Antivirus System Pro/ Malwarebytes Runtime Error

I have the same problem, but I can't even run the hijack programe!!
Need help...

I did what you told Belazhur to do, I'll paste what I copied from the notepad.
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:24:27, on 2009-10-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program\AVG\AVG8\avgrsx.exe
C:\Program\AVG\AVG8\avgnsx.exe
C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\AVG\AVG8\avgemc.exe
C:\Program\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\QuickTime\qttask.exe
C:\Program\D-Tools\daemon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program\wnlnky\eiddsysguard.exe
C:\Program\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program\Windows Live\Messenger\msnmsgr.exe
C:\Program\Windows Live\Contacts\wlcomm.exe
C:\Program\AVG\AVG8\avgscanx.exe
C:\Program\AVG\AVG8\avgcsrvx.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Windows Live\Toolbar\wltuser.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.expekt.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://10.0.0.6/sd/init
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 ossecure2009.microsoft.com
O1 - Hosts: 91.212.127.226 os-secure2009.com
O1 - Hosts: 91.212.127.226 www.os-secure2009.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {F7DA2FCF-2AA9-498A-A9F7-55950384CD58} - C:\WINDOWS\system32\pmkjj.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [Vgvdzsy] c:\Program Files\Xrdhmye\Ykgppv.exe
O4 - HKLM\..\Run: [StillMnt] WCamRmv.exe /StartStillMnt
O4 - HKLM\..\Run: [Media Gateway] C:\Documents and Settings\XP\Lokala inställningar\Temporary Internet Files\Content.IE5\KD63GPEN\MediaGateway[1].exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [system tool] C:\Program\wnlnky\eiddsysguard.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [sf] C:\Program\sf\sf.exe
O4 - HKCU\..\Run: [cworld] C:\WINDOWS\cworld.exe
O4 - HKCU\..\Run: [mzow] C:\Program\COMMON~1\mzow\mzowm.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program\Delade filer\LightScribe\LightScribeControlPanel.exe -hȋdden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [system tool] C:\Program\wnlnky\eiddsysguard.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\Program\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\Program\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GStartup.lnk = C:\RECYCLER\NPROTECT\00179884.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Blogga detta - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067a26b-1337-4436-8afe-ee169c2da79f} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067a26b-1337-4436-8afe-ee169c2da79f} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77bf5300-1474-4ec7-9980-d32b190e9b07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Investigador - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program\Delade filer\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program\Delade filer\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O11 - Options group: [international] International
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c356.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {67dabfbf-d0ab-41fa-9c46-cc0f21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8100d56a-5661-482c-bee8-afece305d968} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: hggfefg - hggfefg.dll (file missing)
O20 - Winlogon Notify: hggfgfd - hggfgfd.dll (file missing)
O20 - Winlogon Notify: ljjihee - ljjihee.dll (file missing)
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\system32\pmkjj.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService (nbservice) - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService (nmindexingservice) - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: NNServ - Unknown owner - C:\Program\NewDotNet\nnrun.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: STI Simulator (sti simulator) - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 11145 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O1 - Hosts: ::1 localhost
  O1 - Hosts: 91.212.127.226 ossecure2009.microsoft.com
  O1 - Hosts: 91.212.127.226 os-secure2009.com
  O1 - Hosts: 91.212.127.226 www.os-secure2009.com
  O2 - BHO: (no name) - {F7DA2FCF-2AA9-498A-A9F7-55950384CD58} - C:\WINDOWS\system32\pmkjj.dll (file missing)
  O4 - HKLM\..\Run: [Media Gateway] C:\Documents and Settings\XP\Lokala inställningar\Temporary Internet Files\Content.IE5\KD63GPEN\MediaGateway[1].exe
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
  O4 - HKLM\..\Run: [system tool] C:\Program\wnlnky\eiddsysguard.exe
  O4 - HKCU\..\Run: [sf] C:\Program\sf\sf.exe
  O4 - HKCU\..\Run: [cworld] C:\WINDOWS\cworld.exe
  O4 - HKCU\..\Run: [mzow] C:\Program\COMMON~1\mzow\mzowm.exe
  O4 - HKCU\..\Run: [system tool] C:\Program\wnlnky\eiddsysguard.exe
  O20 - Winlogon Notify: hggfefg - hggfefg.dll (file missing)
  O20 - Winlogon Notify: hggfgfd - hggfgfd.dll (file missing)
  O20 - Winlogon Notify: ljjihee - ljjihee.dll (file missing)
  O20 - Winlogon Notify: pmkjj - C:\WINDOWS\system32\pmkjj.dll (file missing)
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Thank you! I managed to get rid of the problem by reading your advise to others, and trying for 5,5 hours... Thank you for your reply!

Hi, I think have another virus on my computer, and I cant open the Malwarebytes to do a scan. What do I do?? Seem to be th same thing as last time.
Very thankful for help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:34, on 2009-12-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\QuickTime\qttask.exe
C:\Program\D-Tools\daemon.exe
C:\Program\AVG\AVG8\avgtray.exe
C:\WINDOWS\VdCap03C\StillMnt.exe
C:\Program\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Windows Live\Toolbar\wltuser.exe
C:\Program\Windows Live\Messenger\msnmsgr.exe
C:\Program\Windows Live\Contacts\wlcomm.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\AVG\AVG8\avgscanx.exe
C:\Program\AVG\AVG8\avgcsrvx.exe
C:\Program\Malwarebytes' Anti-Malware\mbam.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.expekt.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://10.0.0.6/sd/init
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 ossecure2009.microsoft.com
O1 - Hosts: 91.212.127.226 os-secure2009.com
O1 - Hosts: 91.212.127.226 www.os-secure2009.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [Vgvdzsy] c:\Program Files\Xrdhmye\Ykgppv.exe
O4 - HKLM\..\Run: [StillMnt] WCamRmv.exe /StartStillMnt
O4 - HKLM\..\Run: [Media Gateway] C:\Documents and Settings\XP\Lokala inställningar\Temporary Internet Files\Content.IE5\KD63GPEN\MediaGateway[1].exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [sf] C:\Program\sf\sf.exe
O4 - HKCU\..\Run: [cworld] C:\WINDOWS\cworld.exe
O4 - HKCU\..\Run: [mzow] C:\Program\COMMON~1\mzow\mzowm.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program\Delade filer\LightScribe\LightScribeControlPanel.exe -hȋdden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [richtx64.exe] C:\DOCUME~1\XP\LOKALA~1\Temp\richtx64.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\Program\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\Program\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GStartup.lnk = C:\RECYCLER\NPROTECT\00179884.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Blogga detta - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067a26b-1337-4436-8afe-ee169c2da79f} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067a26b-1337-4436-8afe-ee169c2da79f} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77bf5300-1474-4ec7-9980-d32b190e9b07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Investigador - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program\Delade filer\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program\Delade filer\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O11 - Options group: [international] International
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c356.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {8100d56a-5661-482c-bee8-afece305d968} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: hggfefg - hggfefg.dll (file missing)
O20 - Winlogon Notify: hggfgfd - hggfgfd.dll (file missing)
O20 - Winlogon Notify: ljjihee - ljjihee.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService (nbservice) - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService (nmindexingservice) - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: NNServ - Unknown owner - C:\Program\NewDotNet\nnrun.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: STI Simulator (sti simulator) - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 10390 bytes

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Hi, thank you for your reply!
Everything went well until I got to:

The Recovery Console will be installed.

You will then get this next prompt that asks if you want to continue the malware scan, select yes

I accepted the End-User License Agreement. Now I have a blue window where it says (in swedish) connecting to http://download.microsoft.com.... ########## 100,0%

But nothing else happens....
Do I just wait? Have waited for a bout 5-10 mins like this.

Ok it worked, I'll copy & paste the log:

ComboFix 09-12-08.03 - XP 2009-12-08 23:10:58.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.46.1053.18.512.225 [GMT 1:00]
Körs från: c:\program\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\XP\LOKALA~1\Temp\wscsvc32.exe
c:\documents and settings\XP\Application Data\iniasd.txt
c:\recycler\NPROTECT
c:\windows\system32\dataset.dll
c:\windows\system32\drivers\4ddca8de.sys
c:\windows\system32\drivers\H8SRTgqtjlhlijw.sys
c:\windows\system32\h8srtcfg.dat
c:\windows\system32\H8SRTkvjiktivkk.dll
c:\windows\system32\H8SRTpyyxwnlcop.dll
c:\windows\system32\H8SRTyjlfrmllyp.dat
c:\windows\system32\Ijl11.dll
c:\windows\system32\jjkmp.bak1
c:\windows\system32\jjkmp.bak2
c:\windows\system32\jjkmp.ini
c:\windows\system32\jjkmp.ini2
c:\windows\system32\jjkmp.tmp
c:\windows\system32\P2P Networking
c:\windows\system32\P2P Networking\Cache\Database\index256.dbb
c:\windows\system32\P2P Networking\P2P Networking.eng
c:\windows\system32\pagefileconfig.vbs
c:\windows\system32\srcr.dat

c:\windows\system32\proquota.exe was missing
Återställd kopia från - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_h8srtd.sys
-------\Legacy_h8srtd.sys
-------\Legacy_NNSERV
-------\Service_NNServ
-------\Service_4ddca8de


(((((((((((((((((((((((( Filer Skapade från 2009-11-08 till 2009-12-08 ))))))))))))))))))))))))))))))
.

2009-12-08 21:44 . 2009-12-08 21:44 3842778 ----a-r- c:\program\Combo-Fix.exe
2009-12-08 21:43 . 2009-12-08 21:43 3842778 ----a-w- c:\program\ComboFix.exe
2009-12-08 21:35 . 2009-12-08 21:27 4844296 ----a-w- c:\program\mbam-setup.exe
2009-12-05 16:42 . 2006-02-13 08:29 262 ----a-w- c:\windows\system32\SNN_reg.bat
2009-12-05 16:42 . 2005-12-27 09:45 761856 ----a-w- c:\windows\system32\CDDBUI.dll
2009-12-05 16:42 . 2005-12-22 03:05 139264 ----a-w- c:\windows\system32\CddbMusicIDUISamsung.dll
2009-12-05 16:42 . 2006-01-24 10:50 225280 ----a-w- c:\windows\system32\SNN_Crypto.dll
2009-12-05 16:42 . 2005-12-27 09:45 770048 ----a-w- c:\windows\system32\CDDBUISamsung.dll
2009-12-05 16:42 . 2005-12-27 09:45 643072 ----a-w- c:\windows\system32\CDDBControlSamsung.dll
2009-12-05 16:42 . 2005-12-27 09:45 585728 ----a-w- c:\windows\system32\CddbMusicIDSamsung.dll
2009-12-05 16:42 . 2005-12-27 09:45 577536 ----a-w- c:\windows\system32\CDDBControl.dll
2009-12-05 16:42 . 2005-12-27 09:45 487424 ----a-w- c:\windows\system32\CddbPlaylist2Samsung.dll
2009-12-05 16:42 . 2005-12-27 09:45 249856 ----a-w- c:\windows\system32\CddbPlaylistSamsung.dll
2009-12-05 16:42 . 2005-12-27 09:45 147456 ----a-w- c:\windows\system32\CddbCleanSamsung.dll
2009-12-05 16:23 . 2009-12-05 16:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-08 21:50 . 2008-06-18 08:12 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-12-05 16:41 . 2004-03-03 21:33 -------- d--h--w- c:\program\InstallShield Installation Information
2009-12-02 13:30 . 2009-10-06 15:38 -------- d-----w- c:\documents and settings\XP\Application Data\Skype
2009-12-02 12:35 . 2009-10-06 16:01 -------- d-----w- c:\documents and settings\XP\Application Data\skypePM
2009-11-08 11:05 . 2009-02-22 15:38 -------- d-----w- c:\documents and settings\XP\Application Data\Winamp
2009-11-08 10:53 . 2004-03-07 17:26 -------- d-----w- c:\program\Winamp
2009-11-08 10:51 . 2009-11-08 10:51 10515744 ----a-w- c:\program\winamp556_full_emusic-7plus_sv-se.exe
2009-11-06 10:11 . 2009-11-26 13:03 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-10-28 19:56 . 2004-03-07 17:51 -------- d-----w- c:\program\Direct Connect
2009-10-27 16:08 . 2009-10-27 16:08 -------- d-----w- c:\documents and settings\XP\Application Data\Malwarebytes
2009-10-27 16:08 . 2009-10-27 14:07 -------- d-----w- c:\program\Malwarebytes' Anti-Malware
2009-10-27 14:12 . 2009-10-27 14:12 -------- d-----w- c:\program\Trend Micro
2009-10-27 14:12 . 2009-10-27 14:12 812344 ----a-w- c:\program\HJTInstall.exe
2009-03-05 20:30 . 2009-03-05 20:30 201384 ----a-w- c:\program\GoogleToolbarInstaller_download_signed.exe
2009-02-16 12:43 . 2009-02-16 12:43 9167136 ----a-w- c:\program\winamp5541_full_emusic-7plus_sv-se.exe
2009-01-18 15:48 . 2009-01-18 15:48 428258 ----a-w- c:\program\Hjsplit.exe
2008-12-25 13:37 . 2008-12-17 10:46 14591176 ----a-w- c:\program\DivXInstaller.exe
2008-12-09 17:02 . 2008-12-09 17:02 53682216 ----a-w- c:\program\avg_free_stf_en_8_176a1399.exe
2008-07-17 17:25 . 2008-07-17 16:59 48367896 ----a-w- c:\program\avg_free_stf_en_8_138a1332.exe
2007-02-11 18:25 . 2007-02-11 18:25 14993976 ----a-w- c:\program\GoogleEarthWin.exe
2007-01-26 20:08 . 2007-01-26 20:08 10431072 ----a-w- c:\program\mp71.exe
2007-01-19 13:19 . 2007-01-19 13:19 10537576 ----a-w- c:\program\zlsSetup_61_737_000_en.exe
2006-11-05 12:45 . 2006-11-05 12:45 5708152 ----a-w- c:\program\Firefox Setup 2.0.exe
2006-07-26 12:38 . 2005-04-01 11:26 331368 ----a-w- c:\program\setupEM4102.exe
2006-03-21 16:52 . 2006-03-21 16:52 2023624 ----a-w- c:\program\PPLiveSetup1.0.9.9.exe
2006-03-01 18:08 . 2006-03-01 18:08 641656 ----a-w- c:\program\GoogleToolbarInstaller.exe
2006-02-17 17:34 . 2006-02-17 17:34 3745834 ----a-w- c:\program\SweetImSetup.exe
2006-01-12 20:13 . 2006-01-12 20:13 1362977 ----a-w- c:\program\BitLord_1.01.exe
2006-01-12 19:41 . 2006-01-12 19:41 3009003 ----a-w- c:\program\ABC-win32-v2.6.9.exe
2005-11-22 17:30 . 2005-11-22 17:30 2064608 ----a-w- c:\program\2024PPLiveSetup1[1].0.9.7.exe
2005-11-11 19:57 . 2005-11-11 19:57 3782705 ----a-w- c:\program\wace26i.exe
2005-09-01 14:21 . 2005-03-08 14:12 2855080 ----a-w- c:\program\aawsepersonal.exe
2005-07-22 19:37 . 2005-07-22 19:37 3820789 ----a-w- c:\program\wace26i5.exe
2005-06-05 19:19 . 2005-06-05 19:19 9270888 ----a-w- c:\program\MPSetupXP.exe
2005-03-08 14:10 . 2005-03-08 14:10 6526608 ----a-w- c:\program\MicrosoftAntiSpywareInstall.exe
2005-03-05 12:52 . 2005-03-05 12:52 6224944 ----a-w- c:\program\zip.EXE
2005-03-05 12:47 . 2005-03-05 12:47 1935492 ----a-w- c:\program\usb2v252.zip
2005-03-05 12:47 . 2005-03-05 12:47 19373650 ----a-w- c:\program\WDM_3663.zip
2005-03-05 12:45 . 2005-03-05 12:45 1355959 ----a-w- c:\program\4in1_449.zip
2005-02-26 13:45 . 2005-02-26 13:45 12768256 ----a-w- c:\program\MediaPlayer10Setup.exe
2005-02-24 19:48 . 2005-02-24 19:48 504320 ----a-w- c:\program\daemon347.exe
2005-02-22 13:38 . 2005-02-22 13:38 81920 ----a-w- c:\program\daemon.exe
2004-11-18 19:43 . 2004-11-18 19:43 185 ----a-w- c:\program\crack.txt
2004-11-05 11:53 . 2004-11-05 11:53 314 ----a-w- c:\program\partner.xml
2004-11-05 11:53 . 2004-11-05 11:53 24 ----a-w- c:\program\partner.xml.sig
2004-10-20 22:57 . 2004-10-20 22:57 12297384 ----a-w- c:\program\QuickTimeFullInstaller.exe
2004-05-09 15:46 . 2004-05-09 15:44 18384248 ----a-w- c:\program\AdbeRdr60_sve_full.exe
2004-05-08 15:00 . 2004-05-08 15:00 4217352 ----a-w- c:\program\DivX511.exe
2004-05-07 11:16 . 2004-05-07 11:16 734160 ----a-w- c:\program\VobSub_2.23.exe
2004-03-07 16:51 . 2004-03-07 16:51 24265736 ----a-w- c:\program\dotnetfx.exe
2004-03-07 16:11 . 2004-03-07 16:11 4950472 ----a-w- c:\program\SetupDl.exe
1999-05-21 04:05 . 2007-11-07 16:55 2342400 ----a-w- c:\program\DATA1.MSI
1999-04-19 15:23 . 2007-11-07 16:55 165376 ----a-w- c:\program\MSOWC.MSI
1999-04-08 22:12 . 2007-11-07 16:55 262415 ----a-w- c:\program\INSTALL.EXE
.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
"OM2_Monitor"="c:\program\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program\Delade filer\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-17 3022848]
"nwiz"="nwiz.exe" [2003-11-17 753664]
"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2006-09-01 282624]
"DAEMON Tools-1033"="c:\program\D-Tools\daemon.exe" [2004-08-22 81920]
"AVG8_TRAY"="c:\program\AVG\AVG8\avgtray.exe" [2009-11-26 2029336]
"NeroFilterCheck"="c:\program\Delade filer\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Malwarebytes Anti-Malware (reboot)"="c:\program\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"Symantec NetDriver Warning"="c:\program\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]

c:\documents and settings\All Users\Start-meny\Program\Autostart\
Adobe Gamma Loader.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2006-8-26 110592]
Adobe Reader Speed Launch.lnk - c:\program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 08:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program\\Direct Connect\\DC++ Stealth v0.5.exe"=
"c:\\Program\\BitLord\\BitLord.exe"=
"c:\\Program\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7491:TCP"= 7491:TCP:ppLive
"3696:UDP"= 3696:UDP:ppLive
"8433:TCP"= 8433:TCP:ppLive
"5678:UDP"= 5678:UDP:ppLive
"4960:TCP"= 4960:TCP:ppLive
"8107:UDP"= 8107:UDP:ppLive

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2005-02-24 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2005-02-24 5248]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-17 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-17 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\program\AVG\AVG8\avgemc.exe [2008-07-17 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\program\AVG\AVG8\avgwdsvc.exe [2008-07-17 297752]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-03-13 54752]
R2 Programador de LiveUpdate automático;Programador de LiveUpdate automático;c:\program\Symantec\LiveUpdate\AluSchedulerSvc.exe [2006-09-27 100032]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program\Delade filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-03-11 102712]
R3 PAC207;SoC PC-Camer@;c:\windows\system32\drivers\PFC027.sys [2005-02-24 162176]
S3 apl531;35mm Film Scanner;c:\windows\system32\drivers\FilmScan.sys [2006-07-31 580992]
S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [2005-08-18 40788]
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.expekt.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: cpalock.com\www
Trusted Zone: foreningssparbanken.se\ekort
Trusted Zone: tv4-anytime.se\www
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

HKCU-Run-cworld - c:\windows\cworld.exe
HKCU-Run-mzow - c:\program\COMMON~1\mzow\mzowm.exe
HKCU-Run-LightScribe Control Panel - c:\program\Delade filer\LightScribe\LightScribeControlPanel.exe
HKLM-Run-Media Pass - c:\program files\Media Pass\MediaPassK.exe
HKLM-Run-Vgvdzsy - c:\program files\Xrdhmye\Ykgppv.exe
HKLM-Run-StillMnt - WCamRmv.exe
HKU-Default-Run-Symantec Network Driver Update Warning - c:\program\Symantec\LIVEUP~1\SNDWarn.EXE
Notify-hggfefg - hggfefg.dll
Notify-hggfgfd - hggfgfd.dll
Notify-ljjihee - ljjihee.dll
SafeBoot-serfing.sys
AddRemove-35mm film scanner - c:\windows\FILMSCANuns.exe USB\Vid_05a9&PID_35E3 35mm Film Scanner
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN040A.EXE -fc:\program\Adobe\Photoshop 7.0\Uninst.isu -cc:\program\Adobe\Photoshop 7.0\Uninst.dll
AddRemove-Lame MP3 Codec (for the ACM) - c:\windows\IFinst26.exe -Uc:\program\Lame MP3 Codec\IFU23.inf
AddRemove-Media Gateway - c:\documents and settings\XP\Lokala inställningar\Temporary Internet Files\Content.IE5\KD63GPEN\MediaGateway[1].exe
AddRemove-P2P Networking - c:\windows\System32\P2P Networking\P2P Networking.exe
AddRemove-USB Super Link - c:\windows\ISUNINST.EXE -fc:\program\USB Super Link\Uninst.isu -cc:\windows\Setupdll.dll
AddRemove-XviD - c:\program\XviD\UninstXviD.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 23:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x820A8008]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8579fc3
\Driver\ACPI -> ACPI.sys @ 0xf84c6cb8
\Driver\atapi -> 0x820a8008
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
ParseProcedure -> ntoskrnl.exe @ 0x8056f08e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
ParseProcedure -> ntoskrnl.exe @ 0x8056f08e
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'explorer.exe'(1240)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\windows\system32\CTsvcCDA.exe
c:\windows\System32\nvsvc32.exe
c:\program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program\AVG\AVG8\avgrsx.exe
c:\program\Analog Devices\SoundMAX\SMAgent.exe
c:\program\AVG\AVG8\avgnsx.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\wdfmgr.exe
c:\program\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\WgaTray.exe
c:\windows\VdCap03C\StillMnt.exe
c:\program\Delade filer\Ahead\Lib\NMIndexingService.exe
c:\program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Sluttid: 2009-12-08 23:32:48 - datorn startades om.
ComboFix-quarantined-files.txt 2009-12-08 22:32

Före genomsökningen: 37 582 434 304 byte ledigt
Efter genomsökningen: 37 582 761 984 byte ledigt

WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - C3136A7608358219C663735DC1553B9E

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

Yes, It seems to be working now! Although, the computer and the keyboard are still acting a bit weird, but there are no more "virus alerts". Thank you SO MUCH for all your help!!!!

Should I download the Malwarebytes Anti-Malware just in case I have more problems and want to do a scan?
Thank you again!

Yes, do a final scan with MBAM in case there are any leftovers hanging around.