Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumondo infection


  • This topic is locked This topic is locked
10 replies to this topic

#1 tropprett

tropprett

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 06 November 2008 - 08:18 PM

I have the exact same problem as this guy(I can't start automatic updates (error 1058) and gets a lot of popups) http://www.bleepingcomputer.com/forums/t/150171/need-help-urgent-popups-ie-crasing-automatic-updates-wont-turn-on-hijack-this-log-included-arrrrh-need-help/
I have followed the steps from the other thread up to and including creating a OtScanIt log and attached it to this post

My Anti-Virus is AVG free version 8.0.175

And here is my Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:18:27, on 07.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Programfiler\Creative\Shared Files\CTAudSvc.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Programfiler\Bonjour\mDNSResponder.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Programfiler\Raxco\PerfectDisk2008\PD91Agent.exe
E:\WINDOWS\system32\svchost.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\TBPanel.exe
E:\WINDOWS\system32\CTHELPER.EXE
E:\WINDOWS\system32\CTXFIHLP.EXE
E:\WINDOWS\SYSTEM32\CTXFISPI.EXE
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
E:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe
E:\Programfiler\Winamp\winampa.exe
E:\Programfiler\iTunes\iTunesHelper.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
E:\Programfiler\uTorrent\uTorrent.exe
E:\Programfiler\DAEMON Tools Lite\daemon.exe
E:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe
E:\Programfiler\iPod\bin\iPodService.exe
E:\Programfiler\OpenOffice.org 2.4\program\soffice.exe
E:\Programfiler\OpenOffice.org 2.4\program\soffice.BIN
E:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe
E:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
E:\WINDOWS\system32\taskmgr.exe
E:\Programfiler\Internet Explorer\IEXPLORE.EXE
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\explorer.exe
E:\Programfiler\Mozilla Firefox\firefox.exe
E:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - E:\Programfiler\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [Gainward] E:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] E:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] E:\Programfiler\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [uTorrent] "E:\Programfiler\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BOINC Manager.lnk = E:\Programfiler\BOINC\boincmgr.exe
O4 - Startup: OpenOffice.org 2.4.lnk = E:\Programfiler\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Programfiler\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - E:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - E:\Programfiler\Creative\Shared Files\CTAudSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - E:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - E:\Programfiler\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - E:\Programfiler\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: PD91VMDefrag - Raxco Software, Inc. - E:\Programfiler\Raxco\PerfectDisk2008\PD91VMDefrag.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7495 bytes

Attached Files


Edited by tropprett, 06 November 2008 - 08:18 PM.


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:17 AM

Posted 09 November 2008 - 03:25 PM

Hello tropprett,

I notice that you have Spybot's TeaTimer running.
While this is normally a wonderful tool to protect against hijackers, it can also interfere with the fixes.
So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts

You can reenable TeaTimer once your system is clean.



Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%systemroot%\system32\awttstmk.dll
%systemroot%\system32\kmtsttwa.ini
%systemroot%\system32\kmtsttwa.ini2
%systemroot%\system32\opnopmet.dll
Folders to delete:
%systemdrive%\vundofix backups

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Script Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {09268BF8-2816-4716-91CA-0B6B72460AB7} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\opnopMEt.dll []
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> opnopMEt -> %SystemRoot%\system32\opnopMEt.dll
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {09268BF8-2816-4716-91CA-0B6B72460AB7} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\opnopMEt.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {9BB7AA2D-1B9D-4223-A201-91D8ED230DD4} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\awttsTmK.dll [Reg Error: Value  does not exist or could not be read.]
[Files/Folders - Created Within 30 days]
NY -> VundoFix Backups -> %SystemDrive%\VundoFix Backups
NY -> 2 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp
NY -> awttsTmK.dll -> %SystemRoot%\System32\awttsTmK.dll
NY -> KmTsttwa.ini -> %SystemRoot%\System32\KmTsttwa.ini
NY -> KmTsttwa.ini2 -> %SystemRoot%\System32\KmTsttwa.ini2
NY -> opnopMEt.dll -> %SystemRoot%\System32\opnopMEt.dll
NY -> 5 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 days]
NY -> 2 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp
NY -> awttsTmK.dll -> %SystemRoot%\System32\awttsTmK.dll
NY -> KmTsttwa.ini -> %SystemRoot%\System32\KmTsttwa.ini
NY -> KmTsttwa.ini2 -> %SystemRoot%\System32\KmTsttwa.ini2
NY -> opnopMEt.dll -> %SystemRoot%\System32\opnopMEt.dll
NY -> 5 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Step #4

Run a new OTScanIt scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:


    • File - Additional Folder Scans

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Post the following back here:
The Avenger report (c:\Avenger.txt). This will be a short report, so you will be able to post it.

The latest OTScanIt fix log (look in the OTScanIt folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. ) This will be a short log, so you will be able to post it.

The new OTScanIt scan log. This should be a short log, so you should be able to post it. If the file is too big to post, then you can upload it to me here.
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 tropprett

tropprett
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 09 November 2008 - 04:46 PM

Thanks for the reply, but I think Spybot solved my problems. I have scanned with Spybot every time i start my computer the last days because it removed some instances of it and this caused the popups to stop until the next time I rebooted.

When I did that today Spybot managed to remove all of the instances. After that I rebooted and scanned with both Spybot and AVG free and none of them found anything. I was also able to start Automatic Updates.

Is there a chance that somthing is still left on my computer? Should I still do fixes you provided, nothing at all or maybe something completly different?

Thanks again for the help!

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:17 AM

Posted 09 November 2008 - 05:37 PM

When I did that today Spybot managed to remove all of the instances. After that I rebooted and scanned with both Spybot and AVG free and none of them found anything. I was also able to start Automatic Updates.


They would find vundo and remove them.

Is there a chance that somthing is still left on my computer? Should I still do fixes you provided,



Yes, that is why I posted them.

Edited by SifuMike, 09 November 2008 - 05:47 PM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 tropprett

tropprett
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 09 November 2008 - 08:28 PM

Avenger Report

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at E:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "E:\WINDOWS\system32\awttstmk.dll" not found!
Deletion of file "E:\WINDOWS\system32\awttstmk.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "E:\WINDOWS\system32\kmtsttwa.ini" not found!
Deletion of file "E:\WINDOWS\system32\kmtsttwa.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "E:\WINDOWS\system32\kmtsttwa.ini2" not found!
Deletion of file "E:\WINDOWS\system32\kmtsttwa.ini2" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "E:\WINDOWS\system32\opnopmet.dll" not found!
Deletion of file "E:\WINDOWS\system32\opnopmet.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "E:\vundofix backups" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


OTScanIt Fix It log:

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{09268BF8-2816-4716-91CA-0B6B72460AB7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09268BF8-2816-4716-91CA-0B6B72460AB7}\ deleted successfully.
File E:\WINDOWS\system32\opnopMEt.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnopMEt\ deleted successfully.
File E:\WINDOWS\system32\opnopMEt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09268BF8-2816-4716-91CA-0B6B72460AB7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09268BF8-2816-4716-91CA-0B6B72460AB7}\ not found.
File E:\WINDOWS\system32\opnopMEt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9BB7AA2D-1B9D-4223-A201-91D8ED230DD4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB7AA2D-1B9D-4223-A201-91D8ED230DD4}\ not found.
File E:\WINDOWS\system32\awttsTmK.dll not found.
[Files/Folders - Created Within 30 days]
File E:\VundoFix Backups not found!
File E:\WINDOWS\System32\awttsTmK.dll not found!
File E:\WINDOWS\System32\KmTsttwa.ini not found!
File E:\WINDOWS\System32\KmTsttwa.ini2 not found!
File E:\WINDOWS\System32\opnopMEt.dll not found!
E:\WINDOWS\NV37243524.TMP folder deleted successfully.
[Files/Folders - Modified Within 30 days]
File E:\WINDOWS\System32\awttsTmK.dll not found!
File E:\WINDOWS\System32\KmTsttwa.ini not found!
File E:\WINDOWS\System32\KmTsttwa.ini2 not found!
File E:\WINDOWS\System32\opnopMEt.dll not found!
[Empty Temp Folders]
File delete failed. E:\Documents and Settings\Morten\Lokale innstillinger\Temp\hpodvd09.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. E:\WINDOWS\temp\ZLT04660.TMP scheduled to be deleted on reboot.
File delete failed. E:\WINDOWS\temp\ZLT05757.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 11102008_005428

Files moved on Reboot...
E:\Documents and Settings\Morten\Lokale innstillinger\Temp\hpodvd09.log moved successfully.
E:\WINDOWS\temp\ZLT04660.TMP moved successfully.
E:\WINDOWS\temp\ZLT05757.TMP moved successfully.

F-Secure Online Scanner Report:


Scanning Report

Monday, November 10, 2008 01:04:33 - 01:58:02

Computer name: MORTEN-A3AEB7E9
Scanning type: Scan system for malware, rootkits
Target: E:\

Result: 2 malware found

TrackingCookie.2o7 (spyware)
System
TrackingCookie.Atdmt (spyware)
System
Statistics

Scanned:
Files: 43546
System: 3165
Not scanned: 8
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 2
Submitted: 0
Files not scanned:
E:\PAGEFILE.SYS
E:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
E:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
E:\WINDOWS\SYSTEM32\CONFIG\SAM
E:\WINDOWS\SYSTEM32\CONFIG\SECURITY
E:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
E:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
E:\DOCUMENTS AND SETTINGS\MORTEN\LOKALE INNSTILLINGER\TEMP\ETILQS_OCR5IAMGPD7KUYYJIAKK
Options

Scanning engines:
F-Secure USS: 2.40.0
F-Secure Blacklight: 2.4.1093
F-Secure Hydra: 2.8.8110, 2008-11-09
F-Secure Pegasus: 1.20.0, 2008-09-22
F-Secure AVP: 7.0.171, 2008-11-09
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

OtScanIt scan log

OTScanIt logfile created on: 10.11.2008 02:18:22
OTScanIt by OldTimer - Version 1.0.19.0	 Folder = E:\Documents and Settings\Morten\Skrivebord\OTScanIt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000814 | Country: Norge | Language: NON | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 74,46% Memory free
3,85 Gb Paging File | 3,49 Gb Available in Paging File | 90,65% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092;
 
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programfiler
C: Drive not present or media not loaded
D: Drive not present or media not loaded
Drive E: | 465,75 Gb Total Space | 217,43 Gb Free Space | 46,68% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MORTEN-A3AEB7E9
Current User Name: Morten
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

[Processes - Non-Microsoft Only]
vsmon.exe -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 75304 bytes | Modified Date = 09.07.2008 08:05:18 | Attr =	]
pd91agent.exe -> %ProgramFiles%\Raxco\PerfectDisk2008\PD91Agent.exe -> Raxco Software, Inc. [Ver = 9, 0, 0, 64 | Size = 693512 bytes | Modified Date = 09.09.2008 12:49:50 | Attr =	]
tbpanel.exe -> %SystemRoot%\TBPanel.exe -> Gainward Co. [Ver = 5.9 | Size = 2189864 bytes | Modified Date = 27.11.2007 07:34:58 | Attr =	]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 919016 bytes | Modified Date = 09.07.2008 08:05:20 | Attr =	]
winampa.exe -> %ProgramFiles%\Winamp\winampa.exe ->  [Ver =  | Size = 36352 bytes | Modified Date = 04.08.2008 00:02:20 | Attr =	]
daemon.exe -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe -> DT Soft Ltd [Ver = 4.30.1.0 | Size = 490952 bytes | Modified Date = 08.08.2008 13:11:12 | Attr =	]
soffice.exe -> %ProgramFiles%\OpenOffice.org 2.4\program\soffice.exe -> OpenOffice.org [Ver = 2.03.9307 | Size = 2363392 bytes | Modified Date = 29.05.2008 21:43:36 | Attr =	]
soffice.bin -> %ProgramFiles%\OpenOffice.org 2.4\program\soffice.bin -> OpenOffice.org [Ver = 2.03.9307 | Size = 2580480 bytes | Modified Date = 29.05.2008 21:43:38 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(PD91Agent) PD91Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Raxco\PerfectDisk2008\PD91Agent.exe -> Raxco Software, Inc. [Ver = 9, 0, 0, 64 | Size = 693512 bytes | Modified Date = 09.09.2008 12:49:50 | Attr =	]
(PD91Engine) PD91Engine [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Raxco\PerfectDisk2008\PD91Engine.exe -> Raxco Software, Inc. [Ver = 9, 0, 0, 64 | Size = 906504 bytes | Modified Date = 09.09.2008 12:49:52 | Attr =	]
(PD91VMDefrag) PD91VMDefrag [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Raxco\PerfectDisk2008\PD91VMDefrag.exe -> Raxco Software, Inc. [Ver = 9, 0, 0, 44 | Size = 226568 bytes | Modified Date = 29.02.2008 09:44:26 | Attr =	]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 75304 bytes | Modified Date = 09.07.2008 08:05:18 | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["E:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 15.10.2008 01:04:34 | Attr =	]
AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [E:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.172 | Size = 1234712 bytes | Modified Date = 30.09.2008 06:47:43 | Attr =	]
CTHelper -> %SystemRoot%\system32\CtHelper.exe [CTHELPER.EXE] -> Creative Technology Ltd [Ver = 6.00.01.1283-2.14.1610 | Size = 19456 bytes | Modified Date = 20.02.2008 19:58:44 | Attr =	]
CTxfiHlp -> %SystemRoot%\system32\Ctxfihlp.exe [CTXFIHLP.EXE] -> Creative Technology Ltd [Ver = 6.00.01.1283-2.14.1610 | Size = 19968 bytes | Modified Date = 20.02.2008 19:58:46 | Attr =	]
Gainward -> %SystemRoot%\TBPanel.exe [E:\WINDOWS\TBPanel.exe /A] -> Gainward Co. [Ver = 5.9 | Size = 2189864 bytes | Modified Date = 27.11.2007 07:34:58 | Attr =	]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [E:\Programfiler\HP\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 08.05.2007 15:24:20 | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["E:\Programfiler\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 8.0.1.11 | Size = 289576 bytes | Modified Date = 01.10.2008 17:57:12 | Attr =	]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.6906 | Size = 8523776 bytes | Modified Date = 28.11.2007 08:51:05 | Attr =	]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.11.6906 | Size = 81920 bytes | Modified Date = 28.11.2007 08:51:05 | Attr =	]
nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] ->  [Ver =  | Size = 1626112 bytes | Modified Date = 28.11.2007 08:51:05 | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["E:\Programfiler\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5.5 (990.7) | Size = 413696 bytes | Modified Date = 06.09.2008 14:09:14 | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["E:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 10.06.2008 04:27:04 | Attr =	]
WinampAgent -> %ProgramFiles%\Winamp\winampa.exe [E:\Programfiler\Winamp\winampa.exe] ->  [Ver =  | Size = 36352 bytes | Modified Date = 04.08.2008 00:02:20 | Attr =	]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe ["E:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe"] -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 919016 bytes | Modified Date = 09.07.2008 08:05:20 | Attr =	]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
DAEMON Tools Lite -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe ["E:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun] -> DT Soft Ltd [Ver = 4.30.1.0 | Size = 490952 bytes | Modified Date = 08.08.2008 13:11:12 | Attr =	]
uTorrent -> %ProgramFiles%\uTorrent\uTorrent.exe ["E:\Programfiler\uTorrent\uTorrent.exe"] -> BitTorrent, Inc. [Ver = 1.8.1.12639 | Size = 270128 bytes | Modified Date = 08.10.2008 06:59:12 | Attr =	]
< All Users Startup Folder > -> E:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart -> 
%AllUsersProfile%\Start-meny\Programmer\Oppstart\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 19.02.2006 03:21:22 | Attr =	]
< Morten Startup Folder > -> E:\Documents and Settings\Morten\Start-meny\Programmer\Oppstart -> 
%UserProfile%\Start-meny\Programmer\Oppstart\BOINC Manager.lnk -> %ProgramFiles%\BOINC\boincmgr.exe -> Space Sciences Laboratory [Ver = 5.10.45 | Size = 4150016 bytes | Modified Date = 04.03.2008 13:00:20 | Attr =	]
%UserProfile%\Start-meny\Programmer\Oppstart\OpenOffice.org 2.4.lnk -> %ProgramFiles%\OpenOffice.org 2.4\program\quickstart.exe ->  [Ver =  | Size = 393216 bytes | Modified Date = 21.01.2008 15:41:28 | Attr =	]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 10520 bytes | Modified Date = 05.07.2008 08:35:27 | Attr =	]
*MultiFile Done* -> -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 14.04.2008 17:22:49 | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
E:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 14.04.2008 17:23:14 | Attr =	]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 14.04.2008 17:22:55 | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8466944 bytes | Modified Date = 14.04.2008 17:22:21 | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 301056 bytes | Modified Date = 14.04.2008 17:23:19 | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM-driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 13.04.2008 19:40:46 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
< HOSTS File > (287758 bytes and 9962 lines) -> E:\WINDOWS\System32\drivers\etc\Hosts -> 
First 25 entries...
127.0.0.1	   localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.123topsearch.com
127.0.0.1	123topsearch.com
127.0.0.1	www.132.com
127.0.0.1	132.com
127.0.0.1	www.136136.net
127.0.0.1	136136.net
127.0.0.1	www.163ns.com
127.0.0.1	163ns.com
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> E:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5190 domain(s) found. -> 
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5189 domain(s) found. -> 
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22.10.2006 23:08:42 | Attr =	]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.152 | Size = 455960 bytes | Modified Date = 29.08.2008 08:13:50 | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 2, 14 | Size = 1562960 bytes | Modified Date = 15.09.2008 13:25:44 | Attr = RHS]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10.06.2008 04:27:02 | Attr =	]
{79D2B2BC-AD5B-46F2-8339-D6F9694AC8C4} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\awttsTmK.dll [Reg Error: Value  does not exist or could not be read.] -> File not found
{83B80A9C-D91A-4F22-8DCF-EA7204039F79} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Xi\NetXfer\NXIEHelper.dll [NXIECatcher Class] -> Xi [Ver = 2.22.310 | Size = 49152 bytes | Modified Date = 15.08.2007 19:32:12 | Attr =	]
{FA03D393-FF3B-46DE-A992-E7EBA068DBC3} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\tuvWmNfe.dll [Reg Error: Value  does not exist or could not be read.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Xi\NetXfer\NXToolBar.dll [NetXfer] -> Xi [Ver = 2.20.307 | Size = 57344 bytes | Modified Date = 11.07.2007 19:59:38 | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 10.06.2008 04:27:02 | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10.06.2008 04:27:02 | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 2, 14 | Size = 1562960 bytes | Modified Date = 15.09.2008 13:25:44 | Attr = RHS]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{61AF92E2-D4BE-4E6C-AF10-8DE2070BE4C7} ->	(Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,5,11 | Size = 147456 bytes | Modified Date = 29.08.2008 08:53:50 | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver =  | Size = 79128 bytes | Modified Date = 05.07.2008 08:35:31 | Attr =	]
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{00000055-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/fhg.CAB[Reg Error: Key does not exist or could not be opened.] -> 
{5ED80217-570B-4DA9-BF44-BE107C0EC166}[HKEY_LOCAL_MACHINE] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab[Windows Live Safety Center Base Module] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> 
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab[Java Plug-in 1.6.0_04] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/auc_lib.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/auc_lib.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/auc_lib.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/ca.pub\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/ca.pub\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/ca.pub\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/daas_s.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/daas_s.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/daas_s.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/fscax.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/fscax.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/fscax.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/gatelauncher.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/wlscBase.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/wlscBase.dll\\.Owner -> {5ED80217-570B-4DA9-BF44-BE107C0EC166} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/wlscBase.dll\\{5ED80217-570B-4DA9-BF44-BE107C0EC166} ->  -> 



[Files/Folders - Created Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 10.11.2008 00:48:45 | Attr =	]
ProgramData -> %SystemDrive%\ProgramData ->  [Folder | Created Date = 30.10.2008 16:06:56 | Attr =	]
_OTScanIt -> %SystemDrive%\_OTScanIt ->  [Folder | Created Date = 10.11.2008 00:54:28 | Attr =	]
MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf ->  [Ver =  | Size = 0 bytes | Created Date = 23.10.2008 12:25:41 | Attr =  H ]
Msft_Kernel_xusb21_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_xusb21_01005.Wdf ->  [Ver =  | Size = 0 bytes | Created Date = 23.10.2008 12:25:42 | Attr =  H ]
efNmWvut.ini -> %SystemRoot%\System32\efNmWvut.ini ->  [Ver =  | Size = 365350 bytes | Created Date = 08.11.2008 03:23:20 | Attr =  HS]
en-us -> %SystemRoot%\System32\en-us ->  [Folder | Created Date = 01.11.2008 14:24:58 | Attr =	]
initdebug.nfo -> %SystemRoot%\System32\initdebug.nfo ->  [Ver =  | Size = 45 bytes | Created Date = 26.10.2008 13:43:19 | Attr =	]
sgs.xml -> %SystemRoot%\System32\sgs.xml ->  [Ver =  | Size = 225 bytes | Created Date = 08.11.2008 02:42:29 | Attr =	]
snlubfbk.ini -> %SystemRoot%\System32\snlubfbk.ini ->  [Ver =  | Size = 120 bytes | Created Date = 08.11.2008 03:26:23 | Attr =  HS]
xlive -> %SystemRoot%\System32\xlive ->  [Folder | Created Date = 01.11.2008 14:23:14 | Attr =	]
XPSViewer -> %SystemRoot%\System32\XPSViewer ->  [Folder | Created Date = 01.11.2008 14:25:00 | Attr =	]
Downloaded Installations -> %SystemRoot%\Downloaded Installations ->  [Folder | Created Date = 25.10.2008 22:58:08 | Attr =	]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 153 bytes | Created Date = 06.11.2008 23:45:18 | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Fallout3 -> %AllUsersProfile%\Programdata\Fallout3 ->  [Folder | Created Date = 01.11.2008 14:28:46 | Attr =	]
KONAMI -> %AllUsersProfile%\Programdata\KONAMI ->  [Folder | Created Date = 19.10.2008 22:42:31 | Attr =	]
Sports Interactive -> %AllUsersProfile%\Programdata\Sports Interactive ->  [Folder | Created Date = 02.11.2008 01:26:07 | Attr =	]
RayV -> %AppData%\RayV ->  [Folder | Created Date = 08.11.2008 02:37:36 | Attr =	]
Red Alert 3 -> %AppData%\Red Alert 3 ->  [Folder | Created Date = 30.10.2008 16:09:48 | Attr =	]
vlc -> %AppData%\vlc ->  [Folder | Created Date = 14.10.2008 17:50:38 | Attr =	]
Deployment -> %UserProfile%\Lokale innstillinger\Programdata\Deployment ->  [Folder | Created Date = 28.10.2008 22:44:02 | Attr =	]
Fallout3 -> %UserProfile%\Lokale innstillinger\Programdata\Fallout3 ->  [Folder | Created Date = 09.11.2008 20:34:04 | Attr =	]
Mine mottatte filer -> %UserProfile%\Mine dokumenter\Mine mottatte filer ->  [Folder | Created Date = 15.10.2008 09:44:02 | Attr =	]
Red Alert 3 -> %UserProfile%\Mine dokumenter\Red Alert 3 ->  [Folder | Created Date = 31.10.2008 22:29:37 | Attr =	]
Adobe Reader 8.lnk -> %AllUsersProfile%\Skrivebord\Adobe Reader 8.lnk ->  [Ver =  | Size = 1724 bytes | Created Date = 09.11.2008 19:59:42 | Attr =	]
avenger.exe -> %UserProfile%\Skrivebord\avenger.exe ->  [Ver =  | Size = 731136 bytes | Created Date = 09.11.2008 22:30:24 | Attr =	]
avenger.zip -> %UserProfile%\Skrivebord\avenger.zip ->  [Ver =  | Size = 724952 bytes | Created Date = 09.11.2008 22:26:45 | Attr =	]
F-Secure Online Scanner 3.3.1 - Scanning Report - Monday, November 10, 2008 015802.html -> %UserProfile%\Skrivebord\F-Secure Online Scanner 3.3.1 - Scanning Report - Monday, November 10, 2008 015802.html ->  [Ver =  | Size = 3497 bytes | Created Date = 10.11.2008 01:58:34 | Attr =	]
Filer_for_topic178404 -> %UserProfile%\Skrivebord\Filer_for_topic178404 ->  [Folder | Created Date = 10.11.2008 00:43:40 | Attr =	]
HijackThis.lnk -> %UserProfile%\Skrivebord\HijackThis.lnk ->  [Ver =  | Size = 1725 bytes | Created Date = 07.11.2008 01:18:11 | Attr =	]
OTScanIt -> %UserProfile%\Skrivebord\OTScanIt ->  [Folder | Created Date = 07.11.2008 01:47:48 | Attr =	]
OTScanIt.exe -> %UserProfile%\Skrivebord\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Created Date = 07.11.2008 01:44:30 | Attr =	]
topic178404.html -> %UserProfile%\Skrivebord\topic178404.html ->  [Ver =  | Size = 82477 bytes | Created Date = 10.11.2008 00:43:40 | Attr =	]
VirtumundoBeGone.exe -> %UserProfile%\Skrivebord\VirtumundoBeGone.exe -> Business Information Solutions [Ver = 1.5 | Size = 96978 bytes | Created Date = 07.11.2008 00:59:24 | Attr =	]
BOINC Manager.lnk -> %UserProfile%\Start-meny\Programmer\Oppstart\BOINC Manager.lnk ->  [Ver =  | Size = 2054 bytes | Created Date = 25.10.2008 22:58:44 | Attr =	]
1C Company -> %ProgramFiles%\1C Company ->  [Folder | Created Date = 29.10.2008 15:46:38 | Attr =	]
Adobe -> %ProgramFiles%\Adobe ->  [Folder | Created Date = 09.11.2008 19:59:29 | Attr =	]
Bethesda Softworks -> %ProgramFiles%\Bethesda Softworks ->  [Folder | Created Date = 01.11.2008 14:28:43 | Attr =	]
BOINC -> %ProgramFiles%\BOINC ->  [Folder | Created Date = 25.10.2008 22:58:38 | Attr =	]
Electronic Arts -> %ProgramFiles%\Electronic Arts ->  [Folder | Created Date = 30.10.2008 13:19:38 | Attr =	]
MSBuild -> %ProgramFiles%\MSBuild ->  [Folder | Created Date = 01.11.2008 14:26:49 | Attr =	]
MusicBrainz Picard -> %ProgramFiles%\MusicBrainz Picard ->  [Folder | Created Date = 22.10.2008 13:37:27 | Attr =	]
RayV -> %ProgramFiles%\RayV ->  [Folder | Created Date = 08.11.2008 02:37:27 | Attr =	]
Reference Assemblies -> %ProgramFiles%\Reference Assemblies ->  [Folder | Created Date = 01.11.2008 14:24:30 | Attr =	]
SpeedFan -> %ProgramFiles%\SpeedFan ->  [Folder | Created Date = 26.10.2008 13:43:20 | Attr =	]
VideoLAN -> %ProgramFiles%\VideoLAN ->  [Folder | Created Date = 14.10.2008 17:49:20 | Attr =	]
Windows Live Safety Center -> %ProgramFiles%\Windows Live Safety Center ->  [Folder | Created Date = 07.11.2008 00:51:15 | Attr =	]

[Files/Folders - Modified Within 30 days]
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm ->  [Ver =  | Size = 29902421 bytes | Modified Date = 10.11.2008 00:52:11 | Attr =	]
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg ->  [Ver =  | Size = 103638 bytes | Modified Date = 04.11.2008 08:57:19 | Attr =	]
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg ->  [Ver =  | Size = 334743 bytes | Modified Date = 06.11.2008 08:04:14 | Attr =	]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 287758 bytes | Modified Date = 06.11.2008 23:23:56 | Attr = R  ]
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 142600224 bytes | Modified Date = 10.11.2008 02:01:23 | Attr =  HS]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 1666796 bytes | Modified Date = 10.11.2008 00:57:25 | Attr =  HS]
MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 23.10.2008 12:25:41 | Attr =  H ]
Msft_Kernel_xusb21_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_xusb21_01005.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 23.10.2008 12:25:42 | Attr =  H ]
BMXState-{00000003-00000000-00000006-00001102-00000005-00291102}.rfx -> %SystemRoot%\System32\BMXState-{00000003-00000000-00000006-00001102-00000005-00291102}.rfx ->  [Ver =  | Size = 54760 bytes | Modified Date = 10.11.2008 00:57:26 | Attr =	]
BMXStateBkp-{00000003-00000000-00000006-00001102-00000005-00291102}.rfx -> %SystemRoot%\System32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000005-00291102}.rfx ->  [Ver =  | Size = 54760 bytes | Modified Date = 10.11.2008 00:57:26 | Attr =	]
DVCState-{00000003-00000000-00000006-00001102-00000005-00291102}.rfx -> %SystemRoot%\System32\DVCState-{00000003-00000000-00000006-00001102-00000005-00291102}.rfx ->  [Ver =  | Size = 788 bytes | Modified Date = 10.11.2008 00:57:26 | Attr =	]
ealregsnapshot1.reg -> %SystemRoot%\System32\ealregsnapshot1.reg ->  [Ver =  | Size = 4324 bytes | Modified Date = 30.10.2008 16:05:56 | Attr =	]
efNmWvut.ini -> %SystemRoot%\System32\efNmWvut.ini ->  [Ver =  | Size = 365350 bytes | Modified Date = 08.11.2008 11:38:15 | Attr =  HS]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 113376 bytes | Modified Date = 02.11.2008 09:18:21 | Attr =	]
initdebug.nfo -> %SystemRoot%\System32\initdebug.nfo ->  [Ver =  | Size = 45 bytes | Modified Date = 26.10.2008 13:43:20 | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 70124 bytes | Modified Date = 01.11.2008 14:27:03 | Attr =	]
perfc014.dat -> %SystemRoot%\System32\perfc014.dat ->  [Ver =  | Size = 78496 bytes | Modified Date = 01.11.2008 14:27:03 | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 436360 bytes | Modified Date = 01.11.2008 14:27:03 | Attr =	]
perfh014.dat -> %SystemRoot%\System32\perfh014.dat ->  [Ver =  | Size = 439292 bytes | Modified Date = 01.11.2008 14:27:03 | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 1032840 bytes | Modified Date = 01.11.2008 14:27:03 | Attr =	]
sgs.xml -> %SystemRoot%\System32\sgs.xml ->  [Ver =  | Size = 225 bytes | Modified Date = 08.11.2008 03:14:59 | Attr =	]
snlubfbk.ini -> %SystemRoot%\System32\snlubfbk.ini ->  [Ver =  | Size = 120 bytes | Modified Date = 08.11.2008 03:26:23 | Attr =  HS]
vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml ->  [Ver =  | Size = 352917 bytes | Modified Date = 10.11.2008 02:16:12 | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 13740 bytes | Modified Date = 28.10.2008 21:26:09 | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 10.11.2008 02:15:24 | Attr =   S]
DFC.INI -> %SystemRoot%\DFC.INI ->  [Ver =  | Size = 558 bytes | Modified Date = 10.11.2008 02:16:27 | Attr =	]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 153 bytes | Modified Date = 08.11.2008 11:37:16 | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 282 bytes | Modified Date = 04.11.2008 11:43:01 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 10.11.2008 02:15:30 | Attr =  H ]
E:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\ -> E:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader ->  [Folder | Modified Date = 24.04.2008 14:57:00 | Attr =	]
qmgr0.dat -> E:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 04.11.2008 09:08:18 | Attr =	]
qmgr1.dat -> E:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5377 bytes | Modified Date = 04.11.2008 09:08:18 | Attr =	]
E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\ -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 10.11.2008 01:09:23 | Attr =	]
fsgk32.exe -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 10.11.2008 01:04:19 | Attr =	]
fssm32.exe -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 10.11.2008 01:04:19 | Attr =	]
E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\fsav_beta\ -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 10.11.2008 01:04:19 | Attr =	]
fsgk32.exe -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 10.11.2008 01:04:19 | Attr =	]
fssm32.exe -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 10.11.2008 01:04:19 | Attr =	]
E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\ -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 10.11.2008 01:09:23 | Attr =	]
AVPFPI0.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 10.11.2008 01:04:19 | Attr =	]
avpproxy.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 10.11.2008 01:04:19 | Attr =	]
daas_s.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 27.02.2008 15:59:28 | Attr =	]
fm4av.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 10.11.2008 01:04:19 | Attr =	]
fpinor.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 10.11.2008 01:04:19 | Attr =	]
fsbl.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 10.11.2008 01:04:19 | Attr =	]
fsbld.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> F-Secure Corporation [Ver = BlackLight 2.4.1093 | Size = 731784 bytes | Modified Date = 10.11.2008 01:04:13 | Attr =	]
fsecr32.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
fsgkiapi.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 10.11.2008 01:04:19 | Attr =	]
fsmart.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 10.11.2008 01:04:18 | Attr =	]
fspe32.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
fssubmit.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 10.11.2008 01:04:15 | Attr =	]
fsup32.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
fsupcx32.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
fsupfg32.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
fsupmw32.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
fsupnp32.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
fsupux32.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
fsupwu32.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
fsusscr.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.40.14421 | Size = 883336 bytes | Modified Date = 10.11.2008 01:04:18 | Attr =	]
Nse_w32.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> Norman ASA [Ver = 5,93,01 | Size = 588856 bytes | Modified Date = 10.11.2008 01:04:14 | Attr =	]
E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\fsav_beta\ -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 10.11.2008 01:04:19 | Attr =	]
AVPFPI0.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 10.11.2008 01:04:19 | Attr =	]
avpproxy.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 10.11.2008 01:04:19 | Attr =	]
fm4av.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 10.11.2008 01:04:19 | Attr =	]
fpinor.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 10.11.2008 01:04:19 | Attr =	]
fsbl.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 10.11.2008 01:04:19 | Attr =	]
fsgkiapi.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 10.11.2008 01:04:19 | Attr =	]
E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\hydrawin\ -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 10.11.2008 01:04:18 | Attr =	]
fsecr32.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
fspe32.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
fsup32.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
fsupcx32.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
fsupfg32.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
fsupmw32.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
fsupnp32.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
fsupux32.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
fsupwu32.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\mlcwin\ -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 10.11.2008 01:04:18 | Attr =	]
fsmart.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 10.11.2008 01:04:18 | Attr =	]
fsusscr.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.40.14421 | Size = 883336 bytes | Modified Date = 10.11.2008 01:04:18 | Attr =	]
E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\ols_30_pegdb\ -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 10.11.2008 01:04:14 | Attr =	]
Nse_w32.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> Norman ASA [Ver = 5,93,01 | Size = 588856 bytes | Modified Date = 10.11.2008 01:04:14 | Attr =	]
E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\ols_33_bin\ -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 10.11.2008 01:04:15 | Attr =	]
fssubmit.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 10.11.2008 01:04:15 | Attr =	]
E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\ols_bl\ -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 10.11.2008 01:04:13 | Attr =	]
fsblu.dll -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = BlackLight 2.4.1093 | Size = 731784 bytes | Modified Date = 10.11.2008 01:04:13 | Attr =	]
E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\ -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 10.11.2008 01:09:23 | Attr =	]
ext.dat -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 10.11.2008 01:04:12 | Attr =	]
fsedb.dat -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\fsedb.dat ->  [Ver =  | Size = 1742538 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
fsupdllb.dat -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
fsupplgn.dat -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
fsuptmpl.dat -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
perf.dat -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\perf.dat ->  [Ver =  | Size = 128 bytes | Modified Date = 10.11.2008 01:59:28 | Attr =	]
sae.dat -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 10.11.2008 01:04:12 | Attr =	]
sai.dat -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 10.11.2008 01:04:12 | Attr =	]
E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\avmisc\ -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 10.11.2008 01:04:12 | Attr =	]
ext.dat -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\avmisc\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 10.11.2008 01:04:12 | Attr =	]
sae.dat -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\avmisc\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 10.11.2008 01:04:12 | Attr =	]
sai.dat -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\avmisc\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 10.11.2008 01:04:12 | Attr =	]
E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\hydrawin\ -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 10.11.2008 01:04:18 | Attr =	]
fsedb.dat -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\hydrawin\fsedb.dat ->  [Ver =  | Size = 1742538 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
fsupdllb.dat -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
fsupplgn.dat -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
fsuptmpl.dat -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\ -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 10.11.2008 01:09:23 | Attr =	]
FS@av.ini -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 10.11.2008 01:04:12 | Attr =	]
FS@avpe.ini -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 10.11.2008 01:04:08 | Attr =	]
FS@bleng.ini -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini ->  [Ver =  | Size = 252 bytes | Modified Date = 10.11.2008 01:04:13 | Attr =	]
FS@corp.ini -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 10.11.2008 01:04:19 | Attr =	]
FS@hydra.ini -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
FS@mlc.ini -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 10.11.2008 01:04:18 | Attr =	]
FS@ols.ini -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 10.11.2008 01:04:15 | Attr =	]
FS@peg.ini -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 10.11.2008 01:04:14 | Attr =	]
verdicts.ini -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\Anti-Virus\verdicts.ini ->  [Ver =  | Size = 4184 bytes | Modified Date = 10.11.2008 01:04:11 | Attr =	]
E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\avmisc\ -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 10.11.2008 01:04:12 | Attr =	]
FS@av.ini -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\avmisc\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 10.11.2008 01:04:12 | Attr =	]
E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\avpe\ -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\avpe ->  [Folder | Modified Date = 10.11.2008 01:04:12 | Attr =	]
FS@avpe.ini -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\avpe\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 10.11.2008 01:04:08 | Attr =	]
verdicts.ini -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\avpe\verdicts.ini ->  [Ver =  | Size = 4184 bytes | Modified Date = 10.11.2008 01:04:11 | Attr =	]
E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\fsav_beta\ -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 10.11.2008 01:04:19 | Attr =	]
FS@corp.ini -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\fsav_beta\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 10.11.2008 01:04:19 | Attr =	]
E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\hydrawin\ -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 10.11.2008 01:04:18 | Attr =	]
FS@hydra.ini -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\hydrawin\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 10.11.2008 01:04:17 | Attr =	]
E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\mlcwin\ -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 10.11.2008 01:04:18 | Attr =	]
FS@mlc.ini -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\mlcwin\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 10.11.2008 01:04:18 | Attr =	]
E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\ols_30_pegdb\ -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 10.11.2008 01:04:14 | Attr =	]
FS@peg.ini -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 10.11.2008 01:04:14 | Attr =	]
E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\ols_33_bin\ -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 10.11.2008 01:04:15 | Attr =	]
FS@ols.ini -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 10.11.2008 01:04:15 | Attr =	]
E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\ols_bl\ -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 10.11.2008 01:04:13 | Attr =	]
FS@bleng.ini -> E:\Documents and Settings\Morten\Lokale innstillinger\Temp\OnlineScanner\updates\ols_bl\FS@bleng.ini ->  [Ver =  | Size = 252 bytes | Modified Date = 10.11.2008 01:04:13 | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 17280 bytes | Modified Date = 07.11.2008 00:17:10 | Attr =	]
oblig1os.doc -> %UserProfile%\Mine dokumenter\oblig1os.doc ->  [Ver =  | Size = 82432 bytes | Modified Date = 13.10.2008 07:47:18 | Attr =	]
Adobe Reader 8.lnk -> %AllUsersProfile%\Skrivebord\Adobe Reader 8.lnk ->  [Ver =  | Size = 1724 bytes | Modified Date = 09.11.2008 19:59:43 | Attr =	]
avenger.zip -> %UserProfile%\Skrivebord\avenger.zip ->  [Ver =  | Size = 724952 bytes | Modified Date = 09.11.2008 22:26:53 | Attr =	]
F-Secure Online Scanner 3.3.1 - Scanning Report - Monday, November 10, 2008 015802.html -> %UserProfile%\Skrivebord\F-Secure Online Scanner 3.3.1 - Scanning Report - Monday, November 10, 2008 015802.html ->  [Ver =  | Size = 3497 bytes | Modified Date = 10.11.2008 01:58:34 | Attr =	]
HijackThis.lnk -> %UserProfile%\Skrivebord\HijackThis.lnk ->  [Ver =  | Size = 1725 bytes | Modified Date = 07.11.2008 01:18:11 | Attr =	]
OTScanIt.exe -> %UserProfile%\Skrivebord\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Modified Date = 07.11.2008 01:44:30 | Attr =	]
topic178404.html -> %UserProfile%\Skrivebord\topic178404.html ->  [Ver =  | Size = 82477 bytes | Modified Date = 10.11.2008 00:43:42 | Attr =	]
VirtumundoBeGone.exe -> %UserProfile%\Skrivebord\VirtumundoBeGone.exe -> Business Information Solutions [Ver = 1.5 | Size = 96978 bytes | Modified Date = 07.11.2008 00:59:25 | Attr =	]
BOINC Manager.lnk -> %UserProfile%\Start-meny\Programmer\Oppstart\BOINC Manager.lnk ->  [Ver =  | Size = 2054 bytes | Modified Date = 25.10.2008 22:58:44 | Attr =	]

< End of report >


#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:17 AM

Posted 09 November 2008 - 09:17 PM

Hello tropprett,

Step #1
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%systemroot%\system32\efnmwvut.ini
%systemroot%\system32\snlubfbk.ini
%userprofile%\skrivebord\virtumundobegone.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Script Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {79D2B2BC-AD5B-46F2-8339-D6F9694AC8C4} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\awttsTmK.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {FA03D393-FF3B-46DE-A992-E7EBA068DBC3} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\tuvWmNfe.dll [Reg Error: Value  does not exist or could not be read.]
[Files/Folders - Created Within 30 days]
NY -> efNmWvut.ini -> %SystemRoot%\System32\efNmWvut.ini
NY -> snlubfbk.ini -> %SystemRoot%\System32\snlubfbk.ini
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> VirtumundoBeGone.exe -> %UserProfile%\Skrivebord\VirtumundoBeGone.exe
[Files/Folders - Modified Within 30 days]
NY -> efNmWvut.ini -> %SystemRoot%\System32\efNmWvut.ini
NY -> snlubfbk.ini -> %SystemRoot%\System32\snlubfbk.ini
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> VirtumundoBeGone.exe -> %UserProfile%\Skrivebord\VirtumundoBeGone.exe
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Run a new OTScanIt scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:


    • File - Additional Folder Scans

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #4

Post the following back here:The Avenger report (c:\Avenger.txt). This will be a short report, so you will be able to post it.

The latest OTScanIt fix log (look in the OTScanIt folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. ) This will be a short log, so you will be able to post it.

The new OTScanIt scan log. This should be a short log, so you should be able to post it. If the file is too big to post, then you can upload it to me here.
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Edited by SifuMike, 09 November 2008 - 09:22 PM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 tropprett

tropprett
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 10 November 2008 - 04:53 AM

Avenger Report

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at E:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "E:\WINDOWS\system32\efnmwvut.ini" deleted successfully.
File "E:\WINDOWS\system32\snlubfbk.ini" deleted successfully.
File "E:\Documents and Settings\Morten\skrivebord\virtumundobegone.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

OtScanIt Fix

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79D2B2BC-AD5B-46F2-8339-D6F9694AC8C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79D2B2BC-AD5B-46F2-8339-D6F9694AC8C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FA03D393-FF3B-46DE-A992-E7EBA068DBC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA03D393-FF3B-46DE-A992-E7EBA068DBC3}\ deleted successfully.
[Files/Folders - Created Within 30 days]
File E:\WINDOWS\System32\efNmWvut.ini not found!
File E:\WINDOWS\System32\snlubfbk.ini not found!
[Files Created - Additional Folder Scans - Non-Microsoft Only]
File E:\Documents and Settings\Morten\Skrivebord\VirtumundoBeGone.exe not found!
[Files/Folders - Modified Within 30 days]
File E:\WINDOWS\System32\efNmWvut.ini not found!
File E:\WINDOWS\System32\snlubfbk.ini not found!
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
File E:\Documents and Settings\Morten\Skrivebord\VirtumundoBeGone.exe not found!
[Empty Temp Folders]
File delete failed. E:\Documents and Settings\Morten\Lokale innstillinger\Temp\hpodvd09.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. E:\WINDOWS\temp\ZLT00527.TMP scheduled to be deleted on reboot.
File delete failed. E:\WINDOWS\temp\ZLT00945.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 11102008_104311

Files moved on Reboot...
E:\Documents and Settings\Morten\Lokale innstillinger\Temp\hpodvd09.log moved successfully.
File E:\WINDOWS\temp\ZLT00527.TMP not found!
File E:\WINDOWS\temp\ZLT00945.TMP not found!


OtScanIt log

OTScanIt logfile created on: 10.11.2008 10:46:59
OTScanIt by OldTimer - Version 1.0.19.0	 Folder = E:\Documents and Settings\Morten\Skrivebord\OTScanIt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000814 | Country: Norge | Language: NON | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 74,45% Memory free
3,85 Gb Paging File | 3,49 Gb Available in Paging File | 90,60% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092;
 
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programfiler
C: Drive not present or media not loaded
D: Drive not present or media not loaded
Drive E: | 465,75 Gb Total Space | 216,98 Gb Free Space | 46,59% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MORTEN-A3AEB7E9
Current User Name: Morten
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

[Processes - Non-Microsoft Only]
vsmon.exe -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 75304 bytes | Modified Date = 09.07.2008 08:05:18 | Attr =	]
pd91agent.exe -> %ProgramFiles%\Raxco\PerfectDisk2008\PD91Agent.exe -> Raxco Software, Inc. [Ver = 9, 0, 0, 64 | Size = 693512 bytes | Modified Date = 09.09.2008 12:49:50 | Attr =	]
tbpanel.exe -> %SystemRoot%\TBPanel.exe -> Gainward Co. [Ver = 5.9 | Size = 2189864 bytes | Modified Date = 27.11.2007 07:34:58 | Attr =	]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 919016 bytes | Modified Date = 09.07.2008 08:05:20 | Attr =	]
winampa.exe -> %ProgramFiles%\Winamp\winampa.exe ->  [Ver =  | Size = 36352 bytes | Modified Date = 04.08.2008 00:02:20 | Attr =	]
daemon.exe -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe -> DT Soft Ltd [Ver = 4.30.1.0 | Size = 490952 bytes | Modified Date = 08.08.2008 13:11:12 | Attr =	]
soffice.exe -> %ProgramFiles%\OpenOffice.org 2.4\program\soffice.exe -> OpenOffice.org [Ver = 2.03.9307 | Size = 2363392 bytes | Modified Date = 29.05.2008 21:43:36 | Attr =	]
soffice.bin -> %ProgramFiles%\OpenOffice.org 2.4\program\soffice.bin -> OpenOffice.org [Ver = 2.03.9307 | Size = 2580480 bytes | Modified Date = 29.05.2008 21:43:38 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(PD91Agent) PD91Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Raxco\PerfectDisk2008\PD91Agent.exe -> Raxco Software, Inc. [Ver = 9, 0, 0, 64 | Size = 693512 bytes | Modified Date = 09.09.2008 12:49:50 | Attr =	]
(PD91Engine) PD91Engine [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Raxco\PerfectDisk2008\PD91Engine.exe -> Raxco Software, Inc. [Ver = 9, 0, 0, 64 | Size = 906504 bytes | Modified Date = 09.09.2008 12:49:52 | Attr =	]
(PD91VMDefrag) PD91VMDefrag [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Raxco\PerfectDisk2008\PD91VMDefrag.exe -> Raxco Software, Inc. [Ver = 9, 0, 0, 44 | Size = 226568 bytes | Modified Date = 29.02.2008 09:44:26 | Attr =	]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 75304 bytes | Modified Date = 09.07.2008 08:05:18 | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["E:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 15.10.2008 01:04:34 | Attr =	]
AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [E:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.172 | Size = 1234712 bytes | Modified Date = 30.09.2008 06:47:43 | Attr =	]
CTHelper -> %SystemRoot%\system32\CtHelper.exe [CTHELPER.EXE] -> Creative Technology Ltd [Ver = 6.00.01.1283-2.14.1610 | Size = 19456 bytes | Modified Date = 20.02.2008 19:58:44 | Attr =	]
CTxfiHlp -> %SystemRoot%\system32\Ctxfihlp.exe [CTXFIHLP.EXE] -> Creative Technology Ltd [Ver = 6.00.01.1283-2.14.1610 | Size = 19968 bytes | Modified Date = 20.02.2008 19:58:46 | Attr =	]
Gainward -> %SystemRoot%\TBPanel.exe [E:\WINDOWS\TBPanel.exe /A] -> Gainward Co. [Ver = 5.9 | Size = 2189864 bytes | Modified Date = 27.11.2007 07:34:58 | Attr =	]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [E:\Programfiler\HP\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 08.05.2007 15:24:20 | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["E:\Programfiler\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 8.0.1.11 | Size = 289576 bytes | Modified Date = 01.10.2008 17:57:12 | Attr =	]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.6906 | Size = 8523776 bytes | Modified Date = 28.11.2007 08:51:05 | Attr =	]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.11.6906 | Size = 81920 bytes | Modified Date = 28.11.2007 08:51:05 | Attr =	]
nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] ->  [Ver =  | Size = 1626112 bytes | Modified Date = 28.11.2007 08:51:05 | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["E:\Programfiler\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5.5 (990.7) | Size = 413696 bytes | Modified Date = 06.09.2008 14:09:14 | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["E:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 10.06.2008 04:27:04 | Attr =	]
WinampAgent -> %ProgramFiles%\Winamp\winampa.exe [E:\Programfiler\Winamp\winampa.exe] ->  [Ver =  | Size = 36352 bytes | Modified Date = 04.08.2008 00:02:20 | Attr =	]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe ["E:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe"] -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 919016 bytes | Modified Date = 09.07.2008 08:05:20 | Attr =	]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
DAEMON Tools Lite -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe ["E:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun] -> DT Soft Ltd [Ver = 4.30.1.0 | Size = 490952 bytes | Modified Date = 08.08.2008 13:11:12 | Attr =	]
uTorrent -> %ProgramFiles%\uTorrent\uTorrent.exe ["E:\Programfiler\uTorrent\uTorrent.exe"] -> BitTorrent, Inc. [Ver = 1.8.1.12639 | Size = 270128 bytes | Modified Date = 08.10.2008 06:59:12 | Attr =	]
< All Users Startup Folder > -> E:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart -> 
%AllUsersProfile%\Start-meny\Programmer\Oppstart\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 19.02.2006 03:21:22 | Attr =	]
< Morten Startup Folder > -> E:\Documents and Settings\Morten\Start-meny\Programmer\Oppstart -> 
%UserProfile%\Start-meny\Programmer\Oppstart\BOINC Manager.lnk -> %ProgramFiles%\BOINC\boincmgr.exe -> Space Sciences Laboratory [Ver = 5.10.45 | Size = 4150016 bytes | Modified Date = 04.03.2008 13:00:20 | Attr =	]
%UserProfile%\Start-meny\Programmer\Oppstart\OpenOffice.org 2.4.lnk -> %ProgramFiles%\OpenOffice.org 2.4\program\quickstart.exe ->  [Ver =  | Size = 393216 bytes | Modified Date = 21.01.2008 15:41:28 | Attr =	]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 10520 bytes | Modified Date = 05.07.2008 08:35:27 | Attr =	]
*MultiFile Done* -> -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 14.04.2008 17:22:49 | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
E:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 14.04.2008 17:23:14 | Attr =	]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 14.04.2008 17:22:55 | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8466944 bytes | Modified Date = 14.04.2008 17:22:21 | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 301056 bytes | Modified Date = 14.04.2008 17:23:19 | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM-driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 13.04.2008 19:40:46 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
< HOSTS File > (287758 bytes and 9962 lines) -> E:\WINDOWS\System32\drivers\etc\Hosts -> 
First 25 entries...
127.0.0.1	   localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.123topsearch.com
127.0.0.1	123topsearch.com
127.0.0.1	www.132.com
127.0.0.1	132.com
127.0.0.1	www.136136.net
127.0.0.1	136136.net
127.0.0.1	www.163ns.com
127.0.0.1	163ns.com
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> E:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5190 domain(s) found. -> 
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5189 domain(s) found. -> 
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22.10.2006 23:08:42 | Attr =	]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.152 | Size = 455960 bytes | Modified Date = 29.08.2008 08:13:50 | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 2, 14 | Size = 1562960 bytes | Modified Date = 15.09.2008 13:25:44 | Attr = RHS]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10.06.2008 04:27:02 | Attr =	]
{83B80A9C-D91A-4F22-8DCF-EA7204039F79} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Xi\NetXfer\NXIEHelper.dll [NXIECatcher Class] -> Xi [Ver = 2.22.310 | Size = 49152 bytes | Modified Date = 15.08.2007 19:32:12 | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Xi\NetXfer\NXToolBar.dll [NetXfer] -> Xi [Ver = 2.20.307 | Size = 57344 bytes | Modified Date = 11.07.2007 19:59:38 | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 10.06.2008 04:27:02 | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10.06.2008 04:27:02 | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 2, 14 | Size = 1562960 bytes | Modified Date = 15.09.2008 13:25:44 | Attr = RHS]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{61AF92E2-D4BE-4E6C-AF10-8DE2070BE4C7} ->	(Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,5,11 | Size = 147456 bytes | Modified Date = 29.08.2008 08:53:50 | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver =  | Size = 79128 bytes | Modified Date = 05.07.2008 08:35:31 | Attr =	]
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{00000055-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/fhg.CAB[Reg Error: Key does not exist or could not be opened.] -> 
{5ED80217-570B-4DA9-BF44-BE107C0EC166}[HKEY_LOCAL_MACHINE] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab[Windows Live Safety Center Base Module] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> 
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab[Java Plug-in 1.6.0_04] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/auc_lib.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/auc_lib.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/auc_lib.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/ca.pub\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/ca.pub\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/ca.pub\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/daas_s.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/daas_s.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/daas_s.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/fscax.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/fscax.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/fscax.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/gatelauncher.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/wlscBase.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/wlscBase.dll\\.Owner -> {5ED80217-570B-4DA9-BF44-BE107C0EC166} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/wlscBase.dll\\{5ED80217-570B-4DA9-BF44-BE107C0EC166} ->  -> 



[Files/Folders - Created Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 10.11.2008 00:48:45 | Attr =	]
ProgramData -> %SystemDrive%\ProgramData ->  [Folder | Created Date = 30.10.2008 16:06:56 | Attr =	]
_OTScanIt -> %SystemDrive%\_OTScanIt ->  [Folder | Created Date = 10.11.2008 00:54:28 | Attr =	]
MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf ->  [Ver =  | Size = 0 bytes | Created Date = 23.10.2008 12:25:41 | Attr =  H ]
Msft_Kernel_xusb21_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_xusb21_01005.Wdf ->  [Ver =  | Size = 0 bytes | Created Date = 23.10.2008 12:25:42 | Attr =  H ]
en-us -> %SystemRoot%\System32\en-us ->  [Folder | Created Date = 01.11.2008 14:24:58 | Attr =	]
initdebug.nfo -> %SystemRoot%\System32\initdebug.nfo ->  [Ver =  | Size = 45 bytes | Created Date = 26.10.2008 13:43:19 | Attr =	]
sgs.xml -> %SystemRoot%\System32\sgs.xml ->  [Ver =  | Size = 225 bytes | Created Date = 08.11.2008 02:42:29 | Attr =	]
xlive -> %SystemRoot%\System32\xlive ->  [Folder | Created Date = 01.11.2008 14:23:14 | Attr =	]
XPSViewer -> %SystemRoot%\System32\XPSViewer ->  [Folder | Created Date = 01.11.2008 14:25:00 | Attr =	]
Downloaded Installations -> %SystemRoot%\Downloaded Installations ->  [Folder | Created Date = 25.10.2008 22:58:08 | Attr =	]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 153 bytes | Created Date = 06.11.2008 23:45:18 | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Fallout3 -> %AllUsersProfile%\Programdata\Fallout3 ->  [Folder | Created Date = 01.11.2008 14:28:46 | Attr =	]
KONAMI -> %AllUsersProfile%\Programdata\KONAMI ->  [Folder | Created Date = 19.10.2008 22:42:31 | Attr =	]
Sports Interactive -> %AllUsersProfile%\Programdata\Sports Interactive ->  [Folder | Created Date = 02.11.2008 01:26:07 | Attr =	]
RayV -> %AppData%\RayV ->  [Folder | Created Date = 08.11.2008 02:37:36 | Attr =	]
Red Alert 3 -> %AppData%\Red Alert 3 ->  [Folder | Created Date = 30.10.2008 16:09:48 | Attr =	]
vlc -> %AppData%\vlc ->  [Folder | Created Date = 14.10.2008 17:50:38 | Attr =	]
Deployment -> %UserProfile%\Lokale innstillinger\Programdata\Deployment ->  [Folder | Created Date = 28.10.2008 22:44:02 | Attr =	]
Fallout3 -> %UserProfile%\Lokale innstillinger\Programdata\Fallout3 ->  [Folder | Created Date = 09.11.2008 20:34:04 | Attr =	]
Mine mottatte filer -> %UserProfile%\Mine dokumenter\Mine mottatte filer ->  [Folder | Created Date = 15.10.2008 09:44:02 | Attr =	]
Red Alert 3 -> %UserProfile%\Mine dokumenter\Red Alert 3 ->  [Folder | Created Date = 31.10.2008 22:29:37 | Attr =	]
Adobe Reader 8.lnk -> %AllUsersProfile%\Skrivebord\Adobe Reader 8.lnk ->  [Ver =  | Size = 1724 bytes | Created Date = 09.11.2008 19:59:42 | Attr =	]
avenger.exe -> %UserProfile%\Skrivebord\avenger.exe ->  [Ver =  | Size = 731136 bytes | Created Date = 09.11.2008 22:30:24 | Attr =	]
avenger.zip -> %UserProfile%\Skrivebord\avenger.zip ->  [Ver =  | Size = 724952 bytes | Created Date = 09.11.2008 22:26:45 | Attr =	]
F-Secure Online Scanner 3.3.1 - Scanning Report - Monday, November 10, 2008 015802.html -> %UserProfile%\Skrivebord\F-Secure Online Scanner 3.3.1 - Scanning Report - Monday, November 10, 2008 015802.html ->  [Ver =  | Size = 3497 bytes | Created Date = 10.11.2008 01:58:34 | Attr =	]
Filer_for_index.php -> %UserProfile%\Skrivebord\Filer_for_index.php ->  [Folder | Created Date = 10.11.2008 10:37:02 | Attr =	]
Filer_for_topic178404 -> %UserProfile%\Skrivebord\Filer_for_topic178404 ->  [Folder | Created Date = 10.11.2008 00:43:40 | Attr =	]
HijackThis.lnk -> %UserProfile%\Skrivebord\HijackThis.lnk ->  [Ver =  | Size = 1725 bytes | Created Date = 07.11.2008 01:18:11 | Attr =	]
index.php.htm -> %UserProfile%\Skrivebord\index.php.htm ->  [Ver =  | Size = 180392 bytes | Created Date = 10.11.2008 10:37:02 | Attr =	]
OTScanIt -> %UserProfile%\Skrivebord\OTScanIt ->  [Folder | Created Date = 07.11.2008 01:47:48 | Attr =	]
OTScanIt.exe -> %UserProfile%\Skrivebord\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Created Date = 07.11.2008 01:44:30 | Attr =	]
topic178404.html -> %UserProfile%\Skrivebord\topic178404.html ->  [Ver =  | Size = 82477 bytes | Created Date = 10.11.2008 00:43:40 | Attr =	]
BOINC Manager.lnk -> %UserProfile%\Start-meny\Programmer\Oppstart\BOINC Manager.lnk ->  [Ver =  | Size = 2054 bytes | Created Date = 25.10.2008 22:58:44 | Attr =	]
1C Company -> %ProgramFiles%\1C Company ->  [Folder | Created Date = 29.10.2008 15:46:38 | Attr =	]
Adobe -> %ProgramFiles%\Adobe ->  [Folder | Created Date = 09.11.2008 19:59:29 | Attr =	]
Bethesda Softworks -> %ProgramFiles%\Bethesda Softworks ->  [Folder | Created Date = 01.11.2008 14:28:43 | Attr =	]
BOINC -> %ProgramFiles%\BOINC ->  [Folder | Created Date = 25.10.2008 22:58:38 | Attr =	]
Electronic Arts -> %ProgramFiles%\Electronic Arts ->  [Folder | Created Date = 30.10.2008 13:19:38 | Attr =	]
MSBuild -> %ProgramFiles%\MSBuild ->  [Folder | Created Date = 01.11.2008 14:26:49 | Attr =	]
MusicBrainz Picard -> %ProgramFiles%\MusicBrainz Picard ->  [Folder | Created Date = 22.10.2008 13:37:27 | Attr =	]
RayV -> %ProgramFiles%\RayV ->  [Folder | Created Date = 08.11.2008 02:37:27 | Attr =	]
Reference Assemblies -> %ProgramFiles%\Reference Assemblies ->  [Folder | Created Date = 01.11.2008 14:24:30 | Attr =	]
SpeedFan -> %ProgramFiles%\SpeedFan ->  [Folder | Created Date = 26.10.2008 13:43:20 | Attr =	]
VideoLAN -> %ProgramFiles%\VideoLAN ->  [Folder | Created Date = 14.10.2008 17:49:20 | Attr =	]
Windows Live Safety Center -> %ProgramFiles%\Windows Live Safety Center ->  [Folder | Created Date = 07.11.2008 00:51:15 | Attr =	]

[Files/Folders - Modified Within 30 days]
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm ->  [Ver =  | Size = 29902421 bytes | Modified Date = 10.11.2008 00:52:11 | Attr =	]
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg ->  [Ver =  | Size = 103638 bytes | Modified Date = 04.11.2008 08:57:19 | Attr =	]
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg ->  [Ver =  | Size = 334743 bytes | Modified Date = 06.11.2008 08:04:14 | Attr =	]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 287758 bytes | Modified Date = 06.11.2008 23:23:56 | Attr = R  ]
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 142600224 bytes | Modified Date = 10.11.2008 10:43:39 | Attr =  HS]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 1668020 bytes | Modified Date = 10.11.2008 10:43:39 | Attr =  HS]
MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 23.10.2008 12:25:41 | Attr =  H ]
Msft_Kernel_xusb21_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_xusb21_01005.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 23.10.2008 12:25:42 | Attr =  H ]
BMXState-{00000003-00000000-00000006-00001102-00000005-00291102}.rfx -> %SystemRoot%\System32\BMXState-{00000003-00000000-00000006-00001102-00000005-00291102}.rfx ->  [Ver =  | Size = 54760 bytes | Modified Date = 10.11.2008 10:43:40 | Attr =	]
BMXStateBkp-{00000003-00000000-00000006-00001102-00000005-00291102}.rfx -> %SystemRoot%\System32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000005-00291102}.rfx ->  [Ver =  | Size = 54760 bytes | Modified Date = 10.11.2008 10:43:40 | Attr =	]
DVCState-{00000003-00000000-00000006-00001102-00000005-00291102}.rfx -> %SystemRoot%\System32\DVCState-{00000003-00000000-00000006-00001102-00000005-00291102}.rfx ->  [Ver =  | Size = 788 bytes | Modified Date = 10.11.2008 10:43:40 | Attr =	]
ealregsnapshot1.reg -> %SystemRoot%\System32\ealregsnapshot1.reg ->  [Ver =  | Size = 4324 bytes | Modified Date = 30.10.2008 16:05:56 | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 113376 bytes | Modified Date = 02.11.2008 09:18:21 | Attr =	]
initdebug.nfo -> %SystemRoot%\System32\initdebug.nfo ->  [Ver =  | Size = 45 bytes | Modified Date = 26.10.2008 13:43:20 | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 70124 bytes | Modified Date = 01.11.2008 14:27:03 | Attr =	]
perfc014.dat -> %SystemRoot%\System32\perfc014.dat ->  [Ver =  | Size = 78496 bytes | Modified Date = 01.11.2008 14:27:03 | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 436360 bytes | Modified Date = 01.11.2008 14:27:03 | Attr =	]
perfh014.dat -> %SystemRoot%\System32\perfh014.dat ->  [Ver =  | Size = 439292 bytes | Modified Date = 01.11.2008 14:27:03 | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 1032840 bytes | Modified Date = 01.11.2008 14:27:03 | Attr =	]
sgs.xml -> %SystemRoot%\System32\sgs.xml ->  [Ver =  | Size = 225 bytes | Modified Date = 08.11.2008 03:14:59 | Attr =	]
vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml ->  [Ver =  | Size = 352917 bytes | Modified Date = 10.11.2008 10:45:03 | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 13740 bytes | Modified Date = 28.10.2008 21:26:09 | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 10.11.2008 10:44:15 | Attr =   S]
DFC.INI -> %SystemRoot%\DFC.INI ->  [Ver =  | Size = 558 bytes | Modified Date = 10.11.2008 10:45:15 | Attr =	]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 153 bytes | Modified Date = 08.11.2008 11:37:16 | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 282 bytes | Modified Date = 04.11.2008 11:43:01 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 10.11.2008 10:44:22 | Attr =  H ]
E:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\ -> E:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader ->  [Folder | Modified Date = 24.04.2008 14:57:00 | Attr =	]
qmgr0.dat -> E:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 04.11.2008 09:08:18 | Attr =	]
qmgr1.dat -> E:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5377 bytes | Modified Date = 04.11.2008 09:08:18 | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 17280 bytes | Modified Date = 07.11.2008 00:17:10 | Attr =	]
oblig1os.doc -> %UserProfile%\Mine dokumenter\oblig1os.doc ->  [Ver =  | Size = 82432 bytes | Modified Date = 13.10.2008 07:47:18 | Attr =	]
Adobe Reader 8.lnk -> %AllUsersProfile%\Skrivebord\Adobe Reader 8.lnk ->  [Ver =  | Size = 1724 bytes | Modified Date = 09.11.2008 19:59:43 | Attr =	]
avenger.zip -> %UserProfile%\Skrivebord\avenger.zip ->  [Ver =  | Size = 724952 bytes | Modified Date = 09.11.2008 22:26:53 | Attr =	]
F-Secure Online Scanner 3.3.1 - Scanning Report - Monday, November 10, 2008 015802.html -> %UserProfile%\Skrivebord\F-Secure Online Scanner 3.3.1 - Scanning Report - Monday, November 10, 2008 015802.html ->  [Ver =  | Size = 3497 bytes | Modified Date = 10.11.2008 01:58:34 | Attr =	]
HijackThis.lnk -> %UserProfile%\Skrivebord\HijackThis.lnk ->  [Ver =  | Size = 1725 bytes | Modified Date = 07.11.2008 01:18:11 | Attr =	]
index.php.htm -> %UserProfile%\Skrivebord\index.php.htm ->  [Ver =  | Size = 180392 bytes | Modified Date = 10.11.2008 10:37:03 | Attr =	]
OTScanIt.exe -> %UserProfile%\Skrivebord\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Modified Date = 07.11.2008 01:44:30 | Attr =	]
topic178404.html -> %UserProfile%\Skrivebord\topic178404.html ->  [Ver =  | Size = 82477 bytes | Modified Date = 10.11.2008 00:43:42 | Attr =	]
BOINC Manager.lnk -> %UserProfile%\Start-meny\Programmer\Oppstart\BOINC Manager.lnk ->  [Ver =  | Size = 2054 bytes | Modified Date = 25.10.2008 22:58:44 | Attr =	]

< End of report >


#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:17 AM

Posted 10 November 2008 - 12:38 PM

Hi tropprett,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 10.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 10".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u10-windows-i586.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java 2 Runtime Environment, SE v1.4.2
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 6
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
That log looks fine. :thumbsup:

If there aren't any other issues then go ahead and run the system normally for a day and then get back with me and let me know if there are any continuing issues.

If everything is Ok at that time, then we have some final cleanup to do and you'll be good to go.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 tropprett

tropprett
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 11 November 2008 - 01:35 PM

I have not had any problems the last day. Thanks for helping me :thumbsup:

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:17 AM

Posted 11 November 2008 - 02:02 PM

Hi tropprett,

Your very welcome. :thumbsup:

Now let's do some final cleanup to reset the System Restore points and remove all of the tools we used during the fix and then you are all set.

Step #1

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore.

Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

UN-Check Turn off System Restore.

Click Apply, and then click OK.
[/list]System Restore will now be active again.

Step #2

To remove all of the tools we used and the files and folders they created do the following:
  • Start OTScanIt

    Click the CleanUp button
  • OTScanIt will download a small file from the Internet. If a security program or firewall warns you of this allow it to download.
  • OTScanIt will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.
After that you are good to go.


Please read and follow How did I get infected?, With steps so it does not happen again!
as well as
How to prevent Malware' by miekiemoes


If you want to improve speed/system performance after malware removal, take a look here.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:17 AM

Posted 15 November 2008 - 03:26 PM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users