Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Still Here


  • This topic is locked This topic is locked
7 replies to this topic

#1 itsmeandy

itsmeandy

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:norway
  • Local time:01:01 PM

Posted 19 May 2008 - 02:40 PM

I have experienced that explorer.exe has encountered problems on startup and closed, and the same for services.exe which means shutdown in 1 min.

Deckard's System Scanner v20071014.68
Run by Jarle on 2008-05-19 21:06:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2008-05-19 19:06:13 UTC - RP248 - Deckard's System Scanner Restore Point
5: 2008-05-19 19:04:58 UTC - RP247 - Installed Ad-Aware 2007
4: 2008-05-18 19:41:04 UTC - RP246 - Software Distribution Service 3.0
3: 2008-05-18 18:05:58 UTC - RP245 - Flytt fil til karantene: vturs.dll
2: 2008-05-18 18:05:44 UTC - RP244 - Flytt fil til karantene: wvuvwtt.dll


-- First Restore Point --
1: 2008-05-18 17:40:20 UTC - RP243 - Kontrollpunkt for system


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jarle.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:30, on 19.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programfiler\Analog Devices\Core\smax4pnp.exe
C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe
C:\Programfiler\DAEMON Tools\daemon.exe
C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
C:\Programfiler\Fellesfiler\Nero\Lib\NMBgMonitor.exe
C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programfiler\Windows Desktop Search\WindowsSearch.exe
C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe
C:\Programfiler\Brother\Brmfcmon\BrMfimon.exe
C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\Programfiler\Windows Live\Mail\wlmail.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Internet Explorer\iexplore.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programfiler\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Documents and Settings\Jarle\Skrivebord\dss.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jarle.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {ae7cd045-e861-484f-8273-0445ee161910} - J:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {E2F8F7C7-954D-4336-BA99-27BFBEB73DAF} - C:\WINDOWS\SYSTEM32\wvuvwtt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - J:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - J:\Programfiler\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Programfiler\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SpybotSnD] "C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA5041] command /c del "C:\WINDOWS\system32\ddaba.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8032] cmd /c del "C:\WINDOWS\system32\ddaba.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9810] command /c del "C:\WINDOWS\system32\ddccb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2728] cmd /c del "C:\WINDOWS\system32\ddccb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2863] command /c del "C:\WINDOWS\system32\jkhfg.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7146] cmd /c del "C:\WINDOWS\system32\jkhfg.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9275] command /c del "C:\WINDOWS\system32\ymyjqcfp.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6947] cmd /c del "C:\WINDOWS\system32\ymyjqcfp.dll_old"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Programfiler\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: PC-søk i Windows.lnk = C:\Programfiler\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://J:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://J:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://J:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://J:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://J:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://J:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://J:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://J:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: wvuvwtt - C:\WINDOWS\SYSTEM32\wvuvwtt.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Programfiler\Fellesfiler\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Unknown owner - C:\Programfiler\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe
O23 - Service: NNServ (nnserv) - Unknown owner - C:\Programfiler\NewDotNet\nnrun.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Programfiler\TightVNC\WinVNC.exe

--
End of file - 10729 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080516-143710-141 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
backup-20080516-143710-188 O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
backup-20080516-143710-209 O4 - HKCU\..\Run: [LogitechSoftwareUpdate] -C:\Programfiler\Logitech\Video\ManifestEngine.exe boot
backup-20080516-143710-244 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
backup-20080516-143710-262 O4 - HKLM\..\Run: [nwiz] -nwiz.exe /install
backup-20080516-143710-372 O2 - BHO: (no name) - {e2f8f7c7-954d-4336-ba99-27bfbeb73daf} - C:\WINDOWS\system32\wvuvwtt.dll
backup-20080516-143710-379 O2 - BHO: (no name) - {b87b128c-03fc-4620-818e-01ba7b326d1c} - C:\WINDOWS\system32\pmnlj.dll (file missing)
backup-20080516-143710-422 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080516-143710-431 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
backup-20080516-143710-511 O2 - BHO: (no name) - {78d43407-4349-4113-9f9d-104152637aa6} - C:\WINDOWS\system32\gebca.dll (file missing)
backup-20080516-143710-607 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080516-143710-692 O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FELLES~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
backup-20080516-143710-710 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080516-143710-739 O2 - BHO: Microsoft copyright - {ffffffff-bbbb-4146-86fd-a722e8ab3489} - sockins32.dll (file missing)
backup-20080516-143710-776 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080516-143710-853 O4 - Startup: DW_Start.lnk = C:\Documents and Settings\Jarle\Lokale innstillinger\Temp\build_dol.exe
backup-20080516-143710-917 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080516-143710-934 O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
backup-20080516-143710-996 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080516-143711-526 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
backup-20080516-143711-611 O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
backup-20080516-143711-643 O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
backup-20080516-143711-913 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
backup-20080516-143712-160 O20 - Winlogon Notify: crypt - crypts.dll (file missing)
backup-20080516-143712-351 O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
backup-20080516-143712-614 O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
backup-20080516-143712-652 O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe
backup-20080516-143712-727 O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
backup-20080516-143712-767 O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
backup-20080516-143712-877 O23 - Service: NNServ (nnserv) - Unknown owner - C:\Programfiler\NewDotNet\nnrun.exe (file missing)
backup-20080516-143712-938 O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
backup-20080516-144045-158 O2 - BHO: (no name) - {e2f8f7c7-954d-4336-ba99-27bfbeb73daf} - C:\WINDOWS\SYSTEM32\wvuvwtt.dll
backup-20080516-144045-186 O2 - BHO: (no name) - {ffffffff-bbbb-4146-86fd-a722e8ab3489} - (no file)
backup-20080516-144045-746 O2 - BHO: (no name) - {78d43407-4349-4113-9f9d-104152637aa6} - C:\WINDOWS\system32\gebca.dll (file missing)
backup-20080517-005847-123 O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "J:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
backup-20080517-005847-272 O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
backup-20080517-005847-354 O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
backup-20080517-005847-501 O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - (no file)
backup-20080517-005847-539 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\npjpi160_05.dll
backup-20080517-005847-600 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
backup-20080517-005847-608 O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Programfiler\TightVNC\WinVNC.exe
backup-20080517-005847-625 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
backup-20080517-005847-629 O23 - Service: NNServ (nnserv) - Unknown owner - C:\Programfiler\NewDotNet\nnrun.exe (file missing)
backup-20080517-005847-657 O4 - HKLM\..\Run: [SoundMAXPnP] -C:\Programfiler\Analog Devices\Core\smax4pnp.exe
backup-20080517-005847-785 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20080517-005847-791 O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
backup-20080517-005847-834 R3 - Default URLSearchHook is missing
backup-20080517-005847-845 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20080517-005847-924 O4 - HKLM\..\Run: [LVCOMSX] -C:\WINDOWS\system32\LVCOMSX.EXE
backup-20080518-175841-513 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20080518-175841-734 O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
backup-20080518-175841-816 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
backup-20080518-175857-650 O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
backup-20080518-175910-690 O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
backup-20080518-180026-911 O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
backup-20080518-193202-106 O23 - Service: NNServ (nnserv) - Unknown owner - C:\Programfiler\NewDotNet\nnrun.exe (file missing)
backup-20080518-202741-115 O20 - Winlogon Notify: wvuvwtt - C:\WINDOWS\SYSTEM32\wvuvwtt.dll
backup-20080518-202741-167 O4 - HKLM\..\RunOnce: [SpybotDeletingC708] cmd /c del "C:\WINDOWS\system32\vturs.dll_old"
backup-20080518-202741-264 O4 - HKLM\..\RunOnce: [SpybotDeletingC8406] cmd /c del "C:\WINDOWS\system32\vturs.dll_old"
backup-20080518-202741-266 O2 - BHO: (no name) - {20fce64a-79a3-40ba-a986-31fc9df88440} - (no file)
backup-20080518-202741-366 O4 - HKLM\..\RunOnce: [SpybotDeletingC7002] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
backup-20080518-202741-473 O4 - HKLM\..\RunOnce: [SpybotDeletingC3486] cmd /c del "C:\WINDOWS\system32\vturs.dll_old"
backup-20080518-202741-520 O4 - HKLM\..\RunOnce: [SpybotDeletingC3559] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
backup-20080518-202741-620 O2 - BHO: (no name) - {e2f8f7c7-954d-4336-ba99-27bfbeb73daf} - C:\WINDOWS\SYSTEM32\wvuvwtt.dll
backup-20080518-202741-696 O23 - Service: Bonjour-tjeneste (Bonjour Service) - Unknown owner - C:\Programfiler\Bonjour\mDNSResponder.exe (file missing)
backup-20080518-202741-715 O20 - Winlogon Notify: winnt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll
backup-20080518-202741-760 O23 - Service: NNServ (nnserv) - Unknown owner - C:\Programfiler\NewDotNet\nnrun.exe (file missing)
backup-20080518-202741-783 O4 - HKLM\..\RunOnce: [SpybotDeletingC7918] cmd /c del "C:\WINDOWS\system32\vturs.dll_old"
backup-20080518-202741-868 O4 - HKLM\..\RunOnce: [SpybotDeletingC1372] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
backup-20080518-202741-900 O4 - HKLM\..\RunOnce: [SpybotDeletingC6346] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
backup-20080518-211821-201 O4 - HKLM\..\RunOnce: [SpybotDeletingA5217] command /c del "C:\WINDOWS\system32\ddaba.dll_old"
backup-20080518-211821-319 O23 - Service: NNServ (nnserv) - Unknown owner - C:\Programfiler\NewDotNet\nnrun.exe (file missing)
backup-20080518-211821-324 O20 - Winlogon Notify: winnt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll
backup-20080518-211821-370 O2 - BHO: (no name) - {e2f8f7c7-954d-4336-ba99-27bfbeb73daf} - C:\WINDOWS\SYSTEM32\wvuvwtt.dll
backup-20080518-211821-400 O4 - HKLM\..\RunOnce: [SpybotDeletingC262] cmd /c del "C:\WINDOWS\system32\ddaba.dll_old"
backup-20080518-211821-436 O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
backup-20080518-211821-486 O23 - Service: Bonjour-tjeneste (Bonjour Service) - Unknown owner - C:\Programfiler\Bonjour\mDNSResponder.exe (file missing)
backup-20080518-211821-506 O4 - HKCU\..\RunOnce: [SpybotDeletingD8000] cmd /c del "C:\WINDOWS\system32\aebwrorc.dll_old"
backup-20080518-211821-527 O20 - Winlogon Notify: wvuvwtt - C:\WINDOWS\SYSTEM32\wvuvwtt.dll
backup-20080518-211821-553 O4 - HKCU\..\RunOnce: [SpybotDeletingB1678] command /c del "C:\WINDOWS\system32\aebwrorc.dll_old"
backup-20080518-211821-580 O4 - HKLM\..\RunOnce: [SpybotDeletingA2124] command /c del "C:\WINDOWS\system32\aebwrorc.dll_old"
backup-20080518-211821-591 O2 - BHO: (no name) - {CDE726B1-CA47-4773-897E-4B741A9517C4} - C:\WINDOWS\system32\ddaba.dll (file missing)
backup-20080518-211821-667 O4 - HKCU\..\RunOnce: [SpybotDeletingD2574] cmd /c del "C:\WINDOWS\system32\ddaba.dll_old"
backup-20080518-211821-671 O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (file missing)
backup-20080518-211821-736 O2 - BHO: (no name) - {20fce64a-79a3-40ba-a986-31fc9df88440} - (no file)
backup-20080518-211821-748 O4 - HKCU\..\RunOnce: [SpybotDeletingB5466] command /c del "C:\WINDOWS\system32\ddaba.dll_old"
backup-20080518-211821-766 O4 - HKLM\..\Run: [BMcf2887b9] Rundll32.exe "C:\WINDOWS\system32\aoomupty.dll",s
backup-20080518-211821-816 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
backup-20080518-211821-934 O4 - HKLM\..\RunOnce: [SpybotDeletingC9963] cmd /c del "C:\WINDOWS\system32\aebwrorc.dll_old"
backup-20080518-211853-206 O2 - BHO: (no name) - {E2F8F7C7-954D-4336-BA99-27BFBEB73DAF} - C:\WINDOWS\SYSTEM32\wvuvwtt.dll
backup-20080518-211853-768 O2 - BHO: (no name) - {CDE726B1-CA47-4773-897E-4B741A9517C4} - C:\WINDOWS\system32\ddaba.dll (file missing)
backup-20080518-212049-483 O2 - BHO: (no name) - {CDE726B1-CA47-4773-897E-4B741A9517C4} - C:\WINDOWS\system32\ddaba.dll (file missing)
backup-20080518-212049-597 O2 - BHO: (no name) - {E2F8F7C7-954D-4336-BA99-27BFBEB73DAF} - C:\WINDOWS\SYSTEM32\wvuvwtt.dll
backup-20080518-225119-154 O2 - BHO: (no name) - {CDE726B1-CA47-4773-897E-4B741A9517C4} - C:\WINDOWS\system32\ddaba.dll (file missing)
backup-20080518-225119-851 O2 - BHO: (no name) - {E2F8F7C7-954D-4336-BA99-27BFBEB73DAF} - C:\WINDOWS\SYSTEM32\wvuvwtt.dll
backup-20080518-225141-408 O2 - BHO: (no name) - {60835ba4-e6b8-4447-b33c-bd976a34a769} - C:\WINDOWS\system32\gebyw.dll (file missing)
backup-20080518-225141-594 O2 - BHO: (no name) - {20fce64a-79a3-40ba-a986-31fc9df88440} - (no file)
backup-20080518-225152-483 O2 - BHO: (no name) - {E2F8F7C7-954D-4336-BA99-27BFBEB73DAF} - C:\WINDOWS\SYSTEM32\wvuvwtt.dll
backup-20080518-225210-852 O2 - BHO: (no name) - {E2F8F7C7-954D-4336-BA99-27BFBEB73DAF} - C:\WINDOWS\SYSTEM32\wvuvwtt.dll
backup-20080518-225220-358 O2 - BHO: (no name) - {E2F8F7C7-954D-4336-BA99-27BFBEB73DAF} - C:\WINDOWS\SYSTEM32\wvuvwtt.dll
backup-20080518-225234-364 O4 - HKLM\..\Run: [BMcf2887b9] Rundll32.exe "C:\WINDOWS\system32\jxoieynj.dll",s
backup-20080518-225240-704 O4 - HKLM\..\Run: [BMcf2887b9] Rundll32.exe "C:\WINDOWS\system32\jxoieynj.dll",s
backup-20080518-225252-902 O4 - HKLM\..\Run: [BMcf2887b9] Rundll32.exe "C:\WINDOWS\system32\jxoieynj.dll",s
backup-20080519-184922-119 O20 - Winlogon Notify: wvuvwtt - C:\WINDOWS\SYSTEM32\wvuvwtt.dll
backup-20080519-184922-247 O2 - BHO: (no name) - {E2F8F7C7-954D-4336-BA99-27BFBEB73DAF} - C:\WINDOWS\SYSTEM32\wvuvwtt.dll
backup-20080519-184922-724 O4 - HKLM\..\Run: [BMcf2887b9] Rundll32.exe "C:\WINDOWS\system32\chpmbjgy.dll",s
backup-20080519-184922-944 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20080519-184923-290 O23 - Service: Bonjour-tjeneste (Bonjour Service) - Unknown owner - C:\Programfiler\Bonjour\mDNSResponder.exe (file missing)
backup-20080519-184923-824 O23 - Service: Apple Mobile Device - Unknown owner - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
backup-20080519-184923-959 O23 - Service: NNServ (nnserv) - Unknown owner - C:\Programfiler\NewDotNet\nnrun.exe (file missing)
backup-20080519-201946-667 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
backup-20080519-201946-750 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20080519-202002-600 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
backup-20080519-202322-223 O20 - Winlogon Notify: wvuvwtt - C:\WINDOWS\SYSTEM32\wvuvwtt.dll
backup-20080519-202322-245 O2 - BHO: (no name) - {E2F8F7C7-954D-4336-BA99-27BFBEB73DAF} - C:\WINDOWS\SYSTEM32\wvuvwtt.dll
backup-20080519-202322-267 O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Programfiler\TightVNC\WinVNC.exe
backup-20080519-202322-314 O23 - Service: NNServ (nnserv) - Unknown owner - C:\Programfiler\NewDotNet\nnrun.exe (file missing)
backup-20080519-202322-350 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080519-202322-528 O2 - BHO: (no name) - {F08D21CA-7EF7-41DD-BE51-736AC79EB8D7} - C:\WINDOWS\system32\ddccb.dll (file missing)
backup-20080519-202322-577 O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
backup-20080519-202322-617 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
backup-20080519-202322-823 O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
backup-20080519-202322-829 O23 - Service: Bonjour-tjeneste (Bonjour Service) - Unknown owner - C:\Programfiler\Bonjour\mDNSResponder.exe (file missing)
backup-20080519-202322-837 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
backup-20080519-204107-895 O2 - BHO: (no name) - {E2F8F7C7-954D-4336-BA99-27BFBEB73DAF} - C:\WINDOWS\SYSTEM32\wvuvwtt.dll

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "J:\Programfiler\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "J:\Programfiler\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.5.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0>
R2 LBeepKE - c:\windows\system32\drivers\lbeepke.sys <Not Verified; Logitech Inc.; Logitech SetPoint>
R3 catchme - c:\docume~1\jarle\lokale~1\temp\catchme.sys (file missing)

S3 Alpham1 (Ideazon ZBoard USB Human Interface Device) - c:\windows\system32\drivers\alpham1.sys <Not Verified; Ideazon Corporation; ZBoard® Keyboard Family>
S3 Alpham2 (Ideazon ZBoard MM USB Human Interface Device) - c:\windows\system32\drivers\alpham2.sys <Not Verified; Ideazon Corporation; ZBoard® Keyboard Family>
S3 fsRamDsk (RamDisk Drive Service) - c:\windows\system32\drivers\fsramdsk.sys <Not Verified; FarStone; FarStone RamDisk>
S3 FXDrv32 - e:\fxdrv32.sys (file missing)
S3 SjyPkt - c:\windows\system32\drivers\sjypkt.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ForcewareWebInterface (Forceware Web Interface) - "c:\programfiler\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>

S2 Bonjour Service (Bonjour-tjeneste) - c:\programfiler\bonjour\mdnsresponder.exe (file missing)
S2 nnserv - "c:\programfiler\newdotnet\nnrun.exe" "c:\programfiler\newdotnet\nncore.dll" servicestart (file missing)
S2 nSvcLog (ForceWare user log service) - c:\programfiler\nvidia corporation\networkaccessmanager\bin\nsvclog.exe (file missing)
S2 winvnc (VNC Server) - "c:\programfiler\tightvnc\winvnc.exe" -service <Not Verified; TightVNC Group; TightVNC Win32 Server>
S3 FLEXnet Licensing Service - "c:\programfiler\fellesfiler\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 Apple Mobile Device - "c:\programfiler\fellesfiler\apple\mobile device support\bin\applemobiledeviceservice.exe" (file missing)
S4 ForceWare Intelligent Application Manager (IAM) - c:\programfiler\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
S4 Nero BackItUp Scheduler 3 - c:\programfiler\nero\nero8\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter
Device ID: USB\VID_0BDA&PID_8187\0015AF2217DB
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter
PNP Device ID: USB\VID_0BDA&PID_8187\0015AF2217DB
Service: RTLWUSB

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&2C129357&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller #2
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&2C129357&0&00
Service: NVENETFD


-- Files created between 2008-04-19 and 2008-05-19 -----------------------------

2008-05-19 21:04:59 0 d-------- C:\Programfiler\Lavasoft
2008-05-19 21:04:23 0 d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard
2008-05-19 21:02:12 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-19 21:02:12 0 d-------- C:\WINDOWS\LastGood
2008-05-19 19:17:45 652010 --ahs---- C:\WINDOWS\system32\bccdd.ini2
2008-05-19 16:50:56 682190 --ahs---- C:\WINDOWS\system32\gfhkj.ini2
2008-05-18 22:11:11 0 d-------- C:\WINDOWS\ERUNT
2008-05-18 21:55:11 0 d-------- C:\Programfiler\SpywareBlaster
2008-05-18 21:46:24 50688 --a------ C:\ATF-Cleaner.exe <Not Verified; Atribune.org; ATF Cleaner>
2008-05-18 21:43:30 0 d-------- C:\VundoFix Backups
2008-05-18 21:43:17 147456 --a------ C:\VundoFix.exe <Not Verified; Atribune.org; VundoFix>
2008-05-18 20:10:02 682200 --ahs---- C:\WINDOWS\system32\abadd.ini2
2008-05-18 01:59:23 0 d--hs---- C:\found.000
2008-05-18 01:46:31 53248 -----n--- C:\WINDOWS\system32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl>
2008-05-18 01:46:31 1285632 -----n--- C:\WINDOWS\system32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio>
2008-05-18 01:46:31 49152 -----n--- C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2008-05-18 01:46:31 45056 -----n--- C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2008-05-17 03:30:20 0 d-------- C:\Programfiler\Realtek AC97
2008-05-17 03:30:17 315392 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2008-05-17 03:05:06 44 --a------ C:\WINDOWS\system32\msssc.dll
2008-05-17 03:05:00 0 d-------- C:\swsetup
2008-05-17 02:43:48 1061 --ahs---- C:\WINDOWS\system32\srutv.ini2
2008-05-17 01:06:46 681733 --ahs---- C:\WINDOWS\system32\nnnmp.ini2
2008-05-17 00:15:32 0 d--hs---- C:\WINDOWS\CSC
2008-05-16 23:59:49 6381 --ahs---- C:\WINDOWS\system32\orutv.ini2
2008-05-16 14:30:36 0 d-------- C:\Programfiler\Trend Micro
2008-05-16 13:41:51 6573 --ahs---- C:\WINDOWS\system32\acbeg.ini2
2008-05-15 07:12:31 675206 --ahs---- C:\WINDOWS\system32\jlnmp.ini2
2008-05-15 07:08:02 8464 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-05-15 07:07:28 39424 -----n--- C:\WINDOWS\system32\wvuvwtt.dll
2008-05-14 21:29:02 0 d-------- C:\temp
2008-05-14 20:40:31 0 d-------- C:\Programfiler\Winamp Remote
2008-05-14 20:39:25 0 d-------- C:\Programfiler\Winamp
2008-05-13 16:38:50 0 d-------- C:\Programfiler\Fellesfiler\Logishrd
2008-05-08 22:00:41 0 d-------- C:\Programfiler\TexasCalculatem
2008-05-07 23:05:14 0 d-------- C:\Programfiler\ZiPhone
2008-05-07 00:08:34 0 d-------- C:\Programfiler\Windows Desktop Search
2008-05-06 00:35:30 0 d-------- C:\Programfiler\GoldWave
2008-05-04 21:04:05 0 d-------- C:\Programfiler\Microsoft Works
2008-05-04 21:03:23 0 d-------- C:\Programfiler\Microsoft.NET
2008-05-04 21:01:54 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-04 21:01:13 0 dr-h----- C:\MSOCache
2008-04-28 18:46:29 3120 --a------ C:\WINDOWS\system32\43f1c37a-c8ee-40c4-ae97-245883ef2153.dll
2008-04-26 03:17:56 0 d-------- C:\Programfiler\America's Army Server Manager
2008-04-26 03:17:29 0 d-------- C:\Programfiler\America's Army
2008-04-26 00:40:18 0 d-------- C:\Programfiler\TightVNC
2008-04-23 01:16:19 1970176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-04-23 01:16:19 679936 --a------ C:\WINDOWS\system32\D3DX81ab.dll <Not Verified; Generated by JEDI; D3DX81>
2008-04-19 02:06:01 0 d-------- C:\Logs


-- Find3M Report ---------------------------------------------------------------

2008-05-19 21:04:23 0 d-------- C:\Programfiler\Fellesfiler
2008-05-19 21:01:19 465560 --a------ C:\WINDOWS\system32\perfh014.dat
2008-05-19 21:01:19 88530 --a------ C:\WINDOWS\system32\perfc014.dat
2008-05-19 17:21:07 0 d-------- C:\Documents and Settings\Jarle\Programdata\AVG7
2008-05-18 03:18:27 0 d-------- C:\Programfiler\Steam
2008-05-18 01:46:31 0 d-------- C:\Programfiler\Analog Devices
2008-05-17 03:30:16 0 d--h----- C:\Programfiler\InstallShield Installation Information
2008-05-17 03:16:13 0 d-------- C:\Documents and Settings\Jarle\Programdata\Adobe
2008-05-17 00:23:30 0 d-------- C:\Programfiler\Bonjour
2008-05-16 14:23:38 0 d-------- C:\Documents and Settings\Jarle\Programdata\Winamp
2008-05-16 14:11:17 0 d-------- C:\Programfiler\Real
2008-05-15 07:08:50 0 d-------- C:\Documents and Settings\Jarle\Programdata\Dealio
2008-05-14 18:15:38 0 d-------- C:\Documents and Settings\Jarle\Programdata\Ahead
2008-05-14 15:44:54 0 d-------- C:\Documents and Settings\Jarle\Programdata\Uniblue
2008-05-14 01:25:00 0 d-------- C:\Programfiler\Google
2008-05-13 16:38:50 0 d-------- C:\Programfiler\Fellesfiler\Logitech
2008-05-13 16:38:43 0 d-------- C:\Documents and Settings\Jarle\Programdata\InstallShield
2008-05-07 09:10:11 0 d-------- C:\Programfiler\Windows Live
2008-05-07 00:08:51 0 d-------- C:\Documents and Settings\Jarle\Programdata\Windows Desktop Search
2008-04-30 17:13:06 0 d-------- C:\Documents and Settings\Jarle\Programdata\LimeWire
2008-04-23 02:38:23 0 d-------- C:\Programfiler\Cheat Engine
2008-04-19 16:39:01 0 d-------- C:\Documents and Settings\Jarle\Programdata\dvdcss
2008-04-17 22:59:04 0 d-------- C:\Documents and Settings\Jarle\Programdata\Flock
2008-04-17 22:59:02 0 d-------- C:\Programfiler\Flock
2008-04-11 21:23:14 0 d-------- C:\Programfiler\Mamut for Altinn
2008-04-10 14:10:49 0 d-------- C:\Documents and Settings\Jarle\Programdata\PC-FAX TX
2008-04-10 00:18:27 50 --a------ C:\WINDOWS\system32\bridf06a.dat
2008-04-10 00:18:10 0 d-------- C:\Programfiler\Brother
2008-04-10 00:18:06 0 d-------- C:\Programfiler\Fellesfiler\InstallShield
2008-04-09 23:04:02 0 dr------- C:\Documents and Settings\Jarle\Programdata\Brother
2008-04-06 00:13:40 1154 --a------ C:\WINDOWS\mozver.dat
2008-04-05 23:59:13 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-03-31 22:27:49 0 d-------- C:\Programfiler\Messenger Plus! Live
2008-03-25 23:13:41 0 d-------- C:\Programfiler\Fellesfiler\Control Panels
2008-03-25 23:13:31 0 d-------- C:\Programfiler\Fellesfiler\Adobe
2008-03-25 22:52:03 0 d-------- C:\Programfiler\Fellesfiler\Macrovision Shared
2008-03-22 16:10:24 0 d-------- C:\Documents and Settings\Jarle\Programdata\Google
2008-03-20 14:25:36 0 d-------- C:\Programfiler\Java
2008-03-12 19:12:25 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2F8F7C7-954D-4336-BA99-27BFBEB73DAF}]
18.05.2008 21:22 39424 --------- C:\WINDOWS\SYSTEM32\wvuvwtt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [17.04.2008 22:57]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [23.01.2007 16:44 C:\WINDOWS\KHALMNPR.Exe]
"BrMfcWnd"="C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe" [28.06.2006 07:46]
"ControlCenter3"="C:\Programfiler\Brother\ControlCenter3\brctrcen.exe" [29.06.2006 12:18]
"SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [26.09.2006 23:29]
"SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [13.07.2006 08:12]
"SpybotSnD"="C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe" [28.01.2008 12:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [17.11.2007 13:53]
"SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [28.01.2008 12:43]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Nero\Lib\NMBgMonitor.exe" [03.08.2007 13:51]
"ccleaner"="C:\Programfiler\CCleaner\ccleaner.exe" [13.07.2007 11:10]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 14:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Spybot - Search & Destroy"="C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
"SpybotDeletingA5041"=command /c del "C:\WINDOWS\system32\ddaba.dll_old"
"SpybotDeletingC8032"=cmd /c del "C:\WINDOWS\system32\ddaba.dll_old"
"SpybotDeletingA9810"=command /c del "C:\WINDOWS\system32\ddccb.dll_old"
"SpybotDeletingC2728"=cmd /c del "C:\WINDOWS\system32\ddccb.dll_old"
"SpybotDeletingA2863"=command /c del "C:\WINDOWS\system32\jkhfg.dll_old"
"SpybotDeletingC7146"=cmd /c del "C:\WINDOWS\system32\jkhfg.dll_old"
"SpybotDeletingA9275"=command /c del "C:\WINDOWS\system32\ymyjqcfp.dll_old"
"SpybotDeletingC6947"=cmd /c del "C:\WINDOWS\system32\ymyjqcfp.dll_old"

C:\Documents and Settings\Jarle\Start-meny\Programmer\Oppstart\
OneNote 2007 Screen Clipper og Launcher.lnk - C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE [26.10.2006 20:24:54]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [31.01.2008 16:43:52]
PC-s›k i Windows.lnk - C:\Programfiler\Windows Desktop Search\WindowsSearch.exe [05.02.2007 15:40:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll [05.02.2007 15:39 294400]
"{E2F8F7C7-954D-4336-BA99-27BFBEB73DAF}"= C:\WINDOWS\SYSTEM32\wvuvwtt.dll [18.05.2008 21:22 39424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvwtt]
wvuvwtt.dll 18.05.2008 21:22 39424 C:\WINDOWS\system32\wvuvwtt.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddccb

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cjp42.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" /background
"Steam"="c:\programfiler\steam\steam.exe" -silent
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"Orb"="C:\Programfiler\Winamp Remote\bin\OrbTray.exe" /background
"Systray"=rundll32.exe sockins32.dll,RunMain

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NBKeyScan"="C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot
"New.net Startup"=rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\Setup\Mamut.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c4081fe-9132-11dc-972f-001bfcbd7b9a}]
AutoRun\command- K:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d95734e9-8bc0-11dc-a62c-806d6172696f}]
AutoRun\command- D:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d95734ea-8bc0-11dc-a62c-806d6172696f}]
AutoRun\command- E:\.\Bin\Assetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e41970b6-8bc1-11dc-970e-806d6172696f}]
AutoRun\command- E:\Setup\Mamut.exe

*Newly Created Service* - AAWSERVICE



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8382 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-19 21:08:03 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Norwegian

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 6000+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 6000+
Percentage of Memory in Use: 28%
Physical Memory (total/avail): 3582.41 MiB / 2577.99 MiB
Pagefile Memory (total/avail): 5464.03 MiB / 4569.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.27 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 232.88 GiB total, 140.81 GiB free.
D: is CDROM (UDF)
E: is CDROM (CDFS)
F: is Fixed (NTFS) - 28.93 GiB total, 3.7 GiB free.
G: is Fixed (NTFS) - 8.34 GiB total, 0.73 GiB free.
H: is Fixed (NTFS) - 111.79 GiB total, 24.94 GiB free.
I: is Fixed (NTFS) - 37.31 GiB total, 36.03 GiB free.
J: is Fixed (NTFS) - 232.88 GiB total, 82.27 GiB free.
K: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD5000AAKS-22TMA0 - 465.76 GiB - 2 partitions
\PARTITION0 (bootable) - Installerbart filsystem - 232.88 GiB - C:
\PARTITION1 - Installerbart filsystem - 232.88 GiB - J:

\\.\PHYSICALDRIVE1 - SAMSUNG SP0411N SCSI Disk Device - 37.31 GiB - 1 partition
\PARTITION0 - Behandling av logiske disker - 37.31 GiB - I:

\\.\PHYSICALDRIVE2 - ST312002 2A SCSI Disk Device - 111.79 GiB - 1 partition
\PARTITION0 - Behandling av logiske disker - 111.79 GiB - H:

\\.\PHYSICALDRIVE3 - WDC WD40 0BB-00DEA0 SCSI Disk Device - 37.27 GiB - 2 partitions
\PARTITION0 (bootable) - Installerbart filsystem - 28.93 GiB - F:
\PARTITION1 - Installerbart filsystem - 8.34 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"="C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programfiler\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Programfiler\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"="C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"="C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"="C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Programfiler\\Electronic Arts\\Battlefield 2142\\BF2142.exe"="C:\\Programfiler\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2"
"C:\\Programfiler\\Steam\\steamapps\\common\\lost planet extreme condition\\LostPlanetDX9.exe"="C:\\Programfiler\\Steam\\steamapps\\common\\lost planet extreme condition\\LostPlanetDX9.exe:*:Enabled:LostPlanetDX9"
"E:\\Windows\\IPConfigurator.exe"="E:\\Windows\\IPConfigurator.exe:*:Enabled:IPConfigurator"
"C:\\Documents and Settings\\Jarle\\Skrivebord\\IPConfigurator.exe"="C:\\Documents and Settings\\Jarle\\Skrivebord\\IPConfigurator.exe:*:Enabled:IPConfigurator"
"C:\\Programfiler\\Steam\\steamapps\\jarleosthus\\counter-strike source\\hl2.exe"="C:\\Programfiler\\Steam\\steamapps\\jarleosthus\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Programfiler\\BitLord\\BitLord.exe"="C:\\Programfiler\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Kjør en DLL som et program"
"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"="C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"H:\\World of Warcraft\\BackgroundDownloader.exe"="H:\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Programfiler\\LimeWire\\LimeWire.exe"="C:\\Programfiler\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programfiler\\Internet Explorer\\iexplore.exe"="C:\\Programfiler\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Programfiler\\Starcraft\\StarCraft.exe"="C:\\Programfiler\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Programfiler\\Nero\\Nero8\\Nero Home\\NeroHome.exe"="C:\\Programfiler\\Nero\\Nero8\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\Programfiler\\THQ\\Titan Quest Immortal Throne\\Tqit.exe"="C:\\Programfiler\\THQ\\Titan Quest Immortal Throne\\Tqit.exe:*:Enabled:Tqit"
"C:\\Programfiler\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Programfiler\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Programfiler\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"="C:\\Programfiler\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
"C:\\Programfiler\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"="C:\\Programfiler\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
"C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Programfiler\\Steam\\steamapps\\jarleosthus\\team fortress 2\\hl2.exe"="C:\\Programfiler\\Steam\\steamapps\\jarleosthus\\team fortress 2\\hl2.exe:*:Enabled:hl2"
"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"="C:\\Programfiler\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Programfiler\\iTunes\\iTunes.exe"="C:\\Programfiler\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programfiler\\Fellesfiler\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"="C:\\Programfiler\\Fellesfiler\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"J:\\Programfiler\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"="J:\\Programfiler\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3"
"C:\\Programfiler\\Steam\\steamapps\\common\\alien shooter vengeance\\AlienShooter.exe"="C:\\Programfiler\\Steam\\steamapps\\common\\alien shooter vengeance\\AlienShooter.exe:*:Enabled:AlienShooter Application"
"C:\\Programfiler\\Steam\\steamapps\\jarleosthus\\space empires iv deluxe\\se4\\Se4.exe"="C:\\Programfiler\\Steam\\steamapps\\jarleosthus\\space empires iv deluxe\\se4\\Se4.exe:*:Enabled:Space Empires IV"
"C:\\Programfiler\\TightVNC\\WinVNC.exe"="C:\\Programfiler\\TightVNC\\WinVNC.exe:*:Enabled:TightVNC Win32 Server"
"C:\\Programfiler\\America's Army\\System\\ArmyOps.exe"="C:\\Programfiler\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\\Documents and Settings\\Jarle\\Lokale innstillinger\\Temp\\Rar$EX00.672\\IPConfigurator.exe"="C:\\Documents and Settings\\Jarle\\Lokale innstillinger\\Temp\\Rar$EX00.672\\IPConfigurator.exe:*:Enabled:2.0.3.0"
"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Programfiler\\Winamp Remote\\bin\\Orb.exe"="C:\\Programfiler\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Programfiler\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Programfiler\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Programfiler\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Programfiler\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jarle\Programdata
CLASSPATH=.;C:\Programfiler\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Programfiler\Fellesfiler
COMPUTERNAME=HOVED-PC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jarle
LOGONSERVER=\\HOVED-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Programfiler\Flock\flock;C:\Programfiler\Flock\flock;C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\WINDOWS\SYSTEM32;C:\Programfiler\QuickTime\QTSystem\;C:\Programfiler\Fellesfiler\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4303
ProgramFiles=C:\Programfiler
PROMPT=$P$G
QTJAVA=C:\Programfiler\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
starttime=1211221640
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jarle\LOKALE~1\Temp
TMP=C:\DOCUME~1\Jarle\LOKALE~1\Temp
USERDOMAIN=HOVED-PC
USERNAME=Jarle
USERPROFILE=C:\Documents and Settings\Jarle
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Jarle (admin)
(admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Programfiler\Fellesfiler\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Programfiler\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Add or Remove Adobe Creative Suite 3 Master Collection --> C:\Programfiler\Fellesfiler\Adobe\Installers\4dcfd9b7e901b57f81f667144603236\Setup.exe
Adobe After Effects CS3 --> MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe After Effects CS3 Presets --> MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Contribute CS3 --> MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Creative Suite 3 Master Collection --> MsiExec.exe /I{8718DC03-D066-4957-94E5-50C3C5042E8E}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3 --> MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe Encore CS3 Codecs --> MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3 --> MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 --> MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 --> MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content --> MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Reader 8.1.2 - Norsk --> MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{4458C442-7376-4CF9-AF58-E8CEA6722363}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3 --> MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Soundbooth CS3 Codecs --> MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server --> MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Alien Shooter: Vengeance --> "C:\Programfiler\Steam\steam.exe" steam://uninstall/6290
America's Army --> MsiExec.exe /I{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASUS WiFi-AP Solo --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{8B3F4499-32E6-470D-8586-E6C03420F889}\Setup.exe" -l0x9 REMOVE
AVG 7.5 --> C:\Programfiler\Grisoft\AVG7\setup.exe /UNINSTALL
Battlefield 2™ --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Battlefield 2: Special Forces --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x9 -removeonly
Battlefield 2142 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
BitLord 1.1 --> C:\Programfiler\BitLord\uninst.exe
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}\Setup.exe" -l0x14 Brunin03.dll -removeonly
CCleaner (remove only) --> "C:\Programfiler\CCleaner\uninst.exe"
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Cheat Engine 5.4 --> "C:\Programfiler\Cheat Engine\unins000.exe"
Counter-Strike: Source --> "C:\Programfiler\Steam\steam.exe" steam://uninstall/240
Creative Jukebox Driver --> C:\PROGRA~1\Creative\JUKEBO~1\UNWISE.EXE C:\PROGRA~1\Creative\JUKEBO~1\JBDRV.LOG
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DivX Content Uploader --> C:\Programfiler\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Programfiler\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Programfiler\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drivrutiner for Logitech® Camera --> C:\Programfiler\Fellesfiler\Logitech\QCDRV\BIN\SETUP.EXE UNINSTALL REMOVEPROMPT
Ducati World Championship --> "C:\Programfiler\Steam\steam.exe" steam://uninstall/6270
FlatOut2 --> "C:\Programfiler\Steam\steam.exe" steam://uninstall/2990
Fleet Command --> "C:\Programfiler\Steam\steam.exe" steam://uninstall/2910
Flock 1.1 --> C:\Programfiler\Flock\uninst.exe
GoldWave v5.24 --> "C:\Programfiler\GoldWave\unstall.exe" "GoldWave v5.24" "C:\Programfiler\GoldWave\unstall.log"
Grand Theft Auto --> "C:\Programfiler\Steam\steam.exe" steam://uninstall/12170
Grand Theft Auto 2 --> "C:\Programfiler\Steam\steam.exe" steam://uninstall/12180
Grand Theft Auto 3 --> "C:\Programfiler\Steam\steam.exe" steam://uninstall/12100
Grand Theft Auto: San Andreas --> "C:\Programfiler\Steam\steam.exe" steam://uninstall/12120
Grand Theft Auto: Vice City --> "C:\Programfiler\Steam\steam.exe" steam://uninstall/12110
Guitar Pro 5.0 --> "C:\Programfiler\Guitar Pro 5\unins000.exe"
Half-Life 2 --> "C:\Programfiler\Steam\steam.exe" steam://uninstall/220
Half-Life 2: Deathmatch --> "C:\Programfiler\Steam\steam.exe" steam://uninstall/320
Half-Life 2: Lost Coast --> "C:\Programfiler\Steam\steam.exe" steam://uninstall/340
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Japanese Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.5.3 Full --> "C:\Programfiler\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LimeWire 4.16.6 --> "C:\Programfiler\LimeWire\uninstall.exe"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x14 UNINSTALL
Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Logitech SetPoint --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x14 -removeonly
Lost Planet: Extreme Condition --> "C:\Programfiler\Steam\steam.exe" steam://uninstall/6510
Mamut daTax Software --> F:\MYSHAR~1\mamut\faktura\faktura\UNWISE.EXE F:\MYSHAR~1\mamut\faktura\faktura\INSTALL.LOG
Mamut for Altinn --> C:\PROGRA~1\MAMUTF~1\UNWISE.EXE C:\PROGRA~1\MAMUTF~1\INSTALL.LOG
Messenger Plus! Live --> "C:\Programfiler\Messenger Plus! Live\Uninstall.exe"
Microsoft Base Smart Card Cryptographic Service Provider-pakke --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-0016-0414-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Programfiler\Fellesfiler\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-00A1-0414-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-0018-0414-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-001F-0414-0000-0000000FF1CE}
Microsoft Office Proof (Norwegian (Nynorsk)) 2007 --> MsiExec.exe /X{90120000-001F-0814-0000-0000000FF1CE}
Microsoft Office Proofing (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-002C-0414-0000-0000000FF1CE}
Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-006E-0414-0000-0000000FF1CE}
Microsoft Office Word MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-001B-0414-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 8 --> MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1044}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\FELLES~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
Oppdatering for Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB920342) --> "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB925720) --> "C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB925876) --> "C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
PC-søk i Windows 3.01 --> MsiExec.exe /X {E72019B8-1287-4093-BE9B-1CFA7BA1A8D2}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Påloggingsassistent for Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Portal --> "C:\Programfiler\Steam\steam.exe" steam://uninstall/400
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Programfiler\Fellesfiler\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x14 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Sid Meier's Civilization 4 - Warlords --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe" -l0x9 -removeonly
Sikkerhetsoppdatering for Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sikkerhetsoppdatering for Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
SoundMAX --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x14 -removeonly
Spybot - Search & Destroy --> "C:\Programfiler\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.0 --> "C:\Programfiler\SpywareBlaster\unins000.exe"
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Team Fortress 2 --> "C:\Programfiler\Steam\steam.exe" steam://uninstall/440
Team Fortress 2 Dedicated Server --> "C:\Programfiler\Steam\steam.exe" steam://uninstall/310
Texas Calculatem 4 with "AutoRead" --> C:\Programfiler\TexasCalculatem\unins000.exe
The Witcher --> "C:\Programfiler\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0009 -removeonly
Titan Quest --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}\setup.exe" -l0x9 -removeonly
Titan Quest Immortal Throne --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}\setup.exe" -l0x9 -removeonly
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Vegas - Make It Big --> "C:\Programfiler\Steam\steam.exe" steam://uninstall/6210
VideoLAN VLC media player 0.8.6d --> C:\Programfiler\VideoLAN\VLC\uninstall.exe
Winamp --> "C:\Programfiler\Winamp\UninstWA.exe"
Winamp Remote --> "C:\Programfiler\Winamp Remote\uninstall.exe"
Windows-driverpakke - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_D3C90AD2E570A830E14C111F701867D1D174983F\amdk8.inf
Windows Desktop Search 3.01 --> MsiExec.exe /X{E72019B8-1287-4093-BE9B-1CFA7BA1A8D2}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Fotogalleri --> MsiExec.exe /X{F8A982AA-8114-4293-BE8E-0DC07D96134E}
Windows Live installer --> MsiExec.exe /X{4218D9DC-282B-4596-BEA5-F20560C14400}
Windows Live Mail --> MsiExec.exe /I{29CB1674-DE1D-4D39-A871-FA0194FC58E9}
Windows Live Messenger --> MsiExec.exe /X{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6}
Windows Live Writer --> MsiExec.exe /X{B2F5D5EC-C3DD-4A8B-8E9B-C4426FCF19E6}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Presentation Foundation Language Pack (NOR) --> MsiExec.exe /X{B0534960-A7E2-4FFD-8E27-51B4B188633F}
Windows Workflow Foundation NO Language Pack --> MsiExec.exe /I{42F46A4E-1662-473F-A210-C5BB3BD385CC}
Windows XP hurtigreparasjon - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP hurtigreparasjon - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver --> C:\Programfiler\WinRAR\uninstall.exe
WinZip Self-Extractor --> "C:\Programfiler\WinZip Self-Extractor\setup.exe" /uninstall
XML Paper Specification Shared Components Language Pack 1.0 --> "C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type99 / Error
Event Submitted/Written: 05/19/2008 04:43:33 PM
Event ID/Source: 1001 / Application Error
Event Description:
Feil i minneområdet 242028640.
Wep-nøkkelutveksling gav ikke en sikker tilkoblingsinstallasjon etter 802.1x-godkjenning. Den gjeldende innstillingen er merket som mislykket, og den trådløse tilkoblingen vil frakobles.

Event Record #/Type98 / Error
Event Submitted/Written: 05/19/2008 04:43:28 PM
Event ID/Source: 1001 / Application Error
Event Description:
Feil i minneområdet 00935893.
Wep-nøkkelutveksling gav ikke en sikker tilkoblingsinstallasjon etter 802.1x-godkjenning. Den gjeldende innstillingen er merket som mislykket, og den trådløse tilkoblingen vil frakobles.

Event Record #/Type97 / Error
Event Submitted/Written: 05/19/2008 04:43:16 PM
Event ID/Source: 1000 / Application Error
Event Description:
Feilende program drwtsn32.exe, versjon 5.1.2600.0, feilende modul dbghelp.dll, versjon 5.1.2600.2180, feiladresse 0x0001295d.
Behandler mediaspesifikk hendelse for [drwtsn32.exe!ws!]

Event Record #/Type96 / Error
Event Submitted/Written: 05/19/2008 04:43:11 PM
Event ID/Source: 1000 / Application Error
Event Description:
Feilende program rundll32.exe, versjon 5.1.2600.2180, feilende modul jxoieynj.dll, versjon 0.0.0.0, feiladresse 0x00001ca6.
Behandler mediaspesifikk hendelse for [rundll32.exe!ws!]

Event Record #/Type88 / Error
Event Submitted/Written: 05/18/2008 10:25:46 PM
Event ID/Source: 100 / AVG7
Event Description:
2008-05-18 20:25:46,312 HOVED-PC [001688:001708] ERROR 000 AVG7.WTS.CAvgAmWts ProcessIdToSessionId(4076) call failed with WIN32 error 87, returning session id is 0



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type31053 / Warning
Event Submitted/Written: 05/18/2008 05:34:43 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP har nådd sikkerhetsbegrensningen for antall samtidige TCP-tilkoblingsforsøk.

Event Record #/Type31048 / Error
Event Submitted/Written: 05/18/2008 05:34:39 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Følgende oppstarts- eller systemstartsdriver(e) kan ikke lastes inn:
FsUdf

Event Record #/Type31045 / Error
Event Submitted/Written: 05/18/2008 05:34:21 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Tjenesten Bonjour-tjeneste kan ikke startes på grunn av følgende feil:
%%2

Event Record #/Type31031 / Warning
Event Submitted/Written: 05/18/2008 05:26:39 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP har nådd sikkerhetsbegrensningen for antall samtidige TCP-tilkoblingsforsøk.

Event Record #/Type31028 / Error
Event Submitted/Written: 05/18/2008 05:26:38 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Følgende oppstarts- eller systemstartsdriver(e) kan ikke lastes inn:
FsUdf



-- End of Deckard's System Scanner: finished at 2008-05-19 21:08:03 ------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 19, 2008 9:37:16 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/05/2008
Kaspersky Anti-Virus database records: 785800
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\Jarle\LOKALE~1\Temp\

Scan Statistics:
Total number of scanned objects: 17689
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 00:16:56

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wvuvwtt.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\Temp\Perflib_Perfdata_46dc.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\DOCUME~1\Jarle\LOKALE~1\Temp\eabododg.dll Object is locked skipped
C:\DOCUME~1\Jarle\LOKALE~1\Temp\gcvmsqkd.dll Object is locked skipped
C:\DOCUME~1\Jarle\LOKALE~1\Temp\ibivssdt.exe Object is locked skipped

Scan process completed.

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:01 PM

Posted 21 May 2008 - 05:05 AM

Hello Itsemeandy and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you .

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 itsmeandy

itsmeandy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:norway
  • Local time:01:01 PM

Posted 21 May 2008 - 01:24 PM

Thank you for the welcome and for your reply!
I did as you said

i got a prompt after reboot saying:
RUNDLL(at the top of it)
Feil ved innlasting av C:\WINDOWS\system32\nyxuqpku.dll (translated: error loading C:\WIN...)

Den angitte modulen ble ikke funnet. (Translated:The module was not found)

I also have a question

my sound was weird after i tried removing the malware myself with every program i had (AVG Free, SpyBot, HijackThis, Vundofix and SDfix)

it sounded like the volume was turned up and down.

i ran SDfix a second time and reinstalled the sounddriver.. now the sound is ok untill the bass(I think) comes inn and there are a series of spark-like sounding noises. Do you know the solution to this and is it related to the spyware?

Also when xp startsup the welcoming melodie is bleeped... but the shutdown melodie is ok PS: i turned of these and they went on again after SDfix.

Now the logs:

ComboFix 08-05-20.5 - Jarle 2008-05-21 19:48:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.2961 [GMT 2:00]
Running from: C:\Documents and Settings\Jarle\Skrivebord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jarle\Skrivebord\WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMcf2887b9.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\abadd.ini
C:\WINDOWS\system32\abadd.ini2
C:\WINDOWS\system32\acbeg.ini
C:\WINDOWS\system32\acbeg.ini2
C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\bccdd.ini2
C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gfhkj.ini2
C:\WINDOWS\system32\hclpvyhi.ini
C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\jlnmp.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\nnnmp.ini2
C:\WINDOWS\system32\orqss.ini
C:\WINDOWS\system32\orutv.ini
C:\WINDOWS\system32\orutv.ini2
C:\WINDOWS\system32\srutv.ini
C:\WINDOWS\system32\srutv.ini2
C:\WINDOWS\system32\wvuvwtt.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_nnserv
-------\Service_nnserv


((((((((((((((((((((((((( Files Created from 2008-04-21 to 2008-05-21 )))))))))))))))))))))))))))))))
.

2008-05-21 19:54 . 2008-05-21 19:54 <DIR> dr-h----- C:\Documents and Settings\Jarle\Siste
2008-05-21 19:15 . 2008-05-21 19:15 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware
2008-05-21 19:15 . 2008-05-21 19:15 <DIR> d-------- C:\Documents and Settings\Jarle\Programdata\Malwarebytes
2008-05-21 19:15 . 2008-05-21 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes
2008-05-21 19:15 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-21 19:15 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-20 23:26 . 2008-05-20 23:26 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-20 23:08 . 2008-05-20 23:08 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware
2008-05-20 23:08 . 2008-05-20 23:08 <DIR> d-------- C:\Documents and Settings\Jarle\Programdata\SUPERAntiSpyware.com
2008-05-20 23:08 . 2008-05-20 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com
2008-05-20 23:02 . 2008-05-20 23:02 2,624 --a------ C:\WINDOWS\system32\hocyfsur.exe
2008-05-20 22:51 . 2008-05-20 22:51 2,624 --a------ C:\WINDOWS\system32\iujtjlch.exe
2008-05-20 22:48 . 2008-05-20 22:59 <DIR> d-------- C:\Programfiler\SpywareGuard
2008-05-20 16:17 . 2008-05-20 17:30 <DIR> d-------- C:\Programfiler\a-squared Free
2008-05-20 15:26 . 2008-05-21 19:22 <DIR> dr-h----- C:\$VAULT$.AVG
2008-05-19 23:57 . 2008-05-19 23:57 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-19 23:18 . 2008-05-19 23:18 <DIR> d-------- C:\Programfiler\WMI Tools
2008-05-19 22:45 . 2008-05-19 22:45 2,624 --a------ C:\WINDOWS\system32\yeyraiqc.exe
2008-05-19 21:05 . 2008-05-19 21:05 <DIR> d-------- C:\Deckard
2008-05-19 21:04 . 2008-05-19 21:04 <DIR> d-------- C:\Programfiler\Lavasoft
2008-05-19 21:04 . 2008-05-20 23:08 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard
2008-05-19 21:04 . 2008-05-19 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft
2008-05-19 21:04 . 2008-05-19 21:04 686,630 --a------ C:\dss.exe
2008-05-19 21:02 . 2008-05-19 21:02 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-19 21:02 . 2008-05-19 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Kaspersky Lab
2008-05-18 22:11 . 2008-05-18 22:11 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-18 21:55 . 2008-05-19 20:37 <DIR> d-------- C:\Programfiler\SpywareBlaster
2008-05-18 21:55 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-05-18 21:46 . 2008-05-18 21:46 50,688 --a------ C:\ATF-Cleaner.exe
2008-05-18 21:45 . 2008-05-19 19:52 <DIR> d-------- C:\SDFix
2008-05-18 21:43 . 2008-05-20 22:52 <DIR> d-------- C:\VundoFix Backups
2008-05-18 21:43 . 2008-05-18 21:43 147,456 --a------ C:\VundoFix.exe
2008-05-18 20:33 . 2008-05-19 23:04 <DIR> dr------- C:\Documents and Settings\Administrator\Siste
2008-05-18 01:59 . 2008-05-18 01:59 <DIR> d--hs---- C:\found.000
2008-05-18 01:46 . 2001-09-11 15:20 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll
2008-05-18 01:46 . 2006-09-08 18:08 247,296 -ra------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
2008-05-18 01:46 . 2006-09-01 22:44 139,776 -ra------ C:\WINDOWS\system32\drivers\adidts.sys
2008-05-18 01:46 . 2006-08-30 05:21 94,080 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys
2008-05-18 01:46 . 2005-05-04 09:20 53,248 --------- C:\WINDOWS\system32\wdmioctl.dll
2008-05-18 01:46 . 2006-07-10 15:42 49,152 --------- C:\WINDOWS\system32\DSndUp.exe
2008-05-18 01:46 . 2002-04-17 15:05 45,056 --------- C:\WINDOWS\system32\CleanUp.exe
2008-05-18 01:08 . 2008-05-18 22:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SecTaskMan
2008-05-17 03:05 . 2008-05-17 03:05 <DIR> d-------- C:\swsetup
2008-05-17 03:05 . 2008-05-17 03:05 44 --a------ C:\WINDOWS\system32\msssc.dll
2008-05-17 02:52 . 2008-05-18 00:48 294 ---hs---- C:\WINDOWS\system32\xvkiadnd.ini
2008-05-16 23:49 . 2007-11-05 19:11 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny
2008-05-16 23:49 . 2007-11-05 19:11 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivere
2008-05-16 23:49 . 2008-05-19 23:03 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord
2008-05-16 23:49 . 2008-05-17 00:26 <DIR> dr------- C:\Documents and Settings\Administrator\Programdata
2008-05-16 23:49 . 2008-05-18 21:30 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter
2008-05-16 23:49 . 2007-11-05 18:50 <DIR> d-------- C:\Documents and Settings\Administrator\Maler
2008-05-16 23:49 . 2007-11-05 19:11 <DIR> d-------- C:\Documents and Settings\Administrator\Lokale innstillinger
2008-05-16 23:49 . 2007-11-05 19:11 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter
2008-05-16 23:49 . 2008-05-19 23:03 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-16 14:30 . 2008-05-16 14:30 <DIR> d-------- C:\Programfiler\Trend Micro
2008-05-15 07:08 . 2008-05-15 07:08 <DIR> d-------- C:\Documents and Settings\Jarle\Programdata\Dealio
2008-05-15 07:08 . 2008-05-15 07:08 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2008-05-14 21:29 . 2008-05-14 21:29 <DIR> d-------- C:\temp\SoftAmpVS
2008-05-14 21:29 . 2008-05-18 22:25 <DIR> d-------- C:\temp
2008-05-14 20:40 . 2008-05-14 20:50 <DIR> d-------- C:\Programfiler\Winamp Remote
2008-05-14 20:40 . 2008-05-14 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\OrbNetworks
2008-05-14 20:39 . 2008-05-14 21:29 <DIR> d-------- C:\Programfiler\Winamp
2008-05-14 20:39 . 2008-05-16 14:23 <DIR> d-------- C:\Documents and Settings\Jarle\Programdata\Winamp
2008-05-14 18:15 . 2008-05-14 18:15 <DIR> d-------- C:\Documents and Settings\Jarle\Programdata\Ahead
2008-05-14 15:44 . 2008-05-14 15:44 <DIR> d-------- C:\Documents and Settings\Jarle\Programdata\Uniblue
2008-05-13 16:38 . 2008-05-13 16:38 <DIR> d-------- C:\Programfiler\Fellesfiler\Logishrd
2008-05-13 16:38 . 2008-05-13 16:38 <DIR> d-------- C:\Documents and Settings\Jarle\Programdata\InstallShield
2008-05-13 16:36 . 2008-05-13 16:36 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\Flock
2008-05-13 16:36 . 2008-05-13 16:36 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritter
2008-05-08 22:00 . 2008-05-08 22:00 <DIR> d-------- C:\Programfiler\TexasCalculatem
2008-05-07 23:05 . 2008-05-07 23:05 <DIR> d-------- C:\Programfiler\ZiPhone
2008-05-07 19:47 . 2008-05-07 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Office Genuine Advantage
2008-05-07 00:08 . 2008-05-07 00:08 <DIR> d-------- C:\Programfiler\Windows Desktop Search
2008-05-07 00:08 . 2008-05-07 00:08 <DIR> d-------- C:\Documents and Settings\Jarle\Programdata\Windows Desktop Search
2008-05-06 00:35 . 2008-05-06 00:35 <DIR> d-------- C:\Programfiler\GoldWave
2008-05-04 21:04 . 2008-05-04 21:04 <DIR> d-------- C:\Programfiler\Microsoft Works
2008-05-04 21:04 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-05-04 21:03 . 2008-05-04 21:03 <DIR> d-------- C:\Programfiler\Microsoft.NET
2008-05-04 21:01 . 2008-05-04 21:02 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-04 21:01 . 2008-05-04 21:01 <DIR> dr------- C:\MSOCache
2008-05-04 21:01 . 2008-05-14 03:13 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Microsoft Help
2008-04-28 18:46 . 2008-04-28 18:46 3,120 --a------ C:\WINDOWS\system32\43f1c37a-c8ee-40c4-ae97-245883ef2153.dll
2008-04-28 18:46 . 2008-04-28 18:46 3,120 --a------ C:\WINDOWS\01a5b801-10aa-4023-998d-a31986c9a740.ocx
2008-04-26 03:17 . 2008-04-26 03:17 <DIR> d-------- C:\Programfiler\America's Army Server Manager
2008-04-26 03:17 . 2008-04-26 03:36 <DIR> d-------- C:\Programfiler\America's Army
2008-04-26 00:40 . 2008-05-18 17:46 <DIR> d-------- C:\Programfiler\TightVNC
2008-04-23 01:16 . 2007-12-26 17:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-04-23 01:16 . 2007-12-26 17:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 17:25 --------- d-----w C:\Documents and Settings\Jarle\Programdata\AVG7
2008-05-20 17:07 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP
2008-05-20 15:42 --------- d-----w C:\Programfiler\Cheat Engine
2008-05-19 22:05 --------- d--h--w C:\Programfiler\InstallShield Installation Information
2008-05-19 18:24 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2008-05-18 01:18 --------- d-----w C:\Programfiler\Steam
2008-05-17 23:46 --------- d-----w C:\Programfiler\Analog Devices
2008-05-17 01:16 --------- d-----w C:\Documents and Settings\All Users\Programdata\FLEXnet
2008-05-16 22:23 --------- d-----w C:\Programfiler\Bonjour
2008-05-16 12:11 --------- d-----w C:\Programfiler\Real
2008-05-13 23:25 --------- d-----w C:\Programfiler\Google
2008-05-13 14:38 --------- d-----w C:\Programfiler\Fellesfiler\Logitech
2008-05-07 07:10 --------- d-----w C:\Programfiler\Windows Live
2008-05-06 22:34 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller
2008-05-01 10:45 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-01 10:45 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-30 15:13 --------- d-----w C:\Documents and Settings\Jarle\Programdata\LimeWire
2008-04-19 14:39 --------- d-----w C:\Documents and Settings\Jarle\Programdata\dvdcss
2008-04-17 20:59 --------- d-----w C:\Programfiler\Flock
2008-04-17 20:59 --------- d-----w C:\Documents and Settings\Jarle\Programdata\Flock
2008-04-11 19:23 --------- d-----w C:\Programfiler\Mamut for Altinn
2008-04-10 12:10 --------- d-----w C:\Documents and Settings\Jarle\Programdata\PC-FAX TX
2008-04-09 22:18 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield
2008-04-09 22:18 --------- d-----w C:\Programfiler\Brother
2008-04-09 22:17 --------- d-----w C:\Documents and Settings\All Users\Programdata\Brother
2008-04-09 21:04 --------- d-----r C:\Documents and Settings\Jarle\Programdata\Brother
2008-04-02 19:42 --------- d-----w C:\Documents and Settings\All Users\Programdata\Muzzy Lane Software
2008-03-31 20:27 --------- d-----w C:\Programfiler\Messenger Plus! Live
2008-03-25 21:13 --------- d-----w C:\Programfiler\Fellesfiler\Control Panels
2008-03-25 21:13 --------- d-----w C:\Programfiler\Fellesfiler\Adobe
2008-03-25 21:12 --------- d-----w C:\Documents and Settings\All Users\Programdata\ALM
2008-03-25 20:52 --------- d-----w C:\Programfiler\Fellesfiler\Macrovision Shared
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-24 00:57 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy
2008-03-24 00:37 --------- d-----w C:\Programfiler\Spybot - Search & Destroy
2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 17:12 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D594BDAA-9D2F-4AD6-8FC8-B714277F2685}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2F8F7C7-954D-4336-BA99-27BFBEB73DAF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC031C37-BBEB-4837-AC59-A7C561590EC7}]
C:\WINDOWS\system32\awvvv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2007-11-17 13:53 171464]
"SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Nero\Lib\NMBgMonitor.exe" [2007-08-03 13:51 202024]
"ccleaner"="C:\Programfiler\CCleaner\ccleaner.exe" [2007-07-13 11:10 598656]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-17 22:57 579584]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 16:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"BrMfcWnd"="C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 07:46 622592]
"ControlCenter3"="C:\Programfiler\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 12:18 77824]
"SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2006-09-26 23:29 872448]
"BMcf2887b9"="C:\WINDOWS\system32\nyxuqpku.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-05 20:16 219136]

C:\Documents and Settings\Jarle\Start-meny\Programmer\Oppstart\
OneNote 2007 Screen Clipper og Launcher.lnk - C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
SpywareGuard.lnk - C:\Programfiler\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-31 16:43:52 67128]
PC-s›k i Windows.lnk - C:\Programfiler\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvwtt]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cjp42.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" /background
"Steam"="c:\programfiler\steam\steam.exe" -silent
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"Orb"="C:\Programfiler\Winamp Remote\bin\OrbTray.exe" /background
"Systray"=rundll32.exe sockins32.dll,RunMain

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NBKeyScan"="C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot
"New.net Startup"=rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programfiler\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Programfiler\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Programfiler\\Steam\\steamapps\\common\\lost planet extreme condition\\LostPlanetDX9.exe"=
"C:\\Programfiler\\Steam\\steamapps\\jarleosthus\\counter-strike source\\hl2.exe"=
"C:\\Programfiler\\BitLord\\BitLord.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=
"H:\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Programfiler\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programfiler\\Internet Explorer\\iexplore.exe"=
"C:\\Programfiler\\Starcraft\\StarCraft.exe"=
"C:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Programfiler\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Programfiler\\THQ\\Titan Quest Immortal Throne\\Tqit.exe"=
"C:\\Programfiler\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Programfiler\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"C:\\Programfiler\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Programfiler\\Steam\\steamapps\\jarleosthus\\team fortress 2\\hl2.exe"=
"C:\\Programfiler\\iTunes\\iTunes.exe"=
"C:\\Programfiler\\Fellesfiler\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"J:\\Programfiler\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\Programfiler\\Steam\\steamapps\\common\\alien shooter vengeance\\AlienShooter.exe"=
"C:\\Programfiler\\Steam\\steamapps\\jarleosthus\\space empires iv deluxe\\se4\\Se4.exe"=
"C:\\Programfiler\\TightVNC\\WinVNC.exe"=
"C:\\Programfiler\\America's Army\\System\\ArmyOps.exe"=
"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programfiler\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Programfiler\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Programfiler\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 Pnp680r;Silicon Image SiI 0680 Medley Raid Controller;C:\WINDOWS\system32\DRIVERS\pnp680r.sys [2007-07-20 00:44]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 13:32]
S3 Alpham1;Ideazon ZBoard USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 11:56]
S3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 13:49]
S3 FXDrv32;FXDrv32;E:\FXDrv32.sys []
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-09-05 13:27]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-06-23 11:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Setup\Mamut.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c4081fe-9132-11dc-972f-001bfcbd7b9a}]
\Shell\AutoRun\command - K:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d95734ea-8bc0-11dc-a62c-806d6172696f}]
\Shell\AutoRun\command - E:\.\Bin\Assetup.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 19:54:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programfiler\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe
C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe
C:\Programfiler\Brother\Brmfcmon\BrMfimon.exe
.
**************************************************************************
.
Completion time: 2008-05-21 20:07:39 - machine was rebooted [Jarle]
ComboFix-quarantined-files.txt 2008-05-21 18:06:37

Pre-Run: 150,789,214,208 byte ledig
Post-Run: 150,664,835,072 byte ledig

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

327 --- E O F --- 2008-05-18 19:52:47


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:16:18, on 21.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programfiler\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programfiler\DAEMON Tools\daemon.exe
C:\Programfiler\Fellesfiler\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe
C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe
C:\Programfiler\Brother\Brmfcmon\BrMfimon.exe
C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programfiler\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\explorer.exe
C:\Programfiler\Windows Live\Mail\wlmail.exe
C:\Programfiler\Flock\flock\flock.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {ae7cd045-e861-484f-8273-0445ee161910} - J:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FC031C37-BBEB-4837-AC59-A7C561590EC7} - C:\WINDOWS\system32\awvvv.dll (file missing)
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Programfiler\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [BMcf2887b9] Rundll32.exe "C:\WINDOWS\system32\nyxuqpku.dll",s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Programfiler\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Append to existing PDF - res://J:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: wvuvwtt - C:\WINDOWS\
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programfiler\a-squared Free\a2service.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Unknown owner - C:\Programfiler\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6731 bytes

Malwarebytes' Anti-Malware 1.12
Database version: 774

Scan type: Quick Scan
Objects scanned: 38614
Time elapsed: 1 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 12
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ssqro.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\wvuvwtt.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e5b57f01-3a8e-4fff-aba2-25171d679c8a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e5b57f01-3a8e-4fff-aba2-25171d679c8a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e2f8f7c7-954d-4336-ba99-27bfbeb73daf} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2f8f7c7-954d-4336-ba99-27bfbeb73daf} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvuvwtt (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMcf2887b9 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e2f8f7c7-954d-4336-ba99-27bfbeb73daf} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ssqro -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ssqro -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ssqro.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\orqss.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\orqss.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hvelvxjq.zpx (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvuvwtt.dll (Trojan.Vundo) -> Delete on reboot.

Edited.. forgot the MBAM log
I saw some guys put the logs in spesial fields that you could scroll, if this is helpful to you, tell me how and i'll do it to.

Edited by Thunder, 21 May 2008 - 04:30 PM.


#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:01 PM

Posted 21 May 2008 - 04:42 PM

Hello Jarle,

No need to quote my posts, or to use any tags to post the logs,
plain text will do fine. (easier to read) :thumbsup:

Please hold off on any actions until we are finished,
most problems should be getting resolved as we continue.

let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:http://www.bleepingcomputer.com/forums/t/147702/malware-still-here/
Collect::[9]
C:\WINDOWS\system32\hocyfsur.exe
C:\WINDOWS\system32\iujtjlch.exe
C:\WINDOWS\system32\msssc.dll
File::
C:\WINDOWS\system32\yeyraiqc.exe
C:\WINDOWS\system32\xvkiadnd.ini
Folder::
C:\VundoFix Backups
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D594BDAA-9D2F-4AD6-8FC8-B714277F2685}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2F8F7C7-954D-4336-BA99-27BFBEB73DAF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC031C37-BBEB-4837-AC59-A7C561590EC7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMcf2887b9"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvwtt]

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh HijackThislog.

When CF finishes running, the ComboFix log will open along with a message box, --do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK on the message box. A browser will open.
Simply follow the instructions to copy/paste/send the requested file [9]-Submit_Date_Time.zip.

Are you still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 itsmeandy

itsmeandy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:norway
  • Local time:01:01 PM

Posted 22 May 2008 - 08:46 AM

I submitted the file

My sound is still acting the way i described earlier.
Do you know how to fix it?
Other than that there are no problems :thumbsup: :)


Thank you!

Logs:

ComboFix 08-05-20.5 - Jarle 2008-05-22 15:31:50.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.2796 [GMT 2:00]
Running from: C:\Documents and Settings\Jarle\Skrivebord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jarle\Skrivebord\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\xvkiadnd.ini
C:\WINDOWS\system32\yeyraiqc.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\awvvv.dll.bad
C:\VundoFix Backups\gebyw.dll.bad
C:\VundoFix Backups\vvvwa.ini.bad
C:\VundoFix Backups\vvvwa.ini2.bad
C:\VundoFix Backups\wybeg.ini.bad
C:\VundoFix Backups\wybeg.ini2.bad
C:\WINDOWS\system32\hocyfsur.exe
C:\WINDOWS\system32\iujtjlch.exe
C:\WINDOWS\system32\msssc.dll
C:\WINDOWS\system32\xvkiadnd.ini
C:\WINDOWS\system32\yeyraiqc.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))
.

2008-05-22 15:20 . 2008-05-22 15:30 <DIR> dr-h----- C:\Documents and Settings\Jarle\Siste
2008-05-21 19:15 . 2008-05-21 19:15 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware
2008-05-21 19:15 . 2008-05-21 19:15 <DIR> d-------- C:\Documents and Settings\Jarle\Programdata\Malwarebytes
2008-05-21 19:15 . 2008-05-21 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes
2008-05-21 19:15 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-21 19:15 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-20 23:26 . 2008-05-20 23:26 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-20 23:08 . 2008-05-20 23:08 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware
2008-05-20 23:08 . 2008-05-20 23:08 <DIR> d-------- C:\Documents and Settings\Jarle\Programdata\SUPERAntiSpyware.com
2008-05-20 23:08 . 2008-05-20 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com
2008-05-20 22:48 . 2008-05-20 22:59 <DIR> d-------- C:\Programfiler\SpywareGuard
2008-05-20 16:17 . 2008-05-20 17:30 <DIR> d-------- C:\Programfiler\a-squared Free
2008-05-20 15:26 . 2008-05-21 19:22 <DIR> dr-h----- C:\$VAULT$.AVG
2008-05-19 23:57 . 2008-05-19 23:57 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-19 23:18 . 2008-05-19 23:18 <DIR> d-------- C:\Programfiler\WMI Tools
2008-05-19 21:05 . 2008-05-19 21:05 <DIR> d-------- C:\Deckard
2008-05-19 21:04 . 2008-05-19 21:04 <DIR> d-------- C:\Programfiler\Lavasoft
2008-05-19 21:04 . 2008-05-20 23:08 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard
2008-05-19 21:04 . 2008-05-19 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft
2008-05-19 21:04 . 2008-05-19 21:04 686,630 --a------ C:\dss.exe
2008-05-19 21:02 . 2008-05-19 21:02 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-19 21:02 . 2008-05-19 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Kaspersky Lab
2008-05-18 22:11 . 2008-05-18 22:11 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-18 21:55 . 2008-05-19 20:37 <DIR> d-------- C:\Programfiler\SpywareBlaster
2008-05-18 21:55 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-05-18 21:46 . 2008-05-18 21:46 50,688 --a------ C:\ATF-Cleaner.exe
2008-05-18 21:45 . 2008-05-19 19:52 <DIR> d-------- C:\SDFix
2008-05-18 21:43 . 2008-05-18 21:43 147,456 --a------ C:\VundoFix.exe
2008-05-18 20:33 . 2008-05-19 23:04 <DIR> dr------- C:\Documents and Settings\Administrator\Siste
2008-05-18 01:59 . 2008-05-18 01:59 <DIR> d--hs---- C:\found.000
2008-05-18 01:46 . 2001-09-11 15:20 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll
2008-05-18 01:46 . 2006-09-08 18:08 247,296 -ra------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
2008-05-18 01:46 . 2006-09-01 22:44 139,776 -ra------ C:\WINDOWS\system32\drivers\adidts.sys
2008-05-18 01:46 . 2006-08-30 05:21 94,080 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys
2008-05-18 01:46 . 2005-05-04 09:20 53,248 --------- C:\WINDOWS\system32\wdmioctl.dll
2008-05-18 01:46 . 2006-07-10 15:42 49,152 --------- C:\WINDOWS\system32\DSndUp.exe
2008-05-18 01:46 . 2002-04-17 15:05 45,056 --------- C:\WINDOWS\system32\CleanUp.exe
2008-05-18 01:08 . 2008-05-18 22:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SecTaskMan
2008-05-17 03:05 . 2008-05-17 03:05 <DIR> d-------- C:\swsetup
2008-05-16 23:49 . 2007-11-05 19:11 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny
2008-05-16 23:49 . 2007-11-05 19:11 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivere
2008-05-16 23:49 . 2008-05-19 23:03 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord
2008-05-16 23:49 . 2008-05-17 00:26 <DIR> dr------- C:\Documents and Settings\Administrator\Programdata
2008-05-16 23:49 . 2008-05-18 21:30 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter
2008-05-16 23:49 . 2007-11-05 18:50 <DIR> d-------- C:\Documents and Settings\Administrator\Maler
2008-05-16 23:49 . 2007-11-05 19:11 <DIR> d-------- C:\Documents and Settings\Administrator\Lokale innstillinger
2008-05-16 23:49 . 2007-11-05 19:11 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter
2008-05-16 23:49 . 2008-05-19 23:03 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-16 14:30 . 2008-05-16 14:30 <DIR> d-------- C:\Programfiler\Trend Micro
2008-05-15 07:08 . 2008-05-15 07:08 <DIR> d-------- C:\Documents and Settings\Jarle\Programdata\Dealio
2008-05-15 07:08 . 2008-05-15 07:08 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2008-05-14 21:29 . 2008-05-14 21:29 <DIR> d-------- C:\temp\SoftAmpVS
2008-05-14 21:29 . 2008-05-18 22:25 <DIR> d-------- C:\temp
2008-05-14 20:40 . 2008-05-14 20:50 <DIR> d-------- C:\Programfiler\Winamp Remote
2008-05-14 20:40 . 2008-05-14 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\OrbNetworks
2008-05-14 20:39 . 2008-05-14 21:29 <DIR> d-------- C:\Programfiler\Winamp
2008-05-14 20:39 . 2008-05-16 14:23 <DIR> d-------- C:\Documents and Settings\Jarle\Programdata\Winamp
2008-05-14 18:15 . 2008-05-14 18:15 <DIR> d-------- C:\Documents and Settings\Jarle\Programdata\Ahead
2008-05-14 15:44 . 2008-05-14 15:44 <DIR> d-------- C:\Documents and Settings\Jarle\Programdata\Uniblue
2008-05-13 16:38 . 2008-05-13 16:38 <DIR> d-------- C:\Programfiler\Fellesfiler\Logishrd
2008-05-13 16:38 . 2008-05-13 16:38 <DIR> d-------- C:\Documents and Settings\Jarle\Programdata\InstallShield
2008-05-13 16:36 . 2008-05-13 16:36 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\Flock
2008-05-13 16:36 . 2008-05-13 16:36 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritter
2008-05-08 22:00 . 2008-05-08 22:00 <DIR> d-------- C:\Programfiler\TexasCalculatem
2008-05-07 23:05 . 2008-05-07 23:05 <DIR> d-------- C:\Programfiler\ZiPhone
2008-05-07 19:47 . 2008-05-07 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Office Genuine Advantage
2008-05-07 00:08 . 2008-05-07 00:08 <DIR> d-------- C:\Programfiler\Windows Desktop Search
2008-05-07 00:08 . 2008-05-07 00:08 <DIR> d-------- C:\Documents and Settings\Jarle\Programdata\Windows Desktop Search
2008-05-06 00:35 . 2008-05-06 00:35 <DIR> d-------- C:\Programfiler\GoldWave
2008-05-04 21:04 . 2008-05-04 21:04 <DIR> d-------- C:\Programfiler\Microsoft Works
2008-05-04 21:04 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-05-04 21:03 . 2008-05-04 21:03 <DIR> d-------- C:\Programfiler\Microsoft.NET
2008-05-04 21:01 . 2008-05-04 21:02 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-04 21:01 . 2008-05-04 21:01 <DIR> dr------- C:\MSOCache
2008-05-04 21:01 . 2008-05-14 03:13 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Microsoft Help
2008-04-28 18:46 . 2008-04-28 18:46 3,120 --a------ C:\WINDOWS\system32\43f1c37a-c8ee-40c4-ae97-245883ef2153.dll
2008-04-28 18:46 . 2008-04-28 18:46 3,120 --a------ C:\WINDOWS\01a5b801-10aa-4023-998d-a31986c9a740.ocx
2008-04-26 03:17 . 2008-04-26 03:17 <DIR> d-------- C:\Programfiler\America's Army Server Manager
2008-04-26 03:17 . 2008-04-26 03:36 <DIR> d-------- C:\Programfiler\America's Army
2008-04-26 00:40 . 2008-05-18 17:46 <DIR> d-------- C:\Programfiler\TightVNC
2008-04-23 01:16 . 2007-12-26 17:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-04-23 01:16 . 2007-12-26 17:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 13:20 --------- d-----w C:\Documents and Settings\Jarle\Programdata\AVG7
2008-05-21 19:17 --------- d-----w C:\Programfiler\Steam
2008-05-20 17:07 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP
2008-05-20 15:42 --------- d-----w C:\Programfiler\Cheat Engine
2008-05-19 22:05 --------- d--h--w C:\Programfiler\InstallShield Installation Information
2008-05-19 18:24 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2008-05-17 23:46 --------- d-----w C:\Programfiler\Analog Devices
2008-05-17 01:16 --------- d-----w C:\Documents and Settings\All Users\Programdata\FLEXnet
2008-05-16 22:23 --------- d-----w C:\Programfiler\Bonjour
2008-05-16 12:11 --------- d-----w C:\Programfiler\Real
2008-05-13 23:25 --------- d-----w C:\Programfiler\Google
2008-05-13 14:38 --------- d-----w C:\Programfiler\Fellesfiler\Logitech
2008-05-07 07:10 --------- d-----w C:\Programfiler\Windows Live
2008-05-06 22:34 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller
2008-05-01 10:45 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-01 10:45 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-30 15:13 --------- d-----w C:\Documents and Settings\Jarle\Programdata\LimeWire
2008-04-19 14:39 --------- d-----w C:\Documents and Settings\Jarle\Programdata\dvdcss
2008-04-17 20:59 --------- d-----w C:\Programfiler\Flock
2008-04-17 20:59 --------- d-----w C:\Documents and Settings\Jarle\Programdata\Flock
2008-04-11 19:23 --------- d-----w C:\Programfiler\Mamut for Altinn
2008-04-10 12:10 --------- d-----w C:\Documents and Settings\Jarle\Programdata\PC-FAX TX
2008-04-09 22:18 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield
2008-04-09 22:18 --------- d-----w C:\Programfiler\Brother
2008-04-09 22:17 --------- d-----w C:\Documents and Settings\All Users\Programdata\Brother
2008-04-09 21:04 --------- d-----r C:\Documents and Settings\Jarle\Programdata\Brother
2008-04-02 19:42 --------- d-----w C:\Documents and Settings\All Users\Programdata\Muzzy Lane Software
2008-03-31 20:27 --------- d-----w C:\Programfiler\Messenger Plus! Live
2008-03-25 21:13 --------- d-----w C:\Programfiler\Fellesfiler\Control Panels
2008-03-25 21:13 --------- d-----w C:\Programfiler\Fellesfiler\Adobe
2008-03-25 21:12 --------- d-----w C:\Documents and Settings\All Users\Programdata\ALM
2008-03-25 20:52 --------- d-----w C:\Programfiler\Fellesfiler\Macrovision Shared
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-24 00:57 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy
2008-03-24 00:37 --------- d-----w C:\Programfiler\Spybot - Search & Destroy
2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 17:12 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-21_20.06.26.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-21 17:53:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-22 13:19:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2007-11-17 13:53 171464]
"SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Nero\Lib\NMBgMonitor.exe" [2007-08-03 13:51 202024]
"ccleaner"="C:\Programfiler\CCleaner\ccleaner.exe" [2007-07-13 11:10 598656]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-17 22:57 579584]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 16:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"BrMfcWnd"="C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 07:46 622592]
"ControlCenter3"="C:\Programfiler\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 12:18 77824]
"SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2006-09-26 23:29 872448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-05 20:16 219136]

C:\Documents and Settings\Jarle\Start-meny\Programmer\Oppstart\
OneNote 2007 Screen Clipper og Launcher.lnk - C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
SpywareGuard.lnk - C:\Programfiler\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-31 16:43:52 67128]
PC-s›k i Windows.lnk - C:\Programfiler\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cjp42.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" /background
"Steam"="c:\programfiler\steam\steam.exe" -silent
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"Orb"="C:\Programfiler\Winamp Remote\bin\OrbTray.exe" /background
"Systray"=rundll32.exe sockins32.dll,RunMain

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NBKeyScan"="C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot
"New.net Startup"=rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programfiler\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Programfiler\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Programfiler\\Steam\\steamapps\\common\\lost planet extreme condition\\LostPlanetDX9.exe"=
"C:\\Programfiler\\Steam\\steamapps\\jarleosthus\\counter-strike source\\hl2.exe"=
"C:\\Programfiler\\BitLord\\BitLord.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=
"H:\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Programfiler\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programfiler\\Internet Explorer\\iexplore.exe"=
"C:\\Programfiler\\Starcraft\\StarCraft.exe"=
"C:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Programfiler\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Programfiler\\THQ\\Titan Quest Immortal Throne\\Tqit.exe"=
"C:\\Programfiler\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Programfiler\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"C:\\Programfiler\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Programfiler\\Steam\\steamapps\\jarleosthus\\team fortress 2\\hl2.exe"=
"C:\\Programfiler\\iTunes\\iTunes.exe"=
"C:\\Programfiler\\Fellesfiler\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"J:\\Programfiler\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\Programfiler\\Steam\\steamapps\\common\\alien shooter vengeance\\AlienShooter.exe"=
"C:\\Programfiler\\Steam\\steamapps\\jarleosthus\\space empires iv deluxe\\se4\\Se4.exe"=
"C:\\Programfiler\\TightVNC\\WinVNC.exe"=
"C:\\Programfiler\\America's Army\\System\\ArmyOps.exe"=
"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programfiler\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Programfiler\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Programfiler\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 Pnp680r;Silicon Image SiI 0680 Medley Raid Controller;C:\WINDOWS\system32\DRIVERS\pnp680r.sys [2007-07-20 00:44]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 13:32]
S3 Alpham1;Ideazon ZBoard USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 11:56]
S3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 13:49]
S3 FXDrv32;FXDrv32;E:\FXDrv32.sys []
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-09-05 13:27]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-06-23 11:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Setup\Mamut.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c4081fe-9132-11dc-972f-001bfcbd7b9a}]
\Shell\AutoRun\command - K:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d95734ea-8bc0-11dc-a62c-806d6172696f}]
\Shell\AutoRun\command - E:\.\Bin\Assetup.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 15:34:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-22 15:39:46
ComboFix-quarantined-files.txt 2008-05-22 13:39:23
ComboFix2.txt 2008-05-21 18:07:40

Pre-Run: 150,588,370,944 byte ledig
Post-Run: 150,576,406,528 byte ledig

288 --- E O F --- 2008-05-18 19:52:47

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:45:39, on 22.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programfiler\Analog Devices\Core\smax4pnp.exe
C:\Programfiler\DAEMON Tools\daemon.exe
C:\Programfiler\Fellesfiler\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe
C:\Programfiler\Brother\Brmfcmon\BrMfimon.exe
C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe
C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Programfiler\Windows Desktop Search\WindowsSearch.exe
C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\FLOCK\FLOCK\FLOCK.EXE
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {ae7cd045-e861-484f-8273-0445ee161910} - J:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Programfiler\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Programfiler\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Append to existing PDF - res://J:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programfiler\a-squared Free\a2service.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Unknown owner - C:\Programfiler\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6534 bytes

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:01 PM

Posted 22 May 2008 - 08:58 AM

Hello Itsmeandy,

Your JavaVM is also out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u6.
  • Scroll down to where it says The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right.
  • Check the box that says: Accept License Agreement
  • The page will refresh.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windowsi586-p.exe to install the newest version.
You can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

If your sound is still acting up, I'd reinstall the latest drivers for your sound card once more.

Greetings,
Thunder

Edited by Thunder, 22 May 2008 - 08:58 AM.

Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 itsmeandy

itsmeandy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:norway
  • Local time:01:01 PM

Posted 25 May 2008 - 06:20 AM

:thumbsup: :)

Everything works wonderfully now thank you very much!

:thumbsup:

#8 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:01 PM

Posted 25 May 2008 - 04:40 PM

Glad we could help, Jarle :thumbsup:

Please read this Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Please also read Tony Klein's excellent article: How I got Infected in the First Place
and/or Grinlers tutorial on how malware is hidden and installed

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users