACHE\cache\lsass.exe

[7] 2004-08-04 08:34 15360 FEBE82A289A6645E26B27F3A0A4D2B84 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2008-04-14 16:05 15360 07F27822A1376C2DA7F8C7265015CEDC c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 16:05 15360 07F27822A1376C2DA7F8C7265015CEDC c:\windows\SYSTEM32\ctfmon.exe
[7] 2008-04-14 16:05 15360 07F27822A1376C2DA7F8C7265015CEDC c:\windows\SYSTEM32\DLLCACHE\cache\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2004-08-04 08:34 57856 5770628BC7A7A3E49E7D4426EE60BEE6 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 2008-04-14 16:05 57856 AC6A8CEAAF03081DA74EE70EA2124495 c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2008-04-14 16:05 57856 AC6A8CEAAF03081DA74EE70EA2124495 c:\windows\SYSTEM32\spoolsv.exe
[7] 2008-04-14 16:05 57856 AC6A8CEAAF03081DA74EE70EA2124495 c:\windows\SYSTEM32\DLLCACHE\cache\spoolsv.exe

[7] 2004-08-04 08:34 111104 F0149A1FBFAF3FB7774CB38DA831BE62 c:\windows\$NtServicePackUninstall$\wuauclt.exe
[7] 2008-04-14 16:05 111104 1163A21E9FE2354F9293438C4BDC5F2E c:\windows\ServicePackFiles\i386\wuauclt.exe
[7] 2008-10-16 13:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\SYSTEM32\wuauclt.exe
[7] 2008-10-16 13:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
[7] 2008-10-16 13:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\SYSTEM32\DLLCACHE\cache\wuauclt.exe

[7] 2004-08-04 08:34 24576 452202227D7A5020D058D49106C0B872 c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 16:05 26112 317799A2E42B5EA048A8A70F482CBA9F c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 16:05 26112 317799A2E42B5EA048A8A70F482CBA9F c:\windows\SYSTEM32\userinit.exe
[7] 2008-04-14 16:05 26112 317799A2E42B5EA048A8A70F482CBA9F c:\windows\SYSTEM32\DLLCACHE\cache\userinit.exe

[7] 2004-08-04 08:33 295424 7BA1802C39AEC78EC1D9B3B927884A9B c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2008-04-14 16:04 295424 F89C53D455420DF4D66E45842FB3A46E c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 16:04 295424 F89C53D455420DF4D66E45842FB3A46E c:\windows\SYSTEM32\termsrv.dll
[7] 2008-04-14 16:04 295424 F89C53D455420DF4D66E45842FB3A46E c:\windows\SYSTEM32\DLLCACHE\cache\termsrv.dll

[-] 2006-07-05 10:58 998912 652FC5CEBDD1E96A3CEA13135741EE8C c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:11 999936 640B544B361CDFC99B853FD7FCE26442 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 14:03 1005568 7140C1C1AA3814D9772E1E744EADFEF7 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2007-04-16 15:54 998400 52FE0CA8B61F85DF3A8E40AC39662163 c:\windows\$NtServicePackUninstall$\kernel32.dll
[7] 2004-08-04 08:33 997376 673505731AA42D4F635968C3754BEBF1 c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2006-07-05 10:57 997888 C4F2E5F3C6839E1338D4F3ADFA76227A c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2008-04-14 16:04 1003520 19563163BDBEA684ED7CACA71A0CC117 c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2008-04-14 16:04 1003520 19563163BDBEA684ED7CACA71A0CC117 c:\windows\ServicePackFiles\i386\kernel32.dll
[7] 2009-03-21 14:09 1003520 7F06ACEFD3A4B040BB59822DED9B5474 c:\windows\SYSTEM32\kernel32.dll
[7] 2009-03-21 14:09 1003520 7F06ACEFD3A4B040BB59822DED9B5474 c:\windows\SYSTEM32\DLLCACHE\kernel32.dll
[7] 2009-03-21 14:09 1003520 7F06ACEFD3A4B040BB59822DED9B5474 c:\windows\SYSTEM32\DLLCACHE\cache\kernel32.dll

[7] 2004-08-04 08:33 17408 E893663BA7306E29630239795F50DC0B c:\windows\$NtServicePackUninstall$\powrprof.dll
[7] 2008-04-14 16:04 17408 477B6E1192C640FDDD6899255370276D c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 16:04 17408 477B6E1192C640FDDD6899255370276D c:\windows\SYSTEM32\powrprof.dll
[7] 2008-04-14 16:04 17408 477B6E1192C640FDDD6899255370276D c:\windows\SYSTEM32\DLLCACHE\cache\powrprof.dll

[7] 2004-08-04 08:33 110080 D7A091CEBBD237232110BA876FC49033 c:\windows\$NtServicePackUninstall$\imm32.dll
[7] 2008-04-14 16:04 110080 E95CDEAC9C6B69DF3F414B765CF62040 c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 16:04 110080 E95CDEAC9C6B69DF3F414B765CF62040 c:\windows\SYSTEM32\imm32.dll
[7] 2008-04-14 16:04 110080 E95CDEAC9C6B69DF3F414B765CF62040 c:\windows\SYSTEM32\DLLCACHE\cache\imm32.dll

[7] 2004-08-04 08:33 1548288 DA7EDC069A8A299A756839591AA04B8B c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[7] 2008-04-14 16:04 1571840 5AF808D660A8EF98B27596481CE43E5C c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 16:04 1571840 5AF808D660A8EF98B27596481CE43E5C c:\windows\SYSTEM32\sfcfiles.dll
[7] 2008-04-14 16:04 1571840 5AF808D660A8EF98B27596481CE43E5C c:\windows\SYSTEM32\DLLCACHE\cache\sfcfiles.dll

[7] 2004-08-04 08:33 170496 7D277225EBADEB4EF80ABF47C8FDDD18 c:\windows\$NtServicePackUninstall$\appmgmts.dll
[7] 2008-04-14 16:04 170496 6912D676607594C3554C2E43F4B1FEEE c:\windows\ServicePackFiles\i386\appmgmts.dll
[7] 2008-04-14 16:04 170496 6912D676607594C3554C2E43F4B1FEEE c:\windows\SYSTEM32\appmgmts.dll
[7] 2008-04-14 16:04 170496 6912D676607594C3554C2E43F4B1FEEE c:\windows\SYSTEM32\DLLCACHE\cache\appmgmts.dll

[7] 2004-08-04 08:18 24832 CE96BFA4AF66A2FE61982093BD1D8FFB c:\windows\$NtServicePackUninstall$\kbdclass.sys
[7] 2008-04-14 15:41 24832 D655CA94C8E2E0223C1BC28BCD95723A c:\windows\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-14 15:41 24832 D655CA94C8E2E0223C1BC28BCD95723A c:\windows\SYSTEM32\DLLCACHE\cache\kbdclass.sys
[7] 2008-04-14 15:41 24832 D655CA94C8E2E0223C1BC28BCD95723A c:\windows\SYSTEM32\DRIVERS\kbdclass.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-07-07_19.34.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-08 05:27 . 2009-07-08 05:27 16384 c:\windows\Temp\Perflib_Perfdata_740.dat
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="c:\program\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"DVDLauncher"="c:\program\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"UpdateManager"="c:\program\Delade filer\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2009-01-05 413696]
"McAfeeUpdaterUI"="c:\program\Network Associates\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"HP Component Manager"="c:\program\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"MaxtorOneTouch"="c:\program\Maxtor\OneTouch\utils\Onetouch.exe" [2005-11-09 634880]
"mxomssmenu"="c:\program\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 81920]
"Acrobat Assistant 8.0"="c:\program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"ShStatEXE"="c:\program\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-08-13 111952]
"PDUiP6700DMon"="c:\program\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe" [2006-10-03 75376]
"Easy-PrintToolBox"="c:\program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"ToolBoxFX"="c:\program\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-06-15 49152]
"HP Software Update"="c:\program\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-07-07 148888]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2009-03-27 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start-meny\Program\Autostart\
Digital Line Detect.lnk - c:\program\Digital Line Detect\DLG.exe [2004-8-27 24576]
HP Digital Imaging Monitor.lnk - c:\program\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-14 241664]
HP Image Zone Snabbstarta.lnk - c:\program\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-14 53248]
Personal.lnk - c:\program\Personal\bin\Personal.exe [2007-2-2 722728]
QuickScan (OpticFilm 7200i).lnk - c:\program\Plustek\OpticFilm 7200i\QuickScan.exe [2006-10-20 290816]
Windows Search.lnk - c:\program\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"telia"="c:\program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"c:\\Program\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program\\Bonjour\\mDNSResponder.exe"=
"c:\\Program\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\WINDOWS\\SYSTEM32\\ftp.exe"=
"c:\\Program\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=

R2 sprtsvc_telia;SupportSoft Sprocket Service (telia);c:\program\Telia\Supportassistent\bin\sprtsvc.exe [2008-11-03 202016]
S2 gupdate1c8e0e320912ea;Google Update Service (gupdate1c8e0e320912ea);c:\program\Google\Update\GoogleUpdate.exe [2008-07-15 133104]
S3 adr2k;adr2k;c:\windows\SYSTEM32\DRIVERS\adr2k.sys [2002-01-10 5760]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\SYSTEM32\DRIVERS\ggflt.sys [2007-11-27 13224]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\SYSTEM32\DRIVERS\sea1bus.sys [2007-07-01 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\SYSTEM32\DRIVERS\sea1mdfl.sys [2007-07-01 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\SYSTEM32\DRIVERS\sea1mdm.sys [2007-07-01 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\SYSTEM32\DRIVERS\sea1mgmt.sys [2007-07-01 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\SYSTEM32\DRIVERS\sea1nd5.sys [2007-07-01 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\SYSTEM32\DRIVERS\sea1obex.sys [2007-07-01 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\SYSTEM32\DRIVERS\sea1unic.sys [2007-07-01 90800]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Innehållet i mappen 'Schemalagda aktiviteter':

2009-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program\Google\Update\GoogleUpdate.exe [2008-07-15 13:44]

2009-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program\Google\Update\GoogleUpdate.exe [2008-07-15 13:44]

2009-07-07 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-07-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.google.se/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {76392179-60A8-462D-8961-B95C14DAADF4} - hxxps://eredovisning.plusgirot.se/ddrint/content/ddiprintengine.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-08 07:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------

[HKEY_USERS\S-1-5-21-1773558433-214419653-2450776255-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"D140111900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'explorer.exe'(2900)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\windows\SYSTEM32\BAsfIpM.exe
c:\program\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program\Java\jre6\bin\jqs.exe
c:\program\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
c:\program\Network Associates\Common Framework\FrameworkService.exe
c:\program\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program\Network Associates\Common Framework\naPrdMgr.exe
c:\program\Maxtor\OneTouch\Utils\SyncServices.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\searchindexer.exe
c:\program\Windows Media Player\wmpnetwk.exe
c:\program\Canon\CAL\CALMAIN.exe
c:\program\Network Associates\Common Framework\Mctray.exe
c:\windows\SYSTEM32\rundll32.exe
c:\program\HP\hpcoretech\comp\hptskmgr.exe
c:\program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program\HP\Digital Imaging\bin\hpqgalry.exe
c:\program\McAfee\VirusScan Enterprise\Mcshield.exe
.
**************************************************************************
.
Sluttid: 2009-07-08 7:39 - datorn startades om.
ComboFix-quarantined-files.txt 2009-07-08 05:39
ComboFix2.txt 2009-07-07 19:37

Före genomsökningen: 28 039 991 296 byte ledigt
Efter genomsökningen: 27 873 075 200 byte ledigt

511 --- E O F --- 2009-06-30 07:53