Hi,

Forgot to add to my thread... Have some problems with popups when starting IE. send me to lot of sites. The reaseon; downloadet mapsource for Garmin GPS.
Think I have got som nasties that controlls my computer...

I appreciate all help I can get, tried some programs to clean, but the problem is still there. So therefor I posted an HJT log,

JaY

Hi, when I reboot my computer I get a message: can´t find and C:\WINDOWS\system32\dxvwnean.dll:

and here is the log from AVG:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:38:11 12.04.2008

+ Scan result:

C:\System Volume Information\_restore{2DE4DD7A-95AD-4DF3-B8BF-6094F5DD25AF}\RP384\A0036142.dll -> Adware.Agent : Cleaned.
C:\System Volume Information\_restore{2DE4DD7A-95AD-4DF3-B8BF-6094F5DD25AF}\RP384\A0036165.exe -> Adware.Agent : Cleaned.
C:\System Volume Information\_restore{2DE4DD7A-95AD-4DF3-B8BF-6094F5DD25AF}\RP387\A0036657.exe -> Adware.Agent : Cleaned.
C:\System Volume Information\_restore{2DE4DD7A-95AD-4DF3-B8BF-6094F5DD25AF}\RP387\A0036719.dll -> Adware.BraveSentry : Cleaned.
C:\System Volume Information\_restore{2DE4DD7A-95AD-4DF3-B8BF-6094F5DD25AF}\RP387\A0036720.dll -> Adware.BraveSentry : Cleaned.
C:\System Volume Information\_restore{2DE4DD7A-95AD-4DF3-B8BF-6094F5DD25AF}\RP387\A0036721.dll -> Adware.BraveSentry : Cleaned.
C:\Documents and Settings\Liv Lystad.DELL\Programdata\Adverts\uninst.exe -> Adware.Lop : Cleaned.
C:\System Volume Information\_restore{2DE4DD7A-95AD-4DF3-B8BF-6094F5DD25AF}\RP387\A0036656.exe -> Not-A-Virus.Adware.Agent : Cleaned.
C:\Documents and Settings\Liv Lystad.DELL\Lokale innstillinger\Temp\Cookies\liv [email]lystad@msnportal.112.2o7[2].txt[/email] -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Jarle Lystad\Programdata\Mozilla\Firefox\Profiles\772uy5ao.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.16:C:\Documents and Settings\Jarle Lystad\Programdata\Mozilla\Firefox\Profiles\772uy5ao.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.19:C:\Documents and Settings\Jarle Lystad\Programdata\Mozilla\Firefox\Profiles\772uy5ao.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Liv Lystad.DELL\Cookies\liv [email]lystad@advertising[1].txt[/email] -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\Jarle Lystad\Programdata\Mozilla\Firefox\Profiles\772uy5ao.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Liv Lystad.DELL\Cookies\liv [email]lystad@atdmt[2].txt[/email] -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Liv Lystad.DELL\Lokale innstillinger\Temp\Cookies\liv [email]lystad@atdmt[2].txt[/email] -> TrackingCookie.Atdmt : Cleaned.
:mozilla.796:C:\Documents and Settings\Liv Lystad.DELL\Programdata\Mozilla\Firefox\Profiles\gvsv1z4v.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.20:C:\Documents and Settings\Jarle Lystad\Programdata\Mozilla\Firefox\Profiles\772uy5ao.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.74:C:\Documents and Settings\Liv Lystad.DELL\Programdata\Mozilla\Firefox\Profiles\gvsv1z4v.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.75:C:\Documents and Settings\Liv Lystad.DELL\Programdata\Mozilla\Firefox\Profiles\gvsv1z4v.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
C:\Documents and Settings\Liv Lystad.DELL\Lokale innstillinger\Temp\Cookies\liv [email]lystad@auto.search.msn[1].txt[/email] -> TrackingCookie.Msn : Cleaned.
:mozilla.353:C:\Documents and Settings\Liv Lystad.DELL\Programdata\Mozilla\Firefox\Profiles\gvsv1z4v.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Liv Lystad.DELL\Cookies\liv [email]lystad@bs.serving-sys[2].txt[/email] -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Liv Lystad.DELL\Cookies\liv [email]lystad@serving-sys[2].txt[/email] -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Liv Lystad.DELL\Lokale innstillinger\Temp\Cookies\liv [email]lystad@bs.serving-sys[2].txt[/email] -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Liv Lystad.DELL\Lokale innstillinger\Temp\Cookies\liv [email]lystad@serving-sys[1].txt[/email] -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.21:C:\Documents and Settings\Liv Lystad.DELL\Programdata\Mozilla\Firefox\Profiles\gvsv1z4v.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.23:C:\Documents and Settings\Jarle Lystad\Programdata\Mozilla\Firefox\Profiles\772uy5ao.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\Liv Lystad.DELL\Cookies\liv [email]lystad@statistik-gallup[1].txt[/email] -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\Liv Lystad.DELL\Lokale innstillinger\Temp\Cookies\liv [email]lystad@statistik-gallup[2].txt[/email] -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\Liv Lystad.DELL\Cookies\liv [email]lystad@tradedoubler[1].txt[/email] -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.6:C:\Documents and Settings\Jarle Lystad\Programdata\Mozilla\Firefox\Profiles\772uy5ao.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\System Volume Information\_restore{2DE4DD7A-95AD-4DF3-B8BF-6094F5DD25AF}\RP384\A0036143.exe -> Trojan.Agent : Cleaned.

::Report end

Hmmm its strange, I am really sure that I deleted
O4 - HKLM\..\Run: [BM0f7886b3] Rundll32.exe "C:\WINDOWS\system32\dxvwnean.dll",s

first time, but now its deleted again. Looks like the computer works fine again.
dont get the message about missing file.

Thank you for all help.

JaY

Hi

This is really strange. I thought that I should post a last log from HJT. After scanning and saving file. Opened my browser "firefox" and when I just hit enter for log on to daniweb, a popup window arrived. a poker site or something...

Can you see anything in this HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:45, on 13.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
C:\Programfiler\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programfiler\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
C:\Programfiler\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\K-Lite Codec Pack\QuickTime\qttask.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe
C:\Programfiler\Skype\Phone\Skype.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programfiler\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe
C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Musicmatch\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programfiler\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Logitech\Video\FxSvr2.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\Programfiler\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Jarle Lystad\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programfiler\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Programfiler\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [0c4bb52f] rundll32.exe "C:\WINDOWS\system32\oyhhojsk.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programfiler\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programfiler\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [PcSync] C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin 802.11g Wireless Card Utility.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} (CU LiveUpdate Control) - http://nettdaten.meetheworld.no/nettdaten/runtime/pic/inner_pic/packages/liveupdate.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp04.photoprintit.de/microsite/5026/defaults/activex/ImageUploader3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7676 bytes

JaY

Thnx Crunchie

I scanned a new log, is the computer clean gerbil?

JaY

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:56:39, on 13.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programfiler\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
C:\Programfiler\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\K-Lite Codec Pack\QuickTime\qttask.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe
C:\Programfiler\Skype\Phone\Skype.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programfiler\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe
C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programfiler\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programfiler\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Jarle Lystad\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Programfiler\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [LexPPS.exe] C:\WINDOWS\system32\lexpps.exe
O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\JARLEL~1\LOKALE~1\Temp\MsgPlusUninst.bat"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programfiler\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-21-436374069-602162358-682003330-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Liv Lystad')
O4 - HKUS\S-1-5-21-436374069-602162358-682003330-1004\..\Run: [BaseAbout] C:\DOCUME~1\LIVLYS~1.DEL\PROGRA~1\EGGSAU~1\BALMSKIPERROR.exe (User 'Liv Lystad')
O4 - HKUS\S-1-5-21-436374069-602162358-682003330-1004\..\Run: [ActiveOwnsCampEach] C:\Documents and Settings\All Users\Programdata\Site Balm Active Owns\BIN META.exe (User 'Liv Lystad')
O4 - HKUS\S-1-5-21-436374069-602162358-682003330-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" (User 'Liv Lystad')
O4 - HKUS\S-1-5-21-436374069-602162358-682003330-1004\..\Run: [QuickTime Task] "C:\Programfiler\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime (User 'Liv Lystad')
O4 - HKUS\S-1-5-21-436374069-602162358-682003330-1004\..\Run: [MS Juan] rundll32 "C:\DOCUME~1\LIVLYS~1.DEL\LOKALE~1\Temp\nudxexdt.dll",run (User 'Liv Lystad')
O4 - HKUS\S-1-5-21-436374069-602162358-682003330-1004\..\Run: [0c4bb52f] rundll32.exe "C:\DOCUME~1\LIVLYS~1.DEL\LOKALE~1\Temp\uekxvetc.dll",b (User 'Liv Lystad')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin 802.11g Wireless Card Utility.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} (CU LiveUpdate Control) - http://nettdaten.meetheworld.no/nettdaten/runtime/pic/inner_pic/packages/liveupdate.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp04.photoprintit.de/microsite/5026/defaults/activex/ImageUploader3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8446 bytes

Hi,
I couldn´t find these entries:
O4 - HKLM\..\Run: [0c4bb52f] rundll32.exe "C:\WINDOWS\system32\oyhhojsk.dll",b
O4 - HKUS\S-1-5-21-436374069-602162358-682003330-1004\..\Run: [MS Juan] rundll32 "C:\DOCUME~1\LIVLYS~1.DEL\LOKALE~1\Temp\nudxexdt.dll",run (User 'Liv Lystad')
O4 - HKUS\S-1-5-21-436374069-602162358-682003330-1004\..\Run: [0c4bb52f] rundll32.exe "C:\DOCUME~1\LIVLYS~1.DEL\LOKALE~1\Temp\uekxvetc.dll",b (User 'Liv Lystad')

And here is those logs:

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Jarle Lystad\Skrivebord
[14.04.2008]
[22:41:25]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\AC3EFD75912D6E71.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Npf

_______________________________________________________

Malwarebytes' Anti-Malware 1.11
Database version: 629

Scan type: Full Scan (C:\|D:\|G:\|)
Objects scanned: 76466
Time elapsed: 32 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 17
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 39

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\geebb.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ddcyxyy.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1502ad2-93ce-459d-8a0e-68022c272ec3} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a1502ad2-93ce-459d-8a0e-68022c272ec3} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e9383002-fc55-4330-b9c9-67e03bc5c840} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9383002-fc55-4330-b9c9-67e03bc5c840} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcyxyy (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e9383002-fc55-4330-b9c9-67e03bc5c840} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\geebb.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\geebb.dll -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\geebb.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\bbeeg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bbeeg.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hhltmggm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mggmtlhh.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iytccjku.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ukjcctyi.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mljjk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kjjlm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kjjlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uhmniimj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jmiinmhu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcyxyy.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Liv Lystad.DELL\Lokale innstillinger\Temp\bloqkdew.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Liv Lystad.DELL\Lokale innstillinger\Temp\bygxpwnw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Liv Lystad.DELL\Lokale innstillinger\Temp\eckklrkn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Liv Lystad.DELL\Lokale innstillinger\Temp\fdftskhn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Liv Lystad.DELL\Lokale innstillinger\Temp\fhkmruve.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Liv Lystad.DELL\Lokale innstillinger\Temp\fqdgqoji.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Liv Lystad.DELL\Lokale innstillinger\Temp\ftilymfa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Liv Lystad.DELL\Lokale innstillinger\Temp\mjikiska.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Liv Lystad.DELL\Lokale innstillinger\Temp\mtkdmjbp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Liv Lystad.DELL\Lokale innstillinger\Temp\pcmoijfi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Liv Lystad.DELL\Lokale innstillinger\Temp\qqjbseah.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Liv Lystad.DELL\Lokale innstillinger\Temp\skexgeps.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Liv Lystad.DELL\Lokale innstillinger\Temp\stqxoebc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Liv Lystad.DELL\Lokale innstillinger\Temp\vbfrrono.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Liv Lystad.DELL\Lokale innstillinger\Temp\vwwveegq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DE4DD7A-95AD-4DF3-B8BF-6094F5DD25AF}\RP387\A0036666.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DE4DD7A-95AD-4DF3-B8BF-6094F5DD25AF}\RP387\A0036672.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DE4DD7A-95AD-4DF3-B8BF-6094F5DD25AF}\RP387\A0036718.exe (Rogue.MalwareAlarm) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DE4DD7A-95AD-4DF3-B8BF-6094F5DD25AF}\RP388\A0036784.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2DE4DD7A-95AD-4DF3-B8BF-6094F5DD25AF}\RP388\A0037835.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mmpxsoey.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqqnki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifffec.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byxyxuv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvwxwu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byxvvwx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

_________________________________________________________________________

ComboFix 08-04-13.3 - Jarle Lystad 2008-04-14 23:33:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.239 [GMT 2:00]
Running from: C:\Documents and Settings\Jarle Lystad\Skrivebord\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM0f7886b3.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\bqocqpyt.dll
C:\WINDOWS\system32\ddcyxyy.dll
C:\WINDOWS\system32\geebb.dll
C:\WINDOWS\system32\guircrlk.dll
C:\WINDOWS\system32\gvpqoibb.dll
C:\WINDOWS\system32\ksjohhyo.ini
C:\WINDOWS\system32\liqpmmnb.dll
C:\WINDOWS\system32\xdtvbjoy.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 )))))))))))))))))))))))))))))))
.

2008-04-14 22:51 . 2008-04-14 22:51 d-------- C:\Documents and Settings\Jarle Lystad\Programdata\Malwarebytes
2008-04-14 22:50 . 2008-04-14 22:50 d-------- C:\Programfiler\Malwarebytes' Anti-Malware
2008-04-14 22:50 . 2008-04-14 22:50 d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes
2008-04-14 22:42 . 2008-04-14 22:44 d-------- C:\NoLopBackups
2008-04-14 20:48 . 2008-04-14 20:48 3,648 --a------ C:\WINDOWS\system32\indfkyky.dll
2008-04-13 10:31 . 2008-04-13 10:31 3,648 --a------ C:\WINDOWS\system32\gfkbxycw.dll
2008-04-13 10:22 . 2008-04-13 10:22 dr-h----- C:\Documents and Settings\Jarle Lystad\Siste
2008-04-12 20:27 . 2008-04-12 20:27 d-------- C:\Documents and Settings\Liv Lystad.DELL\Programdata\Grisoft
2008-04-12 10:54 . 2008-04-12 10:54 d-------- C:\Documents and Settings\Jarle Lystad\Programdata\Grisoft
2008-04-12 10:54 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-12 10:53 . 2008-04-12 10:53 d-------- C:\Documents and Settings\All Users\Programdata\Grisoft
2008-04-12 10:37 . 2008-04-12 10:37 d-------- C:\Programfiler\CCleaner
2008-04-12 10:27 . 2008-04-12 10:27 3,648 --a------ C:\WINDOWS\system32\avflsjjd.dll
2008-04-09 16:19 . 2008-04-09 16:19 d-------- C:\WINDOWS\ERUNT
2008-04-09 16:01 . 2008-04-09 16:01 d-------- C:\Documents and Settings\Jarle Lystad\Download
2008-04-09 15:32 . 2008-04-09 15:32 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2008-04-09 15:08 . 2006-02-24 20:36 dr------- C:\Documents and Settings\Administrator\Start-meny
2008-04-09 15:08 . 2006-02-24 20:36 d--h----- C:\Documents and Settings\Administrator\Skrivere
2008-04-09 15:08 . 2006-02-24 20:36 d-------- C:\Documents and Settings\Administrator\Skrivebord
2008-04-09 15:08 . 2006-02-24 20:36 d--h----- C:\Documents and Settings\Administrator\Siste
2008-04-09 15:08 . 2006-02-24 20:36 dr-h----- C:\Documents and Settings\Administrator\Programdata
2008-04-09 15:08 . 2006-02-24 20:36 d-------- C:\Documents and Settings\Administrator\Mine dokumenter
2008-04-09 15:08 . 2006-02-24 19:57 d--h----- C:\Documents and Settings\Administrator\Maler
2008-04-09 15:08 . 2006-02-24 20:36 d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger
2008-04-09 15:08 . 2006-02-24 20:36 d-------- C:\Documents and Settings\Administrator\Favoritter
2008-04-09 15:08 . 2006-02-24 20:36 d--h----- C:\Documents and Settings\Administrator\AndrMask
2008-04-09 15:08 . 2008-04-09 15:08 d-------- C:\Documents and Settings\Administrator
2008-04-09 14:28 . 2008-04-09 14:28 3,648 --a------ C:\WINDOWS\system32\pfwaoppg.dll
2008-04-09 14:05 . 2008-04-09 14:05 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-04-09 14:05 . 2008-04-09 14:05 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-04-09 14:04 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-04-09 14:04 . 2002-07-24 22:43 667,648 --a------ C:\WINDOWS\system32\FreeImage.dll
2008-04-09 14:04 . 2004-03-09 10:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-04-09 14:04 . 2001-05-30 10:00 352,256 --a------ C:\WINDOWS\system32\ijl15.dll
2008-04-09 14:04 . 2000-12-06 10:00 209,608 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-04-09 14:04 . 2000-05-22 10:00 203,976 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-04-09 14:04 . 2000-05-22 10:00 140,488 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-04-09 14:04 . 2005-02-28 23:52 102,400 --a------ C:\WINDOWS\system32\unzip3252.dll
2008-04-09 14:04 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-04-09 14:04 . 1998-08-29 13:50 40,448 --a------ C:\WINDOWS\system32\UNACE.DLL
2008-04-09 13:51 . 2008-04-09 13:51 d-------- C:\Programfiler\Lavasoft
2008-04-09 13:51 . 2008-04-09 13:52 d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft
2008-04-09 13:49 . 2008-04-09 14:30 1,563,684 ---hs---- C:\WINDOWS\system32\vfwktotm.ini
2008-04-09 13:40 . 2008-04-09 13:40 3,648 --a------ C:\WINDOWS\system32\gtphcpxi.dll
2008-03-28 19:32 . 2008-04-09 13:32 1,584,019 ---hs---- C:\WINDOWS\system32\yxmvxtip.ini
2008-03-23 11:34 . 2008-03-23 14:44 d-------- C:\Documents and Settings\Jarle Lystad\Programdata\GARMIN
2008-03-23 01:46 . 2008-02-18 18:29 96,256 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-03-22 22:04 . 2008-04-09 14:40 d-------- C:\Garmin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 21:30 --------- d-----w C:\Documents and Settings\Jarle Lystad\Programdata\Skype
2008-04-14 20:09 --------- d-----w C:\Documents and Settings\All Users\Programdata\Site Balm Active Owns
2008-04-14 19:08 --------- d-----w C:\Programfiler\Mozilla Thunderbird
2008-04-13 18:08 --------- d-----w C:\Programfiler\IKEA HomePlanner
2008-04-13 18:08 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard
2008-04-13 17:56 --------- d-----w C:\Documents and Settings\All Users\Programdata\Messenger Plus!
2008-04-12 09:38 --------- d-----w C:\Documents and Settings\Liv Lystad.DELL\Programdata\Adverts
2008-04-09 12:45 --------- d--h--w C:\Programfiler\InstallShield Installation Information
2008-04-09 12:45 --------- d-----w C:\Programfiler\Hewlett-Packard
2008-03-23 10:01 --------- d-----w C:\Documents and Settings\Jarle Lystad\Programdata\Azureus
2007-05-06 08:08 18,224 ----a-w C:\Documents and Settings\Liv Lystad.DELL\Programdata\GDIPFONTCACHEV1.DAT
2006-12-22 20:51 18,224 ----a-w C:\Documents and Settings\Jarle Lystad\Programdata\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [2006-02-01 17:45 98304]
"LogitechSoftwareUpdate"="C:\Programfiler\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44 196608]
"Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2007-03-30 13:34 25263144]
"PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-02-24 19:34 122880 C:\WINDOWS\BCMSMMSG.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-26 13:01 4632576]
"nwiz"="nwiz.exe" [2004-10-26 13:01 921600 C:\WINDOWS\system32\nwiz.exe]
"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 20:23 98304]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 10:35 536576]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
"bcmwltry"="bcmwltry.exe" [2005-12-19 10:08 1200128 C:\WINDOWS\system32\BCMWLTRY.EXE]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
"LogitechVideoRepair"="C:\Programfiler\Logitech\Video\ISStart.exe" [2005-06-08 16:24 458752]
"LogitechVideoTray"="C:\Programfiler\Logitech\Video\LogiTray.exe" [2005-06-08 16:14 217088]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 10:08 1347584]
"RemoteControl"="C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-05-10 17:04 11776]
"MMTray"="C:\Programfiler\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-05-10 17:04 110592]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:03 110592 C:\WINDOWS\system32\bthprops.cpl]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 13:36 229376]
"QuickTime Task"="C:\Programfiler\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-04-27 11:25 257088]
"!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:03 15360]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Belkin 802.11g Wireless Card Utility.lnk - C:\Programfiler\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe [2006-02-26 19:16:02 630872]
InterVideo WinCinema Manager.lnk - C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-03-25 13:23:48 278528]
Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
NoLop.exe [2008-04-14 22:40:48 40448]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programfiler\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programfiler\\MSN Messenger\\livecall.exe"=
"C:\\Programfiler\\iTunes\\iTunes.exe"=
"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [2003-07-24 13:10]
S3 OMNUSB;Omnikey AG CardMan 2020 USB-smartkortleser;C:\WINDOWS\system32\DRIVERS\sccmusbm.sys [2001-08-17 22:51]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-27 07:11:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 23:38:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\scardsvr.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programfiler\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe
C:\Programfiler\Logitech\Video\FxSvr2.exe
C:\Programfiler\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-04-14 23:42:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-14 21:42:33

Pre-Run: 16,755,183,616 byte ledig
Post-Run: 16,691,212,288 byte ledig

Hi gerbil

downloaded vundoFix and renamed hijackthis. rebooted in safe mode an ran vundofix...
No files found and log is emty..!

Anything else I should do?

Jay

and here is a new hjt log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:53, on 17.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programfiler\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
C:\Programfiler\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\K-Lite Codec Pack\QuickTime\qttask.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\WINDOWS\system32\lexpps.exe
C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe
C:\Programfiler\Skype\Phone\Skype.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programfiler\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe
C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programfiler\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Programfiler\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe
C:\Documents and Settings\Jarle Lystad\Skrivebord\imabunny.exe
C:\PROGRA~1\MUSICM~1\Common\COMPON~1\MMCOMP~1.EXE
C:\Programfiler\Skype\Plugin Manager\skypePM.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Programfiler\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programfiler\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-21-436374069-602162358-682003330-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Liv Lystad')
O4 - HKUS\S-1-5-21-436374069-602162358-682003330-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" (User 'Liv Lystad')
O4 - HKUS\S-1-5-21-436374069-602162358-682003330-1004\..\Run: [QuickTime Task] "C:\Programfiler\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime (User 'Liv Lystad')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin 802.11g Wireless Card Utility.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NoLop.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} (CU LiveUpdate Control) - http://nettdaten.meetheworld.no/nettdaten/runtime/pic/inner_pic/packages/liveupdate.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp04.photoprintit.de/microsite/5026/defaults/activex/ImageUploader3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8309 bytes

Hi gerbil

6 of 8 files listed was found, and I deleted them.

Here is a new hjt log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:15, on 18.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programfiler\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
C:\Programfiler\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\K-Lite Codec Pack\QuickTime\qttask.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe
C:\Programfiler\Skype\Phone\Skype.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programfiler\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Programfiler\Logitech\Video\FxSvr2.exe
C:\Programfiler\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe
C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programfiler\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jarle Lystad\Skrivebord\imabunny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Programfiler\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programfiler\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin 802.11g Wireless Card Utility.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} (CU LiveUpdate Control) - http://nettdaten.meetheworld.no/nettdaten/runtime/pic/inner_pic/packages/liveupdate.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp04.photoprintit.de/microsite/5026/defaults/activex/ImageUploader3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7729 bytes