Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Remove System Integrity Scan Wizard


  • This topic is locked This topic is locked
9 replies to this topic

#1 MichaelPaine

MichaelPaine

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 17 April 2008 - 07:57 AM

System Integrity Scan Wizard pops up at regular intervals. Also, a yellow triangle with a black exclamation point inside appears in my system tray. It links to anti-spywareremoval.biz.

Have tried Spybot and Ad-Aware SE (also Norman AV) without luck.

Any help is appreciated.

Deckard's System Scanner v20071014.68
Run by Thomasv on 2008-04-17 14:45:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
43: 2008-04-17 12:45:12 UTC - RP43 - Deckard's System Scanner Restore Point
42: 2008-04-17 09:40:00 UTC - RP42 - Kontrollpunkt for system
41: 2008-04-16 09:02:08 UTC - RP41 - Installed Windows Media Player Firefox Plugin
40: 2008-04-16 08:01:54 UTC - RP40 - Installed Microsoft Office Professional Edition 2003
39: 2008-04-15 09:04:35 UTC - RP39 - Kontrollpunkt for system


-- First Restore Point --
1: 2008-04-11 08:17:04 UTC - RP1 - Kontrollpunkt for system


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Thomasv.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:46:23, on 17.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe
C:\Programfiler\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Novell\ZENworks\nalntsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Programfiler\Novell\ZENworks\wm.exe
C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE
C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\System32\alg.exe
C:\Programfiler\HPQ\IAM\bin\asghost.exe
C:\Programfiler\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Programfiler\ProtectTools\Embedded Security Software\SpTna.exe
C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTServs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Programfiler\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\dpmw32.exe
C:\Programfiler\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\system32\NWTRAY.EXE
C:\Programfiler\Norman\Nvc\bin\cclaw.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Programfiler\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\nqjkpgjy.exe
C:\Programfiler\Norman\Norman Ad-Aware SE Professional\Ad-Watch.exe
C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Programfiler\Windows Media Player\WMPNetwk.exe
C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe
C:\Programfiler\Novell\ZENworks\WMRUNDLL.EXE
C:\Programfiler\Norman\Norman Ad-Aware SE Professional\Ad-Aware.exe
C:\Documents and Settings\Thomasv\Skrivebord\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Thomasv.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fronter.com/hifm/index.phtml
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Programfiler\Fellesfiler\ReGet Shared\Catcher.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programfiler\HPQ\IAM\Bin\ItIeAddIN.dll
O2 - BHO: (no name) - {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} - C:\WINDOWS\system32\tuvVOGaw.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Programfiler\ReGet Software\ReGet Deluxe 5.2\IEBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Programfiler\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Programfiler\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [pcmdyvvw] C:\WINDOWS\system32\nqjkpgjy.exe
O4 - HKCU\..\Run: [AWMON] "C:\Programfiler\Norman\Norman Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [pADsSP8oOS] C:\Documents and Settings\All Users\Programdata\zgpgnids\zozitwrq.exe
O4 - HKCU\..\Policies\Explorer\Run: [pADsSP8oOS] C:\Documents and Settings\All Users\Programdata\zgpgnids\zozitwrq.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programfiler\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O20 - Winlogon Notify: OneCard - C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll
O20 - Winlogon Notify: tuvVOGaw - C:\WINDOWS\SYSTEM32\tuvVOGaw.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\nalntsrv.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Programfiler\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\wm.exe

--
End of file - 14596 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080416-191912-692 O2 - BHO: (no name) - {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} - C:\WINDOWS\system32\tuvVOGaw.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 NICM (Novell InterService Communication Driver) - c:\windows\system32\drivers\nicm.sys <Not Verified; Novell, Inc.; Novell XTier for Windows>
R0 NWFILTER (Novell UNC Path Filter) - c:\windows\system32\netware\nwfilter.sys <Not Verified; Novell, Inc.; Novell Client for Windows>
R2 BlankScr (HBDevice) - c:\windows\system32\drivers\blankscr.sys <Not Verified; Novell Inc.; ZENworks Remote Management>
R2 NetwareWorkstation (Novell Client for Windows) - c:\windows\system32\netware\nwfs.sys <Not Verified; Novell, Inc.; Novell Client for Windows>
R2 RESMGR (Novell NetWare Resource Manager) - c:\windows\system32\netware\resmgr.sys <Not Verified; Novell, Inc.; Novell Client for Windows>
R2 SRVLOC (Novell Service Location) - c:\windows\system32\netware\srvloc.sys <Not Verified; Novell, Inc.; Novell Client for Windows>
R3 Darpan - c:\windows\system32\drivers\darpan.sys <Not Verified; Novell, Inc.; ZENworks Remote Management>
R3 Flamethrower - c:\windows\system32\drivers\flamethrower.sys <Not Verified; Avid Technology, Inc.; Avid DNA>
R3 NWDNS (Novell DNS Name Space Service Provider) - c:\windows\system32\netware\nwdns.sys <Not Verified; Novell, Inc.; Novell Client for Windows>
R3 NWHOST (Novell Host File Name Space Service Provider) - c:\windows\system32\netware\nwhost.sys <Not Verified; Novell, Inc.; Novell Client for Windows>
R3 NWSLP (Novell SLP Name Space Service Provider) - c:\windows\system32\netware\nwslp.sys <Not Verified; Novell, Inc.; Novell Client for Windows>
R3 NWSNS (Novell Simple Naming Services (NWSNS)) - c:\windows\system32\netware\nwsns.sys <Not Verified; Novell, Inc.; Novell Client for Windows>

S2 NWSIPX32 (Novell NetWare IPX/SPX Transport Interface) - c:\windows\system32\netware\nwsipx32.sys <Not Verified; Novell, Inc.; Novell Client for Windows>
S3 NWDHCP (Novell DHCP Inform Client) - c:\windows\system32\netware\nwdhcp.sys <Not Verified; Novell, Inc.; Novell Client for Windows>
S3 NWSAP (Novell SAP Name Space Provider) - c:\windows\system32\netware\nwsap.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AvidSDMService (Avid SDM Service) - system32\avidsdmservice.exe <Not Verified; Avid Technology, Inc.; Avid Technology, Inc. AvidSDMService>
R2 IFXSpMgtSrv (Security Platform Management Service) - c:\windows\system32\ifxspmgt.exe <Not Verified; Infineon Technologies AG; Infineon TPM Software>
R2 IFXTCS (Trusted Platform Core Service) - c:\windows\system32\ifxtcs.exe <Not Verified; Infineon Technologies AG; Infineon TPM Software>
R2 NALNTSERVICE (Novell Application Launcher) - c:\programfiler\novell\zenworks\nalntsrv.exe <Not Verified; Novell, Inc.; >
R2 Remote Management Agent (Novell ZENworks Remote Management Agent) - c:\programfiler\novell\zenworks\remotemanagement\rmagent\zenrem32.exe <Not Verified; Novell, Inc.; ZENworks Remote Management>
R2 XTAgent (Novell XTier Agent Services) - c:\windows\system32\novell\xtagent.exe <Not Verified; Novell, Inc.; NetIdentity>
R2 ZFDWM (Workstation Manager) - c:\programfiler\novell\zenworks\wm.exe <Not Verified; Novell, Inc.; ZENworks Desktop Management>

S2 AvidStartup (Avid Startup) - system32\avidstartup.exe <Not Verified; ; AvidStartup>
S2 PCA (PC Angel) - c:\windows\sminst\pcangel.exe <Not Verified; SoftThinks; PCAngel Application>
S3 cusrvc (Client Update Service for Novell) - c:\windows\system32\cusrvc.exe <Not Verified; Novell, Inc.; Novell Client for Windows>
S3 FLEXnet Licensing Service - "c:\programfiler\fellesfiler\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-03-17 and 2008-04-17 -----------------------------

2008-04-16 19:05:09 0 d-------- C:\Programfiler\Trend Micro
2008-04-16 19:01:39 0 d-------- C:\Programfiler\CCleaner
2008-04-16 15:08:03 5668 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-16 14:55:49 0 d-------- C:\Programfiler\Panda Security
2008-04-16 10:46:17 0 -rahs---- C:\MSDOS.SYS
2008-04-16 10:46:17 0 -rahs---- C:\IO.SYS
2008-04-16 10:19:46 4096 --a------ C:\WINDOWS\system32taack.dat
2008-04-16 10:19:46 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-04-16 10:19:46 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-04-16 10:19:46 4096 --a------ C:\WINDOWS\system32bdn.com
2008-04-16 10:19:35 106496 --a------ C:\WINDOWS\system32\nqjkpgjy.exe
2008-04-16 10:19:34 98304 --a------ C:\WINDOWS\rtqmekwg.exe
2008-04-16 10:19:34 106496 --a------ C:\WINDOWS\npqtsrak.exe
2008-04-16 10:19:34 253952 --a------ C:\WINDOWS\lgmxvpatkmb.dll
2008-04-16 10:19:31 36352 --a------ C:\WINDOWS\system32\tuvVOGaw.dll
2008-04-16 09:51:05 0 d-------- C:\WINDOWS\system32\NtmsData
2008-04-16 09:12:01 0 d-------- C:\Programfiler\WinPcap
2008-04-16 09:09:50 0 d-------- C:\Programfiler\WMR11
2008-04-14 09:32:26 0 d-------- C:\Programfiler\Fellesfiler\Adobe Systems Shared
2008-04-14 08:48:39 0 d-------- C:\Programfiler\Fellesfiler\Macrovision Shared
2008-04-14 00:00:59 0 d-------- C:\Programfiler\QuickPar
2008-04-13 16:51:37 0 d-------- C:\Temp
2008-04-13 15:43:30 0 d-------- C:\Programfiler\TVUPlayer
2008-04-12 17:29:02 0 d-------- C:\Programfiler\DivX
2008-04-12 17:16:02 0 d-------- C:\Programfiler\Fellesfiler\ReGet Shared
2008-04-12 17:16:01 0 d-------- C:\Programfiler\ReGet Software
2008-04-12 17:05:33 0 d-------- C:\Programfiler\Azureus
2008-04-12 16:48:27 0 d-------- C:\Programfiler\SopCast
2008-04-11 18:39:13 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT
2008-04-11 18:38:50 0 d-------- C:\WINDOWS\i386
2008-04-11 15:11:49 0 d-------- C:\Programfiler\Wizards of the Coast
2008-04-11 14:18:54 16384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-04-11 14:18:54 0 d-------- C:\WINDOWS\system32\Adobe
2008-04-11 14:11:34 2477 --a------ C:\WINDOWS\mozver.dat
2008-04-11 13:09:13 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-11 12:48:55 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2008-04-11 12:48:47 0 d-------- C:\WINDOWS\system32\QuickTime
2008-04-11 12:48:47 0 d-------- C:\Programfiler\QuickTime
2008-04-11 12:48:39 0 d-------- C:\Programfiler\iTunes
2008-04-11 12:48:39 0 d-------- C:\Programfiler\iPod
2008-04-11 12:48:16 0 d-------- C:\WINDOWS\Downloaded Installations
2008-04-11 12:47:13 0 d-------- C:\Avid
2008-04-11 12:09:29 73728 --a------ C:\WINDOWS\system32\xmltok.dll <Not Verified; Avid Technology, Inc.; Avid MediaManager Client>
2008-04-11 12:09:29 466944 --a------ C:\WINDOWS\system32\ommclient.dll <Not Verified; Avid Technology, Inc.; Avid MediaManager Client>
2008-04-11 12:09:29 610304 --a------ C:\WINDOWS\system32\mmclientVC7.dll <Not Verified; Avid Technology, Inc.; MediaManager Client>
2008-04-11 12:09:29 1658973 --a------ C:\WINDOWS\system32\libmmd.dll
2008-04-11 12:09:29 61440 --a------ C:\WINDOWS\system32\libjpegV4.dll <Not Verified; Avid Technology, Inc.; Avid OMF Toolkit>
2008-04-11 12:09:29 40960 --a------ C:\WINDOWS\system32\INETTransportLibrary.dll <Not Verified; Avid Technology, Inc.; Avid MediaManager Client>
2008-04-11 12:09:29 614400 --a------ C:\WINDOWS\system32\AvOmfToolkit.dll <Not Verified; Avid Technology, Inc.; Avid OMF Toolkit>
2008-04-11 12:09:28 7962624 --a------ C:\WINDOWS\system32\SVI.dll <Not Verified; Pinnacle Systems Inc.; Alladin>
2008-04-11 12:09:27 0 d-------- C:\Programfiler\Fellesfiler\Digidesign
2008-04-11 12:09:26 180276 --a------ C:\WINDOWS\system32\Mspdb50.dll <Not Verified; Microsoft Corporation; Microsoft ® Visual Studio>
2008-04-11 12:09:26 0 d-------- C:\WINDOWS\system32\MEDIA
2008-04-11 12:09:26 54272 --a------ C:\WINDOWS\system32\drivers\AvidXPSerial.sys
2008-04-11 12:09:26 1323008 --a------ C:\WINDOWS\system32\AvidStartup.exe <Not Verified; ; AvidStartup>
2008-04-11 12:09:26 49152 --a------ C:\WINDOWS\system32\AvidSDMService.exe <Not Verified; Avid Technology, Inc.; Avid Technology, Inc. AvidSDMService>
2008-04-11 12:09:26 278528 --a------ C:\WINDOWS\system32\AvidSDM.dll <Not Verified; Avid Technology, Inc.; Avid Technology, Inc. AvidSDM>
2008-04-11 12:09:24 141312 --a------ C:\WINDOWS\system32\FFBTN32.dll <Not Verified; ForeFront Incorporated; ForeFront Help Buttons>
2008-04-11 12:09:24 102400 --a------ C:\WINDOWS\system32\Dac32.dll <Not Verified; CASH; Christoph Schmelnik's Digital Audio Copy for Win32>
2008-04-11 12:09:24 19968 --a------ C:\WINDOWS\system32\Cpuinf32.dll
2008-04-11 12:09:24 65536 --a------ C:\WINDOWS\system32\AvidQTUpdaterVC7.dll <Not Verified; Avid Technology, Inc.; Avid QuickTime Updater>
2008-04-11 12:09:22 143360 --a------ C:\WINDOWS\system32\WinMMFix.dll <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Pro ToolsŪ>
2008-04-11 12:09:22 15872 --a------ C:\WINDOWS\system32\KeyFilter.dll <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Pro ToolsŪ>
2008-04-11 12:09:22 573440 --a------ C:\WINDOWS\system32\Dsi.dll <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Pro ToolsŪ>
2008-04-11 12:08:37 45056 --a------ C:\WINDOWS\system32\wnaspi32.dll <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-04-11 12:08:37 25244 --a------ C:\WINDOWS\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-04-11 12:08:37 4672 --a------ C:\WINDOWS\system\wowpost.exe <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-04-11 12:08:37 5600 --a------ C:\WINDOWS\system\winaspi.dll <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-04-11 12:08:37 0 d-------- C:\Programfiler\Avid
2008-04-11 12:08:26 2981888 --a------ C:\WINDOWS\system32\iplw7.dll <Not Verified; Intel Corporation.; IntelŪ Image Processing Library>
2008-04-11 12:08:26 2502656 --a------ C:\WINDOWS\system32\iplPX.dll <Not Verified; Intel Corporation.; IntelŪ Image Processing Library>
2008-04-11 12:08:26 2531328 --a------ C:\WINDOWS\system32\iplP6.dll <Not Verified; Intel Corporation.; IntelŪ Image Processing Library>
2008-04-11 12:08:25 2785280 --a------ C:\WINDOWS\system32\iplM6.dll <Not Verified; Intel Corporation.; IntelŪ Image Processing Library>
2008-04-11 12:08:25 2686976 --a------ C:\WINDOWS\system32\iplM5.dll <Not Verified; Intel Corporation.; IntelŪ Image Processing Library>
2008-04-11 12:08:24 2973696 --a------ C:\WINDOWS\system32\iplA6.dll <Not Verified; Intel Corporation.; IntelŪ Image Processing Library>
2008-04-11 12:08:24 53248 --a------ C:\WINDOWS\system32\ipl.dll <Not Verified; Intel Corporation.; IntelŪ Image Processing Library>
2008-04-11 12:08:24 417920 --a------ C:\WINDOWS\system32\drivers\Flamethrower.sys <Not Verified; Avid Technology, Inc.; Avid DNA>
2008-04-11 12:08:21 0 d-------- C:\Programfiler\Fellesfiler\Avid
2008-04-11 12:07:49 0 d-------- C:\Programfiler\SafeNet Sentinel
2008-04-11 12:07:49 0 d-------- C:\Programfiler\Fellesfiler\SafeNet Sentinel
2008-04-11 12:05:27 0 d-------- C:\Programfiler\AC3Filter
2008-04-11 12:05:06 0 d-------- C:\Programfiler\MSXML 6.0
2008-04-11 12:03:48 0 d-------- C:\Programfiler\VideoLAN
2008-04-11 11:32:40 0 dra------ C:\Nedlastinger
2008-04-11 11:30:09 0 d-------- C:\WINDOWS\network diagnostic
2008-04-11 11:27:39 0 d-------- C:\Programfiler\MSXML 4.0
2008-04-11 11:26:37 0 d-------- C:\Programfiler\Fellesfiler\Adobe
2008-04-11 11:25:48 0 d-------- C:\WINDOWS\system32\nb-NO
2008-04-11 11:24:52 0 d-------- C:\Programfiler\MSBuild
2008-04-11 11:23:04 0 d-------- C:\WINDOWS\Sun
2008-04-11 11:22:50 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-11 11:22:32 0 d-------- C:\Programfiler\Reference Assemblies
2008-04-11 11:21:49 0 d-------- C:\b4ed6d7b4fbcbb4abca49b1daa
2008-04-11 11:21:28 0 d-------- C:\Programfiler\Windows Media Connect 2
2008-04-11 11:20:36 0 d-------- C:\WINDOWS\system32\LogFiles
2008-04-11 11:20:36 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-11 11:02:21 0 d-------- C:\Programfiler\Microsoft Works
2008-04-11 11:01:41 0 d-------- C:\WINDOWS\SHELLNEW
2008-04-11 11:01:26 0 d-------- C:\Programfiler\Microsoft.NET
2008-04-11 10:57:27 0 d-------- C:\Zenworks
2008-04-11 10:56:49 0 d--h----- C:\NALCache
2008-04-11 10:52:03 0 d-------- C:\Programfiler\Novell
2008-04-11 10:45:58 0 d-------- C:\WINDOWS\system32\novell
2008-04-11 10:45:58 823296 -----n--- C:\WINDOWS\system32\ccsw32.dll <Not Verified; Novell, Inc.; Novell International Cryptography Infrastructure>
2008-04-11 10:45:45 0 d-------- C:\WINDOWS\system\nls
2008-04-11 10:45:41 0 d-------- C:\WINDOWS\system32\NetWare
2008-04-11 10:45:40 0 d-------- C:\Programfiler\CUAgent
2008-04-11 10:45:38 0 d-------- C:\WINDOWS\system32\nls
2008-04-11 10:44:12 0 d-------- C:\Novell
2008-04-11 10:43:57 0 d-------- C:\WINDOWS\FORMS
2008-04-11 10:43:57 0 d-------- C:\Program Files
2008-04-11 10:40:07 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-11 10:35:36 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-11 10:33:44 0 d-------- C:\Programfiler\Norman
2008-04-11 10:21:54 0 d-------- C:\Programfiler\WIDCOMM
2008-04-11 10:21:45 0 d-------- C:\Programfiler\Google
2008-04-11 10:21:18 0 d-------- C:\Programfiler\ProtectTools
2008-04-11 10:20:21 0 d-------- C:\WINDOWS\tiinst
2008-04-11 10:20:04 204800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-04-11 10:20:04 188416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-04-11 10:20:04 192512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-04-11 10:20:04 192512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-04-11 10:20:04 200704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-04-11 10:20:04 20480 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-04-11 10:19:50 0 d-------- C:\Programfiler\InterVideo
2008-04-11 10:18:01 0 d-------- C:\Programfiler\AuthenTec
2008-04-11 10:16:58 0 d-------- C:\Programfiler\Snarveier til programmer
2008-04-11 10:16:27 0 d-------- C:\WINDOWS\Prefetch


-- Find3M Report ---------------------------------------------------------------

2008-04-17 08:27:12 41889 --a------ C:\WINDOWS\system32\nvModes.dat
2008-04-16 14:50:49 0 d-------- C:\Documents and Settings\Thomasv\Programdata\ReGet Software
2008-04-16 11:58:00 0 d-------- C:\Documents and Settings\Thomasv\Programdata\TmpRecentIcons
2008-04-16 09:57:37 0 d-------- C:\Documents and Settings\Thomasv\Programdata\Azureus
2008-04-15 21:48:15 0 d-------- C:\Documents and Settings\Thomasv\Programdata\DivX
2008-04-14 10:34:30 0 d-------- C:\Documents and Settings\Thomasv\Programdata\AdobeUM
2008-04-14 09:42:09 0 d--h----- C:\Programfiler\InstallShield Installation Information
2008-04-14 09:32:26 0 d-------- C:\Programfiler\Fellesfiler
2008-04-14 09:28:48 0 d-------- C:\Documents and Settings\Thomasv\Programdata\Adobe
2008-04-14 08:38:07 0 d-------- C:\Documents and Settings\Thomasv\Programdata\Sonic
2008-04-13 18:22:58 0 d-------- C:\Documents and Settings\Thomasv\Programdata\Norman
2008-04-13 15:43:52 0 d-------- C:\Documents and Settings\Thomasv\Programdata\TVU Networks
2008-04-13 15:06:36 0 d-------- C:\Documents and Settings\Thomasv\Programdata\Talkback
2008-04-13 13:50:55 0 d-------- C:\Documents and Settings\Thomasv\Programdata\Wizards of the Coast
2008-04-12 17:46:54 0 d-------- C:\Documents and Settings\Thomasv\Programdata\vlc
2008-04-11 18:24:18 0 d-------- C:\Programfiler\Windows NT
2008-04-11 18:24:12 0 d-------- C:\Programfiler\Synaptics
2008-04-11 18:23:18 0 d-------- C:\Programfiler\Sonic
2008-04-11 18:23:02 0 d-------- C:\Programfiler\MSN Gaming Zone
2008-04-11 18:23:02 0 d-------- C:\Programfiler\Movie Maker
2008-04-11 18:23:01 0 d-------- C:\Programfiler\microsoft frontpage
2008-04-11 18:23:01 0 d-------- C:\Programfiler\Messenger
2008-04-11 18:22:33 0 d-------- C:\Programfiler\HPQ
2008-04-11 18:22:33 0 d-------- C:\Programfiler\Hp
2008-04-11 18:22:22 0 d-------- C:\Programfiler\Hewlett-Packard
2008-04-11 18:22:22 0 d-------- C:\Programfiler\Fingerprint Sensor
2008-04-11 18:22:22 0 d-------- C:\Programfiler\Fellesfiler\Tjenester
2008-04-11 18:22:22 0 d-------- C:\Programfiler\Fellesfiler\TiVo Shared
2008-04-11 18:22:03 0 d-------- C:\Programfiler\Fellesfiler\SureThing Shared
2008-04-11 18:22:02 0 d-------- C:\Programfiler\Fellesfiler\SpeechEngines
2008-04-11 18:21:59 0 d-------- C:\Programfiler\Fellesfiler\Sonic Shared
2008-04-11 18:21:59 0 d-------- C:\Programfiler\Fellesfiler\ODBC
2008-04-11 18:21:59 0 d-------- C:\Programfiler\Fellesfiler\MSSoap
2008-04-11 18:21:58 0 d-------- C:\Programfiler\Fellesfiler\LightScribe
2008-04-11 18:21:52 0 d-------- C:\Programfiler\Fellesfiler\Java
2008-04-11 18:21:50 0 d-------- C:\Programfiler\Fellesfiler\InstallShield
2008-04-11 18:21:50 0 d-------- C:\Programfiler\Elektroniske tjenester
2008-04-11 18:21:50 0 d-------- C:\Programfiler\CONEXANT
2008-04-11 18:21:50 0 d-------- C:\Programfiler\Analog Devices
2008-04-11 18:19:46 0 d-------- C:\Documents and Settings\Thomasv\Programdata\Identities
2008-04-11 15:25:15 454974 --a------ C:\WINDOWS\system32\perfh014.dat
2008-04-11 15:25:15 83406 --a------ C:\WINDOWS\system32\perfc014.dat
2008-04-11 15:11:41 0 d-------- C:\Documents and Settings\Thomasv\Programdata\InstallShield
2008-04-11 13:09:09 0 d-------- C:\Documents and Settings\Thomasv\Programdata\Mozilla
2008-04-11 12:48:59 0 d-------- C:\Documents and Settings\Thomasv\Programdata\Apple Computer
2008-04-11 11:23:03 0 d-------- C:\Documents and Settings\Thomasv\Programdata\Sun
2008-04-11 11:22:40 0 d-------- C:\Documents and Settings\Thomasv\Programdata\Macromedia
2008-04-11 11:20:24 0 d-------- C:\Programfiler\Windows Media Connect
2008-04-11 10:56:56 0 d-------- C:\Documents and Settings\Thomasv\Programdata\Infineon
2008-04-11 10:41:22 0 d-------- C:\Programfiler\Java
2008-04-11 10:29:22 0 d-------- C:\Programfiler\Fellesfiler\Symantec Shared
2008-03-19 14:00:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-03-19 14:00:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-03-19 14:00:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-03-19 14:00:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-03-19 14:00:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-03-19 14:00:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-03-19 14:00:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-03-19 14:00:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3AEF888-A3E2-44EB-BD85-F0C85BA7673F}]
16.04.2008 10:19 36352 --a------ C:\WINDOWS\system32\tuvVOGaw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06.09.2006 22:47]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [06.09.2006 22:47]
"nwiz"="nwiz.exe" [19.03.2008 14:00 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [06.05.2005 15:06]
"AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [16.01.2006 22:01]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 04:25]
"PTHOSTTR"="C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [14.02.2006 11:56]
"HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [16.02.2005 23:11]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [06.04.2006 05:20]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [15.09.2007 02:27]
"hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [14.02.2006 10:49]
"CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [22.12.2003 20:12]
"QlbCtrl"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [08.05.2006 09:56]
"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [22.02.2006 08:03]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [20.12.2005 16:51]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [09.03.2006 17:38]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [15.02.2006 17:43]
"WatchDog"="C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe" [08.11.2005 11:59]
"Norman ZANDA"="C:\Programfiler\Norman\Npm\bin\ZLH.exe" [09.08.2007 14:40]
"NDPS"="C:\WINDOWS\system32\dpmw32.exe" [17.05.2004 14:27]
"ZENRC Tray Icon"="C:\WINDOWS\system32\zentray.exe" [18.05.2005 17:04]
"NWTRAY"="NWTRAY.EXE" [12.03.2002 11:37 C:\WINDOWS\system32\nwtray.exe]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [24.06.2005 15:16]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [11.04.2008 12:48]
"Acrobat Assistant 7.0"="C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [12.01.2006 20:52]
"@"="" []
"SynTPStart"="C:\Programfiler\Synaptics\SynTP\SynTPStart.exe" [15.09.2007 02:29]
"SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [05.01.2007 22:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 10:00]
"WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [15.11.2006 10:46]
"pcmdyvvw"="C:\WINDOWS\system32\nqjkpgjy.exe" [16.04.2008 10:19]
"AWMON"="C:\Programfiler\Norman\Norman Ad-Aware SE Professional\Ad-Watch.exe" [27.06.2005 16:49]
"SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [28.01.2008 11:43]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [11.04.2008 14:24:44]
Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [16.03.2005 19:16:50]
BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [15.02.2006 16:16:02]
DVD Check.lnk - C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe [11.04.2008 10:19:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"pADsSP8oOS"=C:\Documents and Settings\All Users\Programdata\zgpgnids\zozitwrq.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"pADsSP8oOS"=C:\Documents and Settings\All Users\Programdata\zgpgnids\zozitwrq.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= C:\Programfiler\Novell\ZENworks\NalShell.dll [13.02.2007 15:49 454656]
"{F3AEF888-A3E2-44EB-BD85-F0C85BA7673F}"= C:\WINDOWS\system32\tuvVOGaw.dll [16.04.2008 10:19 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="ziswin.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
IfxWlxEN.dll 19.08.2005 15:52 389120 C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
C:\WINDOWS\system32\Novell\XtNotify.dll 10.01.2007 11:52 24576 C:\WINDOWS\system32\novell\xtnotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll 25.07.2005 20:41 40960 C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvVOGaw]
tuvVOGaw.dll 16.04.2008 10:19 36352 C:\WINDOWS\system32\tuvVOGaw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwv1_0
"Notification Packages"= scecli AsWlnPkg

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance ASChannel


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8392 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-17 14:47:25 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Norwegian

CPU 0: Intel® Core™2 CPU T7400 @ 2.16GHz
CPU 1: Intel® Core™2 CPU T7400 @ 2.16GHz
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 2047.36 MiB / 1194.59 MiB
Pagefile Memory (total/avail): 3938.73 MiB / 3278.43 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1916.63 MiB

C: is Fixed (NTFS) - 85.9 GiB total, 51.29 GiB free.
D: is Fixed (NTFS) - 7.25 GiB total, 0.43 GiB free.
E: is CDROM (No Media)
X: is Removable (No Media)
Y: is Removable (No Media)
Z: is Fixed (NTFS) - 232.88 GiB total, 179.39 GiB free.

\\.\PHYSICALDRIVE0 - ST910021AS - 93.16 GiB - 2 partitions
\PARTITION0 (bootable) - Installerbart filsystem - 85.9 GiB - C:
\PARTITION1 - Installerbart filsystem - 7.25 GiB - D:

\\.\PHYSICALDRIVE3 - WD 2500JB External USB Device - 232.88 GiB - 1 partition
\PARTITION0 - Installerbart filsystem - 232.88 GiB - Z:

\\.\PHYSICALDRIVE2 - WD CR HS-5-IN-1 USB Device

\\.\PHYSICALDRIVE1 - WD CR HS-CF USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Norman Virus Control ver. 5.90 v5.90 (Norman ASA)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"C:\\WINDOWS\\SMINST\\Scheduler.exe"="C:\\WINDOWS\\SMINST\\Scheduler.exe:*:Enabled:Scheduler "
"C:\\Novell\\GroupWise\\grpwise.exe"="C:\\Novell\\GroupWise\\grpwise.exe:*:Enabled:Novell GroupWise"
"C:\\Novell\\GroupWise\\notify.exe"="C:\\Novell\\GroupWise\\notify.exe:*:Enabled:Novell Notify"
"C:\\WINDOWS\\system32\\dpmw32.exe"="C:\\WINDOWS\\system32\\dpmw32.exe:*:Enabled:dpmw32.exe"
"C:\\Programfiler\\Adobe\\Acrobat 6.0\\Reader\\AcroRd32.exe"="C:\\Programfiler\\Adobe\\Acrobat 6.0\\Reader\\AcroRd32.exe:*:Enabled:Adobe Reader 6.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programfiler\\iTunes\\iTunes.exe"="C:\\Programfiler\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programfiler\\SopCast\\SopCast.exe"="C:\\Programfiler\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Programfiler\\SopCast\\adv\\SopAdver.exe"="C:\\Programfiler\\SopCast\\adv\\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\\Programfiler\\Azureus\\Azureus.exe"="C:\\Programfiler\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Programfiler\\TVUPlayer\\TVUPlayer.exe"="C:\\Programfiler\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Thomasv\Programdata
CommonProgramFiles=C:\Programfiler\Fellesfiler
COMPUTERNAME=PC270461038819
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\
LOGONSERVER=\\PC270461038819
NpmLib=C:\Programfiler\Norman\Npm\Bin
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Programfiler\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programfiler\HPQ\IAM\bin;C:\Programfiler\Norman\Npm\Bin;C:\WINDOWS\system32\nls;C:\WINDOWS\system32\nls\ENGLISH;C:\Programfiler\Novell\ZENworks\;C:\Programfiler\Fellesfiler\Avid;C:\Programfiler\Fellesfiler\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Programfiler
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Programfiler\Fellesfiler\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Thomasv\LOKALE~1\Temp
TMP=C:\DOCUME~1\Thomasv\LOKALE~1\Temp
USERDOMAIN=PC270461038819
USERNAME=Thomasv
USERPROFILE=C:\Documents and Settings\Thomasv
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Thomasv (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
--> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
--> msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
--> MsiExec.exe /I{26DE0F0B-9CF1-4796-A1B5-01B912E35B46}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Programfiler\AC3Filter\uninstall.exe
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 2 --> C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=e:\adobe creative suite 2.0/lang=0809
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe FrameMaker 8 --> MsiExec.exe /I{7B4CA480-7321-4AD4-BED1-F7177671C37E}
Adobe FrameMaker 8 p266 Patcher --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{7D8FC519-3BAC-4541-8D72-D64A9F0F5760}\Setup.exe" -l0x9
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Reader 6.0.1 - Norsk --> MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A00000000001}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0 --> C:\Programfiler\Fellesfiler\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Programfiler\Fellesfiler\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Application Installer 4.00.B6 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}\setup.exe" -l0x14
Avid DIO Runtime --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{0887F932-C0DE-4201-B43D-D186F9A2C195}\SETUP.exe" -l0x9 -removeonly
Avid Xpress Pro HD --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{A537CF6D-E8FF-4A75-A03D-29494C326603}\setup.exe" -l0x9 -removeonly
Azureus --> C:\Programfiler\Azureus\Uninstall.exe
CCleaner (remove only) --> "C:\Programfiler\CCleaner\uninst.exe"
Compatibility Pack for 2007 Office --> MsiExec.exe /X{90120000-0020-0414-0000-0000000FF1CE}
DivX Codec --> C:\Programfiler\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Programfiler\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Programfiler\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Programfiler\DivX\DivXWebPlayerUninstall.exe /PLUGIN
GroupWise --> MsiExec.exe /I{90474A24-BE2C-4469-B3B6-BAA3E2919DF0}
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Programfiler\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA_hpq0033m\UIU32m.exe -U -Ihpq0033m.INF
HijackThis 2.0.2 --> "C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP BIOS Configuration for ProtectTools 2.00 E1 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{AE052EF7-2640-48D7-8915-69B810D975CB}\Setup.exe" -l0x14 biosuninst
HP Credential Manager for ProtectTools --> MsiExec.exe /X{B9F4C05D-E42F-4E9A-A73F-FDD9355319FB}
HP Embedded Security for ProtectTools --> MsiExec.exe /I{2298055A-F5E6-4332-9A15-C5D99870E72F}
HP Help and Support --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x14 -removeonly
HP Integrated Module with Bluetooth wireless technology --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Mobile Data Protection System --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{75ECB75A-522C-4312-8DE7-597CDA9D96A3}\setup.exe" -l0x14 UNINSTALL
HP Notebook Accessories Product Tour --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{A7AD8CEF-72D7-4FE4-8A14-DDD09DC86074}\setup.exe" -l0x9 -removeonly
HP Performance Tuning Framework --> MsiExec.exe /I{238C9494-4E09-4517-8C84-09D892F337C8}
HP ProtectTools Security Manager 2.00 C3 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}\Setup.exe" -l0x14 -removeonly hpquninst
HP Quick Launch Buttons 6.00 H1 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x14 -removeonly uninst
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides 0013 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{1F89F212-2052-414A-8B7E-D8604C431BDF}\setup.exe" -l0x14 -removeonly
HP Wireless Assistant 2.00 E1 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x14 hpquninst
Hurtigreparasjon for Windows XP (KB896256) --> "C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB909095) --> "C:\WINDOWS\$NtUninstallKB909095$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB910728) --> "C:\WINDOWS\$NtUninstallKB910728$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB912436) --> "C:\WINDOWS\$NtUninstallKB912436$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB915326) --> "C:\WINDOWS\$NtUninstallKB915326$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB918005) --> "C:\WINDOWS\$NtUninstallKB918005$\spuninst\spuninst.exe"
Installeringsprogram for HP Backup and Recovery Manager --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe" -l0x14 -uninst -removeonly
InterVideo DVD Check --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
InterVideo WinDVD --> "C:\Programfiler\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> C:\Programfiler\Fellesfiler\InstallShield\Driver\8\Intel 32\IDriver.exe /M{47808F78-F178-49DC-B708-15FE538B16FF}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Magic Online III --> C:\Programfiler\InstallShield Installation Information\{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Base Smart Card Cryptographic Service Provider-pakke --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110414-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.14) --> C:\Programfiler\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NICI (Shared) U.S./Worldwide (128 bit) (2.7.3-1) --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}\Setup.exe" -uninst
NMAS Challenge Response Method --> MsiExec.exe /X{B9A5A789-D491-49FB-958C-BFEC2C11BB1D}
NMAS Client --> MsiExec.exe /I{9B427732-573E-4E78-B6FA-AC3E5A218BA2}
Norman Ad-Aware SE Professional --> C:\PROGRA~1\Norman\NORMAN~1\UNWISE.EXE C:\PROGRA~1\Norman\NORMAN~1\INSTALL.LOG
Norman Virus Control --> C:\Programfiler\Norman\NVC\BIN\DelNVC5.exe
Novell Client for Windows --> %SystemRoot%\system32\rundll32 nwsetup.dll NWUninstallClient
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Oppdatering for Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB912945) -->
Oppdatering for Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB920342) --> "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB925720) --> "C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB925876) --> "C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Panda ActiveScan 2.0 --> C:\Programfiler\Panda Security\ActiveScan 2.0\as2uninst.exe
QuickPar 0.9 --> C:\Programfiler\QuickPar\uninst.exe
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
ReGet Deluxe --> C:\Programfiler\ReGet Software\ReGet Deluxe 5.2\ReGetDxUninstall.exe
Sentinel Protection Installer 7.0.0 --> MsiExec.exe /I{547D4265-AF45-42E9-A62A-C58182AA35B9}
Sikkerhetsoppdatering for Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB917537) --> "C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB944338) --> "C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB947864) --> "C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SopCast 3.0.1 --> C:\Programfiler\SopCast\uninst.exe
SoundMAX --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x14 -removeonly
Spybot - Search & Destroy --> "C:\Programfiler\Spybot - Search & Destroy\unins000.exe"
Suite Specific --> MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Programfiler\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\PROGRA~1\FELLES~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
TVUPlayer 2.3.4.1 --> C:\Programfiler\TVUPlayer\uninst.exe
VideoLAN VLC media player 0.8.6f --> C:\Programfiler\VideoLAN\VLC\uninstall.exe
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows NT Messaging --> RunDll32 setupapi.dll,InstallHinfSection Uninstall 4 MSMail.inf
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Presentation Foundation Language Pack (NOR) --> MsiExec.exe /X{B0534960-A7E2-4FFD-8E27-51B4B188633F}
Windows Workflow Foundation NO Language Pack --> MsiExec.exe /I{42F46A4E-1662-473F-A210-C5BB3BD385CC}
Windows XP hurtigreparasjon - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB883667 --> C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB885464 --> C:\WINDOWS\$NtUninstallKB885464$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB885855 --> C:\WINDOWS\$NtUninstallKB885855$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB888239 --> C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB888402 --> C:\WINDOWS\$NtUninstallKB888402$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB889673 --> C:\WINDOWS\$NtUninstallKB889673$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP hurtigreparasjon - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB892559 --> "C:\WINDOWS\$NtUninstallKB892559$\spuninst\spuninst.exe"
WinPcap 4.0 --> C:\Programfiler\WinPcap\uninstall.exe
WinRAR Arkiverer --> C:\Programfiler\WinRAR\uninstall.exe
WM Recorder 12.0 --> C:\Programfiler\WMR11\Uninstal.exe
XML Paper Specification Shared Components Language Pack 1.0 --> "C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
ZENworks Desktop Management Agent --> MsiExec.exe /I{0028ED8D-E938-4B81-B636-F20B3207086F}


-- Application Event Log -------------------------------------------------------

Event Record #/Type611 / Error
Event Submitted/Written: 04/17/2008 00:50:59 PM
Event ID/Source: 352 / IFXSPMGT
Event Description:
The Upgrade Tool returned an error.

Event Record #/Type601 / Error
Event Submitted/Written: 04/17/2008 08:25:11 AM
Event ID/Source: 352 / IFXSPMGT
Event Description:
The Upgrade Tool returned an error.

Event Record #/Type590 / Error
Event Submitted/Written: 04/16/2008 07:39:22 PM
Event ID/Source: 352 / IFXSPMGT
Event Description:
The Upgrade Tool returned an error.

Event Record #/Type583 / Error
Event Submitted/Written: 04/16/2008 06:36:05 PM
Event ID/Source: 352 / IFXSPMGT
Event Description:
The Upgrade Tool returned an error.

Event Record #/Type576 / Error
Event Submitted/Written: 04/16/2008 03:12:15 PM
Event ID/Source: 352 / IFXSPMGT
Event Description:
The Upgrade Tool returned an error.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1903 / Warning
Event Submitted/Written: 04/17/2008 00:47:46 PM / 04/17/2008 00:48:14 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type1894 / Error
Event Submitted/Written: 04/17/2008 00:48:10 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
Tjenesten Avid Startup stoppet uventet. Dette har skjedd 1 gang(er).

Event Record #/Type1881 / Warning
Event Submitted/Written: 04/17/2008 00:46:20 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type1877 / Warning
Event Submitted/Written: 04/17/2008 08:59:40 AM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type1875 / Warning
Event Submitted/Written: 04/17/2008 08:33:49 AM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.



-- End of Deckard's System Scanner: finished at 2008-04-17 14:47:25 ------------

BC AdBot (Login to Remove)

 


#2 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:14 AM

Posted 17 April 2008 - 09:17 AM

Hi, Wellcome to Bleeping Computer Forums!

You might want to save this page on your favorites, so you can find it again when you return.


Please take note of the following:
  • I will be handling your log and helping you, please do not make any system changes yet.
  • The process is not instant. Please continue to review my answers until I tell you that your computer is clean. Be patience.
  • The fixes are specific to your problem and should only be used for this issue on this machine
  • If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
  • Please reply to this thread. Do not start a new topic.
Please give me some time to look over your log and I will get back to you as soon as possible.

:thumbsup:
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#3 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:14 AM

Posted 18 April 2008 - 03:47 AM

Hello and thanks for your patient.

# Step 1 #

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Azureus).
These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and
you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."



# Step 2 #

Your log also show that you have two resident spyware protection running on your computer, specifically Ad-Watch.exe from Ad-Aware SE Professional and TeaTimer.exe from Spybot - Search & Destroy
I do not recommend that you have more than one running on your computer at a time. In general terms, the two programs may conflict between itself.

So please disable one of these residents, either Ad-Watch.exe or TeaTimer.exe


# Step 3 #

Download ComboFix from Here or Here to your Desktop.
Read first: "How to download and use ComboFix"
If you downloaded ComboFix previously, delete that version and download it again as the tool is frequently updated!
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
  • Be sure to re-enable your anti-virus and other security programs, after ComboFix finished.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Extra-Note: Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist. Please read Combofix's Disclaimer
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#4 MichaelPaine

MichaelPaine
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 18 April 2008 - 04:29 AM

Thanks for the help. Ran ComboFix and HJT. Here are the logs:

ComboFix 08-04-17.1 - Thomasv 2008-04-18 11:17:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1226 [GMT 2:00]
Running from: C:\Documents and Settings\Thomasv\Skrivebord\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Thomasv\Skrivebordblackbird.jpg
C:\Documents and Settings\Thomasv\SkrivebordEditorFKWP1.5.exe
C:\Documents and Settings\Thomasv\SkrivebordEditorFKWP2.0.exe
C:\Documents and Settings\Thomasv\Skrivebordfilemanagerclient.exe
C:\Documents and Settings\Thomasv\Skrivebordfkwp1.5.exe
C:\Documents and Settings\Thomasv\Skrivebordfkwp2.0.exe
C:\Documents and Settings\Thomasv\Skrivebordfwebd.exe
C:\Documents and Settings\Thomasv\SkrivebordFWebdEditor.exe
C:\Documents and Settings\Thomasv\SkrivebordTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Thomasv\Skrivebordvirii
C:\WINDOWS\system32\media
C:\WINDOWS\system32\media\AvidRender.wav
C:\WINDOWS\system32\tuvVOGaw.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32VBIEWER.OCX

.
((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))
.

2008-04-18 11:20 . 2008-04-18 11:20 114,688 --a------ C:\WINDOWS\system32\chg.exe
2008-04-18 09:15 . 2008-04-18 09:15 <DIR> d-------- C:\Programfiler\Any Audio Converter
2008-04-18 09:08 . 2008-04-18 09:25 <DIR> d-------- C:\Programfiler\AUAU Audio Converter
2008-04-18 09:08 . 2008-04-18 09:08 34 --ah----- C:\WINDOWS\system32\VideoConverter_sysquict.dat
2008-04-18 09:04 . 2008-04-18 09:04 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\TEMP
2008-04-17 15:03 . 2008-04-18 10:41 <DIR> d-------- C:\Programfiler\Mozilla Thunderbird
2008-04-17 15:03 . 2008-04-17 15:03 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Thunderbird
2008-04-17 14:44 . 2008-04-17 14:44 <DIR> d-------- C:\Deckard
2008-04-16 19:37 . 2008-04-18 10:40 <DIR> dr-h----- C:\Documents and Settings\Thomasv\Siste
2008-04-16 19:05 . 2008-04-16 19:05 <DIR> d-------- C:\Programfiler\Trend Micro
2008-04-16 19:01 . 2008-04-16 19:01 <DIR> d-------- C:\Programfiler\CCleaner
2008-04-16 15:08 . 2008-04-16 15:08 5,668 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-16 14:55 . 2008-04-16 14:56 <DIR> d-------- C:\Programfiler\Panda Security
2008-04-16 11:58 . 2008-04-16 11:58 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\TmpRecentIcons
2008-04-16 10:19 . 2008-04-16 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\zgpgnids
2008-04-16 10:19 . 2008-04-15 20:07 253,952 --a------ C:\WINDOWS\lgmxvpatkmb.dll
2008-04-16 10:19 . 2008-04-16 10:19 106,496 --a------ C:\WINDOWS\system32\nqjkpgjy.exe
2008-04-16 10:19 . 2008-04-15 20:07 106,496 --a------ C:\WINDOWS\npqtsrak.exe
2008-04-16 10:19 . 2008-04-15 20:07 98,304 --a------ C:\WINDOWS\rtqmekwg.exe
2008-04-16 09:51 . 2008-04-16 09:51 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-04-16 09:12 . 2008-04-16 09:12 <DIR> d-------- C:\Programfiler\WinPcap
2008-04-16 09:09 . 2008-04-16 09:22 <DIR> d-------- C:\Programfiler\WMR11
2008-04-14 09:32 . 2008-04-14 09:32 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe Systems Shared
2008-04-14 08:49 . 2008-04-14 08:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\FLEXnet
2008-04-14 08:48 . 2008-04-14 08:48 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared
2008-04-14 08:38 . 2008-04-14 08:38 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Sonic
2008-04-14 00:00 . 2008-04-14 00:00 <DIR> d-------- C:\Programfiler\QuickPar
2008-04-13 18:22 . 2008-04-13 18:22 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Norman
2008-04-13 16:51 . 2008-04-13 16:51 <DIR> d-------- C:\Temp\MTGOInstall
2008-04-13 16:51 . 2008-04-13 16:51 <DIR> d-------- C:\Temp
2008-04-13 16:51 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-04-13 15:43 . 2008-04-13 15:44 <DIR> d-------- C:\Programfiler\TVUPlayer
2008-04-13 15:43 . 2008-04-13 15:43 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\TVU Networks
2008-04-13 15:06 . 2008-04-13 15:06 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Talkback
2008-04-13 12:29 . 2008-04-13 12:29 5,365 --a------ C:\WT61NO.UWL
2008-04-12 21:55 . 2008-04-12 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\NVIDIA
2008-04-12 20:01 . 2008-04-15 21:48 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\DivX
2008-04-12 17:29 . 2008-04-12 17:29 <DIR> d-------- C:\Programfiler\DivX
2008-04-12 17:29 . 2007-11-30 00:30 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-04-12 17:16 . 2008-04-12 17:17 <DIR> d-------- C:\Programfiler\ReGet Software
2008-04-12 17:16 . 2008-04-12 21:53 <DIR> d-------- C:\Programfiler\Fellesfiler\ReGet Shared
2008-04-12 17:16 . 2008-04-18 09:15 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\ReGet Software
2008-04-12 17:16 . 2008-04-12 17:16 57 --a------ C:\WINDOWS\english.lng
2008-04-12 17:05 . 2008-04-12 17:05 <DIR> d-------- C:\Programfiler\Azureus
2008-04-12 17:05 . 2008-04-18 10:58 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Azureus
2008-04-12 16:48 . 2008-04-12 16:52 <DIR> d-------- C:\Programfiler\SopCast
2008-04-12 16:32 . 2008-04-12 16:32 <DIR> d-------- C:\Documents and Settings\Thomasv\Bluetooth Software
2008-04-11 18:39 . 2008-04-11 18:39 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT
2008-04-11 18:38 . 2008-04-11 18:38 <DIR> d-------- C:\WINDOWS\i386
2008-04-11 15:12 . 2008-04-13 13:50 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Wizards of the Coast
2008-04-11 15:12 . 2008-04-12 17:46 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\vlc
2008-04-11 15:11 . 2008-04-13 16:48 <DIR> d-------- C:\Programfiler\Wizards of the Coast
2008-04-11 15:11 . 2008-04-11 15:11 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\InstallShield
2008-04-11 14:18 . 2008-04-11 14:18 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-11 14:18 . 2004-08-17 02:40 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-04-11 14:11 . 2008-04-16 14:55 2,477 --a------ C:\WINDOWS\mozver.dat
2008-04-11 14:07 . 2008-04-18 11:15 86 --a------ C:\WINDOWS\WPCMAPI.INI
2008-04-11 13:09 . 2008-04-11 13:09 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\Programfiler\QuickTime
2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\Programfiler\iTunes
2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\Programfiler\iPod
2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Apple Computer
2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\QuickTime
2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer
2008-04-11 12:48 . 1999-11-10 12:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2008-04-11 12:47 . 2008-04-11 13:14 <DIR> d-------- C:\Avid
2008-04-11 12:46 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-11 12:46 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-11 12:09 . 2008-04-11 12:09 <DIR> d-------- C:\Programfiler\Fellesfiler\Digidesign
2008-04-11 12:08 . 2008-04-11 12:08 <DIR> d-------- C:\Programfiler\Fellesfiler\Avid
2008-04-11 12:08 . 2008-04-11 12:09 <DIR> d-------- C:\Programfiler\Avid
2008-04-11 12:08 . 2001-03-23 19:32 2,981,888 --a------ C:\WINDOWS\system32\iplw7.dll
2008-04-11 12:07 . 2008-04-11 12:07 <DIR> d-------- C:\Programfiler\SafeNet Sentinel
2008-04-11 12:07 . 2008-04-11 12:07 <DIR> d-------- C:\Programfiler\Fellesfiler\SafeNet Sentinel
2008-04-11 12:05 . 2008-04-11 12:05 <DIR> d-------- C:\Programfiler\MSXML 6.0
2008-04-11 12:05 . 2008-04-11 12:05 <DIR> d-------- C:\Programfiler\AC3Filter
2008-04-11 12:05 . 2007-08-18 09:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-04-11 12:03 . 2008-04-11 12:03 <DIR> d-------- C:\Programfiler\VideoLAN
2008-04-11 11:27 . 2008-04-11 11:27 <DIR> d-------- C:\Programfiler\MSXML 4.0
2008-04-11 11:26 . 2008-04-14 09:32 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe
2008-04-11 11:26 . 2008-04-14 10:34 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\AdobeUM
2008-04-11 11:25 . 2008-04-11 15:23 <DIR> d-------- C:\WINDOWS\system32\nb-NO
2008-04-11 11:24 . 2008-04-11 11:24 <DIR> d-------- C:\Programfiler\MSBuild
2008-04-11 11:23 . 2008-04-11 11:23 <DIR> d-------- C:\WINDOWS\Sun
2008-04-11 11:22 . 2008-04-11 12:07 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-11 11:22 . 2008-04-11 11:22 <DIR> d-------- C:\Programfiler\Reference Assemblies
2008-04-11 11:22 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-11 11:21 . 2008-04-11 11:21 <DIR> d-------- C:\Programfiler\Windows Media Connect 2
2008-04-11 11:21 . 2008-04-11 11:21 <DIR> d-------- C:\b4ed6d7b4fbcbb4abca49b1daa
2008-04-11 11:21 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-11 11:21 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-11 11:21 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-11 11:20 . 2008-04-12 17:56 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-11 11:20 . 2008-04-11 11:20 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-11 11:18 . 2006-08-21 11:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-11 11:18 . 2006-08-21 11:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-11 11:18 . 2006-08-21 14:28 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-11 11:12 . 2007-07-09 15:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-11 11:07 . 2008-04-11 11:07 <DIR> d--hs---- C:\Documents and Settings\Thomasv\UserData
2008-04-11 11:05 . 2004-03-22 15:17 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2008-04-11 11:05 . 2008-04-11 11:05 382 --a------ C:\WINDOWS\ODBC.INI
2008-04-11 11:02 . 2008-04-11 11:02 <DIR> d-------- C:\Programfiler\Microsoft Works
2008-04-11 11:01 . 2008-04-11 11:04 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-11 11:01 . 2008-04-11 11:01 <DIR> d-------- C:\Programfiler\Microsoft.NET
2008-04-11 10:59 . 2008-04-11 10:59 153,284 --a------ C:\WINDOWS\hifm.bmp
2008-04-11 10:57 . 2008-04-18 11:21 <DIR> d-------- C:\Zenworks
2008-04-11 10:56 . 2008-04-18 11:21 <DIR> d--h----- C:\NALCache
2008-04-11 10:56 . 2008-04-14 09:12 <DIR> dr------- C:\Documents and Settings\Thomasv\Start-meny
2008-04-11 10:56 . 2006-09-27 07:09 <DIR> d--h----- C:\Documents and Settings\Thomasv\Skrivere
2008-04-11 10:56 . 2008-04-18 11:06 <DIR> d-------- C:\Documents and Settings\Thomasv\Skrivebord
2008-04-11 10:56 . 2006-09-27 07:09 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\SampleView
2008-04-11 10:56 . 2008-04-11 10:56 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Infineon
2008-04-11 10:56 . 2008-04-17 15:03 <DIR> dr-h----- C:\Documents and Settings\Thomasv\Programdata
2008-04-11 10:56 . 2008-04-18 10:49 <DIR> dr------- C:\Documents and Settings\Thomasv\Mine dokumenter
2008-04-11 10:56 . 2008-04-11 18:19 <DIR> d--h----- C:\Documents and Settings\Thomasv\Maler
2008-04-11 10:56 . 2008-04-11 18:19 <DIR> d--h----- C:\Documents and Settings\Thomasv\Lokale innstillinger
2008-04-11 10:56 . 2008-04-16 13:04 <DIR> dr------- C:\Documents and Settings\Thomasv\Favoritter
2008-04-11 10:56 . 2008-04-15 10:47 <DIR> d--h----- C:\Documents and Settings\Thomasv\AndrMask
2008-04-11 10:56 . 2008-04-18 11:19 <DIR> d-------- C:\Documents and Settings\Thomasv
2008-04-11 10:56 . 2008-04-18 11:22 323,584 --ah----- C:\Documents and Settings\Thomasv\ntuser.dat.LOG
2008-04-11 10:52 . 2008-04-11 10:52 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy
2008-04-11 10:52 . 2008-04-11 10:52 <DIR> d-------- C:\Programfiler\Novell
2008-04-11 10:52 . 2008-04-16 10:56 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 09:20 0 ----a-w C:\WINDOWS\system32\drivers\WFTDriverLog.txt
2008-04-18 07:26 --------- d-----w C:\Programfiler\Java
2008-04-14 07:42 --------- d--h--w C:\Programfiler\InstallShield Installation Information
2008-04-11 16:24 --------- d-----w C:\Programfiler\Synaptics
2008-04-11 16:23 --------- d-----w C:\Programfiler\Sonic
2008-04-11 16:23 --------- d-----w C:\Programfiler\microsoft frontpage
2008-04-11 16:22 --------- d-----w C:\Programfiler\HPQ
2008-04-11 16:22 --------- d-----w C:\Programfiler\Hp
2008-04-11 16:22 --------- d-----w C:\Programfiler\Hewlett-Packard
2008-04-11 16:22 --------- d-----w C:\Programfiler\Fingerprint Sensor
2008-04-11 16:22 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester
2008-04-11 16:22 --------- d-----w C:\Programfiler\Fellesfiler\TiVo Shared
2008-04-11 16:22 --------- d-----w C:\Programfiler\Fellesfiler\SureThing Shared
2008-04-11 16:21 --------- d-----w C:\Programfiler\Fellesfiler\Sonic Shared
2008-04-11 16:21 --------- d-----w C:\Programfiler\Fellesfiler\LightScribe
2008-04-11 16:21 --------- d-----w C:\Programfiler\Fellesfiler\Java
2008-04-11 16:21 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield
2008-04-11 16:21 --------- d-----w C:\Programfiler\Elektroniske tjenester
2008-04-11 16:21 --------- d-----w C:\Programfiler\CONEXANT
2008-04-11 16:21 --------- d-----w C:\Programfiler\Analog Devices
2008-04-11 16:19 --------- d-----w C:\Documents and Settings\All Users\Programdata\InstallShield
2008-04-11 16:19 --------- d-----w C:\Documents and Settings\All Users\Programdata\hpqLog
2008-04-11 09:20 --------- d-----w C:\Programfiler\Windows Media Connect
2008-04-11 08:29 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared
2008-04-11 08:29 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec
2008-03-19 12:00 6,547,488 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3AEF888-A3E2-44EB-BD85-F0C85BA7673F}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360]
"WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:46 204288]
"pcmdyvvw"="C:\WINDOWS\system32\nqjkpgjy.exe" [2008-04-16 10:19 106496]
"AWMON"="C:\Programfiler\Norman\Norman Ad-Aware SE Professional\Ad-Watch.exe" [2005-06-27 16:49 516608]
"SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-19 14:00 13524992]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-19 14:00 86016]
"nwiz"="nwiz.exe" [2008-03-19 14:00 1630208 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 15:06 716800]
"AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2006-01-16 22:01 53248]
"PTHOSTTR"="C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-02-14 11:56 122880]
"HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-04-06 05:20 122940]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:27 1015808]
"hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 10:49 454656]
"CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 20:12 17920]
"QlbCtrl"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-05-08 09:56 131072]
"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2006-02-22 08:03 40960]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 16:51 1187840]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-09 17:38 806912]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-02-15 17:43 892928]
"WatchDog"="C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 11:59 184320]
"Norman ZANDA"="C:\Programfiler\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352]
"NDPS"="C:\WINDOWS\system32\dpmw32.exe" [2004-05-17 14:27 32859]
"ZENRC Tray Icon"="C:\WINDOWS\system32\zentray.exe" [2005-05-18 17:04 40960]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 11:37 28672 C:\WINDOWS\system32\nwtray.exe]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2005-06-24 15:16 278528]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-04-11 12:48 98304]
"Acrobat Assistant 7.0"="C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]
"SynTPStart"="C:\Programfiler\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2007-01-05 22:36 872448]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:00 15360]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2008-04-11 14:24:44 25214]
Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2006-02-15 16:16:02 581693]
DVD Check.lnk - C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe [2008-04-11 10:19:50 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"pADsSP8oOS"= C:\Documents and Settings\All Users\Programdata\zgpgnids\zozitwrq.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"pADsSP8oOS"= C:\Documents and Settings\All Users\Programdata\zgpgnids\zozitwrq.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= C:\Programfiler\Novell\ZENworks\NalShell.dll [2007-02-13 15:49 454656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
IfxWlxEN.dll 2005-08-19 15:52 389120 C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
C:\WINDOWS\system32\Novell\XtNotify.dll 2007-01-10 11:52 24576 C:\WINDOWS\system32\novell\xtnotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll 2005-07-25 20:41 40960 C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvVOGaw]
tuvVOGaw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"C:\\Novell\\GroupWise\\grpwise.exe"=
"C:\\Novell\\GroupWise\\notify.exe"=
"C:\\WINDOWS\\system32\\dpmw32.exe"=
"C:\\Programfiler\\Adobe\\Acrobat 6.0\\Reader\\AcroRd32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programfiler\\iTunes\\iTunes.exe"=
"C:\\Programfiler\\SopCast\\SopCast.exe"=
"C:\\Programfiler\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programfiler\\Azureus\\Azureus.exe"=
"C:\\Programfiler\\TVUPlayer\\TVUPlayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1677:TCP"= 1677:TCP:Groupwise
"1677:UDP"= 1677:UDP:Groupwise
"1761:TCP"= 1761:TCP:Zenworks
"1761:UDP"= 1761:UDP:Zenworks
"1762:UDP"= 1762:UDP:Zenworks

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2005-10-25 20:10]
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 10:00]
R2 BlankScr;HBDevice;C:\WINDOWS\system32\drivers\BlankScr.sys [2005-05-23 14:47]
R2 Ndiskio;Ndiskio;C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [2006-05-09 10:59]
R2 XTAgent;Novell XTier Agent Services;C:\WINDOWS\System32\Novell\XTAgent.exe [2007-01-10 11:52]
R3 Darpan;Darpan;C:\WINDOWS\system32\DRIVERS\Darpan.sys [2005-05-23 14:11]
R3 Flamethrower;Flamethrower;C:\WINDOWS\system32\drivers\Flamethrower.sys [2005-06-02 16:32]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 12:46]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 15:26]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 14:56]
R3 nvcoas;Norman Virus Control on-access component;C:\Programfiler\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 19:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 11:22:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe??????? ???@???????????????@?????([??????(?@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.exe
-> C:\WINDOWS\system32\NWSHLXNT.dll
-> C:\WINDOWS\system32\NLS\ENGLISH\NWSHLXNR.DLL
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\IFXTCS.exe
C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe
C:\Programfiler\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Novell\ZENworks\NALNTSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
C:\Programfiler\Novell\ZENworks\WM.EXE
C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programfiler\Norman\Npm\Bin\Njeeves.exe
C:\Programfiler\Novell\ZENworks\WMRUNDLL.EXE
C:\PROGRA~1\HPQ\IAM\Bin\asghost.exe
C:\PROGRA~1\PROTEC~1\EMBEDD~1\PSDrt.exe
C:\PROGRA~1\PROTEC~1\EMBEDD~1\SpTNA.exe
C:\PROGRA~1\HPQ\HPPROT~1\PTServs.exe
C:\Programfiler\Novell\ZENworks\WMRUNDLL.EXE
C:\Programfiler\Novell\ZENworks\Inventory\ZfDInvScanner.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ACCELE~1.EXE
C:\PROGRA~1\HPQ\HPPROT~1\pthosttr.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Programfiler\Norman\NVC\bin\Nip.exe
C:\Programfiler\Norman\NVC\bin\CClaw.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\PROGRA~1\Java\JRE16~1.0_0\bin\jusched.exe
C:\Programfiler\Windows Media Player\wmpnetwk.exe
C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-18 11:26:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-18 09:26:42

Pre-Run: 54,061,506,560 byte ledig
Post-Run: 54,034,481,152 byte ledig
.
2008-04-11 08:54:26 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:37, on 18.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe
C:\Programfiler\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Novell\ZENworks\nalntsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Programfiler\Novell\ZENworks\wm.exe
C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE
C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\Novell\ZENworks\WMRUNDLL.EXE
C:\Programfiler\HPQ\IAM\bin\asghost.exe
C:\Programfiler\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Programfiler\ProtectTools\Embedded Security Software\SpTna.exe
C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTServs.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\SMINST\Scheduler.exe
C:\Programfiler\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\dpmw32.exe
C:\Programfiler\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\system32\NWTRAY.EXE
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\Norman\Nvc\bin\cclaw.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Programfiler\Analog Devices\Core\smax4pnp.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\nqjkpgjy.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Windows Media Player\WMPNetwk.exe
C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fronter.com/hifm/index.phtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Programfiler\Fellesfiler\ReGet Shared\Catcher.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programfiler\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Programfiler\ReGet Software\ReGet Deluxe 5.2\IEBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Programfiler\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Programfiler\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [pcmdyvvw] C:\WINDOWS\system32\nqjkpgjy.exe
O4 - HKCU\..\Run: [AWMON] "C:\Programfiler\Norman\Norman Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [pADsSP8oOS] C:\Documents and Settings\All Users\Programdata\zgpgnids\zozitwrq.exe
O4 - HKCU\..\Policies\Explorer\Run: [pADsSP8oOS] C:\Documents and Settings\All Users\Programdata\zgpgnids\zozitwrq.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programfiler\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O20 - Winlogon Notify: OneCard - C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll
O20 - Winlogon Notify: tuvVOGaw - tuvVOGaw.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\nalntsrv.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Programfiler\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\wm.exe

--
End of file - 14791 bytes

BTW, I have disabled Spybot's resident after rebooting.

Edited by MichaelPaine, 18 April 2008 - 04:35 AM.


#5 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:14 AM

Posted 22 April 2008 - 03:55 AM

Hello,

I have disabled Spybot's resident after rebooting.

And after you do the HijackThis log, right?
Because i still see both running:
O4 - HKCU\..\Run: [AWMON] "C:\Programfiler\Norman\Norman Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

Let me know about that, please.


Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.


Now copy/paste the entire content of the codebox below into the Notepad window:

http://www.bleepingcomputer.com/forums/t/142306/cant-remove-system-integrity-scan-wizard/
Collect::
C:\WINDOWS\lgmxvpatkmb.dll
C:\WINDOWS\system32\nqjkpgjy.exe
C:\WINDOWS\npqtsrak.exe
C:\WINDOWS\rtqmekwg.exe
C:\Documents and Settings\All Users\Programdata\zgpgnids\zozitwrq.exe
Folder::
C:\Documents and Settings\All Users\Programdata\zgpgnids
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pcmdyvvw"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"pADsSP8oOS"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"pADsSP8oOS"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvVOGaw]
IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!
  • Save the above as CFScript.txt
  • Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
  • Posted Image
  • This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
  • When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed, and read it carefully.
  • With the above script, ComboFix will capture a file to submit for analysis.
  • Ensure you are connected to the internet and click OK.
  • A browser will open. Simply follow the instructions to copy/paste/send the requested file.
Please post the results from ComboFix and a new HijackThis log. Also let me know how your computer its running now.

Thanks
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#6 MichaelPaine

MichaelPaine
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 22 April 2008 - 12:16 PM

Hi again,

I thought I had disabled TeaTimer before I ran HJT previously, but I probably forgot to save the settings. Anyway, it has been turned off since then. (BTW, do you recommend Ad Aware or Spybot for realtime protection?)

The .zip-file has also been submitted.

Here are my logs:

ComboFix 08-04-17.1 - Thomasv 2008-04-22 18:59:55.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1407 [GMT 2:00]
Running from: C:\Documents and Settings\Thomasv\Skrivebord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Thomasv\Skrivebord\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Programdata\zgpgnids
C:\Documents and Settings\All Users\Programdata\zgpgnids\zozitwrq.exe.bak
C:\WINDOWS\lgmxvpatkmb.dll
C:\WINDOWS\npqtsrak.exe
C:\WINDOWS\rtqmekwg.exe
D:\Autorun.inf
D:\RECYCLER\Desktop.ini
D:\RECYCLER\Folder.htt
D:\RECYCLER\Protect.ed
D:\RECYCLER\Warning.bmp

.
((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.

2008-04-21 09:51 . 2008-04-21 22:32 <DIR> d-------- C:\Programfiler\Magic Workstation
2008-04-20 11:15 . 2008-04-20 11:15 <DIR> d-------- C:\divx
2008-04-19 15:07 . 2008-04-19 15:07 <DIR> d-------- C:\Programfiler\TVAnts
2008-04-19 02:02 . 2008-04-19 02:02 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-18 09:15 . 2008-04-18 09:15 <DIR> d-------- C:\Programfiler\Any Audio Converter
2008-04-18 09:08 . 2008-04-18 09:25 <DIR> d-------- C:\Programfiler\AUAU Audio Converter
2008-04-18 09:08 . 2008-04-18 09:08 34 --ah----- C:\WINDOWS\system32\VideoConverter_sysquict.dat
2008-04-18 09:04 . 2008-04-18 09:04 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\TEMP
2008-04-17 15:03 . 2008-04-22 18:52 <DIR> d-------- C:\Programfiler\Mozilla Thunderbird
2008-04-17 15:03 . 2008-04-17 15:03 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Thunderbird
2008-04-17 14:44 . 2008-04-17 14:44 <DIR> d-------- C:\Deckard
2008-04-16 19:37 . 2008-04-22 18:56 <DIR> dr-h----- C:\Documents and Settings\Thomasv\Siste
2008-04-16 19:05 . 2008-04-16 19:05 <DIR> d-------- C:\Programfiler\Trend Micro
2008-04-16 19:01 . 2008-04-16 19:01 <DIR> d-------- C:\Programfiler\CCleaner
2008-04-16 15:08 . 2008-04-16 15:08 5,668 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-16 14:55 . 2008-04-16 14:56 <DIR> d-------- C:\Programfiler\Panda Security
2008-04-16 11:58 . 2008-04-16 11:58 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\TmpRecentIcons
2008-04-16 09:51 . 2008-04-16 09:51 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-04-16 09:12 . 2008-04-16 09:12 <DIR> d-------- C:\Programfiler\WinPcap
2008-04-16 09:09 . 2008-04-16 09:22 <DIR> d-------- C:\Programfiler\WMR11
2008-04-14 09:32 . 2008-04-14 09:32 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe Systems Shared
2008-04-14 08:49 . 2008-04-14 08:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\FLEXnet
2008-04-14 08:48 . 2008-04-14 08:48 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared
2008-04-14 08:38 . 2008-04-14 08:38 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Sonic
2008-04-14 00:00 . 2008-04-14 00:00 <DIR> d-------- C:\Programfiler\QuickPar
2008-04-13 18:22 . 2008-04-13 18:22 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Norman
2008-04-13 16:51 . 2008-04-13 16:51 <DIR> d-------- C:\Temp\MTGOInstall
2008-04-13 16:51 . 2008-04-13 16:51 <DIR> d-------- C:\Temp
2008-04-13 16:51 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-04-13 15:43 . 2008-04-13 15:44 <DIR> d-------- C:\Programfiler\TVUPlayer
2008-04-13 15:43 . 2008-04-13 15:43 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\TVU Networks
2008-04-13 15:06 . 2008-04-13 15:06 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Talkback
2008-04-13 12:29 . 2008-04-13 12:29 5,365 --a------ C:\WT61NO.UWL
2008-04-12 21:55 . 2008-04-12 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\NVIDIA
2008-04-12 20:01 . 2008-04-15 21:48 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\DivX
2008-04-12 17:29 . 2008-04-12 17:29 <DIR> d-------- C:\Programfiler\DivX
2008-04-12 17:29 . 2007-11-30 00:30 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-04-12 17:16 . 2008-04-12 17:17 <DIR> d-------- C:\Programfiler\ReGet Software
2008-04-12 17:16 . 2008-04-12 21:53 <DIR> d-------- C:\Programfiler\Fellesfiler\ReGet Shared
2008-04-12 17:16 . 2008-04-22 09:17 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\ReGet Software
2008-04-12 17:16 . 2008-04-12 17:16 57 --a------ C:\WINDOWS\english.lng
2008-04-12 17:05 . 2008-04-12 17:05 <DIR> d-------- C:\Programfiler\Azureus
2008-04-12 17:05 . 2008-04-22 15:48 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Azureus
2008-04-12 16:48 . 2008-04-12 16:52 <DIR> d-------- C:\Programfiler\SopCast
2008-04-12 16:32 . 2008-04-12 16:32 <DIR> d-------- C:\Documents and Settings\Thomasv\Bluetooth Software
2008-04-11 18:39 . 2008-04-11 18:39 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT
2008-04-11 18:38 . 2008-04-11 18:38 <DIR> d-------- C:\WINDOWS\i386
2008-04-11 15:12 . 2008-04-13 13:50 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Wizards of the Coast
2008-04-11 15:12 . 2008-04-12 17:46 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\vlc
2008-04-11 15:11 . 2008-04-13 16:48 <DIR> d-------- C:\Programfiler\Wizards of the Coast
2008-04-11 15:11 . 2008-04-11 15:11 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\InstallShield
2008-04-11 14:18 . 2008-04-11 14:18 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-11 14:18 . 2004-08-17 02:40 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-04-11 14:11 . 2008-04-16 14:55 2,477 --a------ C:\WINDOWS\mozver.dat
2008-04-11 14:07 . 2008-04-22 14:17 86 --a------ C:\WINDOWS\WPCMAPI.INI
2008-04-11 13:09 . 2008-04-11 13:09 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\Programfiler\QuickTime
2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\Programfiler\iTunes
2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\Programfiler\iPod
2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Apple Computer
2008-04-11 12:48 . 2008-04-19 01:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\QuickTime
2008-04-11 12:48 . 2008-04-11 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer
2008-04-11 12:48 . 1999-11-10 12:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2008-04-11 12:47 . 2008-04-11 13:14 <DIR> d-------- C:\Avid
2008-04-11 12:46 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-11 12:46 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-11 12:09 . 2008-04-11 12:09 <DIR> d-------- C:\Programfiler\Fellesfiler\Digidesign
2008-04-11 12:08 . 2008-04-11 12:08 <DIR> d-------- C:\Programfiler\Fellesfiler\Avid
2008-04-11 12:08 . 2008-04-11 12:09 <DIR> d-------- C:\Programfiler\Avid
2008-04-11 12:08 . 2001-03-23 19:32 2,981,888 --a------ C:\WINDOWS\system32\iplw7.dll
2008-04-11 12:07 . 2008-04-11 12:07 <DIR> d-------- C:\Programfiler\SafeNet Sentinel
2008-04-11 12:07 . 2008-04-11 12:07 <DIR> d-------- C:\Programfiler\Fellesfiler\SafeNet Sentinel
2008-04-11 12:05 . 2008-04-11 12:05 <DIR> d-------- C:\Programfiler\MSXML 6.0
2008-04-11 12:05 . 2008-04-11 12:05 <DIR> d-------- C:\Programfiler\AC3Filter
2008-04-11 12:05 . 2007-08-18 09:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-04-11 12:03 . 2008-04-11 12:03 <DIR> d-------- C:\Programfiler\VideoLAN
2008-04-11 11:27 . 2008-04-11 11:27 <DIR> d-------- C:\Programfiler\MSXML 4.0
2008-04-11 11:26 . 2008-04-14 09:32 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe
2008-04-11 11:26 . 2008-04-21 10:30 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\AdobeUM
2008-04-11 11:25 . 2008-04-11 15:23 <DIR> d-------- C:\WINDOWS\system32\nb-NO
2008-04-11 11:24 . 2008-04-11 11:24 <DIR> d-------- C:\Programfiler\MSBuild
2008-04-11 11:23 . 2008-04-11 11:23 <DIR> d-------- C:\WINDOWS\Sun
2008-04-11 11:22 . 2008-04-11 12:07 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-11 11:22 . 2008-04-11 11:22 <DIR> d-------- C:\Programfiler\Reference Assemblies
2008-04-11 11:22 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-11 11:21 . 2008-04-11 11:21 <DIR> d-------- C:\Programfiler\Windows Media Connect 2
2008-04-11 11:21 . 2008-04-11 11:21 <DIR> d-------- C:\b4ed6d7b4fbcbb4abca49b1daa
2008-04-11 11:21 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-11 11:21 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-11 11:21 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-11 11:20 . 2008-04-12 17:56 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-11 11:20 . 2008-04-11 11:20 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-11 11:18 . 2006-08-21 11:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-11 11:18 . 2006-08-21 11:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-11 11:18 . 2006-08-21 14:28 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-11 11:12 . 2007-07-09 15:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-11 11:07 . 2008-04-11 11:07 <DIR> d--hs---- C:\Documents and Settings\Thomasv\UserData
2008-04-11 11:05 . 2004-03-22 15:17 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2008-04-11 11:05 . 2008-04-11 11:05 382 --a------ C:\WINDOWS\ODBC.INI
2008-04-11 11:02 . 2008-04-11 11:02 <DIR> d-------- C:\Programfiler\Microsoft Works
2008-04-11 11:01 . 2008-04-11 11:04 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-11 11:01 . 2008-04-11 11:01 <DIR> d-------- C:\Programfiler\Microsoft.NET
2008-04-11 10:59 . 2008-04-11 10:59 153,284 --a------ C:\WINDOWS\hifm.bmp
2008-04-11 10:57 . 2008-04-22 09:03 <DIR> d-------- C:\Zenworks
2008-04-11 10:56 . 2008-04-22 19:05 <DIR> d--h----- C:\NALCache
2008-04-11 10:56 . 2008-04-14 09:12 <DIR> dr------- C:\Documents and Settings\Thomasv\Start-meny
2008-04-11 10:56 . 2006-09-27 07:09 <DIR> d--h----- C:\Documents and Settings\Thomasv\Skrivere
2008-04-11 10:56 . 2008-04-22 18:59 <DIR> d-------- C:\Documents and Settings\Thomasv\Skrivebord
2008-04-11 10:56 . 2006-09-27 07:09 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\SampleView
2008-04-11 10:56 . 2008-04-11 10:56 <DIR> d-------- C:\Documents and Settings\Thomasv\Programdata\Infineon
2008-04-11 10:56 . 2008-04-17 15:03 <DIR> dr-h----- C:\Documents and Settings\Thomasv\Programdata
2008-04-11 10:56 . 2008-04-18 10:49 <DIR> dr------- C:\Documents and Settings\Thomasv\Mine dokumenter
2008-04-11 10:56 . 2008-04-11 18:19 <DIR> d--h----- C:\Documents and Settings\Thomasv\Maler
2008-04-11 10:56 . 2008-04-11 18:19 <DIR> d--h----- C:\Documents and Settings\Thomasv\Lokale innstillinger
2008-04-11 10:56 . 2008-04-16 13:04 <DIR> dr------- C:\Documents and Settings\Thomasv\Favoritter
2008-04-11 10:56 . 2008-04-15 10:47 <DIR> d--h----- C:\Documents and Settings\Thomasv\AndrMask
2008-04-11 10:56 . 2008-04-22 00:01 <DIR> d-------- C:\Documents and Settings\Thomasv
2008-04-11 10:56 . 2008-04-22 19:05 1,024 --ah----- C:\Documents and Settings\Thomasv\ntuser.dat.LOG
2008-04-11 10:52 . 2008-04-11 10:52 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy
2008-04-11 10:52 . 2008-04-11 10:52 <DIR> d-------- C:\Programfiler\Novell
2008-04-11 10:52 . 2008-04-16 10:56 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy
2008-04-11 10:52 . 2003-05-05 13:05 600,064 --a------ C:\WINDOWS\system32\msrdp.ocx
2008-04-11 10:52 . 2008-04-18 10:37 30,948 --a------ C:\ziswin.hst

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 06:54 0 ----a-w C:\WINDOWS\system32\drivers\WFTDriverLog.txt
2008-04-21 09:20 --------- d--h--w C:\Programfiler\InstallShield Installation Information
2008-04-18 07:26 --------- d-----w C:\Programfiler\Java
2008-04-11 16:24 --------- d-----w C:\Programfiler\Synaptics
2008-04-11 16:23 --------- d-----w C:\Programfiler\Sonic
2008-04-11 16:23 --------- d-----w C:\Programfiler\microsoft frontpage
2008-04-11 16:22 --------- d-----w C:\Programfiler\HPQ
2008-04-11 16:22 --------- d-----w C:\Programfiler\Hp
2008-04-11 16:22 --------- d-----w C:\Programfiler\Hewlett-Packard
2008-04-11 16:22 --------- d-----w C:\Programfiler\Fingerprint Sensor
2008-04-11 16:22 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester
2008-04-11 16:22 --------- d-----w C:\Programfiler\Fellesfiler\TiVo Shared
2008-04-11 16:22 --------- d-----w C:\Programfiler\Fellesfiler\SureThing Shared
2008-04-11 16:21 --------- d-----w C:\Programfiler\Fellesfiler\Sonic Shared
2008-04-11 16:21 --------- d-----w C:\Programfiler\Fellesfiler\LightScribe
2008-04-11 16:21 --------- d-----w C:\Programfiler\Fellesfiler\Java
2008-04-11 16:21 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield
2008-04-11 16:21 --------- d-----w C:\Programfiler\Elektroniske tjenester
2008-04-11 16:21 --------- d-----w C:\Programfiler\CONEXANT
2008-04-11 16:21 --------- d-----w C:\Programfiler\Analog Devices
2008-04-11 16:19 --------- d-----w C:\Documents and Settings\All Users\Programdata\InstallShield
2008-04-11 16:19 --------- d-----w C:\Documents and Settings\All Users\Programdata\hpqLog
2008-04-11 09:20 --------- d-----w C:\Programfiler\Windows Media Connect
2008-04-11 08:29 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared
2008-04-11 08:29 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec
2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:11 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-12 11:10 633,344 ------w C:\WINDOWS\system32\gpprefcl.dll
2008-03-01 16:35 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:58 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:58 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:52 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:39 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 09:32 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-02-16 09:32 151,552 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-02-16 09:32 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-02-16 09:32 1,054,720 ------w C:\WINDOWS\system32\dllcache\danim.dll
2008-02-16 09:32 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-18_11.26.27.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-18 09:20:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-22 17:04:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-24 17:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
- 2008-04-11 09:04:55 593,920 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-04-21 19:00:06 593,920 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-04-11 09:04:55 12,288 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-04-21 19:00:06 12,288 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-04-11 09:04:55 86,016 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-04-21 19:00:06 86,016 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-04-11 09:04:55 135,168 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-04-21 19:00:06 135,168 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-04-11 09:04:55 11,264 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-04-21 19:00:06 11,264 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-04-11 09:04:55 27,136 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-04-21 19:00:06 27,136 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-04-11 09:04:55 4,096 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-04-21 19:00:06 4,096 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-04-11 09:04:55 794,624 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-04-21 19:00:06 794,624 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-04-11 09:04:55 249,856 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-04-21 19:00:06 249,856 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-04-11 09:04:55 61,440 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-04-21 19:00:06 61,440 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-04-11 09:04:55 23,040 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-04-21 19:00:06 23,040 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-04-11 09:04:55 286,720 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-04-21 19:00:06 286,720 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-04-11 09:04:54 409,600 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-04-21 19:00:06 409,600 ----a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-04-11 08:48:52 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-04-19 17:22:08 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-04-18 08:40:19 71,189 ----a-w C:\WINDOWS\system32\nvModes.dat
+ 2008-04-19 00:02:22 119,753 ----a-w C:\WINDOWS\system32\nvModes.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360]
"WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:46 204288]
"AWMON"="C:\Programfiler\Norman\Norman Ad-Aware SE Professional\Ad-Watch.exe" [2005-06-27 16:49 516608]
"updateMgr"="C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-19 14:00 13524992]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-19 14:00 86016]
"nwiz"="nwiz.exe" [2008-03-19 14:00 1630208 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 15:06 716800]
"AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2006-01-16 22:01 53248]
"PTHOSTTR"="C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-02-14 11:56 122880]
"HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-04-06 05:20 122940]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:27 1015808]
"hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 10:49 454656]
"CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 20:12 17920]
"QlbCtrl"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-05-08 09:56 131072]
"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2006-02-22 08:03 40960]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 16:51 1187840]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-09 17:38 806912]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-02-15 17:43 892928]
"WatchDog"="C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 11:59 184320]
"Norman ZANDA"="C:\Programfiler\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352]
"NDPS"="C:\WINDOWS\system32\dpmw32.exe" [2004-05-17 14:27 32859]
"ZENRC Tray Icon"="C:\WINDOWS\system32\zentray.exe" [2005-05-18 17:04 40960]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 11:37 28672 C:\WINDOWS\system32\nwtray.exe]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2005-06-24 15:16 278528]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-04-11 12:48 98304]
"Acrobat Assistant 7.0"="C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]
"SynTPStart"="C:\Programfiler\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2007-01-05 22:36 872448]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:00 15360]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2008-04-11 14:24:44 25214]
Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2006-02-15 16:16:02 581693]
DVD Check.lnk - C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe [2008-04-11 10:19:50 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= C:\Programfiler\Novell\ZENworks\NalShell.dll [2007-02-13 15:49 454656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
IfxWlxEN.dll 2005-08-19 15:52 389120 C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
C:\WINDOWS\system32\Novell\XtNotify.dll 2007-01-10 11:52 24576 C:\WINDOWS\system32\novell\xtnotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll 2005-07-25 20:41 40960 C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"C:\\Novell\\GroupWise\\grpwise.exe"=
"C:\\Novell\\GroupWise\\notify.exe"=
"C:\\WINDOWS\\system32\\dpmw32.exe"=
"C:\\Programfiler\\Adobe\\Acrobat 6.0\\Reader\\AcroRd32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programfiler\\iTunes\\iTunes.exe"=
"C:\\Programfiler\\SopCast\\SopCast.exe"=
"C:\\Programfiler\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programfiler\\Azureus\\Azureus.exe"=
"C:\\Programfiler\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Programfiler\\TVAnts\\Tvants.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1677:TCP"= 1677:TCP:Groupwise
"1677:UDP"= 1677:UDP:Groupwise
"1761:TCP"= 1761:TCP:Zenworks
"1761:UDP"= 1761:UDP:Zenworks
"1762:UDP"= 1762:UDP:Zenworks

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2005-10-25 20:10]
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 10:00]
R2 BlankScr;HBDevice;C:\WINDOWS\system32\drivers\BlankScr.sys [2005-05-23 14:47]
R2 Ndiskio;Ndiskio;C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [2006-05-09 10:59]
R2 XTAgent;Novell XTier Agent Services;C:\WINDOWS\System32\Novell\XTAgent.exe [2007-01-10 11:52]
R3 Darpan;Darpan;C:\WINDOWS\system32\DRIVERS\Darpan.sys [2005-05-23 14:11]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 12:46]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 15:26]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 14:56]
R3 nvcoas;Norman Virus Control on-access component;C:\Programfiler\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]
S3 Flamethrower;Flamethrower;C:\WINDOWS\system32\drivers\Flamethrower.sys [2005-06-02 16:32]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 19:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 19:05:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe??????? ???@???????????????@?????([??????(?@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.exe
-> C:\WINDOWS\system32\NWSHLXNT.dll
-> C:\WINDOWS\system32\NLS\ENGLISH\NWSHLXNR.DLL
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\IFXTCS.exe
C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe
C:\Programfiler\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\scardsvr.exe
C:\PROGRA~1\HPQ\IAM\Bin\asghost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ACCELE~1.EXE
C:\PROGRA~1\HPQ\HPPROT~1\pthosttr.exe
C:\Programfiler\Norman\NVC\bin\Nip.exe
C:\Programfiler\Novell\ZENworks\NALNTSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
C:\PROGRA~1\Java\JRE16~1.0_0\bin\jusched.exe
C:\Programfiler\Novell\ZENworks\WM.EXE
C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Programfiler\Novell\ZENworks\WMRUNDLL.EXE
C:\WINDOWS\system32\mqtgsvc.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programfiler\Norman\Npm\Bin\Njeeves.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\PROGRA~1\PROTEC~1\EMBEDD~1\PSDrt.exe
C:\PROGRA~1\PROTEC~1\EMBEDD~1\SpTNA.exe
C:\PROGRA~1\HPQ\HPPROT~1\PTServs.exe
C:\Programfiler\Norman\NVC\bin\CClaw.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-22 19:07:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-22 17:07:51
ComboFix2.txt 2008-04-18 09:26:49

Pre-Run: 50,166,341,632 byte ledig
Post-Run: 50,298,544,128 byte ledig
.
2008-04-11 08:54:26 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:51, on 22.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe
C:\Programfiler\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Programfiler\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Programfiler\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\dpmw32.exe
C:\Programfiler\Norman\Nvc\BIN\NIP.EXE
C:\Programfiler\Novell\ZENworks\nalntsrv.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\Programfiler\Analog Devices\Core\smax4pnp.exe
C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Novell\ZENworks\wm.exe
C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programfiler\Novell\ZENworks\WMRUNDLL.EXE
C:\WINDOWS\system32\mqtgsvc.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE
C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Programfiler\ProtectTools\Embedded Security Software\SpTna.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTServs.exe
C:\Programfiler\Norman\Nvc\bin\cclaw.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fronter.com/hifm/index.phtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Programfiler\Fellesfiler\ReGet Shared\Catcher.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programfiler\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Programfiler\ReGet Software\ReGet Deluxe 5.2\IEBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Programfiler\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Programfiler\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AWMON] "C:\Programfiler\Norman\Norman Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programfiler\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O20 - Winlogon Notify: OneCard - C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\nalntsrv.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Programfiler\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\wm.exe

--
End of file - 14415 bytes

Computer has been running fine. Thank you!

Edited by MichaelPaine, 22 April 2008 - 12:17 PM.


#7 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:14 AM

Posted 25 April 2008 - 09:43 AM

Hello,

(BTW, do you recommend Ad Aware or Spybot for realtime protection?)

Both are excelent softwares, your choice. :thumbsup:


1. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


2. Please do an online scan with Kaspersky WebScanner

Click on Posted Image

You will be prompted to install an ActiveX component from Kaspersky, Click Posted Image
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Posted Image
  • Now click on Posted Image
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click Posted Image
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post, along whit a new HijackThis log. Also let me know how i your computer its running.

Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#8 MichaelPaine

MichaelPaine
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 25 April 2008 - 01:35 PM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, April 25, 2008 8:31:56 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/04/2008
Kaspersky Anti-Virus database records: 725500
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 82233
Number of viruses found: 2
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 00:47:50

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Thomasv\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Thomasv\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Thomasv\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Thomasv\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Thomasv\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\9ax1xr60.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Thomasv\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\9ax1xr60.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Thomasv\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\9ax1xr60.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Thomasv\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\9ax1xr60.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Thomasv\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\9ax1xr60.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\Thomasv\Lokale innstillinger\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Thomasv\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Thomasv\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Thomasv\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Thomasv\Programdata\Mozilla\Firefox\Profiles\9ax1xr60.default\cert8.db Object is locked skipped
C:\Documents and Settings\Thomasv\Programdata\Mozilla\Firefox\Profiles\9ax1xr60.default\history.dat Object is locked skipped
C:\Documents and Settings\Thomasv\Programdata\Mozilla\Firefox\Profiles\9ax1xr60.default\key3.db Object is locked skipped
C:\Documents and Settings\Thomasv\Programdata\Mozilla\Firefox\Profiles\9ax1xr60.default\parent.lock Object is locked skipped
C:\Documents and Settings\Thomasv\Programdata\Mozilla\Firefox\Profiles\9ax1xr60.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Thomasv\Programdata\Mozilla\Firefox\Profiles\9ax1xr60.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Thomasv\Programdata\Norman\Ad-Aware\Logs\AWEVLOG.txt Object is locked skipped
C:\Nedlastinger\Programvare\Microsoft Office 2003 Professional Lite\MS Office 2003.exe/data0000.cab/099389~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.oax skipped
C:\Nedlastinger\Programvare\Microsoft Office 2003 Professional Lite\MS Office 2003.exe/data0000.cab/MSOFFI~1.EXE/data0000.cab/72148361.exe Infected: Trojan-Downloader.Win32.VB.dyo skipped
C:\Nedlastinger\Programvare\Microsoft Office 2003 Professional Lite\MS Office 2003.exe/data0000.cab/MSOFFI~1.EXE/data0000.cab Infected: Trojan-Downloader.Win32.VB.dyo skipped
C:\Nedlastinger\Programvare\Microsoft Office 2003 Professional Lite\MS Office 2003.exe/data0000.cab/MSOFFI~1.EXE Infected: Trojan-Downloader.Win32.VB.dyo skipped
C:\Nedlastinger\Programvare\Microsoft Office 2003 Professional Lite\MS Office 2003.exe/data0000.cab Infected: Trojan-Downloader.Win32.VB.dyo skipped
C:\Nedlastinger\Programvare\Microsoft Office 2003 Professional Lite\MS Office 2003.exe Rsrc-Package: infected - 5 skipped
C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\RMErrorLog0.txt Object is locked skipped
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Programdata\zgpgnids\zozitwrq.exe.bak.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvVOGaw.dll.vir Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\tracking.log Object is locked skipped
C:\System Volume Information\_restore{D04C3930-65DB-49F9-AFBD-D85577482DEF}\RP56\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped
C:\WINDOWS\system32\novell\nici\SYSTEM\XMGRCFG.KS2 Object is locked skipped
C:\WINDOWS\system32\novell\nici\SYSTEM\XMGRCFG.KS3 Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TempFile Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\Desktop.ini Object is locked skipped
D:\System Volume Information\Folder.htt Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\Protect.ed Object is locked skipped
D:\System Volume Information\Warning.bmp Object is locked skipped
D:\System Volume Information\_restore{D04C3930-65DB-49F9-AFBD-D85577482DEF}\RP56\change.log Object is locked skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:37, on 25.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe
C:\Programfiler\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Novell\ZENworks\nalntsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Programfiler\Novell\ZENworks\wm.exe
C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Programfiler\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\dpmw32.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Programfiler\Analog Devices\Core\smax4pnp.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Programfiler\Norman\Norman Ad-Aware SE Professional\Ad-Watch.exe
C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Novell\ZENworks\WMRUNDLL.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programfiler\Norman\Nvc\BIN\NIP.EXE
C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programfiler\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fronter.com/hifm/index.phtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Programfiler\Fellesfiler\ReGet Shared\Catcher.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Programfiler\ReGet Software\ReGet Deluxe 5.2\IEBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Programfiler\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Programfiler\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AWMON] "C:\Programfiler\Norman\Norman Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programfiler\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programfiler\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\nalntsrv.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\wm.exe

--
End of file - 13189 bytes

Computer running smoothly.

#9 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:14 AM

Posted 01 May 2008 - 10:49 AM

Hello

Please set your system to show all files.
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files and Folders, "if present":

C:\Nedlastinger\Programvare\Microsoft Office 2003 Professional Lite\MS Office 2003.exe <- this file


Reconfigure Windows XP to hide hidden files:
  • Click Start. Open My Computer.
  • Select the Tools menu and click Folder Options. Select the View Tab.
  • Under the Hidden files and folders heading deselect "Show hidden files and folders".
  • Check the "Hide protected operating system files (recommended)" option.
  • Check the "Hide file extensions for known file types" option.
  • Click Yes to confirm. Click OK.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Posted Image
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Reenable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Read the TonyKlein's good advice: So how did I get infected in the first place?

  • Also visit the Secunia Software Inspector

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software
Glad i was able to help and please let me know if you still need assistence.Posted Image
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#10 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:12:14 AM

Posted 06 May 2008 - 03:36 PM

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users