hjelp! hvordan fjerne en helvettes toolbar!?

mg_martin · 24. desember 2004

ar fått en satans toolbar sak og får ikke fjernet den. :mad:

kan noen hjelpe meg?! :cry: :cry:

Kasp · 24. desember 2004

Du har nok fått "Trojan_swizzor" som jeg hadde.

Søk etter f.eks "remove swizzor" på google, funka for meg

janfredrik · 24. desember 2004

Kjør HiJackThis og legg ut en logg her..

mg_martin · 24. desember 2004

Logfile of HijackThis v1.97.7

Scan saved at 18:03:15, on 24.12.2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\Programfiler\Norton AntiVirus\navapsvc.exe

C:\Programfiler\Norton Internet Security\NISUM.EXE

C:\WINNT\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

C:\Programfiler\Norton Internet Security\ccPxySvc.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\sstray.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\dvd43\dvd43_tray.exe

C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE

C:\Programfiler\Messenger Plus! 3\MsgPlus.exe

C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

C:\Programfiler\Java\j2re1.4.2_06\bin\jusched.exe

C:\Programfiler\D-Tools\daemon.exe

C:\programfiler\valve\steam\steam.exe

C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Programfiler\MessengerDiscovery\MessengerDiscovery.exe

C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\WINNT\system32\Cik14Z6.exe

C:\WINNT\system32\Zcsg36vE.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Messenger\msmsgs.exe

C:\Documents and Settings\Martin\Skrivebord\System\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.avforum.no/forum

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.avforum.no/

O2 - BHO: (no name) - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Programfiler\Surfapps.com\PopThis! Free Version\PopThis.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {4C79F115-5B80-529A-8DDD-0E673E9B54AA} - C:\DOCUME~1\KARENS~1\PROGRA~1\SOAPGR~1\waybrowse.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programfiler\TGTSoft\StyleXP\TGT_BHO.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN-verktøylinje - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar\01.01.1629.0\no\msntb.dll

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [telenor] C:\Programfiler\Online\sad.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Programfiler\Fellesfiler\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [dvd43] C:\Programfiler\dvd43\dvd43_tray.exe

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programfiler\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [2R9K9J#46NE68@] C:\WINNT\system32\Boi5W.exe

O4 - HKLM\..\Run: [rule site trust comp] C:\Documents and Settings\All Users\Programdata\Cast idle rule site\SecondOnline.exe

O4 - HKCU\..\Run: [steam] "c:\programfiler\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programfiler\Messenger Plus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [LDM] C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [sTYLEXP] C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [MessengerDiscovery] C:\Programfiler\MessengerDiscovery\MessengerDiscovery.exe

O4 - HKCU\..\Run: [Taskbar Hide] C:\PROGRA~1\TASKBA~1\TaskBar.exe -Start

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra 'Tools' menuitem: PopThis! Options... (HKLM)

O9 - Extra button: Research (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab30149.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...4145ae90fecae62

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab30149.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a...5/Installer.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab

O18 - Protocol: bwh0 - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: df2 - {219A97F3-D661-4766-B658-646A771AE49E} - (no file)

O18 - Protocol: df23chat - {219A97F3-D661-4766-B658-646A771AE49E} - (no file)

O18 - Protocol: df3 - {219A97F3-D661-4766-B658-646A771AE49E} - (no file)

O18 - Protocol: df4 - {219A97F3-D661-4766-B658-646A771AE49E} - (no file)

O18 - Protocol: df5 - {219A97F3-D661-4766-B658-646A771AE49E} - (no file)

O18 - Protocol: df5demo - {219A97F3-D661-4766-B658-646A771AE49E} - (no file)

O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\FELLES~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

O18 - Protocol: offline-8876480 - {4E314B45-AE9E-457D-A8C4-854DC8045AEF} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: ofpjoin - {219A97F3-D661-4766-B658-646A771AE49E} - (no file)

og hvis det er no xxx greier så kommer det ikke av meg bare for å ha det sagt

edit: så nå at det var inni helve*** mange logitech greier... noen som kan gi meg en god grunn for ikke å slette det?

Endret 24. desember 2004 av mg_martin

janfredrik · 24. desember 2004

1. Gå til legg til/fjern programmer og fjern Messenger Plus og WinUpdates/Winupdt.

2. Restart PCen din, så de blir orntlig fjernet.

3. Last ned denne scanneren: http://www.spywareinfo.dk/download/mwav.exe

4. Start maskinen i sikkerhetsmodus (F8 ved oppstart). Klikk på den fila du har hentet: mwav.exe og programmet pakker seg selv ut og starter.

Sett kryss i følgende:

Memory, Startup folders, drive, Registry, System folders og Services.

Sett prikk i følgende:

All local drives og Scan all files

Tryk på Scan Clean - programmet skanner nå, og det kan godt ta en god stund.

5. Du skal også hente og installere programmet Ad-aware, hvis du da ikke har det. (Nyeste versjon: Ad-aware SE 1.05). Oppdater det med en gang etter installasjonen, før du kjører en scann med den. Fjern alt den finner.

Etter du har gjort det, så kom tilbake med en ny logg.. Men bruk den nyeste versjoen av HiJackThis, som du finner her: http://danborg.org/spy/HJT/hijackthis.exe

Lykke til

mg_martin · 25. desember 2004

så er bare det lille problemet at jeg ikke får starta pc'en i sikkerhets modus da gjør som du sier, men den starter bare opp vanlig.... noen andre måter å gjøre det på?

Kasp · 25. desember 2004

så er bare det lille problemet at jeg ikke får starta pc'en i sikkerhets modus da gjør som du sier, men den starter bare opp vanlig.... noen andre måter å gjøre det på?

Start - kjør, skriv: msconfig - Velg "Boot.ini" og huk av for "/SAFEBOOT"

Klikk "Bruk" og restart

mg_martin · 26. desember 2004

her er ny log:

Logfile of HijackThis v1.99.0

Scan saved at 15:11:29, on 26.12.2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\Programfiler\Norton AntiVirus\navapsvc.exe

C:\Programfiler\Norton Internet Security\NISUM.EXE

C:\WINNT\System32\svchost.exe

C:\Programfiler\Norton Internet Security\ccPxySvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\sstray.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\dvd43\dvd43_tray.exe

C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

C:\Programfiler\Java\j2re1.4.2_06\bin\jusched.exe

C:\Programfiler\D-Tools\daemon.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\QuickTime\qttask.exe

C:\programfiler\valve\steam\steam.exe

C:\Programfiler\MessengerDiscovery\MessengerDiscovery.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Martin\Mine dokumenter\hijackthis.exe

C:\Programfiler\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rsmnsfilinvdazsbjedixg.com/vi/tnau1...S3/fkBEm3y.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.avforum.no/forum

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.avforum.no/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Programfiler\Surfapps.com\PopThis! Free Version\PopThis.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)