 Can't Remove System Integrity Scan Wizard, Have tried Spybot and Ad-Aware |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Apr 17 2008, 07:57 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 4 Joined: 17-April 08 Member No.: 203,562  |
Have tried Spybot and Ad-Aware SE (also Norman AV) without luck. Any help is appreciated. Deckard's System Scanner v20071014.68 Run by Thomasv on 2008-04-17 14:45:02 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 43: 2008-04-17 12:45:12 UTC - RP43 - Deckard's System Scanner Restore Point 42: 2008-04-17 09:40:00 UTC - RP42 - Kontrollpunkt for system 41: 2008-04-16 09:02:08 UTC - RP41 - Installed Windows Media Player Firefox Plugin 40: 2008-04-16 08:01:54 UTC - RP40 - Installed Microsoft Office Professional Edition 2003 39: 2008-04-15 09:04:35 UTC - RP39 - Kontrollpunkt for system -- First Restore Point -- 1: 2008-04-11 08:17:04 UTC - RP1 - Kontrollpunkt for system Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Thomasv.exe) --------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:46:23, on 17.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Novell\XTAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\IFXTCS.exe C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\msdtc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\AvidSDMService.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\WINDOWS\system32\IFXSPMGT.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Novell\ZENworks\nalntsrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\ProtectTools\Embedded Security Software\PSDsrvc.EXE C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe C:\Programfiler\Novell\ZENworks\wm.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE C:\Programfiler\Norman\Nvc\bin\nvcoas.exe C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE C:\WINDOWS\System32\alg.exe C:\Programfiler\HPQ\IAM\bin\asghost.exe C:\Programfiler\ProtectTools\Embedded Security Software\PSDrt.exe C:\Programfiler\ProtectTools\Embedded Security Software\SpTna.exe C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTServs.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\AccelerometerSt.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Programfiler\Norman\Npm\bin\ZLH.EXE C:\WINDOWS\system32\dpmw32.exe C:\Programfiler\Norman\Nvc\BIN\NIP.EXE C:\WINDOWS\system32\NWTRAY.EXE C:\Programfiler\Norman\Nvc\bin\cclaw.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\nqjkpgjy.exe C:\Programfiler\Norman\Norman Ad-Aware SE Professional\Ad-Watch.exe C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\Programfiler\Windows Media Player\WMPNetwk.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Programfiler\Novell\ZENworks\WMRUNDLL.EXE C:\Programfiler\Norman\Norman Ad-Aware SE Professional\Ad-Aware.exe C:\Documents and Settings\Thomasv\Skrivebord\dss.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Thomasv.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fronter.com/hifm/index.phtml R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Programfiler\Fellesfiler\ReGet Shared\Catcher.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programfiler\HPQ\IAM\Bin\ItIeAddIN.dll O2 - BHO: (no name) - {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} - C:\WINDOWS\system32\tuvVOGaw.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Programfiler\ReGet Software\ReGet Deluxe 5.2\IEBar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [SoundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [PTHOSTTR] C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Programfiler\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [SynTPStart] C:\Programfiler\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [pcmdyvvw] C:\WINDOWS\system32\nqjkpgjy.exe O4 - HKCU\..\Run: [AWMON] "C:\Programfiler\Norman\Norman Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - HKLM\..\Policies\Explorer\Run: [pADsSP8oOS] C:\Documents and Settings\All Users\Programdata\zgpgnids\zozitwrq.exe O4 - HKCU\..\Policies\Explorer\Run: [pADsSP8oOS] C:\Documents and Settings\All Users\Programdata\zgpgnids\zozitwrq.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programfiler\Novell\ZENworks\AxNalServer.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O20 - Winlogon Notify: OneCard - C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll O20 - Winlogon Notify: tuvVOGaw - C:\WINDOWS\SYSTEM32\tuvVOGaw.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\nalntsrv.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Programfiler\ProtectTools\Embedded Security Software\PSDsrvc.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\wm.exe -- End of file - 14596 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080416-191912-692 O2 - BHO: (no name) - {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} - C:\WINDOWS\system32\tuvVOGaw.dll -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 NICM (Novell InterService Communication Driver) - c:\windows\system32\drivers\nicm.sys <Not Verified; Novell, Inc.; Novell XTier for Windows> R0 NWFILTER (Novell UNC Path Filter) - c:\windows\system32\netware\nwfilter.sys <Not Verified; Novell, Inc.; Novell Client for Windows> R2 BlankScr (HBDevice) - c:\windows\system32\drivers\blankscr.sys <Not Verified; Novell Inc.; ZENworks Remote Management> R2 NetwareWorkstation (Novell Client for Windows) - c:\windows\system32\netware\nwfs.sys <Not Verified; Novell, Inc.; Novell Client for Windows> R2 RESMGR (Novell NetWare Resource Manager) - c:\windows\system32\netware\resmgr.sys <Not Verified; Novell, Inc.; Novell Client for Windows> R2 SRVLOC (Novell Service Location) - c:\windows\system32\netware\srvloc.sys <Not Verified; Novell, Inc.; Novell Client for Windows> R3 Darpan - c:\windows\system32\drivers\darpan.sys <Not Verified; Novell, Inc.; ZENworks Remote Management> R3 Flamethrower - c:\windows\system32\drivers\flamethrower.sys <Not Verified; Avid Technology, Inc.; Avid DNA> R3 NWDNS (Novell DNS Name Space Service Provider) - c:\windows\system32\netware\nwdns.sys <Not Verified; Novell, Inc.; Novell Client for Windows> R3 NWHOST (Novell Host File Name Space Service Provider) - c:\windows\system32\netware\nwhost.sys <Not Verified; Novell, Inc.; Novell Client for Windows> R3 NWSLP (Novell SLP Name Space Service Provider) - c:\windows\system32\netware\nwslp.sys <Not Verified; Novell, Inc.; Novell Client for Windows> R3 NWSNS (Novell Simple Naming Services (NWSNS)) - c:\windows\system32\netware\nwsns.sys <Not Verified; Novell, Inc.; Novell Client for Windows> S2 NWSIPX32 (Novell NetWare IPX/SPX Transport Interface) - c:\windows\system32\netware\nwsipx32.sys <Not Verified; Novell, Inc.; Novell Client for Windows> S3 NWDHCP (Novell DHCP Inform Client) - c:\windows\system32\netware\nwdhcp.sys <Not Verified; Novell, Inc.; Novell Client for Windows> S3 NWSAP (Novell SAP Name Space Provider) - c:\windows\system32\netware\nwsap.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AvidSDMService (Avid SDM Service) - system32\avidsdmservice.exe <Not Verified; Avid Technology, Inc.; Avid Technology, Inc. AvidSDMService> R2 IFXSpMgtSrv (Security Platform Management Service) - c:\windows\system32\ifxspmgt.exe <Not Verified; Infineon Technologies AG; Infineon TPM Software> R2 IFXTCS (Trusted Platform Core Service) - c:\windows\system32\ifxtcs.exe <Not Verified; Infineon Technologies AG; Infineon TPM Software> R2 NALNTSERVICE (Novell Application Launcher) - c:\programfiler\novell\zenworks\nalntsrv.exe <Not Verified; Novell, Inc.; > R2 Remote Management Agent (Novell ZENworks Remote Management Agent) - c:\programfiler\novell\zenworks\remotemanagement\rmagent\zenrem32.exe <Not Verified; Novell, Inc.; ZENworks Remote Management> R2 XTAgent (Novell XTier Agent Services) - c:\windows\system32\novell\xtagent.exe <Not Verified; Novell, Inc.; NetIdentity> R2 ZFDWM (Workstation Manager) - c:\programfiler\novell\zenworks\wm.exe <Not Verified; Novell, Inc.; ZENworks Desktop Management> S2 AvidStartup (Avid Startup) - system32\avidstartup.exe <Not Verified; ; AvidStartup> S2 PCA (PC Angel) - c:\windows\sminst\pcangel.exe <Not Verified; SoftThinks; PCAngel Application> S3 cusrvc (Client Update Service for Novell) - c:\windows\system32\cusrvc.exe <Not Verified; Novell, Inc.; Novell Client for Windows> S3 FLEXnet Licensing Service - "c:\programfiler\fellesfiler\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Files created between 2008-03-17 and 2008-04-17 ----------------------------- 2008-04-16 19:05:09 0 d-------- C:\Programfiler\Trend Micro 2008-04-16 19:01:39 0 d-------- C:\Programfiler\CCleaner 2008-04-16 15:08:03 5668 --a------ C:\WINDOWS\system32\tmp.reg 2008-04-16 14:55:49 0 d-------- C:\Programfiler\Panda Security 2008-04-16 10:46:17 0 -rahs---- C:\MSDOS.SYS 2008-04-16 10:46:17 0 -rahs---- C:\IO.SYS 2008-04-16 10:19:46 4096 --a------ C:\WINDOWS\system32taack.dat 2008-04-16 10:19:46 4096 --a------ C:\WINDOWS\system32ssvchost.com 2008-04-16 10:19:46 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat 2008-04-16 10:19:46 4096 --a------ C:\WINDOWS\system32bdn.com 2008-04-16 10:19:35 106496 --a------ C:\WINDOWS\system32\nqjkpgjy.exe 2008-04-16 10:19:34 98304 --a------ C:\WINDOWS\rtqmekwg.exe 2008-04-16 10:19:34 106496 --a------ C:\WINDOWS\npqtsrak.exe 2008-04-16 10:19:34 253952 --a------ C:\WINDOWS\lgmxvpatkmb.dll 2008-04-16 10:19:31 36352 --a------ C:\WINDOWS\system32\tuvVOGaw.dll 2008-04-16 09:51:05 0 d-------- C:\WINDOWS\system32\NtmsData 2008-04-16 09:12:01 0 d-------- C:\Programfiler\WinPcap 2008-04-16 09:09:50 0 d-------- C:\Programfiler\WMR11 2008-04-14 09:32:26 0 d-------- C:\Programfiler\Fellesfiler\Adobe Systems Shared 2008-04-14 08:48:39 0 d-------- C:\Programfiler\Fellesfiler\Macrovision Shared 2008-04-14 00:00:59 0 d-------- C:\Programfiler\QuickPar 2008-04-13 16:51:37 0 d-------- C:\Temp 2008-04-13 15:43:30 0 d-------- C:\Programfiler\TVUPlayer 2008-04-12 17:29:02 0 d-------- C:\Programfiler\DivX 2008-04-12 17:16:02 0 d-------- C:\Programfiler\Fellesfiler\ReGet Shared 2008-04-12 17:16:01 0 d-------- C:\Programfiler\ReGet Software 2008-04-12 17:05:33 0 d-------- C:\Programfiler\Azureus 2008-04-12 16:48:27 0 d-------- C:\Programfiler\SopCast 2008-04-11 18:39:13 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT 2008-04-11 18:38:50 0 d-------- C:\WINDOWS\i386 2008-04-11 15:11:49 0 d-------- C:\Programfiler\Wizards of the Coast 2008-04-11 14:18:54 16384 --a------ C:\WINDOWS\system32\FileOps.exe 2008-04-11 14:18:54 0 d-------- C:\WINDOWS\system32\Adobe 2008-04-11 14:11:34 2477 --a------ C:\WINDOWS\mozver.dat 2008-04-11 13:09:13 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-11 12:48:55 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3> 2008-04-11 12:48:47 0 d-------- C:\WINDOWS\system32\QuickTime 2008-04-11 12:48:47 0 d-------- C:\Programfiler\QuickTime 2008-04-11 12:48:39 0 d-------- C:\Programfiler\iTunes 2008-04-11 12:48:39 0 d-------- C:\Programfiler\iPod 2008-04-11 12:48:16 0 d-------- C:\WINDOWS\Downloaded Installations 2008-04-11 12:47:13 0 d-------- C:\Avid 2008-04-11 12:09:29 73728 --a------ C:\WINDOWS\system32\xmltok.dll <Not Verified; Avid Technology, Inc.; Avid MediaManager Client> 2008-04-11 12:09:29 466944 --a------ C:\WINDOWS\system32\ommclient.dll <Not Verified; Avid Technology, Inc.; Avid MediaManager Client> 2008-04-11 12:09:29 610304 --a------ C:\WINDOWS\system32\mmclientVC7.dll <Not Verified; Avid Technology, Inc.; MediaManager Client> 2008-04-11 12:09:29 1658973 --a------ C:\WINDOWS\system32\libmmd.dll 2008-04-11 12:09:29 61440 --a------ C:\WINDOWS\system32\libjpegV4.dll <Not Verified; Avid Technology, Inc.; Avid OMF Toolkit> 2008-04-11 12:09:29 40960 --a------ C:\WINDOWS\system32\INETTransportLibrary.dll <Not Verified; Avid Technology, Inc.; Avid MediaManager Client> 2008-04-11 12:09:29 614400 --a------ C:\WINDOWS\system32\AvOmfToolkit.dll <Not Verified; Avid Technology, Inc.; Avid OMF Toolkit> 2008-04-11 12:09:28 7962624 --a------ C:\WINDOWS\system32\SVI.dll <Not Verified; Pinnacle Systems Inc.; Alladin> 2008-04-11 12:09:27 0 d-------- C:\Programfiler\Fellesfiler\Digidesign 2008-04-11 12:09:26 180276 --a------ C:\WINDOWS\system32\Mspdb50.dll <Not Verified; Microsoft Corporation; Microsoft ® Visual Studio> 2008-04-11 12:09:26 0 d-------- C:\WINDOWS\system32\MEDIA 2008-04-11 12:09:26 54272 --a------ C:\WINDOWS\system32\drivers\AvidXPSerial.sys 2008-04-11 12:09:26 1323008 --a------ C:\WINDOWS\system32\AvidStartup.exe <Not Verified; ; AvidStartup> 2008-04-11 12:09:26 49152 --a------ C:\WINDOWS\system32\AvidSDMService.exe <Not Verified; Avid Technology, Inc.; Avid Technology, Inc. AvidSDMService> 2008-04-11 12:09:26 278528 --a------ C:\WINDOWS\system32\AvidSDM.dll <Not Verified; Avid Technology, Inc.; Avid Technology, Inc. AvidSDM> 2008-04-11 12:09:24 141312 --a------ C:\WINDOWS\system32\FFBTN32.dll <Not Verified; ForeFront Incorporated; ForeFront Help Buttons> 2008-04-11 12:09:24 102400 --a------ C:\WINDOWS\system32\Dac32.dll <Not Verified; CASH; Christoph Schmelnik's Digital Audio Copy for Win32> 2008-04-11 12:09:24 19968 --a------ C:\WINDOWS\system32\Cpuinf32.dll 2008-04-11 12:09:24 65536 --a------ C:\WINDOWS\system32\AvidQTUpdaterVC7.dll <Not Verified; Avid Technology, Inc.; Avid QuickTime Updater> 2008-04-11 12:09:22 143360 --a------ C:\WINDOWS\system32\WinMMFix.dll <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Pro ToolsŪ> 2008-04-11 12:09:22 15872 --a------ C:\WINDOWS\system32\KeyFilter.dll <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Pro ToolsŪ> 2008-04-11 12:09:22 573440 --a------ C:\WINDOWS\system32\Dsi.dll <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Pro ToolsŪ> 2008-04-11 12:08:37 45056 --a------ C:\WINDOWS\system32\wnaspi32.dll <Not Verified; Adaptec; Adaptec's ASPI Layer> 2008-04-11 12:08:37 25244 --a------ C:\WINDOWS\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer> 2008-04-11 12:08:37 4672 --a------ C:\WINDOWS\system\wowpost.exe <Not Verified; Adaptec; Adaptec's ASPI Layer> 2008-04-11 12:08:37 5600 --a------ C:\WINDOWS\system\winaspi.dll <Not Verified; Adaptec; Adaptec's ASPI Layer> 2008-04-11 12:08:37 0 d-------- C:\Programfiler\Avid 2008-04-11 12:08:26 2981888 --a------ C:\WINDOWS\system32\iplw7.dll <Not Verified; Intel Corporation.; IntelŪ Image Processing Library> 2008-04-11 12:08:26 2502656 --a------ C:\WINDOWS\system32\iplPX.dll <Not Verified; Intel Corporation.; IntelŪ Image Processing Library> 2008-04-11 12:08:26 2531328 --a------ C:\WINDOWS\system32\iplP6.dll <Not Verified; Intel Corporation.; IntelŪ Image Processing Library> 2008-04-11 12:08:25 2785280 --a------ C:\WINDOWS\system32\iplM6.dll <Not Verified; Intel Corporation.; IntelŪ Image Processing Library> 2008-04-11 12:08:25 2686976 --a------ C:\WINDOWS\system32\iplM5.dll <Not Verified; Intel Corporation.; IntelŪ Image Processing Library> 2008-04-11 12:08:24 2973696 --a------ C:\WINDOWS\system32\iplA6.dll <Not Verified; Intel Corporation.; IntelŪ Image Processing Library> 2008-04-11 12:08:24 53248 --a------ C:\WINDOWS\system32\ipl.dll <Not Verified; Intel Corporation.; IntelŪ Image Processing Library> 2008-04-11 12:08:24 417920 --a------ C:\WINDOWS\system32\drivers\Flamethrower.sys <Not Verified; Avid Technology, Inc.; Avid DNA> 2008-04-11 12:08:21 0 d-------- C:\Programfiler\Fellesfiler\Avid 2008-04-11 12:07:49 0 d-------- C:\Programfiler\SafeNet Sentinel 2008-04-11 12:07:49 0 d-------- C:\Programfiler\Fellesfiler\SafeNet Sentinel 2008-04-11 12:05:27 0 d-------- C:\Programfiler\AC3Filter 2008-04-11 12:05:06 0 d-------- C:\Programfiler\MSXML 6.0 2008-04-11 12:03:48 0 d-------- C:\Programfiler\VideoLAN 2008-04-11 11:32:40 0 dra------ C:\Nedlastinger 2008-04-11 11:30:09 0 d-------- C:\WINDOWS\network diagnostic 2008-04-11 11:27:39 0 d-------- C:\Programfiler\MSXML 4.0 2008-04-11 11:26:37 0 d-------- C:\Programfiler\Fellesfiler\Adobe 2008-04-11 11:25:48 0 d-------- C:\WINDOWS\system32\nb-NO 2008-04-11 11:24:52 0 d-------- C:\Programfiler\MSBuild 2008-04-11 11:23:04 0 d-------- C:\WINDOWS\Sun 2008-04-11 11:22:50 0 d-------- C:\WINDOWS\system32\XPSViewer 2008-04-11 11:22:32 0 d-------- C:\Programfiler\Reference Assemblies 2008-04-11 11:21:49 0 d-------- C:\b4ed6d7b4fbcbb4abca49b1daa 2008-04-11 11:21:28 0 d-------- C:\Programfiler\Windows Media Connect 2 2008-04-11 11:20:36 0 d-------- C:\WINDOWS\system32\LogFiles 2008-04-11 11:20:36 0 d-------- C:\WINDOWS\system32\drivers\UMDF 2008-04-11 11:02:21 0 d-------- C:\Programfiler\Microsoft Works 2008-04-11 11:01:41 0 d-------- C:\WINDOWS\SHELLNEW 2008-04-11 11:01:26 0 d-------- C:\Programfiler\Microsoft.NET 2008-04-11 10:57:27 0 d-------- C:\Zenworks 2008-04-11 10:56:49 0 d--h----- C:\NALCache 2008-04-11 10:52:03 0 d-------- C:\Programfiler\Novell 2008-04-11 10:45:58 0 d-------- C:\WINDOWS\system32\novell 2008-04-11 10:45:58 823296 -----n--- C:\WINDOWS\system32\ccsw32.dll <Not Verified; Novell, Inc.; Novell International Cryptography Infrastructure> 2008-04-11 10:45:45 0 d-------- C:\WINDOWS\system\nls 2008-04-11 10:45:41 0 d-------- C:\WINDOWS\system32\NetWare 2008-04-11 10:45:40 0 d-------- C:\Programfiler\CUAgent 2008-04-11 10:45:38 0 d-------- C:\WINDOWS\system32\nls 2008-04-11 10:44:12 0 d-------- C:\Novell 2008-04-11 10:43:57 0 d-------- C:\WINDOWS\FORMS 2008-04-11 10:43:57 0 d-------- C:\Program Files 2008-04-11 10:40:07 0 d-------- C:\WINDOWS\system32\PreInstall 2008-04-11 10:35:36 0 d-------- C:\WINDOWS\system32\SoftwareDistribution 2008-04-11 10:33:44 0 d-------- C:\Programfiler\Norman 2008-04-11 10:21:54 0 d-------- C:\Programfiler\WIDCOMM 2008-04-11 10:21:45 0 d-------- C:\Programfiler\Google 2008-04-11 10:21:18 0 d-------- C:\Programfiler\ProtectTools 2008-04-11 10:20:21 0 d-------- C:\WINDOWS\tiinst 2008-04-11 10:20:04 204800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll 2008-04-11 10:20:04 188416 --a------ C:\WINDOWS\system32\IVIresizePX.dll 2008-04-11 10:20:04 192512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll 2008-04-11 10:20:04 192512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll 2008-04-11 10:20:04 200704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll 2008-04-11 10:20:04 20480 --a------ C:\WINDOWS\system32\IVIresize.dll 2008-04-11 10:19:50 0 d-------- C:\Programfiler\InterVideo 2008-04-11 10:18:01 0 d-------- C:\Programfiler\AuthenTec 2008-04-11 10:16:58 0 d-------- C:\Programfiler\Snarveier til programmer 2008-04-11 10:16:27 0 d-------- C:\WINDOWS\Prefetch -- Find3M Report --------------------------------------------------------------- 2008-04-17 08:27:12 41889 --a------ C:\WINDOWS\system32\nvModes.dat 2008-04-16 14:50:49 0 d-------- C:\Documents and Settings\Thomasv\Programdata\ReGet Software 2008-04-16 11:58:00 0 d-------- C:\Documents and Settings\Thomasv\Programdata\TmpRecentIcons 2008-04-16 09:57:37 0 d-------- C:\Documents and Settings\Thomasv\Programdata\Azureus 2008-04-15 21:48:15 0 d-------- C:\Documents and Settings\Thomasv\Programdata\DivX 2008-04-14 10:34:30 0 d-------- C:\Documents and Settings\Thomasv\Programdata\AdobeUM 2008-04-14 09:42:09 0 d--h----- C:\Programfiler\InstallShield Installation Information 2008-04-14 09:32:26 0 d-------- C:\Programfiler\Fellesfiler 2008-04-14 09:28:48 0 d-------- C:\Documents and Settings\Thomasv\Programdata\Adobe 2008-04-14 08:38:07 0 d-------- C:\Documents and Settings\Thomasv\Programdata\Sonic 2008-04-13 18:22:58 0 d-------- C:\Documents and Settings\Thomasv\Programdata\Norman 2008-04-13 15:43:52 0 d-------- C:\Documents and Settings\Thomasv\Programdata\TVU Networks 2008-04-13 15:06:36 0 d-------- C:\Documents and Settings\Thomasv\Programdata\Talkback 2008-04-13 13:50:55 0 d-------- C:\Documents and Settings\Thomasv\Programdata\Wizards of the Coast 2008-04-12 17:46:54 0 d-------- C:\Documents and Settings\Thomasv\Programdata\vlc 2008-04-11 18:24:18 0 d-------- C:\Programfiler\Windows NT 2008-04-11 18:24:12 0 d-------- C:\Programfiler\Synaptics 2008-04-11 18:23:18 0 d-------- C:\Programfiler\Sonic 2008-04-11 18:23:02 0 d-------- C:\Programfiler\MSN Gaming Zone 2008-04-11 18:23:02 0 d-------- C:\Programfiler\Movie Maker 2008-04-11 18:23:01 0 d-------- C:\Programfiler\microsoft frontpage 2008-04-11 18:23:01 0 d-------- C:\Programfiler\Messenger 2008-04-11 18:22:33 0 d-------- C:\Programfiler\HPQ 2008-04-11 18:22:33 0 d-------- C:\Programfiler\Hp 2008-04-11 18:22:22 0 d-------- C:\Programfiler\Hewlett-Packard 2008-04-11 18:22:22 0 d-------- C:\Programfiler\Fingerprint Sensor 2008-04-11 18:22:22 0 d-------- C:\Programfiler\Fellesfiler\Tjenester 2008-04-11 18:22:22 0 d-------- C:\Programfiler\Fellesfiler\TiVo Shared 2008-04-11 18:22:03 0 d-------- C:\Programfiler\Fellesfiler\SureThing Shared 2008-04-11 18:22:02 0 d-------- C:\Programfiler\Fellesfiler\SpeechEngines 2008-04-11 18:21:59 0 d-------- C:\Programfiler\Fellesfiler\Sonic Shared 2008-04-11 18:21:59 0 d-------- C:\Programfiler\Fellesfiler\ODBC 2008-04-11 18:21:59 0 d-------- C:\Programfiler\Fellesfiler\MSSoap 2008-04-11 18:21:58 0 d-------- C:\Programfiler\Fellesfiler\LightScribe 2008-04-11 18:21:52 0 d-------- C:\Programfiler\Fellesfiler\Java 2008-04-11 18:21:50 0 d-------- C:\Programfiler\Fellesfiler\InstallShield 2008-04-11 18:21:50 0 d-------- C:\Programfiler\Elektroniske tjenester 2008-04-11 18:21:50 0 d-------- C:\Programfiler\CONEXANT 2008-04-11 18:21:50 0 d-------- C:\Programfiler\Analog Devices 2008-04-11 18:19:46 0 d-------- C:\Documents and Settings\Thomasv\Programdata\Identities 2008-04-11 15:25:15 454974 --a------ C:\WINDOWS\system32\perfh014.dat 2008-04-11 15:25:15 83406 --a------ C:\WINDOWS\system32\perfc014.dat 2008-04-11 15:11:41 0 d-------- C:\Documents and Settings\Thomasv\Programdata\InstallShield 2008-04-11 13:09:09 0 d-------- C:\Documents and Settings\Thomasv\Programdata\Mozilla 2008-04-11 12:48:59 0 d-------- C:\Documents and Settings\Thomasv\Programdata\Apple Computer 2008-04-11 11:23:03 0 d-------- C:\Documents and Settings\Thomasv\Programdata\Sun 2008-04-11 11:22:40 0 d-------- C:\Documents and Settings\Thomasv\Programdata\Macromedia 2008-04-11 11:20:24 0 d-------- C:\Programfiler\Windows Media Connect 2008-04-11 10:56:56 0 d-------- C:\Documents and Settings\Thomasv\Programdata\Infineon 2008-04-11 10:41:22 0 d-------- C:\Programfiler\Java 2008-04-11 10:29:22 0 d-------- C:\Programfiler\Fellesfiler\Symantec Shared 2008-03-19 14:00:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe 2008-03-19 14:00:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2008-03-19 14:00:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2008-03-19 14:00:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2008-03-19 14:00:00 1486848 --a------ C:\WINDOWS\system32\nview.dll 2008-03-19 14:00:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2008-03-19 14:00:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2008-03-19 14:00:00 425984 --a------ C:\WINDOWS\system32\keystone.exe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3AEF888-A3E2-44EB-BD85-F0C85BA7673F}] 16.04.2008 10:19 36352 --a------ C:\WINDOWS\system32\tuvVOGaw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06.09.2006 22:47] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [06.09.2006 22:47] "nwiz"="nwiz.exe" [19.03.2008 14:00 C:\WINDOWS\system32\nwiz.exe] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [06.05.2005 15:06] "AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [16.01.2006 22:01] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 04:25] "PTHOSTTR"="C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [14.02.2006 11:56] "HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [16.02.2005 23:11] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [06.04.2006 05:20] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [15.09.2007 02:27] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [14.02.2006 10:49] "CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [22.12.2003 20:12] "QlbCtrl"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [08.05.2006 09:56] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [22.02.2006 08:03] "Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [20.12.2005 16:51] "Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [09.03.2006 17:38] "Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [15.02.2006 17:43] "WatchDog"="C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe" [08.11.2005 11:59] "Norman ZANDA"="C:\Programfiler\Norman\Npm\bin\ZLH.exe" [09.08.2007 14:40] "NDPS"="C:\WINDOWS\system32\dpmw32.exe" [17.05.2004 14:27] "ZENRC Tray Icon"="C:\WINDOWS\system32\zentray.exe" [18.05.2005 17:04] "NWTRAY"="NWTRAY.EXE" [12.03.2002 11:37 C:\WINDOWS\system32\nwtray.exe] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [24.06.2005 15:16] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [11.04.2008 12:48] "Acrobat Assistant 7.0"="C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [12.01.2006 20:52] "@"="" [] "SynTPStart"="C:\Programfiler\Synaptics\SynTP\SynTPStart.exe" [15.09.2007 02:29] "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [05.01.2007 22:36] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 10:00] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [15.11.2006 10:46] "pcmdyvvw"="C:\WINDOWS\system32\nqjkpgjy.exe" [16.04.2008 10:19] "AWMON"="C:\Programfiler\Norman\Norman Ad-Aware SE Professional\Ad-Watch.exe" [27.06.2005 16:49] "SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [28.01.2008 11:43] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [11.04.2008 14:24:44] Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [16.03.2005 19:16:50] BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [15.02.2006 16:16:02] DVD Check.lnk - C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe [11.04.2008 10:19:50] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "CompatibleRUPSecurity"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] "pADsSP8oOS"=C:\Documents and Settings\All Users\Programdata\zgpgnids\zozitwrq.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] "pADsSP8oOS"=C:\Documents and Settings\All Users\Programdata\zgpgnids\zozitwrq.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{763370C4-268E-4308-A60C-D8DA0342BE32}"= C:\Programfiler\Novell\ZENworks\NalShell.dll [13.02.2007 15:49 454656] "{F3AEF888-A3E2-44EB-BD85-F0C85BA7673F}"= C:\WINDOWS\system32\tuvVOGaw.dll [16.04.2008 10:19 36352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "System"="ziswin.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN] IfxWlxEN.dll 19.08.2005 15:52 389120 C:\WINDOWS\system32\IfxWlxEN.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification] C:\WINDOWS\system32\Novell\XtNotify.dll 10.01.2007 11:52 24576 C:\WINDOWS\system32\novell\xtnotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll 25.07.2005 20:41 40960 C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvVOGaw] tuvVOGaw.dll 16.04.2008 10:19 36352 C:\WINDOWS\system32\tuvVOGaw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 nwv1_0 "Notification Packages"= scecli AsWlnPkg [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance ASChannel [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 8392 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-04-17 14:47:25 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: Norwegian CPU 0: Intel® Core™2 CPU T7400 @ 2.16GHz CPU 1: Intel® Core™2 CPU T7400 @ 2.16GHz Percentage of Memory in Use: 41% Physical Memory (total/avail): 2047.36 MiB / 1194.59 MiB Pagefile Memory (total/avail): 3938.73 MiB / 3278.43 MiB Virtual Memory (total/avail): 2047.88 MiB / 1916.63 MiB C: is Fixed (NTFS) - 85.9 GiB total, 51.29 GiB free. D: is Fixed (NTFS) - 7.25 GiB total, 0.43 GiB free. E: is CDROM (No Media) X: is Removable (No Media) Y: is Removable (No Media) Z: is Fixed (NTFS) - 232.88 GiB total, 179.39 GiB free. \\.\PHYSICALDRIVE0 - ST910021AS - 93.16 GiB - 2 partitions \PARTITION0 (bootable) - Installerbart filsystem - 85.9 GiB - C: \PARTITION1 - Installerbart filsystem - 7.25 GiB - D: \\.\PHYSICALDRIVE3 - WD 2500JB External USB Device - 232.88 GiB - 1 partition \PARTITION0 - Installerbart filsystem - 232.88 GiB - Z: \\.\PHYSICALDRIVE2 - WD CR HS-5-IN-1 USB Device \\.\PHYSICALDRIVE1 - WD CR HS-CF USB Device -- Security Center ------------------------------------------------------------- AUOptions is set to notify before install. Windows Internal Firewall is enabled. FirstRunDisabled is set. AV: Norman Virus Control ver. 5.90 v5.90 (Norman ASA) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing" "C:\\WINDOWS\\SMINST\\Scheduler.exe"="C:\\WINDOWS\\SMINST\\Scheduler.exe:*:Enabled:Scheduler " "C:\\Novell\\GroupWise\\grpwise.exe"="C:\\Novell\\GroupWise\\grpwise.exe:*:Enabled:Novell GroupWise" "C:\\Novell\\GroupWise\\notify.exe"="C:\\Novell\\GroupWise\\notify.exe:*:Enabled:Novell Notify" "C:\\WINDOWS\\system32\\dpmw32.exe"="C:\\WINDOWS\\system32\\dpmw32.exe:*:Enabled:dpmw32.exe" "C:\\Programfiler\\Adobe\\Acrobat 6.0\\Reader\\AcroRd32.exe"="C:\\Programfiler\\Adobe\\Acrobat 6.0\\Reader\\AcroRd32.exe:*:Enabled:Adobe Reader 6.0" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Programfiler\\iTunes\\iTunes.exe"="C:\\Programfiler\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Programfiler\\SopCast\\SopCast.exe"="C:\\Programfiler\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application" "C:\\Programfiler\\SopCast\\adv\\SopAdver.exe"="C:\\Programfiler\\SopCast\\adv\\SopAdver.exe:*:Disabled:SopCast Adver" "C:\\Programfiler\\Azureus\\Azureus.exe"="C:\\Programfiler\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Programfiler\\TVUPlayer\\TVUPlayer.exe"="C:\\Programfiler\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Thomasv\Programdata CommonProgramFiles=C:\Programfiler\Fellesfiler COMPUTERNAME=PC270461038819 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\ LOGONSERVER=\\PC270461038819 NpmLib=C:\Programfiler\Norman\Npm\Bin NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Programfiler\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programfiler\HPQ\IAM\bin;C:\Programfiler\Norman\Npm\Bin;C:\WINDOWS\system32\nls;C:\WINDOWS\system32\nls\ENGLISH;C:\Programfiler\Novell\ZENworks\;C:\Programfiler\Fellesfiler\Avid;C:\Programfiler\Fellesfiler\Adobe\AGL PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f06 ProgramFiles=C:\Programfiler PROMPT=$P$G SESSIONNAME=Console SonicCentral=C:\Programfiler\Fellesfiler\Sonic Shared\Sonic Central\ SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Thomasv\LOKALE~1\Temp TMP=C:\DOCUME~1\Thomasv\LOKALE~1\Temp USERDOMAIN=PC270461038819 USERNAME=Thomasv USERPROFILE=C:\Documents and Settings\Thomasv windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Thomasv (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601} --> msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC} --> MsiExec.exe /I{26DE0F0B-9CF1-4796-A1B5-01B912E35B46} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf AC3Filter (remove only) --> C:\Programfiler\AC3Filter\uninstall.exe Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Creative Suite 2 --> C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=e:\adobe creative suite 2.0/lang=0809 Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe FrameMaker 8 --> MsiExec.exe /I{7B4CA480-7321-4AD4-BED1-F7177671C37E} Adobe FrameMaker 8 p266 Patcher --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{7D8FC519-3BAC-4541-8D72-D64A9F0F5760}\Setup.exe" -l0x9 Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Reader 6.0.1 - Norsk --> MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A00000000001} Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001} Adobe SVG Viewer 3.0 --> C:\Programfiler\Fellesfiler\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Programfiler\Fellesfiler\Adobe\SVG Viewer 3.0\Uninstall\Install.log Application Installer 4.00.B6 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}\setup.exe" -l0x14 Avid DIO Runtime --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{0887F932-C0DE-4201-B43D-D186F9A2C195}\SETUP.exe" -l0x9 -removeonly Avid Xpress Pro HD --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{A537CF6D-E8FF-4A75-A03D-29494C326603}\setup.exe" -l0x9 -removeonly Azureus --> C:\Programfiler\Azureus\Uninstall.exe CCleaner (remove only) --> "C:\Programfiler\CCleaner\uninst.exe" Compatibility Pack for 2007 Office --> MsiExec.exe /X{90120000-0020-0414-0000-0000000FF1CE} DivX Codec --> C:\Programfiler\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader --> C:\Programfiler\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter --> C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player --> C:\Programfiler\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Programfiler\DivX\DivXWebPlayerUninstall.exe /PLUGIN GroupWise --> MsiExec.exe /I{90474A24-BE2C-4469-B3B6-BAA3E2919DF0} HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Programfiler\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA_hpq0033m\UIU32m.exe -U -Ihpq0033m.INF HijackThis 2.0.2 --> "C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" HP BIOS Configuration for ProtectTools 2.00 E1 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{AE052EF7-2640-48D7-8915-69B810D975CB}\Setup.exe" -l0x14 biosuninst HP Credential Manager for ProtectTools --> MsiExec.exe /X{B9F4C05D-E42F-4E9A-A73F-FDD9355319FB} HP Embedded Security for ProtectTools --> MsiExec.exe /I{2298055A-F5E6-4332-9A15-C5D99870E72F} HP Help and Support --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x14 -removeonly HP Integrated Module with Bluetooth wireless technology --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679} HP Mobile Data Protection System --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{75ECB75A-522C-4312-8DE7-597CDA9D96A3}\setup.exe" -l0x14 UNINSTALL HP Notebook Accessories Product Tour --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{A7AD8CEF-72D7-4FE4-8A14-DDD09DC86074}\setup.exe" -l0x9 -removeonly HP Performance Tuning Framework --> MsiExec.exe /I{238C9494-4E09-4517-8C84-09D892F337C8} HP ProtectTools Security Manager 2.00 C3 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}\Setup.exe" -l0x14 -removeonly hpquninst HP Quick Launch Buttons 6.00 H1 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x14 -removeonly uninst HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E} HP User Guides 0013 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{1F89F212-2052-414A-8B7E-D8604C431BDF}\setup.exe" -l0x14 -removeonly HP Wireless Assistant 2.00 E1 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x14 hpquninst Hurtigreparasjon for Windows XP (KB896256) --> "C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe" Hurtigreparasjon for Windows XP (KB909095) --> "C:\WINDOWS\$NtUninstallKB909095$\spuninst\spuninst.exe" Hurtigreparasjon for Windows XP (KB910728) --> "C:\WINDOWS\$NtUninstallKB910728$\spuninst\spuninst.exe" Hurtigreparasjon for Windows XP (KB912436) --> "C:\WINDOWS\$NtUninstallKB912436$\spuninst\spuninst.exe" Hurtigreparasjon for Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" Hurtigreparasjon for Windows XP (KB915326) --> "C:\WINDOWS\$NtUninstallKB915326$\spuninst\spuninst.exe" Hurtigreparasjon for Windows XP (KB918005) --> "C:\WINDOWS\$NtUninstallKB918005$\spuninst\spuninst.exe" Installeringsprogram for HP Backup and Recovery Manager --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe" -l0x14 -uninst -removeonly InterVideo DVD Check --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL InterVideo WinDVD --> "C:\Programfiler\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL iTunes --> C:\Programfiler\Fellesfiler\InstallShield\Driver\8\Intel 32\IDriver.exe /M{47808F78-F178-49DC-B708-15FE538B16FF} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Magic Online III --> C:\Programfiler\InstallShield Installation Information\{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}\setup.exe -runfromtemp -l0x0009 -removeonly Microsoft Base Smart Card Cryptographic Service Provider-pakke --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110414-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Mozilla Firefox (2.0.0.14) --> C:\Programfiler\Mozilla Firefox\uninstall\helper.exe MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} NICI (Shared) U.S./Worldwide (128 bit) (2.7.3-1) --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}\Setup.exe" -uninst NMAS Challenge Response Method --> MsiExec.exe /X{B9A5A789-D491-49FB-958C-BFEC2C11BB1D} NMAS Client --> MsiExec.exe /I{9B427732-573E-4E78-B6FA-AC3E5A218BA2} Norman Ad-Aware SE Professional --> C:\PROGRA~1\Norman\NORMAN~1\UNWISE.EXE C:\PROGRA~1\Norman\NORMAN~1\INSTALL.LOG Norman Virus Control --> C:\Programfiler\Norman\NVC\BIN\DelNVC5.exe Novell Client for Windows --> %SystemRoot%\system32\rundll32 nwsetup.dll NWUninstallClient NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI Oppdatering for Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB912945) --> Oppdatering for Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB920342) --> "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB925720) --> "C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB925876) --> "C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Panda ActiveScan 2.0 --> C:\Programfiler\Panda Security\ActiveScan 2.0\as2uninst.exe QuickPar 0.9 --> C:\Programfiler\QuickPar\uninst.exe QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log ReGet Deluxe --> C:\Programfiler\ReGet Software\ReGet Deluxe 5.2\ReGetDxUninstall.exe Sentinel Protection Installer 7.0.0 --> MsiExec.exe /I{547D4265-AF45-42E9-A62A-C58182AA35B9} Sikkerhetsoppdatering for Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB917537) --> "C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB944338) --> "C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB947864) --> "C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe" Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Sonic Express Labeler --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} SopCast 3.0.1 --> C:\Programfiler\SopCast\uninst.exe SoundMAX --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x14 -removeonly Spybot - Search & Destroy --> "C:\Programfiler\Spybot - Search & Destroy\unins000.exe" Suite Specific --> MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04} Synaptics Pointing Device Driver --> rundll32.exe "C:\Programfiler\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\PROGRA~1\FELLES~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033 TVUPlayer 2.3.4.1 --> C:\Programfiler\TVUPlayer\uninst.exe VideoLAN VLC media player 0.8.6f --> C:\Programfiler\VideoLAN\VLC\uninstall.exe Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe" Windows NT Messaging --> RunDll32 setupapi.dll,InstallHinfSection Uninstall 4 MSMail.inf Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Presentation Foundation Language Pack (NOR) --> MsiExec.exe /X{B0534960-A7E2-4FFD-8E27-51B4B188633F} Windows Workflow Foundation NO Language Pack --> MsiExec.exe /I{42F46A4E-1662-473F-A210-C5BB3BD385CC} Windows XP hurtigreparasjon - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB883667 --> C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB885464 --> C:\WINDOWS\$NtUninstallKB885464$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB885855 --> C:\WINDOWS\$NtUninstallKB885855$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB888239 --> C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB888402 --> C:\WINDOWS\$NtUninstallKB888402$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB889673 --> C:\WINDOWS\$NtUninstallKB889673$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP hurtigreparasjon - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB892559 --> "C:\WINDOWS\$NtUninstallKB892559$\spuninst\spuninst.exe" WinPcap 4.0 --> C:\Programfiler\WinPcap\uninstall.exe WinRAR Arkiverer --> C:\Programfiler\WinRAR\uninstall.exe WM Recorder 12.0 --> C:\Programfiler\WMR11\Uninstal.exe XML Paper Specification Shared Components Language Pack 1.0 --> "C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" XML Paper Specification Shared Components Pack 1.0 --> ZENworks Desktop Management Agent --> MsiExec.exe /I{0028ED8D-E938-4B81-B636-F20B3207086F} -- Application Event Log ------------------------------------------------------- Event Record #/Type611 / Error Event Submitted/Written: 04/17/2008 00:50:59 PM Event ID/Source: 352 / IFXSPMGT Event Description: The Upgrade Tool returned an error. Event Record #/Type601 / Error Event Submitted/Written: 04/17/2008 08:25:11 AM Event ID/Source: 352 / IFXSPMGT Event Description: The Upgrade Tool returned an error. Event Record #/Type590 / Error Event Submitted/Written: 04/16/2008 07:39:22 PM Event ID/Source: 352 / IFXSPMGT Event Description: The Upgrade Tool returned an error. Event Record #/Type583 / Error Event Submitted/Written: 04/16/2008 06:36:05 PM Event ID/Source: 352 / IFXSPMGT Event Description: The Upgrade Tool returned an error. Event Record #/Type576 / Error Event Submitted/Written: 04/16/2008 03:12:15 PM Event ID/Source: 352 / IFXSPMGT Event Description: The Upgrade Tool returned an error. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type1903 / Warning Event Submitted/Written: 04/17/2008 00:47:46 PM / 04/17/2008 00:48:14 PM Event ID/Source: 4 / b57w2k Event Description: Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected. Event Record #/Type1894 / Error Event Submitted/Written: 04/17/2008 00:48:10 PM Event ID/Source: 7034 / Service Control Manager Event Description: Tjenesten Avid Startup stoppet uventet. Dette har skjedd 1 gang(er). Event Record #/Type1881 / Warning Event Submitted/Written: 04/17/2008 00:46:20 PM Event ID/Source: 4 / b57w2k Event Description: Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected. Event Record #/Type1877 / Warning Event Submitted/Written: 04/17/2008 08:59:40 AM Event ID/Source: 4 / b57w2k Event Description: Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected. Event Record #/Type1875 / Warning Event Submitted/Written: 04/17/2008 08:33:49 AM Event ID/Source: 4 / b57w2k Event Description: Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected. -- End of Deckard's System Scanner: finished at 2008-04-17 14:47:25 ------------ |
 |
 
|
|
Apr 17 2008, 09:17 AM
Post
#2
|
|
 Portuguese Malware Fighter Group: HJT Team Posts: 1,443 Joined: 5-April 07 From: Portugal Member No.: 122,277 |
Hi, Wellcome to Bleeping Computer Forums!
You might want to save this page on your favorites, so you can find it again when you return. Please take note of the following:
Please give me some time to look over your log and I will get back to you as soon as possible. 
--------------------  Please do not PM me asking for support. Please be courteous, polite, and say thank you. Please post the final results, good or bad. We like to know! |
|
|
|
|
Apr 18 2008, 03:47 AM
Post
#3
|
|
|
Portuguese Malware Fighter Group: HJT Team Posts: 1,443 Joined: 5-April 07 From: Portugal Member No.: 122,277 |
Hello and thanks for your patient.
# Step 1 # Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Azureus). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it. It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology." It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves. Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office." # Step 2 # Your log also show that you have two resident spyware protection running on your computer, specifically Ad-Watch.exe from Ad-Aware SE Professional and TeaTimer.exe from Spybot - Search & Destroy I do not recommend that you have more than one running on your computer at a time. In general terms, the two programs may conflict between itself. So please disable one of these residents, either Ad-Watch.exe or TeaTimer.exe # Step 3 # Download ComboFix from Here or Here to your Desktop. Read first: "How to download and use ComboFix" If you downloaded ComboFix previously, delete that version and download it again as the tool is frequently updated!
Extra-Note: Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist. Please read Combofix's Disclaimer -------------------- Please do not PM me asking for support. Please be courteous, polite, and say thank you. Please post the final results, good or bad. We like to know! |
|
|
|
|
Apr 18 2008, 04:29 AM
Post
#4
|
|
|
New Member Group: Members Posts: 4 Joined: 17-April 08 Member No.: 203,562 |
Thanks for the help. Ran ComboFix and HJT. Here are the logs:
ComboFix 08-04-17.1 - Thomasv 2008-04-18 11:17:27.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1226 [GMT 2:00] Running from: C:\Documents and Settings\Thomasv\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Thomasv\Skrivebordblackbird.jpg C:\Documents and Settings\Thomasv\SkrivebordEditorFKWP1.5.exe C:\Documents and Settings\Thomasv\SkrivebordEditorFKWP2.0.exe C:\Documents and Settings\Thomasv\Skrivebordfilemanagerclient.exe C:\Documents and Settings\Thomasv\Skrivebordfkwp1.5.exe C:\Documents and Settings\Thomasv\Skrivebordfkwp2.0.exe C:\Documents and Settings\Thomasv\Skrivebordfwebd.exe C:\Documents and Settings\Thomasv\SkrivebordFWebdEditor.exe C:\Documents and Settings\Thomasv\SkrivebordTrojan.Win32.BlackBird.exe C:\Documents and Settings\Thomasv\Skrivebordvirii C:\WINDOWS\system32\media C:\WINDOWS\system32\media\AvidRender.wav C:\WINDOWS\system32\tuvVOGaw.dll C:\WINDOWS\system32bdn.com C:\WINDOWS\system32hxiwlgpm.dat C:\WINDOWS\system32ssvchost.com C:\WINDOWS\system32taack.dat C:\WINDOWS\system32VBIEWER.OCX . ((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 ))))))))))))))))))))))))))))))) . 2008-04-18 11:20 . 2008-04-18 11:20 114,688 --a------ C:\WINDOWS\system32\chg.exe 2008-04-18 09:15 . 2008-04-18 09:15 <DIR> d-------- C:\Programfiler\Any Audio Converter 2008-04-18 09:08 . 2008-04-18 09:25 <DIR> d-------- C:\Programfiler\AUAU Audio Converter 2008-04-18 09:08 . 2008-04-18 09:08 34 --ah----- C:\WINDOWS\system32\VideoConverter_sysquict.dat 2008-04-18 09:04 . 2008-04-18 09:04 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\TEMP 2008-04-17 15:03 . 2008-04-18 10:41 <DIR> d-------- C:\Programfiler\Mozilla Thunderbird 2008-04-17 15:03 . 2008-04-17 15:03 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Thunderbird 2008-04-17 14:44 . 2008-04-17 14:44 <DIR> d-------- C:\Deckard 2008-04-16 19:37 . 2008-04-18 10:40 <DIR> dr-h----- C:\Documents and Settings\Thomasv\Siste 2008-04-16 19:05 . 2008-04-16 19:05 <DIR> d-------- C:\Programfiler\Trend Micro 2008-04-16 19:01 . 2008-04-16 19:01 <DIR> d-------- C:\Programfiler\CCleaner 2008-04-16 15:08 . 2008-04-16 15:08 5,668 --a------ C:\WINDOWS\system32\tmp.reg 2008-04-16 14:55 . 2008-04-16 14:56 <DIR> d-------- C:\Programfiler\Panda Security 2008-04-16 11:58 . 2008-04-16 11:58 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\TmpRecentIcons 2008-04-16 10:19 . 2008-04-16 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\zgpgnids 2008-04-16 10:19 . 2008-04-15 20:07 253,952 --a------ C:\WINDOWS\lgmxvpatkmb.dll 2008-04-16 10:19 . 2008-04-16 10:19 106,496 --a------ C:\WINDOWS\system32\nqjkpgjy.exe 2008-04-16 10:19 . 2008-04-15 20:07 106,496 --a------ C:\WINDOWS\npqtsrak.exe 2008-04-16 10:19 . 2008-04-15 20:07 98,304 --a------ C:\WINDOWS\rtqmekwg.exe 2008-04-16 09:51 . 2008-04-16 09:51 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-04-16 09:12 . 2008-04-16 09:12 <DIR> d-------- C:\Programfiler\WinPcap 2008-04-16 09:09 . 2008-04-16 09:22 <DIR> d-------- C:\Programfiler\WMR11 2008-04-14 09:32 . 2008-04-14 09:32 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe Systems Shared 2008-04-14 08:49 . 2008-04-14 08:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\FLEXnet 2008-04-14 08:48 . 2008-04-14 08:48 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared 2008-04-14 08:38 . 2008-04-14 08:38 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Sonic 2008-04-14 00:00 . 2008-04-14 00:00 <DIR> d-------- C:\Programfiler\QuickPar 2008-04-13 18:22 . 2008-04-13 18:22 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Norman 2008-04-13 16:51 . 2008-04-13 16:51 <DIR> d-------- C:\Temp\MTGOInstall 2008-04-13 16:51 . 2008-04-13 16:51 <DIR> d-------- C:\Temp 2008-04-13 16:51 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2008-04-13 15:43 . 2008-04-13 15:44 <DIR> d-------- C:\Programfiler\TVUPlayer 2008-04-13 15:43 . 2008-04-13 15:43 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\TVU Networks 2008-04-13 15:06 . 2008-04-13 15:06 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Talkback 2008-04-13 12:29 . 2008-04-13 12:29 5,365 --a------ C:\WT61NO.UWL 2008-04-12 21:55 . 2008-04-12 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\NVIDIA 2008-04-12 20:01 . 2008-04-15 21:48 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\DivX 2008-04-12 17:29 . 2008-04-12 17:29 <DIR> d-------- C:\Programfiler\DivX 2008-04-12 17:29 . 2007-11-30 00:30 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2008-04-12 17:16 . 2008-04-12 17:17 <DIR> d-------- C:\Programfiler\ReGet Software 2008-04-12 17:16 . 2008-04-12 21:53 <DIR> d-------- C:\Programfiler\Fellesfiler\ReGet Shared 2008-04-12 17:16 . 2008-04-18 09:15 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\ReGet Software 2008-04-12 17:16 . 2008-04-12 17:16 57 --a------ C:\WINDOWS\english.lng 2008-04-12 17:05 . 2008-04-12 17:05 <DIR> d-------- C:\Programfiler\Azureus 2008-04-12 17:05 . 2008-04-18 10:58 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Azureus 2008-04-12 16:48 . 2008-04-12 16:52 <DIR> d-------- C:\Programfiler\SopCast 2008-04-12 16:32 . 2008-04-12 16:32 <DIR> d-------- C:\Documents and Settings\Thomasv\Bluetooth Software 2008-04-11 18:39 . 2008-04-11 18:39 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT 2008-04-11 18:38 . 2008-04-11 18:38 <DIR> d-------- C:\WINDOWS\i386 2008-04-11 15:12 . 2008-04-13 13:50 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Wizards of the Coast 2008-04-11 15:12 . 2008-04-12 17:46 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\vlc 2008-04-11 15:11 . 2008-04-13 16:48 <DIR> d-------- C:\Programfiler\Wizards of the Coast 2008-04-11 15:11 . 2008-04-11 15:11 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\InstallShield 2008-04-11 14:18 . 2008-04-11 14:18 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-04-11 14:18 . 2004-08-17 02:40 16,384 --a------ C:\WINDOWS\system32\FileOps.exe 2008-04-11 14:11 . 2008-04-16 14:55 2,477 --a------ C:\WINDOWS\mozver.dat 2008-04-11 14:07 . 2008-04-18 11:15 86 --a------ C:\WINDOWS\WPCMAPI.INI 2008-04-11 13:09 . 2008-04-11 13:09 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\WINDOWS\system32\QuickTime 2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\Programfiler\QuickTime 2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\Programfiler\iTunes 2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\Programfiler\iPod 2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Apple Computer 2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\QuickTime 2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-04-11 12:48 . 1999-11-10 12:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe 2008-04-11 12:47 . 2008-04-11 13:14 <DIR> d-------- C:\Avid 2008-04-11 12:46 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-04-11 12:46 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-04-11 12:09 . 2008-04-11 12:09 <DIR> d-------- C:\Programfiler\Fellesfiler\Digidesign 2008-04-11 12:08 . 2008-04-11 12:08 <DIR> d-------- C:\Programfiler\Fellesfiler\Avid 2008-04-11 12:08 . 2008-04-11 12:09 <DIR> d-------- C:\Programfiler\Avid 2008-04-11 12:08 . 2001-03-23 19:32 2,981,888 --a------ C:\WINDOWS\system32\iplw7.dll 2008-04-11 12:07 . 2008-04-11 12:07 <DIR> d-------- C:\Programfiler\SafeNet Sentinel 2008-04-11 12:07 . 2008-04-11 12:07 <DIR> d-------- C:\Programfiler\Fellesfiler\SafeNet Sentinel 2008-04-11 12:05 . 2008-04-11 12:05 <DIR> d-------- C:\Programfiler\MSXML 6.0 2008-04-11 12:05 . 2008-04-11 12:05 <DIR> d-------- C:\Programfiler\AC3Filter 2008-04-11 12:05 . 2007-08-18 09:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm 2008-04-11 12:03 . 2008-04-11 12:03 <DIR> d-------- C:\Programfiler\VideoLAN 2008-04-11 11:27 . 2008-04-11 11:27 <DIR> d-------- C:\Programfiler\MSXML 4.0 2008-04-11 11:26 . 2008-04-14 09:32 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe 2008-04-11 11:26 . 2008-04-14 10:34 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\AdobeUM 2008-04-11 11:25 . 2008-04-11 15:23 <DIR> d-------- C:\WINDOWS\system32\nb-NO 2008-04-11 11:24 . 2008-04-11 11:24 <DIR> d-------- C:\Programfiler\MSBuild 2008-04-11 11:23 . 2008-04-11 11:23 <DIR> d-------- C:\WINDOWS\Sun 2008-04-11 11:22 . 2008-04-11 12:07 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-04-11 11:22 . 2008-04-11 11:22 <DIR> d-------- C:\Programfiler\Reference Assemblies 2008-04-11 11:22 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-04-11 11:21 . 2008-04-11 11:21 <DIR> d-------- C:\Programfiler\Windows Media Connect 2 2008-04-11 11:21 . 2008-04-11 11:21 <DIR> d-------- C:\b4ed6d7b4fbcbb4abca49b1daa 2008-04-11 11:21 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb 2008-04-11 11:21 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb 2008-04-11 11:21 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb 2008-04-11 11:20 . 2008-04-12 17:56 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-04-11 11:20 . 2008-04-11 11:20 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-04-11 11:18 . 2006-08-21 11:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys 2008-04-11 11:18 . 2006-08-21 11:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe 2008-04-11 11:18 . 2006-08-21 14:28 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll 2008-04-11 11:12 . 2007-07-09 15:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-04-11 11:07 . 2008-04-11 11:07 <DIR> d--hs---- C:\Documents and Settings\Thomasv\UserData 2008-04-11 11:05 . 2004-03-22 15:17 24,816 --a------ C:\WINDOWS\system32\mdimon.dll 2008-04-11 11:05 . 2008-04-11 11:05 382 --a------ C:\WINDOWS\ODBC.INI 2008-04-11 11:02 . 2008-04-11 11:02 <DIR> d-------- C:\Programfiler\Microsoft Works 2008-04-11 11:01 . 2008-04-11 11:04 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-04-11 11:01 . 2008-04-11 11:01 <DIR> d-------- C:\Programfiler\Microsoft.NET 2008-04-11 10:59 . 2008-04-11 10:59 153,284 --a------ C:\WINDOWS\hifm.bmp 2008-04-11 10:57 . 2008-04-18 11:21 <DIR> d-------- C:\Zenworks 2008-04-11 10:56 . 2008-04-18 11:21 <DIR> d--h----- C:\NALCache 2008-04-11 10:56 . 2008-04-14 09:12 <DIR> dr------- C:\Documents and Settings\Thomasv\Start-meny 2008-04-11 10:56 . 2006-09-27 07:09 <DIR> d--h----- C:\Documents and Settings\Thomasv\Skrivere 2008-04-11 10:56 . 2008-04-18 11:06 <DIR> d-------- C:\Documents and Settings\Thomasv\Skrivebord 2008-04-11 10:56 . 2006-09-27 07:09 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\SampleView 2008-04-11 10:56 . 2008-04-11 10:56 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Infineon 2008-04-11 10:56 . 2008-04-17 15:03 <DIR> dr-h----- C:\Documents and Settings\Thomasv\Programdata 2008-04-11 10:56 . 2008-04-18 10:49 <DIR> dr------- C:\Documents and Settings\Thomasv\Mine dokumenter 2008-04-11 10:56 . 2008-04-11 18:19 <DIR> d--h----- C:\Documents and Settings\Thomasv\Maler 2008-04-11 10:56 . 2008-04-11 18:19 <DIR> d--h----- C:\Documents and Settings\Thomasv\Lokale innstillinger 2008-04-11 10:56 . 2008-04-16 13:04 <DIR> dr------- C:\Documents and Settings\Thomasv\Favoritter 2008-04-11 10:56 . 2008-04-15 10:47 <DIR> d--h----- C:\Documents and Settings\Thomasv\AndrMask 2008-04-11 10:56 . 2008-04-18 11:19 <DIR> d-------- C:\Documents and Settings\Thomasv 2008-04-11 10:56 . 2008-04-18 11:22 323,584 --ah----- C:\Documents and Settings\Thomasv\ntuser.dat.LOG 2008-04-11 10:52 . 2008-04-11 10:52 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy 2008-04-11 10:52 . 2008-04-11 10:52 <DIR> d-------- C:\Programfiler\Novell 2008-04-11 10:52 . 2008-04-16 10:56 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-18 09:20 0 ----a-w C:\WINDOWS\system32\drivers\WFTDriverLog.txt 2008-04-18 07:26 --------- d-----w C:\Programfiler\Java 2008-04-14 07:42 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-04-11 16:24 --------- d-----w C:\Programfiler\Synaptics 2008-04-11 16:23 --------- d-----w C:\Programfiler\Sonic 2008-04-11 16:23 --------- d-----w C:\Programfiler\microsoft frontpage 2008-04-11 16:22 --------- d-----w C:\Programfiler\HPQ 2008-04-11 16:22 --------- d-----w C:\Programfiler\Hp 2008-04-11 16:22 --------- d-----w C:\Programfiler\Hewlett-Packard 2008-04-11 16:22 --------- d-----w C:\Programfiler\Fingerprint Sensor 2008-04-11 16:22 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2008-04-11 16:22 --------- d-----w C:\Programfiler\Fellesfiler\TiVo Shared 2008-04-11 16:22 --------- d-----w C:\Programfiler\Fellesfiler\SureThing Shared 2008-04-11 16:21 --------- d-----w C:\Programfiler\Fellesfiler\Sonic Shared 2008-04-11 16:21 --------- d-----w C:\Programfiler\Fellesfiler\LightScribe 2008-04-11 16:21 --------- d-----w C:\Programfiler\Fellesfiler\Java 2008-04-11 16:21 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-04-11 16:21 --------- d-----w C:\Programfiler\Elektroniske tjenester 2008-04-11 16:21 --------- d-----w C:\Programfiler\CONEXANT 2008-04-11 16:21 --------- d-----w C:\Programfiler\Analog Devices 2008-04-11 16:19 --------- d-----w C:\Documents and Settings\All Users\Programdata\InstallShield 2008-04-11 16:19 --------- d-----w C:\Documents and Settings\All Users\Programdata\hpqLog 2008-04-11 09:20 --------- d-----w C:\Programfiler\Windows Media Connect 2008-04-11 08:29 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-04-11 08:29 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec 2008-03-19 12:00 6,547,488 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3AEF888-A3E2-44EB-BD85-F0C85BA7673F}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:46 204288] "pcmdyvvw"="C:\WINDOWS\system32\nqjkpgjy.exe" [2008-04-16 10:19 106496] "AWMON"="C:\Programfiler\Norman\Norman Ad-Aware SE Professional\Ad-Watch.exe" [2005-06-27 16:49 516608] "SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-19 14:00 13524992] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-19 14:00 86016] "nwiz"="nwiz.exe" [2008-03-19 14:00 1630208 C:\WINDOWS\system32\nwiz.exe] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 15:06 716800] "AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2006-01-16 22:01 53248] "PTHOSTTR"="C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-02-14 11:56 122880] "HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-04-06 05:20 122940] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:27 1015808] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 10:49 454656] "CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 20:12 17920] "QlbCtrl"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-05-08 09:56 131072] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2006-02-22 08:03 40960] "Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 16:51 1187840] "Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-09 17:38 806912] "Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-02-15 17:43 892928] "WatchDog"="C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 11:59 184320] "Norman ZANDA"="C:\Programfiler\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352] "NDPS"="C:\WINDOWS\system32\dpmw32.exe" [2004-05-17 14:27 32859] "ZENRC Tray Icon"="C:\WINDOWS\system32\zentray.exe" [2005-05-18 17:04 40960] "NWTRAY"="NWTRAY.EXE" [2002-03-12 11:37 28672 C:\WINDOWS\system32\nwtray.exe] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2005-06-24 15:16 278528] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-04-11 12:48 98304] "Acrobat Assistant 7.0"="C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328] "SynTPStart"="C:\Programfiler\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400] "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2007-01-05 22:36 872448] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2008-04-11 14:24:44 25214] Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2006-02-15 16:16:02 581693] DVD Check.lnk - C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe [2008-04-11 10:19:50 184320] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "CompatibleRUPSecurity"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "pADsSP8oOS"= C:\Documents and Settings\All Users\Programdata\zgpgnids\zozitwrq.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] "pADsSP8oOS"= C:\Documents and Settings\All Users\Programdata\zgpgnids\zozitwrq.exe [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{763370C4-268E-4308-A60C-D8DA0342BE32}"= C:\Programfiler\Novell\ZENworks\NalShell.dll [2007-02-13 15:49 454656] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN] IfxWlxEN.dll 2005-08-19 15:52 389120 C:\WINDOWS\system32\IfxWlxEN.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification] C:\WINDOWS\system32\Novell\XtNotify.dll 2007-01-10 11:52 24576 C:\WINDOWS\system32\novell\xtnotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll 2005-07-25 20:41 40960 C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvVOGaw] tuvVOGaw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\mqsvc.exe"= "C:\\WINDOWS\\SMINST\\Scheduler.exe"= "C:\\Novell\\GroupWise\\grpwise.exe"= "C:\\Novell\\GroupWise\\notify.exe"= "C:\\WINDOWS\\system32\\dpmw32.exe"= "C:\\Programfiler\\Adobe\\Acrobat 6.0\\Reader\\AcroRd32.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\SopCast\\SopCast.exe"= "C:\\Programfiler\\SopCast\\adv\\SopAdver.exe"= "C:\\Programfiler\\Azureus\\Azureus.exe"= "C:\\Programfiler\\TVUPlayer\\TVUPlayer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1677:TCP"= 1677:TCP:Groupwise "1677:UDP"= 1677:UDP:Groupwise "1761:TCP"= 1761:TCP:Zenworks "1761:UDP"= 1761:UDP:Zenworks "1762:UDP"= 1762:UDP:Zenworks [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2005-10-25 20:10] R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 10:00] R2 BlankScr;HBDevice;C:\WINDOWS\system32\drivers\BlankScr.sys [2005-05-23 14:47] R2 Ndiskio;Ndiskio;C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55] R2 Remote Management Agent;Novell ZENworks Remote Management Agent;C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [2006-05-09 10:59] R2 XTAgent;Novell XTier Agent Services;C:\WINDOWS\System32\Novell\XTAgent.exe [2007-01-10 11:52] R3 Darpan;Darpan;C:\WINDOWS\system32\DRIVERS\Darpan.sys [2005-05-23 14:11] R3 Flamethrower;Flamethrower;C:\WINDOWS\system32\drivers\Flamethrower.sys [2005-06-02 16:32] R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 12:46] R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 15:26] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 14:56] R3 nvcoas;Norman Virus Control on-access component;C:\Programfiler\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45] R3 NVCScheduler;Norman Virus Control Scheduler;C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 19:31] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASChannel [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-18 11:22:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe??????? ???@???????????????@?????([??????(?@???????@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.exe -> C:\WINDOWS\system32\NWSHLXNT.dll -> C:\WINDOWS\system32\NLS\ENGLISH\NWSHLXNR.DLL . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\IFXTCS.exe C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\scardsvr.exe C:\WINDOWS\system32\msdtc.exe C:\WINDOWS\system32\AvidSDMService.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\WINDOWS\system32\IFXSPMGT.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Novell\ZENworks\NALNTSRV.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\ProtectTools\Embedded Security Software\PSDsrvc.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE C:\Programfiler\Novell\ZENworks\WM.EXE C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Programfiler\Norman\Npm\Bin\Njeeves.exe C:\Programfiler\Novell\ZENworks\WMRUNDLL.EXE C:\PROGRA~1\HPQ\IAM\Bin\asghost.exe C:\PROGRA~1\PROTEC~1\EMBEDD~1\PSDrt.exe C:\PROGRA~1\PROTEC~1\EMBEDD~1\SpTNA.exe C:\PROGRA~1\HPQ\HPPROT~1\PTServs.exe C:\Programfiler\Novell\ZENworks\WMRUNDLL.EXE C:\Programfiler\Novell\ZENworks\Inventory\ZfDInvScanner.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ACCELE~1.EXE C:\PROGRA~1\HPQ\HPPROT~1\pthosttr.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\Programfiler\Norman\NVC\bin\Nip.exe C:\Programfiler\Norman\NVC\bin\CClaw.exe C:\Programfiler\iPod\bin\iPodService.exe C:\PROGRA~1\Java\JRE16~1.0_0\bin\jusched.exe C:\Programfiler\Windows Media Player\wmpnetwk.exe C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Completion time: 2008-04-18 11:26:48 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-18 09:26:42 Pre-Run: 54,061,506,560 byte ledig Post-Run: 54,034,481,152 byte ledig . 2008-04-11 08:54:26 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:27:37, on 18.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Novell\XTAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\IFXTCS.exe C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\msdtc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\AvidSDMService.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\WINDOWS\system32\IFXSPMGT.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Novell\ZENworks\nalntsrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\ProtectTools\Embedded Security Software\PSDsrvc.EXE C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe C:\Programfiler\Novell\ZENworks\wm.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE C:\Programfiler\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\System32\alg.exe C:\Programfiler\Novell\ZENworks\WMRUNDLL.EXE C:\Programfiler\HPQ\IAM\bin\asghost.exe C:\Programfiler\ProtectTools\Embedded Security Software\PSDrt.exe C:\Programfiler\ProtectTools\Embedded Security Software\SpTna.exe C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTServs.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\AccelerometerSt.exe C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\WINDOWS\SMINST\Scheduler.exe C:\Programfiler\Norman\Npm\bin\ZLH.EXE C:\WINDOWS\system32\dpmw32.exe C:\Programfiler\Norman\Nvc\BIN\NIP.EXE C:\WINDOWS\system32\NWTRAY.EXE C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Norman\Nvc\bin\cclaw.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\nqjkpgjy.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Windows Media Player\WMPNetwk.exe C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fronter.com/hifm/index.phtml R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Programfiler\Fellesfiler\ReGet Shared\Catcher.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programfiler\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Programfiler\ReGet Software\ReGet Deluxe 5.2\IEBar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [SoundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe O4 - HKLM\..\Run: [PTHOSTTR] C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Programfiler\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [SynTPStart] C:\Programfiler\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [pcmdyvvw] C:\WINDOWS\system32\nqjkpgjy.exe O4 - HKCU\..\Run: [AWMON] "C:\Programfiler\Norman\Norman Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - HKLM\..\Policies\Explorer\Run: [pADsSP8oOS] C:\Documents and Settings\All Users\Programdata\zgpgnids\zozitwrq.exe O4 - HKCU\..\Policies\Explorer\Run: [pADsSP8oOS] C:\Documents and Settings\All Users\Programdata\zgpgnids\zozitwrq.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programfiler\Novell\ZENworks\AxNalServer.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O20 - Winlogon Notify: OneCard - C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll O20 - Winlogon Notify: tuvVOGaw - tuvVOGaw.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\nalntsrv.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Programfiler\ProtectTools\Embedded Security Software\PSDsrvc.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\wm.exe -- End of file - 14791 bytes BTW, I have disabled Spybot's resident after rebooting. This post has been edited by MichaelPaine: Apr 18 2008, 04:35 AM |
|
|
|
|
Apr 22 2008, 03:55 AM
Post
#5
|
|
|
Portuguese Malware Fighter Group: HJT Team Posts: 1,443 Joined: 5-April 07 From: Portugal Member No.: 122,277 |
Hello,
QUOTE I have disabled Spybot's resident after rebooting. And after you do the HijackThis log, right? Because i still see both running: O4 - HKCU\..\Run: [AWMON] "C:\Programfiler\Norman\Norman Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe Let me know about that, please. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. Now copy/paste the entire content of the codebox below into the Notepad window: CODE http://www.bleepingcomputer.com/forums/topic142306.html IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format! Collect:: C:\WINDOWS\lgmxvpatkmb.dll C:\WINDOWS\system32\nqjkpgjy.exe C:\WINDOWS\npqtsrak.exe C:\WINDOWS\rtqmekwg.exe C:\Documents and Settings\All Users\Programdata\zgpgnids\zozitwrq.exe Folder:: C:\Documents and Settings\All Users\Programdata\zgpgnids Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "pcmdyvvw"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "pADsSP8oOS"=- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] "pADsSP8oOS"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvVOGaw]
Thanks -------------------- Please do not PM me asking for support. Please be courteous, polite, and say thank you. Please post the final results, good or bad. We like to know! |
|
|
|
|
Apr 22 2008, 12:16 PM
Post
#6
|
|
|
New Member Group: Members Posts: 4 Joined: 17-April 08 Member No.: 203,562 |
Hi again,
I thought I had disabled TeaTimer before I ran HJT previously, but I probably forgot to save the settings. Anyway, it has been turned off since then. (BTW, do you recommend Ad Aware or Spybot for realtime protection?) The .zip-file has also been submitted. Here are my logs: ComboFix 08-04-17.1 - Thomasv 2008-04-22 18:59:55.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1407 [GMT 2:00] Running from: C:\Documents and Settings\Thomasv\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Thomasv\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Programdata\zgpgnids C:\Documents and Settings\All Users\Programdata\zgpgnids\zozitwrq.exe.bak C:\WINDOWS\lgmxvpatkmb.dll C:\WINDOWS\npqtsrak.exe C:\WINDOWS\rtqmekwg.exe D:\Autorun.inf D:\RECYCLER\Desktop.ini D:\RECYCLER\Folder.htt D:\RECYCLER\Protect.ed D:\RECYCLER\Warning.bmp . ((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))) . 2008-04-21 09:51 . 2008-04-21 22:32 <DIR> d-------- C:\Programfiler\Magic Workstation 2008-04-20 11:15 . 2008-04-20 11:15 <DIR> d-------- C:\divx 2008-04-19 15:07 . 2008-04-19 15:07 <DIR> d-------- C:\Programfiler\TVAnts 2008-04-19 02:02 . 2008-04-19 02:02 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-04-18 09:15 . 2008-04-18 09:15 <DIR> d-------- C:\Programfiler\Any Audio Converter 2008-04-18 09:08 . 2008-04-18 09:25 <DIR> d-------- C:\Programfiler\AUAU Audio Converter 2008-04-18 09:08 . 2008-04-18 09:08 34 --ah----- C:\WINDOWS\system32\VideoConverter_sysquict.dat 2008-04-18 09:04 . 2008-04-18 09:04 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\TEMP 2008-04-17 15:03 . 2008-04-22 18:52 <DIR> d-------- C:\Programfiler\Mozilla Thunderbird 2008-04-17 15:03 . 2008-04-17 15:03 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Thunderbird 2008-04-17 14:44 . 2008-04-17 14:44 <DIR> d-------- C:\Deckard 2008-04-16 19:37 . 2008-04-22 18:56 <DIR> dr-h----- C:\Documents and Settings\Thomasv\Siste 2008-04-16 19:05 . 2008-04-16 19:05 <DIR> d-------- C:\Programfiler\Trend Micro 2008-04-16 19:01 . 2008-04-16 19:01 <DIR> d-------- C:\Programfiler\CCleaner 2008-04-16 15:08 . 2008-04-16 15:08 5,668 --a------ C:\WINDOWS\system32\tmp.reg 2008-04-16 14:55 . 2008-04-16 14:56 <DIR> d-------- C:\Programfiler\Panda Security 2008-04-16 11:58 . 2008-04-16 11:58 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\TmpRecentIcons 2008-04-16 09:51 . 2008-04-16 09:51 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-04-16 09:12 . 2008-04-16 09:12 <DIR> d-------- C:\Programfiler\WinPcap 2008-04-16 09:09 . 2008-04-16 09:22 <DIR> d-------- C:\Programfiler\WMR11 2008-04-14 09:32 . 2008-04-14 09:32 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe Systems Shared 2008-04-14 08:49 . 2008-04-14 08:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\FLEXnet 2008-04-14 08:48 . 2008-04-14 08:48 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared 2008-04-14 08:38 . 2008-04-14 08:38 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Sonic 2008-04-14 00:00 . 2008-04-14 00:00 <DIR> d-------- C:\Programfiler\QuickPar 2008-04-13 18:22 . 2008-04-13 18:22 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Norman 2008-04-13 16:51 . 2008-04-13 16:51 <DIR> d-------- C:\Temp\MTGOInstall 2008-04-13 16:51 . 2008-04-13 16:51 <DIR> d-------- C:\Temp 2008-04-13 16:51 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2008-04-13 15:43 . 2008-04-13 15:44 <DIR> d-------- C:\Programfiler\TVUPlayer 2008-04-13 15:43 . 2008-04-13 15:43 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\TVU Networks 2008-04-13 15:06 . 2008-04-13 15:06 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Talkback 2008-04-13 12:29 . 2008-04-13 12:29 5,365 --a------ C:\WT61NO.UWL 2008-04-12 21:55 . 2008-04-12 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\NVIDIA 2008-04-12 20:01 . 2008-04-15 21:48 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\DivX 2008-04-12 17:29 . 2008-04-12 17:29 <DIR> d-------- C:\Programfiler\DivX 2008-04-12 17:29 . 2007-11-30 00:30 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2008-04-12 17:16 . 2008-04-12 17:17 <DIR> d-------- C:\Programfiler\ReGet Software 2008-04-12 17:16 . 2008-04-12 21:53 <DIR> d-------- C:\Programfiler\Fellesfiler\ReGet Shared 2008-04-12 17:16 . 2008-04-22 09:17 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\ReGet Software 2008-04-12 17:16 . 2008-04-12 17:16 57 --a------ C:\WINDOWS\english.lng 2008-04-12 17:05 . 2008-04-12 17:05 <DIR> d-------- C:\Programfiler\Azureus 2008-04-12 17:05 . 2008-04-22 15:48 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Azureus 2008-04-12 16:48 . 2008-04-12 16:52 <DIR> d-------- C:\Programfiler\SopCast 2008-04-12 16:32 . 2008-04-12 16:32 <DIR> d-------- C:\Documents and Settings\Thomasv\Bluetooth Software 2008-04-11 18:39 . 2008-04-11 18:39 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT 2008-04-11 18:38 . 2008-04-11 18:38 <DIR> d-------- C:\WINDOWS\i386 2008-04-11 15:12 . 2008-04-13 13:50 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Wizards of the Coast 2008-04-11 15:12 . 2008-04-12 17:46 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\vlc 2008-04-11 15:11 . 2008-04-13 16:48 <DIR> d-------- C:\Programfiler\Wizards of the Coast 2008-04-11 15:11 . 2008-04-11 15:11 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\InstallShield 2008-04-11 14:18 . 2008-04-11 14:18 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-04-11 14:18 . 2004-08-17 02:40 16,384 --a------ C:\WINDOWS\system32\FileOps.exe 2008-04-11 14:11 . 2008-04-16 14:55 2,477 --a------ C:\WINDOWS\mozver.dat 2008-04-11 14:07 . 2008-04-22 14:17 86 --a------ C:\WINDOWS\WPCMAPI.INI 2008-04-11 13:09 . 2008-04-11 13:09 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\WINDOWS\system32\QuickTime 2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\Programfiler\QuickTime 2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\Programfiler\iTunes 2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\Programfiler\iPod 2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Apple Computer 2008-04-11 12:48 . 2008-04-19 01:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\QuickTime 2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-04-11 12:48 . 1999-11-10 12:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe 2008-04-11 12:47 . 2008-04-11 13:14 <DIR> d-------- C:\Avid 2008-04-11 12:46 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-04-11 12:46 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-04-11 12:09 . 2008-04-11 12:09 <DIR> d-------- C:\Programfiler\Fellesfiler\Digidesign 2008-04-11 12:08 . 2008-04-11 12:08 <DIR> d-------- C:\Programfiler\Fellesfiler\Avid 2008-04-11 12:08 . 2008-04-11 12:09 <DIR> d-------- C:\Programfiler\Avid 2008-04-11 12:08 . 2001-03-23 19:32 2,981,888 --a------ C:\WINDOWS\system32\iplw7.dll 2008-04-11 12:07 . 2008-04-11 12:07 <DIR> d-------- C:\Programfiler\SafeNet Sentinel 2008-04-11 12:07 . 2008-04-11 12:07 <DIR> d-------- C:\Programfiler\Fellesfiler\SafeNet Sentinel 2008-04-11 12:05 . 2008-04-11 12:05 <DIR> d-------- C:\Programfiler\MSXML 6.0 2008-04-11 12:05 . 2008-04-11 12:05 <DIR> d-------- C:\Programfiler\AC3Filter 2008-04-11 12:05 . 2007-08-18 09:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm 2008-04-11 12:03 . 2008-04-11 12:03 <DIR> d-------- C:\Programfiler\VideoLAN 2008-04-11 11:27 . 2008-04-11 11:27 <DIR> d-------- C:\Programfiler\MSXML 4.0 2008-04-11 11:26 . 2008-04-14 09:32 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe 2008-04-11 11:26 . 2008-04-21 10:30 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\AdobeUM 2008-04-11 11:25 . 2008-04-11 15:23 <DIR> d-------- C:\WINDOWS\system32\nb-NO 2008-04-11 11:24 . 2008-04-11 11:24 <DIR> d-------- C:\Programfiler\MSBuild 2008-04-11 11:23 . 2008-04-11 11:23 <DIR> d-------- C:\WINDOWS\Sun 2008-04-11 11:22 . 2008-04-11 12:07 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-04-11 11:22 . 2008-04-11 11:22 <DIR> d-------- C:\Programfiler\Reference Assemblies 2008-04-11 11:22 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-04-11 11:21 . 2008-04-11 11:21 <DIR> d-------- C:\Programfiler\Windows Media Connect 2 2008-04-11 11:21 . 2008-04-11 11:21 <DIR> d-------- C:\b4ed6d7b4fbcbb4abca49b1daa 2008-04-11 11:21 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb 2008-04-11 11:21 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb 2008-04-11 11:21 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb 2008-04-11 11:20 . 2008-04-12 17:56 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-04-11 11:20 . 2008-04-11 11:20 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-04-11 11:18 . 2006-08-21 11:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys 2008-04-11 11:18 . 2006-08-21 11:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe 2008-04-11 11:18 . 2006-08-21 14:28 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll 2008-04-11 11:12 . 2007-07-09 15:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-04-11 11:07 . 2008-04-11 11:07 <DIR> d--hs---- C:\Documents and Settings\Thomasv\UserData 2008-04-11 11:05 . 2004-03-22 15:17 24,816 --a------ C:\WINDOWS\system32\mdimon.dll 2008-04-11 11:05 . 2008-04-11 11:05 382 --a------ C:\WINDOWS\ODBC.INI 2008-04-11 11:02 . 2008-04-11 11:02 <DIR> d-------- C:\Programfiler\Microsoft Works 2008-04-11 11:01 . 2008-04-11 11:04 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-04-11 11:01 . 2008-04-11 11:01 <DIR> d-------- C:\Programfiler\Microsoft.NET 2008-04-11 10:59 . 2008-04-11 10:59 153,284 --a------ C:\WINDOWS\hifm.bmp 2008-04-11 10:57 . 2008-04-22 09:03 <DIR> d-------- C:\Zenworks 2008-04-11 10:56 . 2008-04-22 19:05 <DIR> d--h----- C:\NALCache 2008-04-11 10:56 . 2008-04-14 09:12 <DIR> dr------- C:\Documents and Settings\Thomasv\Start-meny 2008-04-11 10:56 . 2006-09-27 07:09 <DIR> d--h----- C:\Documents and Settings\Thomasv\Skrivere 2008-04-11 10:56 . 2008-04-22 18:59 <DIR> d-------- C:\Documents and Settings\Thomasv\Skrivebord 2008-04-11 10:56 . 2006-09-27 07:09 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\SampleView 2008-04-11 10:56 . 2008-04-11 10:56 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Infineon 2008-04-11 10:56 . 2008-04-17 15:03 <DIR> dr-h----- C:\Documents and Settings\Thomasv\Programdata 2008-04-11 10:56 . 2008-04-18 10:49 <DIR> dr------- C:\Documents and Settings\Thomasv\Mine dokumenter 2008-04-11 10:56 . 2008-04-11 18:19 <DIR> d--h----- C:\Documents and Settings\Thomasv\Maler 2008-04-11 10:56 . 2008-04-11 18:19 <DIR> d--h----- C:\Documents and Settings\Thomasv\Lokale innstillinger 2008-04-11 10:56 . 2008-04-16 13:04 <DIR> dr------- C:\Documents and Settings\Thomasv\Favoritter 2008-04-11 10:56 . 2008-04-15 10:47 <DIR> d--h----- C:\Documents and Settings\Thomasv\AndrMask 2008-04-11 10:56 . 2008-04-22 00:01 <DIR> d-------- C:\Documents and Settings\Thomasv 2008-04-11 10:56 . 2008-04-22 19:05 1,024 --ah----- C:\Documents and Settings\Thomasv\ntuser.dat.LOG 2008-04-11 10:52 . 2008-04-11 10:52 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy 2008-04-11 10:52 . 2008-04-11 10:52 <DIR> d-------- C:\Programfiler\Novell 2008-04-11 10:52 . 2008-04-16 10:56 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-04-11 10:52 . 2003-05-05 13:05 600,064 --a------ C:\WINDOWS\system32\msrdp.ocx 2008-04-11 10:52 . 2008-04-18 10:37 30,948 --a------ C:\ziswin.hst . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-22 06:54 0 ----a-w C:\WINDOWS\system32\drivers\WFTDriverLog.txt 2008-04-21 09:20 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-04-18 07:26 --------- d-----w C:\Programfiler\Java 2008-04-11 16:24 --------- d-----w C:\Programfiler\Synaptics 2008-04-11 16:23 --------- d-----w C:\Programfiler\Sonic 2008-04-11 16:23 --------- d-----w C:\Programfiler\microsoft frontpage 2008-04-11 16:22 --------- d-----w C:\Programfiler\HPQ 2008-04-11 16:22 --------- d-----w C:\Programfiler\Hp 2008-04-11 16:22 --------- d-----w C:\Programfiler\Hewlett-Packard 2008-04-11 16:22 --------- d-----w C:\Programfiler\Fingerprint Sensor 2008-04-11 16:22 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2008-04-11 16:22 --------- d-----w C:\Programfiler\Fellesfiler\TiVo Shared 2008-04-11 16:22 --------- d-----w C:\Programfiler\Fellesfiler\SureThing Shared 2008-04-11 16:21 --------- d-----w C:\Programfiler\Fellesfiler\Sonic Shared 2008-04-11 16:21 --------- d-----w C:\Programfiler\Fellesfiler\LightScribe 2008-04-11 16:21 --------- d-----w C:\Programfiler\Fellesfiler\Java 2008-04-11 16:21 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-04-11 16:21 --------- d-----w C:\Programfiler\Elektroniske tjenester 2008-04-11 16:21 --------- d-----w C:\Programfiler\CONEXANT 2008-04-11 16:21 --------- d-----w C:\Programfiler\Analog Devices 2008-04-11 16:19 --------- d-----w C:\Documents and Settings\All Users\Programdata\InstallShield 2008-04-11 16:19 --------- d-----w C:\Documents and Settings\All Users\Programdata\hpqLog 2008-04-11 09:20 --------- d-----w C:\Programfiler\Windows Media Connect 2008-04-11 08:29 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-04-11 08:29 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:11 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-12 11:10 633,344 ------w C:\WINDOWS\system32\gpprefcl.dll 2008-03-01 16:35 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-29 08:58 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-02-29 08:58 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:52 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:39 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 05:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-02-16 09:32 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll 2008-02-16 09:32 151,552 ------w C:\WINDOWS\system32\dllcache\cdfview.dll 2008-02-16 09:32 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll 2008-02-16 09:32 1,054,720 ------w C:\WINDOWS\system32\dllcache\danim.dll 2008-02-16 09:32 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll 2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll . ((((((((((((((((((((((((((((( snapshot@2008-04-18_11.26.27.84 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-18 09:20:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-22 17:04:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-03-24 17:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - 2008-04-11 09:04:55 593,920 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2008-04-21 19:00:06 593,920 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\accicons.exe - 2008-04-11 09:04:55 12,288 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2008-04-21 19:00:06 12,288 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2008-04-11 09:04:55 86,016 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2008-04-21 19:00:06 86,016 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\inficon.exe - 2008-04-11 09:04:55 135,168 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\misc.exe + 2008-04-21 19:00:06 135,168 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\misc.exe - 2008-04-11 09:04:55 11,264 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2008-04-21 19:00:06 11,264 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2008-04-11 09:04:55 27,136 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2008-04-21 19:00:06 27,136 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2008-04-11 09:04:55 4,096 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2008-04-21 19:00:06 4,096 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2008-04-11 09:04:55 794,624 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2008-04-21 19:00:06 794,624 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2008-04-11 09:04:55 249,856 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2008-04-21 19:00:06 249,856 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2008-04-11 09:04:55 61,440 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2008-04-21 19:00:06 61,440 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2008-04-11 09:04:55 23,040 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2008-04-21 19:00:06 23,040 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2008-04-11 09:04:55 286,720 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2008-04-21 19:00:06 286,720 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2008-04-11 09:04:54 409,600 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2008-04-21 19:00:06 409,600 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2008-04-11 08:48:52 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe + 2008-04-19 17:22:08 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe - 2008-04-18 08:40:19 71,189 ----a-w C:\WINDOWS\system32\nvModes.dat + 2008-04-19 00:02:22 119,753 ----a-w C:\WINDOWS\system32\nvModes.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:46 204288] "AWMON"="C:\Programfiler\Norman\Norman Ad-Aware SE Professional\Ad-Watch.exe" [2005-06-27 16:49 516608] "updateMgr"="C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-19 14:00 13524992] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-19 14:00 86016] "nwiz"="nwiz.exe" [2008-03-19 14:00 1630208 C:\WINDOWS\system32\nwiz.exe] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 15:06 716800] "AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2006-01-16 22:01 53248] "PTHOSTTR"="C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-02-14 11:56 122880] "HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-04-06 05:20 122940] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:27 1015808] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 10:49 454656] "CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 20:12 17920] "QlbCtrl"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-05-08 09:56 131072] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2006-02-22 08:03 40960] "Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 16:51 1187840] "Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-09 17:38 806912] "Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-02-15 17:43 892928] "WatchDog"="C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 11:59 184320] "Norman ZANDA"="C:\Programfiler\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352] "NDPS"="C:\WINDOWS\system32\dpmw32.exe" [2004-05-17 14:27 32859] "ZENRC Tray Icon"="C:\WINDOWS\system32\zentray.exe" [2005-05-18 17:04 40960] "NWTRAY"="NWTRAY.EXE" [2002-03-12 11:37 28672 C:\WINDOWS\system32\nwtray.exe] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2005-06-24 15:16 278528] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-04-11 12:48 98304] "Acrobat Assistant 7.0"="C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328] "SynTPStart"="C:\Programfiler\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400] "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2007-01-05 22:36 872448] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2008-04-11 14:24:44 25214] Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2006-02-15 16:16:02 581693] DVD Check.lnk - C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe [2008-04-11 10:19:50 184320] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "CompatibleRUPSecurity"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{763370C4-268E-4308-A60C-D8DA0342BE32}"= C:\Programfiler\Novell\ZENworks\NalShell.dll [2007-02-13 15:49 454656] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN] IfxWlxEN.dll 2005-08-19 15:52 389120 C:\WINDOWS\system32\IfxWlxEN.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification] C:\WINDOWS\system32\Novell\XtNotify.dll 2007-01-10 11:52 24576 C:\WINDOWS\system32\novell\xtnotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll 2005-07-25 20:41 40960 C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\mqsvc.exe"= "C:\\WINDOWS\\SMINST\\Scheduler.exe"= "C:\\Novell\\GroupWise\\grpwise.exe"= "C:\\Novell\\GroupWise\\notify.exe"= "C:\\WINDOWS\\system32\\dpmw32.exe"= "C:\\Programfiler\\Adobe\\Acrobat 6.0\\Reader\\AcroRd32.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\SopCast\\SopCast.exe"= "C:\\Programfiler\\SopCast\\adv\\SopAdver.exe"= "C:\\Programfiler\\Azureus\\Azureus.exe"= "C:\\Programfiler\\TVUPlayer\\TVUPlayer.exe"= "C:\\Programfiler\\TVAnts\\Tvants.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1677:TCP"= 1677:TCP:Groupwise "1677:UDP"= 1677:UDP:Groupwise "1761:TCP"= 1761:TCP:Zenworks "1761:UDP"= 1761:UDP:Zenworks "1762:UDP"= 1762:UDP:Zenworks [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2005-10-25 20:10] R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 10:00] R2 BlankScr;HBDevice;C:\WINDOWS\system32\drivers\BlankScr.sys [2005-05-23 14:47] R2 Ndiskio;Ndiskio;C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55] R2 Remote Management Agent;Novell ZENworks Remote Management Agent;C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [2006-05-09 10:59] R2 XTAgent;Novell XTier Agent Services;C:\WINDOWS\System32\Novell\XTAgent.exe [2007-01-10 11:52] R3 Darpan;Darpan;C:\WINDOWS\system32\DRIVERS\Darpan.sys [2005-05-23 14:11] R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 12:46] R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 15:26] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 14:56] R3 nvcoas;Norman Virus Control on-access component;C:\Programfiler\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45] R3 NVCScheduler;Norman Virus Control Scheduler;C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23] S3 Flamethrower;Flamethrower;C:\WINDOWS\system32\drivers\Flamethrower.sys [2005-06-02 16:32] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 19:31] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASChannel [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-22 19:05:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe??????? ???@???????????????@?????([??????(?@???????@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.exe -> C:\WINDOWS\system32\NWSHLXNT.dll -> C:\WINDOWS\system32\NLS\ENGLISH\NWSHLXNR.DLL . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\IFXTCS.exe C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\scardsvr.exe C:\PROGRA~1\HPQ\IAM\Bin\asghost.exe C:\WINDOWS\system32\msdtc.exe C:\WINDOWS\system32\AvidSDMService.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\WINDOWS\system32\IFXSPMGT.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ACCELE~1.EXE C:\PROGRA~1\HPQ\HPPROT~1\pthosttr.exe C:\Programfiler\Norman\NVC\bin\Nip.exe C:\Programfiler\Novell\ZENworks\NALNTSRV.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\ProtectTools\Embedded Security Software\PSDsrvc.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE C:\PROGRA~1\Java\JRE16~1.0_0\bin\jusched.exe C:\Programfiler\Novell\ZENworks\WM.EXE C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe C:\Programfiler\Novell\ZENworks\WMRUNDLL.EXE C:\WINDOWS\system32\mqtgsvc.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\Norman\Npm\Bin\Njeeves.exe C:\Programfiler\iPod\bin\iPodService.exe C:\PROGRA~1\PROTEC~1\EMBEDD~1\PSDrt.exe C:\PROGRA~1\PROTEC~1\EMBEDD~1\SpTNA.exe C:\PROGRA~1\HPQ\HPPROT~1\PTServs.exe C:\Programfiler\Norman\NVC\bin\CClaw.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Completion time: 2008-04-22 19:07:55 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-22 17:07:51 ComboFix2.txt 2008-04-18 09:26:49 Pre-Run: 50,166,341,632 byte ledig Post-Run: 50,298,544,128 byte ledig . 2008-04-11 08:54:26 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:12:51, on 22.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Novell\XTAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\IFXTCS.exe C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Programfiler\HPQ\IAM\bin\asghost.exe C:\WINDOWS\system32\msdtc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\AvidSDMService.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\WINDOWS\system32\IFXSPMGT.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\AccelerometerSt.exe C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Programfiler\Norman\Npm\bin\ZLH.EXE C:\WINDOWS\system32\dpmw32.exe C:\Programfiler\Norman\Nvc\BIN\NIP.EXE C:\Programfiler\Novell\ZENworks\nalntsrv.exe C:\WINDOWS\system32\NWTRAY.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\ProtectTools\Embedded Security Software\PSDsrvc.EXE C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Novell\ZENworks\wm.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Programfiler\Novell\ZENworks\WMRUNDLL.EXE C:\WINDOWS\system32\mqtgsvc.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE C:\Programfiler\Norman\Nvc\bin\nvcoas.exe C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\ProtectTools\Embedded Security Software\PSDrt.exe C:\Programfiler\ProtectTools\Embedded Security Software\SpTna.exe C:\WINDOWS\System32\alg.exe C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTServs.exe C:\Programfiler\Norman\Nvc\bin\cclaw.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fronter.com/hifm/index.phtml R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Programfiler\Fellesfiler\ReGet Shared\Catcher.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programfiler\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Programfiler\ReGet Software\ReGet Deluxe 5.2\IEBar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [SoundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe O4 - HKLM\..\Run: [PTHOSTTR] C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Programfiler\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [SynTPStart] C:\Programfiler\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [AWMON] "C:\Programfiler\Norman\Norman Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programfiler\Novell\ZENworks\AxNalServer.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab O20 - Winlogon Notify: OneCard - C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\nalntsrv.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Programfiler\ProtectTools\Embedded Security Software\PSDsrvc.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\wm.exe -- End of file - 14415 bytes Computer has been running fine. Thank you! This post has been edited by MichaelPaine: Apr 22 2008, 12:17 PM |
|
|
|
|
Apr 25 2008, 09:43 AM
Post
#7
|
|
|
Portuguese Malware Fighter Group: HJT Team Posts: 1,443 Joined: 5-April 07 From: Portugal Member No.: 122,277 |
Hello,
QUOTE (BTW, do you recommend Ad Aware or Spybot for realtime protection?) Both are excelent softwares, your choice.  1. Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only
Under Main choose: Select All Click the Empty Selected button.
Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. For Technical Support, double-click the e-mail address located at the bottom of each menu. 2. Please do an online scan with Kaspersky WebScanner Click on  You will be prompted to install an ActiveX component from Kaspersky, Click 
Scan Mail Bases 
-------------------- Please do not PM me asking for support. Please be courteous, polite, and say thank you. Please post the final results, good or bad. We like to know! |
|
|
|
|
Apr 25 2008, 01:35 PM
Post
#8
|
|
|
New Member Group: Members Posts: 4 Joined: 17-April 08 Member No.: 203,562 |
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT Friday, April 25, 2008 8:31:56 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 25/04/2008 Kaspersky Anti-Virus database records: 725500 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 82233 Number of viruses found: 2 Number of infected objects: 6 Number of suspicious objects: 0 Duration of the scan process: 00:47:50 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Thomasv\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Thomasv\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Thomasv\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Thomasv\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Thomasv\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\9ax1xr60.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Thomasv\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\9ax1xr60.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Thomasv\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\9ax1xr60.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Thomasv\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\9ax1xr60.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Thomasv\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\9ax1xr60.default\XUL.mfl Object is locked skipped C:\Documents and Settings\Thomasv\Lokale innstillinger\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Thomasv\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Thomasv\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Thomasv\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Thomasv\Programdata\Mozilla\Firefox\Profiles\9ax1xr60.default\cert8.db Object is locked skipped C:\Documents and Settings\Thomasv\Programdata\Mozilla\Firefox\Profiles\9ax1xr60.default\history.dat Object is locked skipped C:\Documents and Settings\Thomasv\Programdata\Mozilla\Firefox\Profiles\9ax1xr60.default\key3.db Object is locked skipped C:\Documents and Settings\Thomasv\Programdata\Mozilla\Firefox\Profiles\9ax1xr60.default\parent.lock Object is locked skipped C:\Documents and Settings\Thomasv\Programdata\Mozilla\Firefox\Profiles\9ax1xr60.default\search.sqlite Object is locked skipped C:\Documents and Settings\Thomasv\Programdata\Mozilla\Firefox\Profiles\9ax1xr60.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Thomasv\Programdata\Norman\Ad-Aware\Logs\AWEVLOG.txt Object is locked skipped C:\Nedlastinger\Programvare\Microsoft Office 2003 Professional Lite\MS Office 2003.exe/data0000.cab/099389~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.oax skipped C:\Nedlastinger\Programvare\Microsoft Office 2003 Professional Lite\MS Office 2003.exe/data0000.cab/MSOFFI~1.EXE/data0000.cab/72148361.exe Infected: Trojan-Downloader.Win32.VB.dyo skipped C:\Nedlastinger\Programvare\Microsoft Office 2003 Professional Lite\MS Office 2003.exe/data0000.cab/MSOFFI~1.EXE/data0000.cab Infected: Trojan-Downloader.Win32.VB.dyo skipped C:\Nedlastinger\Programvare\Microsoft Office 2003 Professional Lite\MS Office 2003.exe/data0000.cab/MSOFFI~1.EXE Infected: Trojan-Downloader.Win32.VB.dyo skipped C:\Nedlastinger\Programvare\Microsoft Office 2003 Professional Lite\MS Office 2003.exe/data0000.cab Infected: Trojan-Downloader.Win32.VB.dyo skipped C:\Nedlastinger\Programvare\Microsoft Office 2003 Professional Lite\MS Office 2003.exe Rsrc-Package: infected - 5 skipped C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\RMErrorLog0.txt Object is locked skipped C:\QooBox\Quarantine\C\Documents and Settings\All Users\Programdata\zgpgnids\zozitwrq.exe.bak.vir Object is locked skipped C:\QooBox\Quarantine\C\WINDOWS\system32\tuvVOGaw.dll.vir Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\tracking.log Object is locked skipped C:\System Volume Information\_restore{D04C3930-65DB-49F9-AFBD-D85577482DEF}\RP56\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped C:\WINDOWS\system32\novell\nici\SYSTEM\XMGRCFG.KS2 Object is locked skipped C:\WINDOWS\system32\novell\nici\SYSTEM\XMGRCFG.KS3 Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\TempFile Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\Desktop.ini Object is locked skipped D:\System Volume Information\Folder.htt Object is locked skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped D:\System Volume Information\Protect.ed Object is locked skipped D:\System Volume Information\Warning.bmp Object is locked skipped D:\System Volume Information\_restore{D04C3930-65DB-49F9-AFBD-D85577482DEF}\RP56\change.log Object is locked skipped Scan process completed. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:34:37, on 25.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Novell\XTAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\msdtc.exe C:\WINDOWS\system32\AvidSDMService.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Novell\ZENworks\nalntsrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe C:\Programfiler\Novell\ZENworks\wm.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\AccelerometerSt.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Programfiler\Norman\Npm\bin\ZLH.EXE C:\WINDOWS\system32\dpmw32.exe C:\WINDOWS\system32\NWTRAY.EXE C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\Programfiler\Norman\Norman Ad-Aware SE Professional\Ad-Watch.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\System32\svchost.exe C:\Programfiler\Novell\ZENworks\WMRUNDLL.EXE C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Programfiler\Norman\Nvc\BIN\NIP.EXE C:\Programfiler\Norman\Nvc\bin\nvcoas.exe C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE C:\Programfiler\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fronter.com/hifm/index.phtml R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Programfiler\Fellesfiler\ReGet Shared\Catcher.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Programfiler\ReGet Software\ReGet Deluxe 5.2\IEBar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [SoundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Programfiler\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [SynTPStart] C:\Programfiler\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [AWMON] "C:\Programfiler\Norman\Norman Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programfiler\Novell\ZENworks\AxNalServer.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\nalntsrv.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\wm.exe -- End of file - 13189 bytes Computer running smoothly. |
|
|
|
|
May 1 2008, 10:49 AM
Post
#9
|
|
|
Portuguese Malware Fighter Group: HJT Team Posts: 1,443 Joined: 5-April 07 From: Portugal Member No.: 122,277 |
Hello
Please set your system to show all files.
C:\Nedlastinger\Programvare\Microsoft Office 2003 Professional Lite\MS Office 2003.exe <- this file Reconfigure Windows XP to hide hidden files:
here are some additional utilities that will enhance your safety
-------------------- Please do not PM me asking for support. Please be courteous, polite, and say thank you. Please post the final results, good or bad. We like to know! |
|
|
|
|
May 6 2008, 03:36 PM
Post
#10
|
|
 Forum Regular Group: HJT Team Posts: 3,212 Joined: 12-July 04 From: Boston Mass Member No.: 1,374 |
This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 8th November 2009 - 07:35 AM |
Đ 2003-2009 All Rights Reserved Bleeping Computer LLC.